NetworkPkg/IpSecDxe/IpSecDebug.c

   1 /** @file
   2   The Interfaces of IPsec debug information printing.
   3
   4   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
   5
   6   SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #include "IpSecImpl.h"
  11 #include "IpSecDebug.h"
  12
  13 //
  14 // The print title for IKEv1 variety phase.
  15 //
  16 CHAR8 *mIkev1StateStr[IKE_STATE_NUM] = {
  17   "IKEv1_MAIN_1",
  18   "IKEv1_MAIN_2",
  19   "IKEv1_MAIN_3",
  20   "IKEv1_MAIN_ESTABLISHED",
  21   "IKEv1_QUICK_1",
  22   "IKEv1_QUICK_2",
  23   "IKEv1_QUICK_ESTABLISHED"
  24 };
  25
  26 //
  27 // The print title for IKEv2 variety phase.
  28 //
  29 CHAR8 *mIkev2StateStr[IKE_STATE_NUM] = {
  30   "IKEv2_STATE_INIT",
  31   "IKEv2_STATE_AUTH",
  32   "IKEv2_STATE_SA_ESTABLISH",
  33   "IKEv2_STATE_CREATE_CHILD",
  34   "IKEv2_STATE_SA_REKEYING",
  35   "IKEv2_STATE_CHILD_SA_ESTABLISHED",
  36   "IKEv2_STATE_SA_DELETING"
  37 };
  38
  39 //
  40 // The print title for IKEv1 variety Exchagne.
  41 //
  42 CHAR8 *mExchangeStr[] = {
  43   "IKEv1 Main Exchange",
  44   "IKEv1 Info Exchange",
  45   "IKEv1 Quick Exchange",
  46   "IKEv2 Initial Exchange",
  47   "IKEv2 Auth Exchange",
  48   "IKEv2 Create Child Exchange",
  49   "IKEv2 Info Exchange",
  50   "IKE   Unknow Exchange"
  51 };
  52
  53 //
  54 // The print title for IKEv1 variety Payload.
  55 //
  56 CHAR8 *mIkev1PayloadStr[] = {
  57   "IKEv1 None Payload",
  58   "IKEv1 SA Payload",
  59   "IKEv1 Proposal Payload",
  60   "IKEv1 Transform Payload",
  61   "IKEv1 KE Payload",
  62   "IKEv1 ID Payload",
  63   "IKEv1 Certificate Payload",
  64   "IKEv1 Certificate Request Payload",
  65   "IKEv1 Hash Payload",
  66   "IKEv1 Signature Payload",
  67   "IKEv1 Nonce Payload",
  68   "IKEv1 Notify Payload",
  69   "IKEv1 Delete Payload",
  70   "IKEv1 Vendor Payload"
  71 };
  72
  73 //
  74 // The print title for IKEv2 variety Payload.
  75 //
  76 CHAR8* mIkev2PayloadStr[] = {
  77   "IKEv2 SA Payload",
  78   "IKEv2 Key Payload",
  79   "IKEv2 Identity Initial Payload",
  80   "IKEv2 Identity Respond Payload",
  81   "IKEv2 Certificate Payload",
  82   "IKEv2 Certificate Request Payload",
  83   "IKEv2 Auth Payload",
  84   "IKEv2 Nonce Payload",
  85   "IKEv2 Notify Payload",
  86   "IKEv2 Delet Payload",
  87   "IKEv2 Vendor Payload",
  88   "IKEv2 Traffic Selector Initiator Payload",
  89   "IKEv2 Traffic Selector Respond Payload",
  90   "IKEv2 Encrypt Payload",
  91   "IKEv2 Configuration Payload",
  92   "IKEv2 Extensible Authentication Payload"
  93 };
  94
  95 /**
  96   Print the IP address.
  97
  98   @param[in]  Level     Debug print error level. Pass to DEBUG().
  99   @param[in]  Ip        Point to a specified IP address.
 100   @param[in]  IpVersion The IP Version.
