[mirror_edk2.git] / NetworkPkg / IpSecDxe / IpSecDriver.c

/** @file\r
  Driver Binding Protocol for IPsec Driver.\r
\r
  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials\r
  are licensed and made available under the terms and conditions of the BSD License\r
  which accompanies this distribution.  The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php.\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <Library/BaseCryptLib.h>\r
\r
#include "IpSecConfigImpl.h"\r
#include "IkeService.h"\r
#include "IpSecDebug.h"\r
\r
/**\r
  Test to see if this driver supports ControllerHandle. This is the worker function\r
  for IpSec4(6)DriverbindingSupported.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of device to test.\r
  @param[in]  RemainingDevicePath  Optional parameter used to pick a specific child\r
                                   device to start.\r
  @param[in]  IpVersion            IP_VERSION_4 or IP_VERSION_6.\r
  \r
  @retval EFI_SUCCES           This driver supports this device.\r
  @retval EFI_ALREADY_STARTED  This driver is already running on this device.\r
  @retval other                This driver does not support this device.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSecSupported (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath  OPTIONAL,\r
  IN UINT8                        IpVersion\r
  )\r
{\r
  EFI_STATUS  Status;\r
  EFI_GUID    *UdpServiceBindingGuid;\r
  \r
  if (IpVersion == IP_VERSION_4) {\r
    UdpServiceBindingGuid  = &gEfiUdp4ServiceBindingProtocolGuid;\r
  } else {\r
    UdpServiceBindingGuid  = &gEfiUdp6ServiceBindingProtocolGuid;\r
  }\r
\r
  Status = gBS->OpenProtocol (\r
                  ControllerHandle,\r
                  UdpServiceBindingGuid,\r
                  NULL,\r
                  This->DriverBindingHandle,\r
                  ControllerHandle,\r
                  EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_UNSUPPORTED;\r
  }\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Start this driver on ControllerHandle. This is the worker function\r
  for IpSec4(6)DriverbindingStart.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of device to bind driver to.\r
  @param[in]  RemainingDevicePath  Optional parameter used to pick a specific child\r
                                   device to start.\r
  @param[in]  IpVersion            IP_VERSION_4 or IP_VERSION_6.\r
\r
  @retval EFI_SUCCES           This driver is added to ControllerHandle\r
  @retval EFI_ALREADY_STARTED  This driver is already running on ControllerHandle\r
  @retval EFI_DEVICE_ERROR     The device could not be started due to a device error.\r
                               Currently not implemented.\r
  @retval other                This driver does not support this device\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSecStart (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath OPTIONAL,\r
  IN UINT8                        IpVersion\r
  )\r
{\r
  EFI_IPSEC2_PROTOCOL *IpSec;\r
  EFI_STATUS          Status;\r
  IPSEC_PRIVATE_DATA  *Private;\r
\r
  //\r
  // Ipsec protocol should be installed when load image.\r
  //\r
  Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec);\r
\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (IpSec);\r
\r
  if (IpVersion == IP_VERSION_4) {\r
    //\r
    // Try to open a udp4 io for input.\r
    //\r
    Status = gBS->OpenProtocol (\r
                        ControllerHandle,\r
                        &gEfiUdp4ServiceBindingProtocolGuid,\r
                        NULL,\r
                        This->DriverBindingHandle,\r
                        ControllerHandle,\r
                        EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
                        );\r
\r
    if (!EFI_ERROR (Status)) {\r
      Status = IkeOpenInputUdp4 (Private, ControllerHandle, This->DriverBindingHandle);\r
    }\r
  } else {\r
    //\r
    // Try to open a udp6 io for input.\r
    //\r
    Status = gBS->OpenProtocol (\r
                        ControllerHandle,\r
                        &gEfiUdp6ServiceBindingProtocolGuid,\r
                        NULL,\r
                        This->DriverBindingHandle,\r
                        ControllerHandle,\r
                        EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
                        );\r
\r
    if (!EFI_ERROR (Status)) {\r
