sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7d0f92e8fd68e1f1242f36c203400be23954d563
system76-edk2/NetworkPkg/Application/IpsecConfig/Dump.c
qianouyang da7c529ca1 IpsecConfigApp add the check for the required options (--local, --remote, Auth-algo, Auth-key) for SAD adding. 
Signed-off-by: qianouyang
Reviewed-by: czhan46



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12829 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-08 03:15:55 +00:00

580 lines
16 KiB
C
Raw Blame History

/** @file
The implementation of dump policy entry function in IpSecConfig application.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "IpSecConfig.h"
#include "Dump.h"
#include "ForEach.h"
#include "Helper.h"
/**
Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.
@param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
@return the value of version.
**/
UINTN
GetVerFromAddrInfo (
IN EFI_IP_ADDRESS_INFO *AddressInfo
)
{
if((AddressInfo->PrefixLength <= 32) && (AddressInfo->Address.Addr[1] == 0) &&
(AddressInfo->Address.Addr[2] == 0) && (AddressInfo->Address.Addr[3] == 0)) {
return IP_VERSION_4;
} else {
return IP_VERSION_6;
}
}
/**
Private function called to get the version information from a EFI_IP_ADDRESS structure.
@param[in] Address The pointer to the EFI_IP_ADDRESS structure.
@return The value of the version.
**/
UINTN
GetVerFromIpAddr (
IN EFI_IP_ADDRESS *Address
)
{
if ((Address->Addr[1] == 0) && (Address->Addr[2] == 0) && (Address->Addr[3] == 0)) {
return IP_VERSION_4;
} else {
return IP_VERSION_6;
}
}
/**
Private function called to print an ASCII string in unicode char format.
@param[in] Str The pointer to the ASCII string.
@param[in] Length The value of the ASCII string length.
**/
VOID
DumpAsciiString (
IN CHAR8 *Str,
IN UINTN Length
)
{
UINTN Index;
Print (L"\"");
for (Index = 0; Index < Length; Index++) {
Print (L"%c", (CHAR16) Str[Index]);
}
Print (L"\"");
}
/**
Private function called to print a buffer in Hex format.
@param[in] Data The pointer to the buffer.
@param[in] Length The size of the buffer.
**/
VOID
DumpBuf (
IN UINT8 *Data,
IN UINTN Length
)
{
UINTN Index;
for (Index = 0; Index < Length; Index++) {
Print (L"%02x ", Data[Index]);
}
}
/**
Private function called to print EFI_IP_ADDRESS_INFO content.
@param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
**/
VOID
DumpAddressInfo (
IN EFI_IP_ADDRESS_INFO *AddressInfo
)
{
if (IP_VERSION_4 == GetVerFromAddrInfo (AddressInfo)) {
Print (
L"%d.%d.%d.%d",
(UINTN) AddressInfo->Address.v4.Addr[0],
(UINTN) AddressInfo->Address.v4.Addr[1],
(UINTN) AddressInfo->Address.v4.Addr[2],
(UINTN) AddressInfo->Address.v4.Addr[3]
);
if (AddressInfo->PrefixLength != 32) {
Print (L"/%d", (UINTN) AddressInfo->PrefixLength);
}
}
if (IP_VERSION_6 == GetVerFromAddrInfo (AddressInfo)) {
Print (
L"%x:%x:%x:%x:%x:%x:%x:%x",
(((UINT16) AddressInfo->Address.v6.Addr[0]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[1]),
(((UINT16) AddressInfo->Address.v6.Addr[2]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[3]),
(((UINT16) AddressInfo->Address.v6.Addr[4]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[5]),
(((UINT16) AddressInfo->Address.v6.Addr[6]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[7]),
(((UINT16) AddressInfo->Address.v6.Addr[8]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[9]),
(((UINT16) AddressInfo->Address.v6.Addr[10]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[11]),
(((UINT16) AddressInfo->Address.v6.Addr[12]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[13]),
(((UINT16) AddressInfo->Address.v6.Addr[14]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[15])
);
if (AddressInfo->PrefixLength != 128) {
Print (L"/%d", AddressInfo->PrefixLength);
}
}
}
/**
Private function called to print EFI_IP_ADDRESS content.
@param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.