 101
 102 **/
 103 VOID
 104 IpSecDumpAddress (
 105   IN UINTN               Level,
 106   IN EFI_IP_ADDRESS      *Ip,
 107   IN UINT8               IpVersion
 108   )
 109 {
 110   if (IpVersion == IP_VERSION_6) {
 111     DEBUG (
 112       (Level,
 113       "%x%x:%x%x:%x%x:%x%x",
 114       Ip->v6.Addr[0],
 115       Ip->v6.Addr[1],
 116       Ip->v6.Addr[2],
 117       Ip->v6.Addr[3],
 118       Ip->v6.Addr[4],
 119       Ip->v6.Addr[5],
 120       Ip->v6.Addr[6],
 121       Ip->v6.Addr[7])
 122       );
 123     DEBUG (
 124       (Level,
 125       ":%x%x:%x%x:%x%x:%x%x\n",
 126       Ip->v6.Addr[8],
 127       Ip->v6.Addr[9],
 128       Ip->v6.Addr[10],
 129       Ip->v6.Addr[11],
 130       Ip->v6.Addr[12],
 131       Ip->v6.Addr[13],
 132       Ip->v6.Addr[14],
 133       Ip->v6.Addr[15])
 134       );
 135   } else {
 136     DEBUG (
 137       (Level,
 138       "%d.%d.%d.%d\n",
 139       Ip->v4.Addr[0],
 140       Ip->v4.Addr[1],
 141       Ip->v4.Addr[2],
 142       Ip->v4.Addr[3])
 143       );
 144   }
 145
 146 }
 147
 148 /**
 149   Print IKE Current states.
 150
 151   @param[in]  Previous    The Previous state of IKE.
 152   @param[in]  Current     The current state of IKE.
 153   @param[in]  IkeVersion  The version of IKE.
 154
 155 **/
 156 VOID
 157 IkeDumpState (
 158   IN UINT32              Previous,
 159   IN UINT32              Current,
 160   IN UINT8               IkeVersion
 161   )
 162 {
 163   if (Previous >= IKE_STATE_NUM || Current >= IKE_STATE_NUM) {
 164     return;
 165   }
 166
 167   if (Previous == Current) {
 168     if (IkeVersion == 1) {
 169       DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev1StateStr[Previous]));
 170     } else if (IkeVersion == 2) {
 171       DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev2StateStr[Previous]));
 172     }
 173   } else {
 174     if (IkeVersion == 1) {
 175       DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev1StateStr[Previous], mIkev1StateStr[Current]));
 176     } else {
 177       DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev2StateStr[Previous], mIkev2StateStr[Current]));
 178     }
 179   }
 180 }
 181
 182 /**
 183   Print the IKE Packet.
 184
 185   @param[in]  Packet      Point to IKE packet to be printed.
 186   @param[in]  Direction   Point to the IKE packet is inbound or outbound.
 187   @param[in]  IpVersion   Specified IP Version.
 188
 189 **/
 190 VOID
 191 IpSecDumpPacket (
 192   IN IKE_PACKET            *Packet,
 193   IN EFI_IPSEC_TRAFFIC_DIR Direction,
 194   IN UINT8                 IpVersion
 195   )
 196 {
 197   CHAR8                     *TypeStr;
 198   UINTN                     PacketSize;
 199   UINT64                    InitCookie;
 200   UINT64                    RespCookie;
 201
 202   ASSERT (Packet != NULL);
 203
 204   PacketSize = Packet->PayloadTotalSize + sizeof (IKE_HEADER);
 205   InitCookie = (Direction == EfiIPsecOutBound) ? HTONLL (Packet->Header->InitiatorCookie) : Packet->Header->InitiatorCookie;
 206   RespCookie = (Direction == EfiIPsecOutBound) ? HTONLL (Packet->Header->ResponderCookie) : Packet->Header->ResponderCookie;
 207
 208   switch (Packet->Header->ExchangeType) {
 209   case IKE_XCG_TYPE_IDENTITY_PROTECT:
 210     TypeStr = mExchangeStr[0];
 211     break;
