+++ /dev/null
-/** @file\r
- The implementation of dump policy entry function in IpSecConfig application.\r
-\r
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#include "IpSecConfig.h"\r
-#include "Dump.h"\r
-#include "ForEach.h"\r
-#include "Helper.h"\r
-\r
-/**\r
- Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.\r
-\r
- @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.\r
-\r
- @return the value of version.\r
-**/\r
-UINTN\r
-GetVerFromAddrInfo (\r
- IN EFI_IP_ADDRESS_INFO *AddressInfo\r
-)\r
-{\r
- if((AddressInfo->PrefixLength <= 32) && (AddressInfo->Address.Addr[1] == 0) &&\r
- (AddressInfo->Address.Addr[2] == 0) && (AddressInfo->Address.Addr[3] == 0)) {\r
- return IP_VERSION_4;\r
- } else {\r
- return IP_VERSION_6;\r
- }\r
-}\r
-\r
-/**\r
- Private function called to get the version information from a EFI_IP_ADDRESS structure.\r
-\r
- @param[in] Address The pointer to the EFI_IP_ADDRESS structure.\r
-\r
- @return The value of the version.\r
-**/\r
-UINTN\r
-GetVerFromIpAddr (\r
- IN EFI_IP_ADDRESS *Address\r
-)\r
-{\r
- if ((Address->Addr[1] == 0) && (Address->Addr[2] == 0) && (Address->Addr[3] == 0)) {\r
- return IP_VERSION_4;\r
- } else {\r
- return IP_VERSION_6;\r
- }\r
-}\r
-\r
-/**\r
- Private function called to print an ASCII string in unicode char format.\r
-\r
- @param[in] Str The pointer to the ASCII string.\r
- @param[in] Length The value of the ASCII string length.\r
-**/\r
-VOID\r
-DumpAsciiString (\r
- IN CHAR8 *Str,\r
- IN UINTN Length\r
- )\r
-{\r
- UINTN Index;\r
- Print (L"\"");\r
- for (Index = 0; Index < Length; Index++) {\r
- Print (L"%c", (CHAR16) Str[Index]);\r
- }\r
- Print (L"\"");\r
-}\r
-\r
-/**\r
- Private function called to print a buffer in Hex format.\r
-\r
- @param[in] Data The pointer to the buffer.\r
- @param[in] Length The size of the buffer.\r
-\r
-**/\r
-VOID\r
-DumpBuf (\r
- IN UINT8 *Data,\r
- IN UINTN Length\r
- )\r
-{\r
- UINTN Index;\r
- for (Index = 0; Index < Length; Index++) {\r
- Print (L"%02x ", Data[Index]);\r
- }\r
-}\r
-\r
-/**\r
- Private function called to print EFI_IP_ADDRESS_INFO content.\r
-\r
- @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.\r
-**/\r
-VOID\r
-DumpAddressInfo (\r
- IN EFI_IP_ADDRESS_INFO *AddressInfo\r
- )\r
-{\r
- if (IP_VERSION_4 == GetVerFromAddrInfo (AddressInfo)) {\r
- Print (\r
- L"%d.%d.%d.%d",\r
- (UINTN) AddressInfo->Address.v4.Addr[0],\r
- (UINTN) AddressInfo->Address.v4.Addr[1],\r
- (UINTN) AddressInfo->Address.v4.Addr[2],\r
- (UINTN) AddressInfo->Address.v4.Addr[3]\r
- );\r
- if (AddressInfo->PrefixLength != 32) {\r
- Print (L"/%d", (UINTN) AddressInfo->PrefixLength);\r
- }\r
- }\r
-\r
- if (IP_VERSION_6 == GetVerFromAddrInfo (AddressInfo)) {\r
- Print (\r
- L"%x:%x:%x:%x:%x:%x:%x:%x",\r