**/
VOID
DumpIpAddress (
IN EFI_IP_ADDRESS *IpAddress
)
{
if (IP_VERSION_4 == GetVerFromIpAddr (IpAddress)) {
Print (
L"%d.%d.%d.%d",
(UINTN) IpAddress->v4.Addr[0],
(UINTN) IpAddress->v4.Addr[1],
(UINTN) IpAddress->v4.Addr[2],
(UINTN) IpAddress->v4.Addr[3]
);
}
if (IP_VERSION_6 == GetVerFromIpAddr (IpAddress)) {
Print (
L"%x:%x:%x:%x:%x:%x:%x:%x",
(((UINT16) IpAddress->v6.Addr[0]) << 8) | ((UINT16) IpAddress->v6.Addr[1]),
(((UINT16) IpAddress->v6.Addr[2]) << 8) | ((UINT16) IpAddress->v6.Addr[3]),
(((UINT16) IpAddress->v6.Addr[4]) << 8) | ((UINT16) IpAddress->v6.Addr[5]),
(((UINT16) IpAddress->v6.Addr[6]) << 8) | ((UINT16) IpAddress->v6.Addr[7]),
(((UINT16) IpAddress->v6.Addr[8]) << 8) | ((UINT16) IpAddress->v6.Addr[9]),
(((UINT16) IpAddress->v6.Addr[10]) << 8) | ((UINT16) IpAddress->v6.Addr[11]),
(((UINT16) IpAddress->v6.Addr[12]) << 8) | ((UINT16) IpAddress->v6.Addr[13]),
(((UINT16) IpAddress->v6.Addr[14]) << 8) | ((UINT16) IpAddress->v6.Addr[15])
);
}
}
/**
Private function called to print EFI_IPSEC_SPD_SELECTOR content.
@param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
**/
VOID
DumpSpdSelector (
IN EFI_IPSEC_SPD_SELECTOR *Selector
)
{
UINT32 Index;
CHAR16 *Str;
for (Index = 0; Index < Selector->LocalAddressCount; Index++) {
if (Index > 0) {
Print (L",");
}
DumpAddressInfo (&Selector->LocalAddress[Index]);
}
if (Index == 0) {
Print (L"localhost");
}
Print (L" -> ");
for (Index = 0; Index < Selector->RemoteAddressCount; Index++) {
if (Index > 0) {
Print (L",");
}
DumpAddressInfo (&Selector->RemoteAddress[Index]);
}
Str = MapIntegerToString (Selector->NextLayerProtocol, mMapIpProtocol);
if (Str != NULL) {
Print (L" %s", Str);
} else {
Print (L" proto:%d", (UINTN) Selector->NextLayerProtocol);
}
if ((Selector->NextLayerProtocol == EFI_IP4_PROTO_TCP) || (Selector->NextLayerProtocol == EFI_IP4_PROTO_UDP)) {
Print (L" port:");
if (Selector->LocalPort != EFI_IPSEC_ANY_PORT) {
Print (L"%d", Selector->LocalPort);
if (Selector->LocalPortRange != 0) {
Print (L"~%d", (UINTN) Selector->LocalPort + Selector->LocalPortRange);
}
} else {
Print (L"any");
}
Print (L" -> ");
if (Selector->RemotePort != EFI_IPSEC_ANY_PORT) {
Print (L"%d", Selector->RemotePort);
if (Selector->RemotePortRange != 0) {
Print (L"~%d", (UINTN) Selector->RemotePort + Selector->RemotePortRange);
}
} else {
Print (L"any");
}
} else if (Selector->NextLayerProtocol == EFI_IP4_PROTO_ICMP) {
Print (L" class/code:");
if (Selector->LocalPort != 0) {
Print (L"%d", (UINTN) (UINT8) Selector->LocalPort);
} else {
Print (L"any");
}
Print (L"/");
if (Selector->RemotePort != 0) {
Print (L"%d", (UINTN) (UINT8) Selector->RemotePort);
} else {
Print (L"any");
}
}
}
/**
Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.
@param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
@param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
@param[in] EntryIndex The pointer to the Index in SPD Database.
@retval EFI_SUCCESS Dump SPD information successfully.