      Status = IkeOpenInputUdp6 (Private, ControllerHandle, This->DriverBindingHandle);\r
    }\r
  }\r
\r
  if (EFI_ERROR (Status)) {\r
    return EFI_DEVICE_ERROR;\r
  }\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Stop this driver on ControllerHandle. This is the worker function\r
  for IpSec4(6)DriverbindingStop.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of a device to stop the driver on.\r
  @param[in]  NumberOfChildren     Number of Handles in ChildHandleBuffer. If the number of\r
                                   children is zero, stop the entire bus driver.\r
  @param[in]  ChildHandleBuffer    List of Child Handles to Stop.\r
  @param[in]  IpVersion            IP_VERSION_4 or IP_VERSION_6.\r
\r
  @retval EFI_SUCCES           This driver removed ControllerHandle.\r
  @retval other                This driver was not removed from this device.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSecStop (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN UINTN                        NumberOfChildren,\r
  IN EFI_HANDLE                   *ChildHandleBuffer,\r
  IN UINT8                        IpVersion\r
  )\r
{\r
  EFI_IPSEC2_PROTOCOL *IpSec;\r
  EFI_STATUS          Status;\r
  IPSEC_PRIVATE_DATA  *Private;\r
  IKE_UDP_SERVICE     *UdpSrv;\r
  LIST_ENTRY          *Entry;\r
  LIST_ENTRY          *Next;\r
  IKEV2_SA_SESSION    *Ikev2SaSession;\r
\r
  //\r
  // Locate ipsec protocol to get private data.\r
  //\r
  Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec);\r
\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (IpSec);\r
\r
  //\r
  // The SAs are shared by both IP4 and IP6 stack. So we skip the cleanup\r
  // and leave the SAs unchanged if the other IP stack is still running.\r
  //\r
  if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) ||\r
      (IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) {\r
    //\r
    // If IKEv2 SAs are under establishing, delete it directly.\r
    //\r
    if (!IsListEmpty (&Private->Ikev2SessionList)) {\r
      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) {\r
        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
        RemoveEntryList (&Ikev2SaSession->BySessionTable);\r
        Ikev2SaSessionFree (Ikev2SaSession);\r
      }\r
    }\r
\r
    //\r
    // Delete established IKEv2 SAs.\r
    //\r
    if (!IsListEmpty (&Private->Ikev2EstablishedList)) {\r
      NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) {\r
        Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); \r
        RemoveEntryList (&Ikev2SaSession->BySessionTable);\r
        Ikev2SaSessionFree (Ikev2SaSession);\r
      }\r
    }\r
  }\r
\r
  if (IpVersion == IP_VERSION_4) {\r
    //\r
    // If has udp4 io opened on the controller, close and free it.\r
    //\r
    NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Udp4List) {\r
\r
      UdpSrv = IPSEC_UDP_SERVICE_FROM_LIST (Entry);\r
      //\r
      // Find the right udp service which installed on the appointed nic handle.\r
      //\r
      if (UdpSrv->Input != NULL && ControllerHandle == UdpSrv->Input->UdpHandle) {\r
        UdpIoFreeIo (UdpSrv->Input);\r
        UdpSrv->Input = NULL;\r
      }\r
\r
      if (UdpSrv->Output != NULL && ControllerHandle == UdpSrv->Output->UdpHandle) {\r
        UdpIoFreeIo (UdpSrv->Output);\r
        UdpSrv->Output = NULL;\r
      }\r
\r
      if (UdpSrv->Input == NULL && UdpSrv->Output == NULL) {\r
        RemoveEntryList (&UdpSrv->List);\r
        FreePool (UdpSrv);\r
        ASSERT (Private->Udp4Num > 0);\r
        Private->Udp4Num--;\r
      }\r
    }\r
  } else {\r
    //\r
    // If has udp6 io opened on the controller, close and free it.\r
    //\r
    NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Udp6List) {\r
\r
      UdpSrv = IPSEC_UDP_SERVICE_FROM_LIST (Entry);\r
      //\r
      // Find the right udp service which installed on the appointed nic handle.\r
      //\r
      if (UdpSrv->Input != NULL && ControllerHandle == UdpSrv->Input->UdpHandle) {\r
        UdpIoFreeIo (UdpSrv->Input);\r
        UdpSrv->Input = NULL;\r
      }\r
\r
      if (UdpSrv->Output != NULL && ControllerHandle == UdpSrv->Output->UdpHandle) {\r
        UdpIoFreeIo (UdpSrv->Output);\r
        UdpSrv->Output = NULL;\r
      }\r
\r
      if (UdpSrv->Input == NULL && UdpSrv->Output == NULL) {\r
        RemoveEntryList (&UdpSrv->List);\r
        FreePool (UdpSrv);\r
        ASSERT (Private->Udp6Num > 0);\r
