/** @file\r
Provide IPsec Key Exchange (IKE) service general interfaces.\r
- \r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+ Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
0,\r
1000000,\r
FALSE,\r
- {0,0,0,0},\r
- {0,0,0,0},\r
+ {{0,0,0,0}},\r
+ {{0,0,0,0}},\r
IKE_DEFAULT_PORT,\r
- {0,0,0,0},\r
+ {{0,0,0,0}},\r
0\r
};\r
\r
0,\r
1000000,\r
//Access Point\r
- {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0},\r
+ {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},\r
IKE_DEFAULT_PORT,\r
- {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0},\r
+ {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},\r
0\r
};\r
\r
Check if the NIC handle is binded to a Udp service.\r
\r
@param[in] Private Pointer of IPSEC_PRIVATE_DATA.\r
- @param[in] NicHandle The Handle of the NIC card.\r
+ @param[in] Handle The Handle of the NIC card.\r
@param[in] IpVersion The version of the IP stack.\r
\r
@return a pointer of IKE_UDP_SERVICE.\r
\r
/**\r
Configure a UDPIO's UDP4 instance.\r
- \r
- This fuction is called by the UdpIoCreateIo() to configures a \r
+\r
+ This fuction is called by the UdpIoCreateIo() to configures a\r
UDP4 instance.\r
- \r
+\r
@param[in] UdpIo The UDP_IO to be configured.\r
@param[in] Context User-defined data when calling UdpIoCreateIo().\r
- \r
+\r
@retval EFI_SUCCESS The configuration succeeded.\r
@retval Others The UDP4 instance fails to configure.\r
\r
**/\r
EFI_STATUS\r
+EFIAPI\r
IkeConfigUdp4 (\r
IN UDP_IO *UdpIo,\r
IN VOID *Context\r
\r
/**\r
Configure a UDPIO's UDP6 instance.\r
- \r
- This fuction is called by the UdpIoCreateIo()to configure a \r
+\r
+ This fuction is called by the UdpIoCreateIo()to configure a\r
UDP6 instance.\r
- \r
+\r
@param[in] UdpIo The UDP_IO to be configured.\r
@param[in] Context User-defined data when calling UdpIoCreateIo().\r
- \r
+\r
@retval EFI_SUCCESS The configuration succeeded.\r
@retval Others The configuration fails.\r
\r
**/\r
EFI_STATUS\r
+EFIAPI\r
IkeConfigUdp6 (\r
IN UDP_IO *UdpIo,\r
IN VOID *Context\r
\r
/**\r
Open and configure the related output UDPIO for IKE packet sending.\r
- \r
- If the UdpService is not configured, this fuction calls UdpIoCreatIo() to \r
+\r
+ If the UdpService is not configured, this fuction calls UdpIoCreatIo() to\r
create UDPIO to bind this UdpService for IKE packet sending. If the UdpService\r
has already been configured, then return.\r
- \r
+\r
@param[in] UdpService The UDP_IO to be configured.\r
@param[in] RemoteIp User-defined data when calling UdpIoCreateIo().\r
- \r
+\r
@retval EFI_SUCCESS The configuration is successful.\r
@retval Others The configuration fails.\r
\r
\r
/**\r
Open and configure a UDPIO of Udp4 for IKE packet receiving.\r
- \r
- This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and \r
+\r
+ This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r
UDP4 IO for each NIC handle.\r
- \r
+\r
@param[in] Private Point to IPSEC_PRIVATE_DATA\r
@param[in] Controller Handler for NIC card.\r
- \r
+ @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r
+\r
@retval EFI_SUCCESS The Operation is successful.\r
@retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
- \r
+\r
**/\r
EFI_STATUS\r
IkeOpenInputUdp4 (\r
IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Controller\r
+ IN EFI_HANDLE Controller,\r
+ IN EFI_HANDLE ImageHandle\r
)\r
{\r
IKE_UDP_SERVICE *Udp4Srv;\r
//\r
Udp4Srv->Input = UdpIoCreateIo (\r
Controller,\r
- Private->ImageHandle,\r
+ ImageHandle,\r
IkeConfigUdp4,\r
UDP_IO_UDP4_VERSION,\r
NULL\r
}\r
\r
Udp4Srv->NicHandle = Controller;\r
- Udp4Srv->ImageHandle = Private->ImageHandle;\r
+ Udp4Srv->ImageHandle = ImageHandle;\r
Udp4Srv->ListHead = &(Private->Udp4List);\r
Udp4Srv->IpVersion = UDP_IO_UDP4_VERSION;\r
Udp4Srv->IsConfigured = FALSE;\r
\r
/**\r
Open and configure a UDPIO of Udp6 for IKE packet receiving.\r
- \r
+\r
This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r
IO for each NIC handle.\r
- \r
+\r
@param[in] Private Point to IPSEC_PRIVATE_DATA\r
@param[in] Controller Handler for NIC card.\r
- \r
+ @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r
+\r
@retval EFI_SUCCESS The Operation is successful.\r
@retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