**/
EFI_STATUS
DumpSpdEntry (
IN EFI_IPSEC_SPD_SELECTOR *Selector,
IN EFI_IPSEC_SPD_DATA *Data,
IN UINTN *EntryIndex
)
{
BOOLEAN HasPre;
CHAR16 DataName[128];
CHAR16 *String1;
CHAR16 *String2;
CHAR16 *String3;
UINT8 Index;
Print (L"%d.", (*EntryIndex)++);
//
// xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
// Protect PF:0x34323423 Name:First Entry
// ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]
// ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]
//
DumpSpdSelector (Selector);
Print (L"\n ");
Print (L"%s ", MapIntegerToString (Data->Action, mMapIpSecAction));
Print (L"PF:%08x ", Data->PackageFlag);
Index = 0;
while (Data->Name[Index] != 0) {
DataName[Index] = (CHAR16) Data->Name[Index];
Index++;
ASSERT (Index < 128);
}
DataName[Index] = L'\0';
Print (L"Name:%s", DataName);
if (Data->Action == EfiIPsecActionProtect) {
Print (L"\n ");
if (Data->ProcessingPolicy->ExtSeqNum) {
Print (L"ext-sequence ");
}
if (Data->ProcessingPolicy->SeqOverflow) {
Print (L"sequence-overflow ");
}
if (Data->ProcessingPolicy->FragCheck) {
Print (L"fragment-check ");
}
HasPre = FALSE;
if (Data->ProcessingPolicy->SaLifetime.ByteCount != 0) {
Print (HasPre ? L"," : L"life:[");
Print (L"%lxB", Data->ProcessingPolicy->SaLifetime.ByteCount);
HasPre = TRUE;
}
if (Data->ProcessingPolicy->SaLifetime.SoftLifetime != 0) {
Print (HasPre ? L"," : L"life:[");
Print (L"%lxs", Data->ProcessingPolicy->SaLifetime.SoftLifetime);
HasPre = TRUE;
}
if (Data->ProcessingPolicy->SaLifetime.HardLifetime != 0) {
Print (HasPre ? L"," : L"life:[");
Print (L"%lxS", Data->ProcessingPolicy->SaLifetime.HardLifetime);
HasPre = TRUE;
}
if (HasPre) {
Print (L"]");
}
if (HasPre || Data->ProcessingPolicy->ExtSeqNum ||
Data->ProcessingPolicy->SeqOverflow || Data->ProcessingPolicy->FragCheck) {
Print (L"\n ");
}
String1 = MapIntegerToString (Data->ProcessingPolicy->Proto, mMapIpSecProtocol);
String2 = MapIntegerToString (Data->ProcessingPolicy->AuthAlgoId, mMapAuthAlgo);
String3 = MapIntegerToString (Data->ProcessingPolicy->EncAlgoId, mMapEncAlgo);
Print (
L"%s Auth:%s Encrypt:%s ",
String1,
String2,
String3
);
Print (L"%s ", MapIntegerToString (Data->ProcessingPolicy->Mode, mMapIpSecMode));
if (Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {
Print (L"[");
DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
Print (L" -> ");
DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
Print (L" %s]", MapIntegerToString (Data->ProcessingPolicy->TunnelOption->DF, mMapDfOption));
}
}
Print (L"\n");
return EFI_SUCCESS;
}
/**
Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
@param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
@param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
@param[in] EntryIndex The pointer to the Index in the SAD Database.
@retval EFI_SUCCESS Dump SAD information successfully.
**/
EFI_STATUS
DumpSadEntry (
IN EFI_IPSEC_SA_ID *SaId,
IN EFI_IPSEC_SA_DATA2 *Data,
IN UINTN *EntryIndex
)
{
BOOLEAN HasPre;
CHAR16 *AuthAlgoStr;
CHAR16 *EncAlgoStr;
AuthAlgoStr = NULL;
EncAlgoStr = NULL;
//
// SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
// Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34
// Auth:xxxx/password Encrypt:yyyy/password
// xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
//
Print (L"%d.", (*EntryIndex)++);
Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
if (Data->Mode == EfiIPsecTunnel) {
Print (L"TunnelSourceAddress:");
DumpIpAddress (&Data->TunnelSourceAddress);
Print (L"\n");
Print (L" TunnelDestination:");
DumpIpAddress (&Data->TunnelDestinationAddress);
Print (L"\n");
}
Print (
L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
MapIntegerToString (Data->Mode, mMapIpSecMode),
Data->SNCount,
(UINTN) Data->AntiReplayWindows
);
HasPre = FALSE;
if (Data->SaLifetime.ByteCount != 0) {
Print (HasPre ? L"," : L"life:[");
Print (L"%lxB", Data->SaLifetime.ByteCount);
HasPre = TRUE;
}
if (Data->SaLifetime.SoftLifetime != 0) {
Print (HasPre ? L"," : L"life:[");
Print (L"%lxs", Data->SaLifetime.SoftLifetime);
HasPre = TRUE;
}
if (Data->SaLifetime.HardLifetime != 0) {
Print (HasPre ? L"," : L"life:[");
Print (L"%lxS", Data->SaLifetime.HardLifetime);
HasPre = TRUE;
}
if (HasPre) {
Print (L"] ");
}
Print (L"PathMTU:%d\n", (UINTN) Data->PathMTU);
if (SaId->Proto == EfiIPsecAH) {
Print (
L" Auth:%s/%s\n",
MapIntegerToString (Data->AlgoInfo.AhAlgoInfo.AuthAlgoId, mMapAuthAlgo),
Data->AlgoInfo.AhAlgoInfo.AuthKey
);
} else {
AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
if (Data->ManualSet) {
//
// if the SAD is set manually the key is a Ascii string in most of time.
