1 /** @file 2 The Interfaces of IPsec debug information printing. 3 4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> 5 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php. 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 16 #include "IpSecImpl.h" 17 #include "IpSecDebug.h" 18 19 // 20 // The print title for IKEv1 variety phase. 21 // 22 CHAR8 *mIkev1StateStr[IKE_STATE_NUM] = { 23 "IKEv1_MAIN_1", 24 "IKEv1_MAIN_2", 25 "IKEv1_MAIN_3", 26 "IKEv1_MAIN_ESTABLISHED", 27 "IKEv1_QUICK_1", 28 "IKEv1_QUICK_2", 29 "IKEv1_QUICK_ESTABLISHED" 30 }; 31 32 // 33 // The print title for IKEv2 variety phase. 34 // 35 CHAR8 *mIkev2StateStr[IKE_STATE_NUM] = { 36 "IKEv2_STATE_INIT", 37 "IKEv2_STATE_AUTH", 38 "IKEv2_STATE_SA_ESTABLISH", 39 "IKEv2_STATE_CREATE_CHILD", 40 "IKEv2_STATE_SA_REKEYING", 41 "IKEv2_STATE_CHILD_SA_ESTABLISHED", 42 "IKEv2_STATE_SA_DELETING" 43 }; 44 45 // 46 // The print title for IKEv1 variety Exchagne. 47 // 48 CHAR8 *mExchangeStr[] = { 49 "IKEv1 Main Exchange", 50 "IKEv1 Info Exchange", 51 "IKEv1 Quick Exchange", 52 "IKEv2 Initial Exchange", 53 "IKEv2 Auth Exchange", 54 "IKEv2 Create Child Exchange", 55 "IKEv2 Info Exchange", 56 "IKE Unknow Exchange" 57 }; 58 59 // 60 // The print title for IKEv1 variety Payload. 61 // 62 CHAR8 *mIkev1PayloadStr[] = { 63 "IKEv1 None Payload", 64 "IKEv1 SA Payload", 65 "IKEv1 Proposal Payload", 66 "IKEv1 Transform Payload", 67 "IKEv1 KE Payload", 68 "IKEv1 ID Payload", 69 "IKEv1 Certificate Payload", 70 "IKEv1 Certificate Request Payload", 71 "IKEv1 Hash Payload", 72 "IKEv1 Signature Payload", 73 "IKEv1 Nonce Payload", 74 "IKEv1 Notify Payload", 75 "IKEv1 Delete Payload", 76 "IKEv1 Vendor Payload" 77 }; 78 79 // 80 // The print title for IKEv2 variety Payload. 81 // 82 CHAR8* mIkev2PayloadStr[] = { 83 "IKEv2 SA Payload", 84 "IKEv2 Key Payload", 85 "IKEv2 Identity Initial Payload", 86 "IKEv2 Identity Respond Payload", 87 "IKEv2 Certificate Payload", 88 "IKEv2 Certificate Request Payload", 89 "IKEv2 Auth Payload", 90 "IKEv2 Nonce Payload", 91 "IKEv2 Notify Payload", 92 "IKEv2 Delet Payload", 93 "IKEv2 Vendor Payload", 94 "IKEv2 Traffic Selector Initiator Payload", 95 "IKEv2 Traffic Selector Respond Payload", 96 "IKEv2 Encrypt Payload", 97 "IKEv2 Configuration Payload", 98 "IKEv2 Extensible Authentication Payload" 99 }; 100 101 /** 102 Print the IP address. 103 104 @param[in] Level Debug print error level. Pass to DEBUG(). 105 @param[in] Ip Point to a specified IP address. 106 @param[in] IpVersion The IP Version. 