 212
 213   case IKE_XCG_TYPE_INFO:
 214     TypeStr = mExchangeStr[1];
 215     break;
 216
 217   case IKE_XCG_TYPE_QM:
 218     TypeStr = mExchangeStr[2];
 219     break;
 220
 221   case IKE_XCG_TYPE_SA_INIT:
 222     TypeStr = mExchangeStr[3];
 223     break;
 224
 225   case IKE_XCG_TYPE_AUTH:
 226     TypeStr = mExchangeStr[4];
 227     break;
 228
 229   case IKE_XCG_TYPE_CREATE_CHILD_SA:
 230     TypeStr = mExchangeStr[5];
 231     break;
 232
 233   case IKE_XCG_TYPE_INFO2:
 234     TypeStr = mExchangeStr[6];
 235     break;
 236
 237   default:
 238     TypeStr = mExchangeStr[7];
 239     break;
 240   }
 241
 242   if (Direction == EfiIPsecOutBound) {
 243     DEBUG ((DEBUG_INFO, "\n>>>Sending %d bytes %a to ", PacketSize, TypeStr));
 244   } else {
 245     DEBUG ((DEBUG_INFO, "\n>>>Receiving %d bytes %a from ", PacketSize, TypeStr));
 246   }
 247
 248   IpSecDumpAddress (DEBUG_INFO, &Packet->RemotePeerIp, IpVersion);
 249
 250   DEBUG ((DEBUG_INFO, "   InitiatorCookie:0x%lx ResponderCookie:0x%lx\n", InitCookie, RespCookie));
 251   DEBUG (
 252     (DEBUG_INFO,
 253     "   Version: 0x%x Flags:0x%x ExchangeType:0x%x\n",
 254     Packet->Header->Version,
 255     Packet->Header->Flags,
 256     Packet->Header->ExchangeType)
 257     );
 258   DEBUG (
 259     (DEBUG_INFO,
 260     "   MessageId:0x%x NextPayload:0x%x\n",
 261     Packet->Header->MessageId,
 262     Packet->Header->NextPayload)
 263     );
 264
 265 }
 266
 267 /**
 268   Print the IKE Paylolad.
 269
 270   @param[in]  IkePayload  Point to payload to be printed.
 271   @param[in]  IkeVersion  The specified version of IKE.
 272
 273 **/
 274 VOID
 275 IpSecDumpPayload (
 276   IN IKE_PAYLOAD           *IkePayload,
 277   IN UINT8                 IkeVersion
 278   )
 279 {
 280   if (IkeVersion == 1) {
 281     DEBUG ((DEBUG_INFO, "+%a\n", mIkev1PayloadStr[IkePayload->PayloadType]));
 282   }  else {
 283     //
 284     // For IKEV2 the first Payload type is started from 33.
 285     //
 286     DEBUG ((DEBUG_INFO, "+%a\n", mIkev2PayloadStr[IkePayload->PayloadType - 33]));
 287   }
 288   IpSecDumpBuf ("Payload data", IkePayload->PayloadBuf, IkePayload->PayloadSize);
 289 }
 290
 291 /**
 292   Print the buffer in form of Hex.
 293
 294   @param[in]  Title       The strings to be printed before the data of the buffer.
 295   @param[in]  Data        Points to buffer to be printed.
 296   @param[in]  DataSize    The size of the buffer to be printed.
 297
 298 **/
 299 VOID
 300 IpSecDumpBuf (
 301   IN CHAR8                 *Title,
 302   IN UINT8                 *Data,
 303   IN UINTN                 DataSize
 304   )
 305 {
 306   UINTN Index;
 307   UINTN DataIndex;
 308   UINTN BytesRemaining;
 309   UINTN BytesToPrint;
 310
 311   DataIndex       = 0;
 312   BytesRemaining  = DataSize;
 313
 314   DEBUG ((DEBUG_INFO, "==%a %d bytes==\n", Title, DataSize));
 315
 316   while (BytesRemaining > 0) {
 317
 318     BytesToPrint = (BytesRemaining > IPSEC_DEBUG_BYTE_PER_LINE) ? IPSEC_DEBUG_BYTE_PER_LINE : BytesRemaining;
 319
 320     for (Index = 0; Index < BytesToPrint; Index++) {
 321       DEBUG ((DEBUG_INFO, " 0x%02x,", Data[DataIndex++]));
 322     }
 323
 324     DEBUG ((DEBUG_INFO, "\n"));
 325     BytesRemaining -= BytesToPrint;
 326   }
 327
 328 }