// Print the Key in Ascii string format.
//
Print (L" Auth:%s/",AuthAlgoStr);
DumpAsciiString (
Data->AlgoInfo.EspAlgoInfo.AuthKey,
Data->AlgoInfo.EspAlgoInfo.AuthKeyLength
);
Print (L"\n Encrypt:%s/",EncAlgoStr);
DumpAsciiString (
Data->AlgoInfo.EspAlgoInfo.EncKey,
Data->AlgoInfo.EspAlgoInfo.EncKeyLength
);
} else {
//
// if the SAD is created by IKE, the key is a set of hex value in buffer.
// Print the Key in Hex format.
//
Print (L" Auth:%s/",AuthAlgoStr);
DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
Print (L"\n Encrypt:%s/",EncAlgoStr);
DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
}
}
Print (L"\n");
if (Data->SpdSelector != NULL) {
Print (L" ");
DumpSpdSelector (Data->SpdSelector);
Print (L"\n");
}
return EFI_SUCCESS;
}
/**
Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.
@param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
@param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
@param[in] EntryIndex The pointer to the Index in the PAD Database.
@retval EFI_SUCCESS Dump PAD information successfully.
**/
EFI_STATUS
DumpPadEntry (
IN EFI_IPSEC_PAD_ID *PadId,
IN EFI_IPSEC_PAD_DATA *Data,
IN UINTN *EntryIndex
)
{
CHAR16 *String1;
CHAR16 *String2;
//
// ADDR:10.23.17.34/15
// IDEv1 PreSharedSecret IKE-ID
// password
//
Print (L"%d.", (*EntryIndex)++);
if (PadId->PeerIdValid) {
Print (L"ID:%s", PadId->Id.PeerId);
} else {
Print (L"ADDR:");
DumpAddressInfo (&PadId->Id.IpAddress);
}
Print (L"\n");
String1 = MapIntegerToString (Data->AuthProtocol, mMapAuthProto);
String2 = MapIntegerToString (Data->AuthMethod, mMapAuthMethod);
Print (
L" %s %s",
String1,
String2
);
if (Data->IkeIdFlag) {
Print (L"IKE-ID");
}
Print (L"\n");
if (Data->AuthData != NULL) {
DumpAsciiString (Data->AuthData, Data->AuthDataSize);
Print (L"\n");
}
if (Data->RevocationData != NULL) {
Print (L" %s\n", Data->RevocationData);
}
return EFI_SUCCESS;
}
VISIT_POLICY_ENTRY mDumpPolicyEntry[] = {
(VISIT_POLICY_ENTRY) DumpSpdEntry,
(VISIT_POLICY_ENTRY) DumpSadEntry,
(VISIT_POLICY_ENTRY) DumpPadEntry
};
/**
Print all entry information in the database according to datatype.
@param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
@param[in] ParamPackage The pointer to the ParamPackage list.
@retval EFI_SUCCESS Dump all information successfully.
@retval Others Some mistaken case.
**/
EFI_STATUS
ListPolicyEntry (
IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
IN LIST_ENTRY *ParamPackage
)
{
UINTN EntryIndex;
EntryIndex = 0;
return ForeachPolicyEntry (DataType, mDumpPolicyEntry[DataType], &EntryIndex);
}
Reference in New Issue View Git Blame Copy Permalink