- (((UINT16) AddressInfo->Address.v6.Addr[0]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[1]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[2]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[3]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[4]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[5]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[6]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[7]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[8]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[9]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[10]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[11]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[12]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[13]),\r
- (((UINT16) AddressInfo->Address.v6.Addr[14]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[15])\r
- );\r
- if (AddressInfo->PrefixLength != 128) {\r
- Print (L"/%d", AddressInfo->PrefixLength);\r
- }\r
- }\r
-}\r
-\r
-/**\r
- Private function called to print EFI_IP_ADDRESS content.\r
-\r
- @param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.\r
-**/\r
-VOID\r
-DumpIpAddress (\r
- IN EFI_IP_ADDRESS *IpAddress\r
- )\r
-{\r
- if (IP_VERSION_4 == GetVerFromIpAddr (IpAddress)) {\r
- Print (\r
- L"%d.%d.%d.%d",\r
- (UINTN) IpAddress->v4.Addr[0],\r
- (UINTN) IpAddress->v4.Addr[1],\r
- (UINTN) IpAddress->v4.Addr[2],\r
- (UINTN) IpAddress->v4.Addr[3]\r
- );\r
- }\r
-\r
- if (IP_VERSION_6 == GetVerFromIpAddr (IpAddress)) {\r
- Print (\r
- L"%x:%x:%x:%x:%x:%x:%x:%x",\r
- (((UINT16) IpAddress->v6.Addr[0]) << 8) | ((UINT16) IpAddress->v6.Addr[1]),\r
- (((UINT16) IpAddress->v6.Addr[2]) << 8) | ((UINT16) IpAddress->v6.Addr[3]),\r
- (((UINT16) IpAddress->v6.Addr[4]) << 8) | ((UINT16) IpAddress->v6.Addr[5]),\r
- (((UINT16) IpAddress->v6.Addr[6]) << 8) | ((UINT16) IpAddress->v6.Addr[7]),\r
- (((UINT16) IpAddress->v6.Addr[8]) << 8) | ((UINT16) IpAddress->v6.Addr[9]),\r
- (((UINT16) IpAddress->v6.Addr[10]) << 8) | ((UINT16) IpAddress->v6.Addr[11]),\r
- (((UINT16) IpAddress->v6.Addr[12]) << 8) | ((UINT16) IpAddress->v6.Addr[13]),\r
- (((UINT16) IpAddress->v6.Addr[14]) << 8) | ((UINT16) IpAddress->v6.Addr[15])\r
- );\r
- }\r
-\r
-}\r
-\r
-/**\r
- Private function called to print EFI_IPSEC_SPD_SELECTOR content.\r
-\r
- @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
-**/\r
-VOID\r
-DumpSpdSelector (\r
- IN EFI_IPSEC_SPD_SELECTOR *Selector\r
- )\r
-{\r
- UINT32 Index;\r
- CHAR16 *Str;\r
-\r
- for (Index = 0; Index < Selector->LocalAddressCount; Index++) {\r
- if (Index > 0) {\r
- Print (L",");\r
- }\r
-\r
- DumpAddressInfo (&Selector->LocalAddress[Index]);\r
- }\r
-\r
- if (Index == 0) {\r
- Print (L"localhost");\r
- }\r
-\r
- Print (L" -> ");\r
-\r
- for (Index = 0; Index < Selector->RemoteAddressCount; Index++) {\r
- if (Index > 0) {\r
- Print (L",");\r
- }\r
-\r
- DumpAddressInfo (&Selector->RemoteAddress[Index]);\r
- }\r
-\r
- Str = MapIntegerToString (Selector->NextLayerProtocol, mMapIpProtocol);\r
- if (Str != NULL) {\r
- Print (L" %s", Str);\r
- } else {\r
- Print (L" proto:%d", (UINTN) Selector->NextLayerProtocol);\r
- }\r
-\r
- if ((Selector->NextLayerProtocol == EFI_IP4_PROTO_TCP) || (Selector->NextLayerProtocol == EFI_IP4_PROTO_UDP)) {\r
- Print (L" port:");\r
- if (Selector->LocalPort != EFI_IPSEC_ANY_PORT) {\r
- Print (L"%d", Selector->LocalPort);\r
- if (Selector->LocalPortRange != 0) {\r
- Print (L"~%d", (UINTN) Selector->LocalPort + Selector->LocalPortRange);\r
- }\r