        Private->Udp6Num--;\r
      }\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Test to see if this driver supports ControllerHandle.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of device to test.\r
  @param[in]  RemainingDevicePath  Optional parameter used to pick a specific child\r
                                   device to start.\r
\r
  @retval EFI_SUCCES           This driver supports this device.\r
  @retval EFI_ALREADY_STARTED  This driver is already running on this device.\r
  @retval other                This driver does not support this device.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSec4DriverBindingSupported (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath  OPTIONAL\r
  )\r
{\r
  return IpSecSupported (\r
           This,\r
           ControllerHandle,\r
           RemainingDevicePath,\r
           IP_VERSION_4\r
           );\r
}\r
\r
/**\r
  Start this driver on ControllerHandle.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of device to bind driver to.\r
  @param[in]  RemainingDevicePath  Optional parameter used to pick a specific child\r
                                   device to start.\r
\r
  @retval EFI_SUCCES           This driver is added to ControllerHandle\r
  @retval EFI_ALREADY_STARTED  This driver is already running on ControllerHandle\r
  @retval EFI_DEVICE_ERROR     The device could not be started due to a device error.\r
                               Currently not implemented.\r
  @retval other                This driver does not support this device\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSec4DriverBindingStart (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath OPTIONAL\r
  )\r
{\r
  return IpSecStart (\r
           This,\r
           ControllerHandle,\r
           RemainingDevicePath,\r
           IP_VERSION_4\r
           );\r
}\r
\r
/**\r
  Stop this driver on ControllerHandle.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of a device to stop the driver on.\r
  @param[in]  NumberOfChildren     Number of Handles in ChildHandleBuffer. If the number of\r
                                   children is zero, stop the entire bus driver.\r
  @param[in]  ChildHandleBuffer    List of Child Handles to Stop.\r
\r
  @retval EFI_SUCCES           This driver removed ControllerHandle.\r
  @retval other                This driver was not removed from this device.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSec4DriverBindingStop (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN UINTN                        NumberOfChildren,\r
  IN EFI_HANDLE                   *ChildHandleBuffer\r
  )\r
{\r
  return IpSecStop (\r
           This,\r
           ControllerHandle,\r
           NumberOfChildren,\r
           ChildHandleBuffer,\r
           IP_VERSION_4\r
           );\r
}\r
\r
/**\r
  Test to see if this driver supports ControllerHandle.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of device to test.\r
  @param[in]  RemainingDevicePath  Optional parameter used to pick a specific child\r
                                   device to start.\r
\r
  @retval EFI_SUCCES           This driver supports this device.\r
  @retval EFI_ALREADY_STARTED  This driver is already running on this device.\r
  @retval other                This driver does not support this device.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSec6DriverBindingSupported (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath  OPTIONAL\r
  )\r
{\r
  return IpSecSupported (\r
           This,\r
           ControllerHandle,\r
           RemainingDevicePath,\r
           IP_VERSION_6\r
           );\r
}\r
\r
/**\r
  Start this driver on ControllerHandle.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of device to bind driver to.\r
  @param[in]  RemainingDevicePath  Optional parameter used to pick a specific child\r
                                   device to start.\r
\r
  @retval EFI_SUCCES           This driver is added to ControllerHandle\r
  @retval EFI_ALREADY_STARTED  This driver is already running on ControllerHandle\r
  @retval EFI_DEVICE_ERROR     The device could not be started due to a device error.\r
                               Currently not implemented.\r
  @retval other                This driver does not support this device\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSec6DriverBindingStart (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath OPTIONAL\r