- \r
+\r
**/\r
EFI_STATUS\r
IkeOpenInputUdp6 (\r
IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Controller\r
+ IN EFI_HANDLE Controller,\r
+ IN EFI_HANDLE ImageHandle\r
)\r
{\r
IKE_UDP_SERVICE *Udp6Srv;\r
//\r
Udp6Srv->Input = UdpIoCreateIo (\r
Controller,\r
- Private->ImageHandle,\r
+ ImageHandle,\r
IkeConfigUdp6,\r
UDP_IO_UDP6_VERSION,\r
NULL\r
}\r
\r
Udp6Srv->NicHandle = Controller;\r
- Udp6Srv->ImageHandle = Private->ImageHandle;\r
+ Udp6Srv->ImageHandle = ImageHandle;\r
Udp6Srv->ListHead = &(Private->Udp6List);\r
Udp6Srv->IpVersion = UDP_IO_UDP6_VERSION;\r
Udp6Srv->IsConfigured = FALSE;\r
\r
/**\r
The general interface of starting IPsec Key Exchange.\r
- \r
+\r
This function is called when a IKE negotiation to start getting a Key.\r
- \r
- @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for \r
+\r
+ @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r
IKE packet sending.\r
@param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r
@param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r
- \r
+\r
@retval EFI_SUCCESS The Operation is successful.\r
@retval EFI_ACCESS_DENIED No related PAD entry was found.\r
@retval EFI_INVALID_PARAMETER The IKE version is not supported.\r
- \r
+\r
**/\r
EFI_STATUS\r
IkeNegotiate (\r
}\r
//\r
// Try to find the IKE SA session in the IKEv1 and IKEv2 established SA session list.\r
- // \r
- IkeSaSession = (UINT8 *) Ikev2SaSessionLookup (&Private->Ikev2EstablishedList, RemoteIp); \r
+ //\r
+ IkeSaSession = (UINT8 *) Ikev2SaSessionLookup (&Private->Ikev2EstablishedList, RemoteIp);\r
\r
\r
if (IkeSaSession == NULL) {\r
if (IkeVersion != 2) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
Exchange = mIkeExchange[IkeVersion - 1];\r
//\r
// Start the quick mode stage to negotiate child SA.\r
\r
/**\r
The generic interface when receive a IKE packet.\r
- \r
+\r
This function is called when UDP IO receives a IKE packet.\r
- \r
+\r
@param[in] Packet Point to received IKE packet.\r
- @param[in] EndPoint Point to UDP_END_POINT which contains the information of \r
+ @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r
Remote IP and Port.\r
@param[in] IoStatus The Status of Recieve Token.\r
@param[in] Context Point to data passed from the caller.\r
- \r
+\r
**/\r
VOID\r
+EFIAPI\r
IkeDispatch (\r
IN NET_BUF *Packet,\r
IN UDP_END_POINT *EndPoint,\r
\r
/**\r
Delete all established IKE SAs and related Child SAs.\r
- \r
- This function is the subfunction of the IpSecCleanupAllSa(). It first calls \r
- IkeDeleteChildSa() to delete all Child SAs then send out the related \r
+\r
+ This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r
+ IkeDeleteChildSa() to delete all Child SAs then send out the related\r
Information packet.\r
\r
- @param[in] Private Pointer of the IPSEC_PRIVATE_DATA\r
+ @param[in] Private Pointer of the IPSEC_PRIVATE_DATA\r
+ @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r
\r
**/\r
VOID\r
IkeDeleteAllSas (\r
- IN IPSEC_PRIVATE_DATA *Private\r
+ IN IPSEC_PRIVATE_DATA *Private,\r
+ IN BOOLEAN IsDisableIpsec\r
)\r
{\r
LIST_ENTRY *Entry;\r
//\r
if (!IsListEmpty (&Private->Ikev2SessionList)) {\r
NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, &Private->Ikev2SessionList) {\r
- Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); \r
+ Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
RemoveEntryList (Entry);\r
Ikev2SaSessionFree (Ikev2SaSession);\r
}\r
}\r
- \r
+\r
//\r
// If there is no existing established IKE SA, set the Ipsec DisableFlag to TRUE\r
// and turn off the IsIPsecDisabling flag.\r
//\r
- if (IsListEmpty (&Private->Ikev2EstablishedList)) {\r
+ if (IsListEmpty (&Private->Ikev2EstablishedList) && IsDisableIpsec) {\r
Value = IPSEC_STATUS_DISABLED;\r
Status = gRT->SetVariable (\r
IPSECCONFIG_STATUS_NAME,\r
for (Entry = Private->Ikev2EstablishedList.ForwardLink; Entry != &Private->Ikev2EstablishedList;) {\r
Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
Entry = Entry->ForwardLink;\r
- \r
+\r
Ikev2SaSession->SessionCommon.State = IkeStateSaDeleting;\r
\r
//\r
if (IkeVersion == 2) {\r
Exchange = mIkeExchange[IkeVersion - 1];\r
Exchange->NegotiateInfo((UINT8*)Ikev2SaSession, NULL);\r
- } \r
+ }\r
}\r
}\r
- \r
+\r
}\r
\r
\r