107 108 **/ 109 VOID 110 IpSecDumpAddress ( 111 IN UINTN Level, 112 IN EFI_IP_ADDRESS *Ip, 113 IN UINT8 IpVersion 114 ) 115 { 116 if (IpVersion == IP_VERSION_6) { 117 DEBUG ( 118 (Level, 119 "%x%x:%x%x:%x%x:%x%x", 120 Ip->v6.Addr[0], 121 Ip->v6.Addr[1], 122 Ip->v6.Addr[2], 123 Ip->v6.Addr[3], 124 Ip->v6.Addr[4], 125 Ip->v6.Addr[5], 126 Ip->v6.Addr[6], 127 Ip->v6.Addr[7]) 128 ); 129 DEBUG ( 130 (Level, 131 ":%x%x:%x%x:%x%x:%x%x\n", 132 Ip->v6.Addr[8], 133 Ip->v6.Addr[9], 134 Ip->v6.Addr[10], 135 Ip->v6.Addr[11], 136 Ip->v6.Addr[12], 137 Ip->v6.Addr[13], 138 Ip->v6.Addr[14], 139 Ip->v6.Addr[15]) 140 ); 141 } else { 142 DEBUG ( 143 (Level, 144 "%d.%d.%d.%d\n", 145 Ip->v4.Addr[0], 146 Ip->v4.Addr[1], 147 Ip->v4.Addr[2], 148 Ip->v4.Addr[3]) 149 ); 150 } 151 152 } 153 154 /** 155 Print IKE Current states. 156 157 @param[in] Previous The Previous state of IKE. 158 @param[in] Current The current state of IKE. 159 @param[in] IkeVersion The version of IKE. 160 161 **/ 162 VOID 163 IkeDumpState ( 164 IN UINT32 Previous, 165 IN UINT32 Current, 166 IN UINT8 IkeVersion 167 ) 168 { 169 if (Previous >= IKE_STATE_NUM || Current >= IKE_STATE_NUM) { 170 return; 171 } 172 173 if (Previous == Current) { 174 if (IkeVersion == 1) { 175 DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev1StateStr[Previous])); 176 } else if (IkeVersion == 2) { 177 DEBUG ((DEBUG_INFO, "\n****Current state is %a\n", mIkev2StateStr[Previous])); 178 } 179 } else { 180 if (IkeVersion == 1) { 181 DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev1StateStr[Previous], mIkev1StateStr[Current])); 182 } else { 183 DEBUG ((DEBUG_INFO, "\n****Change state from %a to %a\n", mIkev2StateStr[Previous], mIkev2StateStr[Current])); 184 } 185 } 186 } 187 188 /** 189 Print the IKE Packet. 190 191 @param[in] Packet Point to IKE packet to be printed. 192 @param[in] Direction Point to the IKE packet is inbound or outbound. 193 @param[in] IpVersion Specified IP Version. 194 195 **/ 196 VOID 197 IpSecDumpPacket ( 198 IN IKE_PACKET *Packet, 199 IN EFI_IPSEC_TRAFFIC_DIR Direction, 200 IN UINT8 IpVersion 201 ) 202 { 203 CHAR8 *TypeStr; 204 UINTN PacketSize; 205 UINT64 InitCookie; 206 UINT64 RespCookie; 207 208 ASSERT (Packet != NULL); 209 210 PacketSize = Packet->PayloadTotalSize + sizeof (IKE_HEADER); 211 InitCookie = (Direction == EfiIPsecOutBound) ? HTONLL (Packet->Header->InitiatorCookie) : Packet->Header->InitiatorCookie; 212 RespCookie = (Direction == EfiIPsecOutBound) ? HTONLL (Packet->Header->ResponderCookie) : Packet->Header->ResponderCookie; 213 214 switch (Packet->Header->ExchangeType) { 215 case IKE_XCG_TYPE_IDENTITY_PROTECT: 216 TypeStr = mExchangeStr[0]; 217 break; 218 219 case IKE_XCG_TYPE_INFO: 220 TypeStr = mExchangeStr[1]; 221 break; 222 223 case IKE_XCG_TYPE_QM: 224 TypeStr = mExchangeStr[2]; 225 break; 226 227 case