  )\r
{\r
  return IpSecStart (\r
           This,\r
           ControllerHandle,\r
           RemainingDevicePath,\r
           IP_VERSION_6\r
           );\r
}\r
\r
/**\r
  Stop this driver on ControllerHandle.\r
\r
  @param[in]  This                 Protocol instance pointer.\r
  @param[in]  ControllerHandle     Handle of a device to stop the driver on.\r
  @param[in]  NumberOfChildren     Number of Handles in ChildHandleBuffer. If the number of\r
                                   children is zero, stop the entire bus driver.\r
  @param[in]  ChildHandleBuffer    List of Child Handles to Stop.\r
\r
  @retval EFI_SUCCES           This driver removed ControllerHandle.\r
  @retval other                This driver was not removed from this device.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSec6DriverBindingStop (\r
  IN EFI_DRIVER_BINDING_PROTOCOL  *This,\r
  IN EFI_HANDLE                   ControllerHandle,\r
  IN UINTN                        NumberOfChildren,\r
  IN EFI_HANDLE                   *ChildHandleBuffer\r
  )\r
{\r
  return IpSecStop (\r
           This,\r
           ControllerHandle,\r
           NumberOfChildren,\r
           ChildHandleBuffer,\r
           IP_VERSION_6\r
           );\r
}\r
\r
EFI_DRIVER_BINDING_PROTOCOL gIpSec4DriverBinding = {\r
  IpSec4DriverBindingSupported,\r
  IpSec4DriverBindingStart,\r
  IpSec4DriverBindingStop,\r
  0xa,\r
  NULL,\r
  NULL\r
};\r
\r
EFI_DRIVER_BINDING_PROTOCOL gIpSec6DriverBinding = {\r
  IpSec6DriverBindingSupported,\r
  IpSec6DriverBindingStart,\r
  IpSec6DriverBindingStop,\r
  0xa,\r
  NULL,\r
  NULL\r
};\r
\r
/**\r
  This is a callback function when the mIpSecInstance.DisabledEvent is signaled.\r
\r
  @param[in]  Event        Event whose notification function is being invoked.\r
  @param[in]  Context      Pointer to the notification function's context.\r
\r
**/\r
VOID\r
EFIAPI\r
IpSecCleanupAllSa (\r
  IN  EFI_EVENT     Event,\r
  IN  VOID          *Context\r
  )\r
{\r
  IPSEC_PRIVATE_DATA  *Private;\r
  Private                   = (IPSEC_PRIVATE_DATA *) Context;\r
  Private->IsIPsecDisabling = TRUE;\r
  IkeDeleteAllSas (Private, TRUE);\r
}\r
\r
/**\r
  This is the declaration of an EFI image entry point. This entry point is\r
  the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
  both device drivers and bus drivers.\r
\r
  The entry point for IPsec driver which installs the driver binding,\r
  component name protocol, IPsec Config protcolon, and IPsec protocol in\r
  its ImageHandle.\r
\r
  @param[in] ImageHandle        The firmware allocated handle for the UEFI image.\r
  @param[in] SystemTable        A pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS           The operation completed successfully.\r
  @retval EFI_ALREADY_STARTED   The IPsec driver has been already loaded.\r
  @retval EFI_OUT_OF_RESOURCES  The request could not be completed due to a lack of resources.\r
  @retval Others                The operation is failed.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
IpSecDriverEntryPoint (\r
  IN EFI_HANDLE              ImageHandle,\r
  IN EFI_SYSTEM_TABLE        *SystemTable\r
  )\r
{\r
  EFI_STATUS          Status;\r
  IPSEC_PRIVATE_DATA  *Private;\r
  EFI_IPSEC2_PROTOCOL *IpSec;\r
\r
  //\r
  // Check whether ipsec protocol has already been installed.\r
  //\r
  Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec);\r
\r
  if (!EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_WARN, "_ModuleEntryPoint: IpSec has been already loaded\n"));\r
    Status = EFI_ALREADY_STARTED;\r
    goto ON_EXIT;\r
  }\r
\r
  Status = gBS->LocateProtocol (&gEfiDpcProtocolGuid, NULL, (VOID **) &mDpc);\r
\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to locate EfiDpcProtocol\n"));\r
    goto ON_EXIT;\r
  }\r
\r
  Private = AllocateZeroPool (sizeof (IPSEC_PRIVATE_DATA));\r
\r
  if (Private == NULL) {\r
    DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to allocate private data\n"));\r
    Status = EFI_OUT_OF_RESOURCES;\r
    goto ON_EXIT;\r
  }\r
  //\r
  // Create disable event to cleanup all SA when ipsec disabled by user.\r
  //\r
  Status = gBS->CreateEvent (\r
                  EVT_NOTIFY_SIGNAL,\r
                  TPL_CALLBACK,\r
                  IpSecCleanupAllSa,\r
                  Private,\r
                  &mIpSecInstance.DisabledEvent\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to create disable event\n"));\r