- } else {\r
- Print (L"any");\r
- }\r
-\r
- Print (L" -> ");\r
- if (Selector->RemotePort != EFI_IPSEC_ANY_PORT) {\r
- Print (L"%d", Selector->RemotePort);\r
- if (Selector->RemotePortRange != 0) {\r
- Print (L"~%d", (UINTN) Selector->RemotePort + Selector->RemotePortRange);\r
- }\r
- } else {\r
- Print (L"any");\r
- }\r
- } else if (Selector->NextLayerProtocol == EFI_IP4_PROTO_ICMP) {\r
- Print (L" class/code:");\r
- if (Selector->LocalPort != 0) {\r
- Print (L"%d", (UINTN) (UINT8) Selector->LocalPort);\r
- } else {\r
- Print (L"any");\r
- }\r
-\r
- Print (L"/");\r
- if (Selector->RemotePort != 0) {\r
- Print (L"%d", (UINTN) (UINT8) Selector->RemotePort);\r
- } else {\r
- Print (L"any");\r
- }\r
- }\r
-}\r
-\r
-/**\r
- Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.\r
-\r
- @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.\r
- @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.\r
- @param[in] EntryIndex The pointer to the Index in SPD Database.\r
-\r
- @retval EFI_SUCCESS Dump SPD information successfully.\r
-**/\r
-EFI_STATUS\r
-DumpSpdEntry (\r
- IN EFI_IPSEC_SPD_SELECTOR *Selector,\r
- IN EFI_IPSEC_SPD_DATA *Data,\r
- IN UINTN *EntryIndex\r
- )\r
-{\r
- BOOLEAN HasPre;\r
- CHAR16 DataName[128];\r
- CHAR16 *String1;\r
- CHAR16 *String2;\r
- CHAR16 *String3;\r
- UINT8 Index;\r
-\r
- Print (L"%d.", (*EntryIndex)++);\r
-\r
- //\r
- // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400\r
- // Protect PF:0x34323423 Name:First Entry\r
- // ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]\r
- // ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]\r
- //\r
-\r
- DumpSpdSelector (Selector);\r
- Print (L"\n ");\r
-\r
- Print (L"%s ", MapIntegerToString (Data->Action, mMapIpSecAction));\r
- Print (L"PF:%08x ", Data->PackageFlag);\r
-\r
- Index = 0;\r
- while (Data->Name[Index] != 0) {\r
- DataName[Index] = (CHAR16) Data->Name[Index];\r
- Index++;\r
- ASSERT (Index < 128);\r
- }\r
- DataName[Index] = L'\0';\r
-\r
- Print (L"Name:%s", DataName);\r
-\r
- if (Data->Action == EfiIPsecActionProtect) {\r
- Print (L"\n ");\r
- if (Data->ProcessingPolicy->ExtSeqNum) {\r
- Print (L"ext-sequence ");\r
- }\r
-\r
- if (Data->ProcessingPolicy->SeqOverflow) {\r
- Print (L"sequence-overflow ");\r
- }\r
-\r
- if (Data->ProcessingPolicy->FragCheck) {\r
- Print (L"fragment-check ");\r
- }\r
-\r
- HasPre = FALSE;\r
- if (Data->ProcessingPolicy->SaLifetime.ByteCount != 0) {\r
- Print (HasPre ? L"," : L"life:[");\r
- Print (L"%lxB", Data->ProcessingPolicy->SaLifetime.ByteCount);\r
- HasPre = TRUE;\r
- }\r
-\r
- if (Data->ProcessingPolicy->SaLifetime.SoftLifetime != 0) {\r
- Print (HasPre ? L"," : L"life:[");\r
- Print (L"%lxs", Data->ProcessingPolicy->SaLifetime.SoftLifetime);\r
- HasPre = TRUE;\r
- }\r
-\r
- if (Data->ProcessingPolicy->SaLifetime.HardLifetime != 0) {\r
- Print (HasPre ? L"," : L"life:[");\r
- Print (L"%lxS", Data->ProcessingPolicy->SaLifetime.HardLifetime);\r
- HasPre = TRUE;\r
- }\r
-\r
- if (HasPre) {\r
- Print (L"]");\r
- }\r
-\r
- if (HasPre || Data->ProcessingPolicy->ExtSeqNum ||\r
- Data->ProcessingPolicy->SeqOverflow || Data->ProcessingPolicy->FragCheck) {\r