IKE_XCG_TYPE_SA_INIT: 228 TypeStr = mExchangeStr[3]; 229 break; 230 231 case IKE_XCG_TYPE_AUTH: 232 TypeStr = mExchangeStr[4]; 233 break; 234 235 case IKE_XCG_TYPE_CREATE_CHILD_SA: 236 TypeStr = mExchangeStr[5]; 237 break; 238 239 case IKE_XCG_TYPE_INFO2: 240 TypeStr = mExchangeStr[6]; 241 break; 242 243 default: 244 TypeStr = mExchangeStr[7]; 245 break; 246 } 247 248 if (Direction == EfiIPsecOutBound) { 249 DEBUG ((DEBUG_INFO, "\n>>>Sending %d bytes %a to ", PacketSize, TypeStr)); 250 } else { 251 DEBUG ((DEBUG_INFO, "\n>>>Receiving %d bytes %a from ", PacketSize, TypeStr)); 252 } 253 254 IpSecDumpAddress (DEBUG_INFO, &Packet->RemotePeerIp, IpVersion); 255 256 DEBUG ((DEBUG_INFO, " InitiatorCookie:0x%lx ResponderCookie:0x%lx\n", InitCookie, RespCookie)); 257 DEBUG ( 258 (DEBUG_INFO, 259 " Version: 0x%x Flags:0x%x ExchangeType:0x%x\n", 260 Packet->Header->Version, 261 Packet->Header->Flags, 262 Packet->Header->ExchangeType) 263 ); 264 DEBUG ( 265 (DEBUG_INFO, 266 " MessageId:0x%x NextPayload:0x%x\n", 267 Packet->Header->MessageId, 268 Packet->Header->NextPayload) 269 ); 270 271 } 272 273 /** 274 Print the IKE Paylolad. 275 276 @param[in] IkePayload Point to payload to be printed. 277 @param[in] IkeVersion The specified version of IKE. 278 279 **/ 280 VOID 281 IpSecDumpPayload ( 282 IN IKE_PAYLOAD *IkePayload, 283 IN UINT8 IkeVersion 284 ) 285 { 286 if (IkeVersion == 1) { 287 DEBUG ((DEBUG_INFO, "+%a\n", mIkev1PayloadStr[IkePayload->PayloadType])); 288 } else { 289 // 290 // For IKEV2 the first Payload type is started from 33. 291 // 292 DEBUG ((DEBUG_INFO, "+%a\n", mIkev2PayloadStr[IkePayload->PayloadType - 33])); 293 } 294 IpSecDumpBuf ("Payload data", IkePayload->PayloadBuf, IkePayload->PayloadSize); 295 } 296 297 /** 298 Print the buffer in form of Hex. 299 300 @param[in] Title The strings to be printed before the data of the buffer. 301 @param[in] Data Points to buffer to be printed. 302 @param[in] DataSize The size of the buffer to be printed. 303 304 **/ 305 VOID 306 IpSecDumpBuf ( 307 IN CHAR8 *Title, 308 IN UINT8 *Data, 309 IN UINTN DataSize 310 ) 311 { 312 UINTN Index; 313 UINTN DataIndex; 314 UINTN BytesRemaining; 315 UINTN BytesToPrint; 316 317 DataIndex = 0; 318 BytesRemaining = DataSize; 319 320 DEBUG ((DEBUG_INFO, "==%a %d bytes==\n", Title, DataSize)); 321 322 while (BytesRemaining > 0) { 323 324 BytesToPrint = (BytesRemaining > IPSEC_DEBUG_BYTE_PER_LINE) ? IPSEC_DEBUG_BYTE_PER_LINE : BytesRemaining; 325 326 for (Index = 0; Index < BytesToPrint; Index++) { 327 DEBUG ((DEBUG_INFO, " 0x%02x,", Data[DataIndex++])); 328 } 329 330 DEBUG ((DEBUG_INFO, "\n")); 331 BytesRemaining -= BytesToPrint; 332 } 333 334 } 335