    goto ON_FREE_PRIVATE;\r
  }\r
\r
  Private->Signature    = IPSEC_PRIVATE_DATA_SIGNATURE;\r
  Private->ImageHandle  = ImageHandle;\r
  CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));\r
\r
  //\r
  // Initilize Private's members. Thess members is used for IKE.\r
  //\r
  InitializeListHead (&Private->Udp4List);\r
  InitializeListHead (&Private->Udp6List);\r
  InitializeListHead (&Private->Ikev1SessionList);\r
  InitializeListHead (&Private->Ikev1EstablishedList);\r
  InitializeListHead (&Private->Ikev2SessionList);\r
  InitializeListHead (&Private->Ikev2EstablishedList);\r
\r
  RandomSeed (NULL, 0);\r
  //\r
  // Initialize the ipsec config data and restore it from variable.\r
  //\r
  Status = IpSecConfigInitialize (Private);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to initialize IpSecConfig\n"));\r
    goto ON_CLOSE_EVENT;\r
  }\r
  //\r
  // Install ipsec protocol which is used by ip driver to process ipsec header.\r
  //\r
  Status = gBS->InstallMultipleProtocolInterfaces (\r
                  &Private->Handle,\r
                  &gEfiIpSec2ProtocolGuid,\r
                  &Private->IpSec,\r
                  NULL\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    goto ON_UNINSTALL_CONFIG;\r
  }\r
\r
  Status = EfiLibInstallDriverBindingComponentName2 (\r
             ImageHandle,\r
             SystemTable,\r
             &gIpSec4DriverBinding,\r
             ImageHandle,\r
             &gIpSecComponentName,\r
             &gIpSecComponentName2\r
             );\r
  if (EFI_ERROR (Status)) {\r
    goto ON_UNINSTALL_IPSEC;\r
  }\r
\r
  Status = EfiLibInstallDriverBindingComponentName2 (\r
             ImageHandle,\r
             SystemTable,\r
             &gIpSec6DriverBinding,\r
             NULL,\r
             &gIpSecComponentName,\r
             &gIpSecComponentName2\r
             );\r
  if (EFI_ERROR (Status)) {\r
    goto ON_UNINSTALL_IPSEC4_DB;\r
  }\r
\r
  return Status;\r
\r
ON_UNINSTALL_IPSEC4_DB:\r
  gBS->UninstallMultipleProtocolInterfaces (\r
         ImageHandle,\r
         &gEfiDriverBindingProtocolGuid,\r
         &gIpSec4DriverBinding,\r
         &gEfiComponentName2ProtocolGuid,\r
         &gIpSecComponentName2,\r
         &gEfiComponentNameProtocolGuid,\r
         &gIpSecComponentName,\r
         NULL\r
         );\r
\r
ON_UNINSTALL_IPSEC:\r
  gBS->UninstallProtocolInterface (\r
         Private->Handle,\r
         &gEfiIpSec2ProtocolGuid,\r
         &Private->IpSec\r
         );\r
ON_UNINSTALL_CONFIG:\r
  gBS->UninstallProtocolInterface (\r
        Private->Handle,\r
        &gEfiIpSecConfigProtocolGuid,\r
        &Private->IpSecConfig\r
        );\r
ON_CLOSE_EVENT:\r
  gBS->CloseEvent (mIpSecInstance.DisabledEvent);\r
  mIpSecInstance.DisabledEvent = NULL;\r
ON_FREE_PRIVATE:\r
  FreePool (Private);\r
ON_EXIT:\r
  return Status;\r
}\r
\r
Commit	Line	Data
	1	/** @file\r
	2	Driver Binding Protocol for IPsec Driver.\r
	3	\r
	4	Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
	5	\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD License\r
	8	which accompanies this distribution. The full text of the license may be found at\r
	9	http://opensource.org/licenses/bsd-license.php.\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#include <Library/BaseCryptLib.h>\r
	17	\r
	18	#include "IpSecConfigImpl.h"\r
	19	#include "IkeService.h"\r
	20	#include "IpSecDebug.h"\r
	21	\r
	22	/**\r
	23	Test to see if this driver supports ControllerHandle. This is the worker function\r
	24	for IpSec4(6)DriverbindingSupported.\r
	25	\r
	26	@param[in] This Protocol instance pointer.\r
	27	@param[in] ControllerHandle Handle of device to test.\r
	28	@param[in] RemainingDevicePath Optional parameter used to pick a specific child\r
	29	device to start.\r
	30	@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.\r
	31	\r
	32	@retval EFI_SUCCES This driver supports this device.\r
	33	@retval EFI_ALREADY_STARTED This driver is already running on this device.\r
	34	@retval other This driver does not support this device.\r
	35	\r
	36	**/\r
	37	EFI_STATUS\r
	38	EFIAPI\r
	39	IpSecSupported (\r
	40	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	41	IN EFI_HANDLE ControllerHandle,\r
	42	IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL,\r
	43	IN UINT8 IpVersion\r
	44	)\r
	45	{\r
	46	EFI_STATUS Status;\r
	47	EFI_GUID *UdpServiceBindingGuid;\r