- Print (L"\n ");\r
- }\r
-\r
- String1 = MapIntegerToString (Data->ProcessingPolicy->Proto, mMapIpSecProtocol);\r
- String2 = MapIntegerToString (Data->ProcessingPolicy->AuthAlgoId, mMapAuthAlgo);\r
- String3 = MapIntegerToString (Data->ProcessingPolicy->EncAlgoId, mMapEncAlgo);\r
- Print (\r
- L"%s Auth:%s Encrypt:%s ",\r
- String1,\r
- String2,\r
- String3\r
- );\r
-\r
- Print (L"%s ", MapIntegerToString (Data->ProcessingPolicy->Mode, mMapIpSecMode));\r
- if (Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
- Print (L"[");\r
- DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->LocalTunnelAddress);\r
- Print (L" -> ");\r
- DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);\r
- Print (L" %s]", MapIntegerToString (Data->ProcessingPolicy->TunnelOption->DF, mMapDfOption));\r
- }\r
- }\r
-\r
- Print (L"\n");\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.\r
-\r
- @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.\r
- @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.\r
- @param[in] EntryIndex The pointer to the Index in the SAD Database.\r
-\r
- @retval EFI_SUCCESS Dump SAD information successfully.\r
-**/\r
-EFI_STATUS\r
-DumpSadEntry (\r
- IN EFI_IPSEC_SA_ID *SaId,\r
- IN EFI_IPSEC_SA_DATA2 *Data,\r
- IN UINTN *EntryIndex\r
- )\r
-{\r
- BOOLEAN HasPre;\r
- CHAR16 *AuthAlgoStr;\r
- CHAR16 *EncAlgoStr;\r
-\r
- AuthAlgoStr = NULL;\r
- EncAlgoStr = NULL;\r
-\r
- //\r
- // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx\r
- // Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34\r
- // Auth:xxxx/password Encrypt:yyyy/password\r
- // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400\r
- //\r
-\r
- Print (L"%d.", (*EntryIndex)++);\r
- Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));\r
- if (Data->Mode == EfiIPsecTunnel) {\r
- Print (L"TunnelSourceAddress:");\r
- DumpIpAddress (&Data->TunnelSourceAddress);\r
- Print (L"\n");\r
- Print (L" TunnelDestination:");\r
- DumpIpAddress (&Data->TunnelDestinationAddress);\r
- Print (L"\n");\r
- }\r
-\r
- Print (\r
- L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",\r
- MapIntegerToString (Data->Mode, mMapIpSecMode),\r
- Data->SNCount,\r
- (UINTN) Data->AntiReplayWindows\r
- );\r
-\r
- HasPre = FALSE;\r
- if (Data->SaLifetime.ByteCount != 0) {\r
- Print (HasPre ? L"," : L"life:[");\r
- Print (L"%lxB", Data->SaLifetime.ByteCount);\r
- HasPre = TRUE;\r
- }\r
-\r
- if (Data->SaLifetime.SoftLifetime != 0) {\r
- Print (HasPre ? L"," : L"life:[");\r
- Print (L"%lxs", Data->SaLifetime.SoftLifetime);\r
- HasPre = TRUE;\r
- }\r
-\r
- if (Data->SaLifetime.HardLifetime != 0) {\r
- Print (HasPre ? L"," : L"life:[");\r
- Print (L"%lxS", Data->SaLifetime.HardLifetime);\r
- HasPre = TRUE;\r
- }\r
-\r
- if (HasPre) {\r
- Print (L"] ");\r
- }\r
-\r
- Print (L"PathMTU:%d\n", (UINTN) Data->PathMTU);\r
-\r
- if (SaId->Proto == EfiIPsecAH) {\r
- Print (\r
- L" Auth:%s/%s\n",\r
- MapIntegerToString (Data->AlgoInfo.AhAlgoInfo.AuthAlgoId, mMapAuthAlgo),\r
- Data->AlgoInfo.AhAlgoInfo.AuthKey\r
- );\r
- } else {\r
- AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);\r
- EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);\r
-\r
- if (Data->ManualSet) {\r
- //\r
- // if the SAD is set manually the key is a Ascii string in most of time.\r
- // Print the Key in Ascii string format.\r
- //\r
- Print (L" Auth:%s/",AuthAlgoStr);\r
- DumpAsciiString (\r
- Data->AlgoInfo.EspAlgoInfo.AuthKey,\r
- Data->AlgoInfo.EspAlgoInfo.AuthKeyLength\r
- );\r
- Print (L"\n Encrypt:%s/",EncAlgoStr);\r
- DumpAsciiString (\r
- Data->AlgoInfo.EspAlgoInfo.EncKey,\r
- Data->AlgoInfo.EspAlgoInfo.EncKeyLength\r
- );\r
- } else {\r
- //\r
- // if the SAD is created by IKE, the key is a set of hex value in buffer.\r
- // Print the Key in Hex format.\r
- //\r
- Print (L" Auth:%s/",AuthAlgoStr);\r
- DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);\r
-\r
- Print (L"\n Encrypt:%s/",EncAlgoStr);\r
- DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength);\r
- }\r
- }\r
- Print (L"\n");\r
- if (Data->SpdSelector != NULL) {\r
- Print (L" ");\r
- DumpSpdSelector (Data->SpdSelector);\r
- Print (L"\n");\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.\r
-\r
- @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.\r
- @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.\r
- @param[in] EntryIndex The pointer to the Index in the PAD Database.\r
-\r
- @retval EFI_SUCCESS Dump PAD information successfully.\r
-**/\r
-EFI_STATUS\r
-DumpPadEntry (\r
- IN EFI_IPSEC_PAD_ID *PadId,\r
- IN EFI_IPSEC_PAD_DATA *Data,\r
- IN UINTN *EntryIndex\r
- )\r
-{\r
- CHAR16 *String1;\r
- CHAR16 *String2;\r
-\r
- //\r
- // ADDR:10.23.17.34/15\r
- // IDEv1 PreSharedSecret IKE-ID\r
- // password\r
- //\r
-\r
- Print (L"%d.", (*EntryIndex)++);\r
-\r
- if (PadId->PeerIdValid) {\r
- Print (L"ID:%s", PadId->Id.PeerId);\r
- } else {\r
- Print (L"ADDR:");\r
- DumpAddressInfo (&PadId->Id.IpAddress);\r
- }\r
-\r
- Print (L"\n");\r
-\r
- String1 = MapIntegerToString (Data->AuthProtocol, mMapAuthProto);\r
- String2 = MapIntegerToString (Data->AuthMethod, mMapAuthMethod);\r
- Print (\r
- L" %s %s",\r
- String1,\r
- String2\r
- );\r
-\r
- if (Data->IkeIdFlag) {\r
- Print (L"IKE-ID");\r
- }\r
-\r
- Print (L"\n");\r
-\r
- if (Data->AuthData != NULL) {\r
- DumpAsciiString (Data->AuthData, Data->AuthDataSize);\r
- Print (L"\n");\r
- }\r
-\r
- if (Data->RevocationData != NULL) {\r
- Print (L" %s\n", Data->RevocationData);\r
- }\r
-\r
- return EFI_SUCCESS;\r
-\r
-}\r
-\r
-VISIT_POLICY_ENTRY mDumpPolicyEntry[] = {\r
- (VISIT_POLICY_ENTRY) DumpSpdEntry,\r
- (VISIT_POLICY_ENTRY) DumpSadEntry,\r
- (VISIT_POLICY_ENTRY) DumpPadEntry\r
-};\r
-\r
-/**\r
- Print all entry information in the database according to datatype.\r
-\r
- @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.\r
- @param[in] ParamPackage The pointer to the ParamPackage list.\r
-\r
- @retval EFI_SUCCESS Dump all information successfully.\r
- @retval Others Some mistaken case.\r
-**/\r
-EFI_STATUS\r
-ListPolicyEntry (\r
- IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,\r
- IN LIST_ENTRY *ParamPackage\r
- )\r
-{\r
- UINTN EntryIndex;\r
-\r
- EntryIndex = 0;\r
- return ForeachPolicyEntry (DataType, mDumpPolicyEntry[DataType], &EntryIndex);\r
-}\r
-\r