	48	\r
	49	if (IpVersion == IP_VERSION_4) {\r
	50	UdpServiceBindingGuid = &gEfiUdp4ServiceBindingProtocolGuid;\r
	51	} else {\r
	52	UdpServiceBindingGuid = &gEfiUdp6ServiceBindingProtocolGuid;\r
	53	}\r
	54	\r
	55	Status = gBS->OpenProtocol (\r
	56	ControllerHandle,\r
	57	UdpServiceBindingGuid,\r
	58	NULL,\r
	59	This->DriverBindingHandle,\r
	60	ControllerHandle,\r
	61	EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
	62	);\r
	63	if (EFI_ERROR (Status)) {\r
	64	return EFI_UNSUPPORTED;\r
	65	}\r
	66	return EFI_SUCCESS;\r
	67	}\r
	68	\r
	69	/**\r
	70	Start this driver on ControllerHandle. This is the worker function\r
	71	for IpSec4(6)DriverbindingStart.\r
	72	\r
	73	@param[in] This Protocol instance pointer.\r
	74	@param[in] ControllerHandle Handle of device to bind driver to.\r
	75	@param[in] RemainingDevicePath Optional parameter used to pick a specific child\r
	76	device to start.\r
	77	@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.\r
	78	\r
	79	@retval EFI_SUCCES This driver is added to ControllerHandle\r
	80	@retval EFI_ALREADY_STARTED This driver is already running on ControllerHandle\r
	81	@retval EFI_DEVICE_ERROR The device could not be started due to a device error.\r
	82	Currently not implemented.\r
	83	@retval other This driver does not support this device\r
	84	\r
	85	**/\r
	86	EFI_STATUS\r
	87	EFIAPI\r
	88	IpSecStart (\r
	89	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	90	IN EFI_HANDLE ControllerHandle,\r
	91	IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL,\r
	92	IN UINT8 IpVersion\r
	93	)\r
	94	{\r
	95	EFI_IPSEC2_PROTOCOL *IpSec;\r
	96	EFI_STATUS Status;\r
	97	IPSEC_PRIVATE_DATA *Private;\r
	98	\r
	99	//\r
	100	// Ipsec protocol should be installed when load image.\r
	101	//\r
	102	Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec);\r
	103	\r
	104	if (EFI_ERROR (Status)) {\r
	105	return Status;\r
	106	}\r
	107	\r
	108	Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (IpSec);\r
	109	\r
	110	if (IpVersion == IP_VERSION_4) {\r
	111	//\r
	112	// Try to open a udp4 io for input.\r
	113	//\r
	114	Status = gBS->OpenProtocol (\r
	115	ControllerHandle,\r
	116	&gEfiUdp4ServiceBindingProtocolGuid,\r
	117	NULL,\r
	118	This->DriverBindingHandle,\r
	119	ControllerHandle,\r
	120	EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
	121	);\r
	122	\r
	123	if (!EFI_ERROR (Status)) {\r
	124	Status = IkeOpenInputUdp4 (Private, ControllerHandle, This->DriverBindingHandle);\r
	125	}\r
	126	} else {\r
	127	//\r
	128	// Try to open a udp6 io for input.\r
	129	//\r
	130	Status = gBS->OpenProtocol (\r
	131	ControllerHandle,\r
	132	&gEfiUdp6ServiceBindingProtocolGuid,\r
	133	NULL,\r
	134	This->DriverBindingHandle,\r
	135	ControllerHandle,\r
	136	EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
	137	);\r
	138	\r
	139	if (!EFI_ERROR (Status)) {\r
	140	Status = IkeOpenInputUdp6 (Private, ControllerHandle, This->DriverBindingHandle);\r
	141	}\r
	142	}\r
	143	\r
	144	if (EFI_ERROR (Status)) {\r
	145	return EFI_DEVICE_ERROR;\r
	146	}\r
	147	return EFI_SUCCESS;\r
	148	}\r
	149	\r
	150	/**\r
	151	Stop this driver on ControllerHandle. This is the worker function\r
	152	for IpSec4(6)DriverbindingStop.\r
	153	\r
	154	@param[in] This Protocol instance pointer.\r
	155	@param[in] ControllerHandle Handle of a device to stop the driver on.\r
	156	@param[in] NumberOfChildren Number of Handles in ChildHandleBuffer. If the number of\r
	157	children is zero, stop the entire bus driver.\r
	158	@param[in] ChildHandleBuffer List of Child Handles to Stop.\r
	159	@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.\r
	160	\r
	161	@retval EFI_SUCCES This driver removed ControllerHandle.\r
	162	@retval other This driver was not removed from this device.\r
	163	\r
	164	**/\r
	165	EFI_STATUS\r
	166	EFIAPI\r
	167	IpSecStop (\r
	168	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	169	IN EFI_HANDLE ControllerHandle,\r
	170	IN UINTN NumberOfChildren,\r
	171	IN EFI_HANDLE *ChildHandleBuffer,\r
	172	IN UINT8 IpVersion\r
	173	)\r
	174	{\r
	175	EFI_IPSEC2_PROTOCOL *IpSec;\r
	176	EFI_STATUS Status;\r
	177	IPSEC_PRIVATE_DATA *Private;\r
	178	IKE_UDP_SERVICE *UdpSrv;\r
	179	LIST_ENTRY *Entry;\r
	180	LIST_ENTRY *Next;\r
	181	IKEV2_SA_SESSION *Ikev2SaSession;\r
	182	\r
	183	//\r
	184	// Locate ipsec protocol to get private data.\r
	185	//\r
	186	Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec);\r
	187	\r
	188	if (EFI_ERROR (Status)) {\r
	189	return Status;\r
	190	}\r
	191	\r
	192	Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (IpSec);\r
	193	\r
	194	//\r
	195	// The SAs are shared by both IP4 and IP6 stack. So we skip the cleanup\r
	196	// and leave the SAs unchanged if the other IP stack is still running.\r
	197	//\r
	198	if ((IpVersion == IP_VERSION_4 && Private->Udp6Num ==0) \|\|\r
	199	(IpVersion == IP_VERSION_6 && Private->Udp4Num ==0)) {\r
	200	//\r
	201	// If IKEv2 SAs are under establishing, delete it directly.\r
	202	//\r
	203	if (!IsListEmpty (&Private->Ikev2SessionList)) {\r
	204	NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2SessionList) {\r
	205	Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
	206	RemoveEntryList (&Ikev2SaSession->BySessionTable);\r
	207	Ikev2SaSessionFree (Ikev2SaSession);\r
	208	}\r
	209	}\r
	210	\r
	211	//\r
	212	// Delete established IKEv2 SAs.\r
	213	//\r
	214	if (!IsListEmpty (&Private->Ikev2EstablishedList)) {\r
	215	NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Ikev2EstablishedList) {\r
	216	Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); \r
	217	RemoveEntryList (&Ikev2SaSession->BySessionTable);\r
	218	Ikev2SaSessionFree (Ikev2SaSession);\r
	219	}\r
	220	}\r
	221	}\r
	222	\r
	223	if (IpVersion == IP_VERSION_4) {\r
	224	//\r
	225	// If has udp4 io opened on the controller, close and free it.\r
	226	//\r
	227	NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Udp4List) {\r
	228	\r
	229	UdpSrv = IPSEC_UDP_SERVICE_FROM_LIST (Entry);\r
	230	//\r
	231	// Find the right udp service which installed on the appointed nic handle.\r
	232	//\r
	233	if (UdpSrv->Input != NULL && ControllerHandle == UdpSrv->Input->UdpHandle) {\r
	234	UdpIoFreeIo (UdpSrv->Input);\r
	235	UdpSrv->Input = NULL;\r
	236	}\r
	237	\r
	238	if (UdpSrv->Output != NULL && ControllerHandle == UdpSrv->Output->UdpHandle) {\r
	239	UdpIoFreeIo (UdpSrv->Output);\r
	240	UdpSrv->Output = NULL;\r
	241	}\r
	242	\r
	243	if (UdpSrv->Input == NULL && UdpSrv->Output == NULL) {\r
	244	RemoveEntryList (&UdpSrv->List);\r
	245	FreePool (UdpSrv);\r
	246	ASSERT (Private->Udp4Num > 0);\r
	247	Private->Udp4Num--;\r
	248	}\r
	249	}\r
	250	} else {\r
	251	//\r
	252	// If has udp6 io opened on the controller, close and free it.\r
	253	//\r
	254	NET_LIST_FOR_EACH_SAFE (Entry, Next, &Private->Udp6List) {\r
	255	\r
	256	UdpSrv = IPSEC_UDP_SERVICE_FROM_LIST (Entry);\r
	257	//\r
	258	// Find the right udp service which installed on the appointed nic handle.\r
	259	//\r
	260	if (UdpSrv->Input != NULL && ControllerHandle == UdpSrv->Input->UdpHandle) {\r
	261	UdpIoFreeIo (UdpSrv->Input);\r
	262	UdpSrv->Input = NULL;\r
	263	}\r
	264	\r
	265	if (UdpSrv->Output != NULL && ControllerHandle == UdpSrv->Output->UdpHandle) {\r
	266	UdpIoFreeIo (UdpSrv->Output);\r
	267	UdpSrv->Output = NULL;\r
	268	}\r
	269	\r
	270	if (UdpSrv->Input == NULL && UdpSrv->Output == NULL) {\r
	271	RemoveEntryList (&UdpSrv->List);\r
	272	FreePool (UdpSrv);\r
	273	ASSERT (Private->Udp6Num > 0);\r
	274	Private->Udp6Num--;\r
	275	}\r
	276	}\r
	277	}\r
	278	\r
	279	return EFI_SUCCESS;\r
	280	}\r
	281	\r
	282	/**\r
	283	Test to see if this driver supports ControllerHandle.\r
	284	\r
	285	@param[in] This Protocol instance pointer.\r
	286	@param[in] ControllerHandle Handle of device to test.\r
	287	@param[in] RemainingDevicePath Optional parameter used to pick a specific child\r
	288	device to start.\r
	289	\r
	290	@retval EFI_SUCCES This driver supports this device.\r
	291	@retval EFI_ALREADY_STARTED This driver is already running on this device.\r
	292	@retval other This driver does not support this device.\r
	293	\r
	294	**/\r
	295	EFI_STATUS\r
	296	EFIAPI\r
	297	IpSec4DriverBindingSupported (\r
	298	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	299	IN EFI_HANDLE ControllerHandle,\r
	300	IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL\r
	301	)\r
	302	{\r
	303	return IpSecSupported (\r
	304	This,\r
	305	ControllerHandle,\r
	306	RemainingDevicePath,\r
	307	IP_VERSION_4\r
	308	);\r
	309	}\r
	310	\r
	311	/**\r
	312	Start this driver on ControllerHandle.\r
	313	\r
	314	@param[in] This Protocol instance pointer.\r
	315	@param[in] ControllerHandle Handle of device to bind driver to.\r
	316	@param[in] RemainingDevicePath Optional parameter used to pick a specific child\r
	317	device to start.\r
	318	\r
	319	@retval EFI_SUCCES This driver is added to ControllerHandle\r
	320	@retval EFI_ALREADY_STARTED This driver is already running on ControllerHandle\r
	321	@retval EFI_DEVICE_ERROR The device could not be started due to a device error.\r
	322	Currently not implemented.\r
	323	@retval other This driver does not support this device\r
	324	\r
	325	**/\r
	326	EFI_STATUS\r
	327	EFIAPI\r
	328	IpSec4DriverBindingStart (\r
	329	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	330	IN EFI_HANDLE ControllerHandle,\r
	331	IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL\r
	332	)\r
	333	{\r
	334	return IpSecStart (\r
	335	This,\r
	336	ControllerHandle,\r
	337	RemainingDevicePath,\r
	338	IP_VERSION_4\r
	339	);\r
	340	}\r
	341	\r
	342	/**\r
	343	Stop this driver on ControllerHandle.\r
	344	\r
	345	@param[in] This Protocol instance pointer.\r
	346	@param[in] ControllerHandle Handle of a device to stop the driver on.\r
	347	@param[in] NumberOfChildren Number of Handles in ChildHandleBuffer. If the number of\r
	348	children is zero, stop the entire bus driver.\r
	349	@param[in] ChildHandleBuffer List of Child Handles to Stop.\r
	350	\r
	351	@retval EFI_SUCCES This driver removed ControllerHandle.\r
	352	@retval other This driver was not removed from this device.\r
	353	\r
	354	**/\r
	355	EFI_STATUS\r
	356	EFIAPI\r
	357	IpSec4DriverBindingStop (\r
	358	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	359	IN EFI_HANDLE ControllerHandle,\r
	360	IN UINTN NumberOfChildren,\r
	361	IN EFI_HANDLE *ChildHandleBuffer\r
	362	)\r
	363	{\r
	364	return IpSecStop (\r
	365	This,\r
	366	ControllerHandle,\r
	367	NumberOfChildren,\r
	368	ChildHandleBuffer,\r
	369	IP_VERSION_4\r
	370	);\r
	371	}\r
	372	\r
	373	/**\r
	374	Test to see if this driver supports ControllerHandle.\r
	375	\r
	376	@param[in] This Protocol instance pointer.\r
	377	@param[in] ControllerHandle Handle of device to test.\r
	378	@param[in] RemainingDevicePath Optional parameter used to pick a specific child\r
	379	device to start.\r
	380	\r
	381	@retval EFI_SUCCES This driver supports this device.\r
	382	@retval EFI_ALREADY_STARTED This driver is already running on this device.\r
	383	@retval other This driver does not support this device.\r
	384	\r
	385	**/\r
	386	EFI_STATUS\r
	387	EFIAPI\r
	388	IpSec6DriverBindingSupported (\r
	389	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	390	IN EFI_HANDLE ControllerHandle,\r
	391	IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL\r
	392	)\r
	393	{\r
	394	return IpSecSupported (\r
	395	This,\r
	396	ControllerHandle,\r
	397	RemainingDevicePath,\r
	398	IP_VERSION_6\r
	399	);\r
	400	}\r
	401	\r
	402	/**\r
	403	Start this driver on ControllerHandle.\r
	404	\r
	405	@param[in] This Protocol instance pointer.\r
	406	@param[in] ControllerHandle Handle of device to bind driver to.\r
	407	@param[in] RemainingDevicePath Optional parameter used to pick a specific child\r
	408	device to start.\r
	409	\r
	410	@retval EFI_SUCCES This driver is added to ControllerHandle\r
	411	@retval EFI_ALREADY_STARTED This driver is already running on ControllerHandle\r
	412	@retval EFI_DEVICE_ERROR The device could not be started due to a device error.\r
	413	Currently not implemented.\r
	414	@retval other This driver does not support this device\r
	415	\r
	416	**/\r
	417	EFI_STATUS\r
	418	EFIAPI\r
	419	IpSec6DriverBindingStart (\r
	420	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	421	IN EFI_HANDLE ControllerHandle,\r
	422	IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL\r
	423	)\r
	424	{\r
	425	return IpSecStart (\r
	426	This,\r
	427	ControllerHandle,\r
	428	RemainingDevicePath,\r
	429	IP_VERSION_6\r
	430	);\r
	431	}\r
	432	\r
	433	/**\r
	434	Stop this driver on ControllerHandle.\r
	435	\r
	436	@param[in] This Protocol instance pointer.\r
	437	@param[in] ControllerHandle Handle of a device to stop the driver on.\r
	438	@param[in] NumberOfChildren Number of Handles in ChildHandleBuffer. If the number of\r
	439	children is zero, stop the entire bus driver.\r
	440	@param[in] ChildHandleBuffer List of Child Handles to Stop.\r
	441	\r
	442	@retval EFI_SUCCES This driver removed ControllerHandle.\r
	443	@retval other This driver was not removed from this device.\r
	444	\r
	445	**/\r
	446	EFI_STATUS\r
	447	EFIAPI\r
	448	IpSec6DriverBindingStop (\r
	449	IN EFI_DRIVER_BINDING_PROTOCOL *This,\r
	450	IN EFI_HANDLE ControllerHandle,\r
	451	IN UINTN NumberOfChildren,\r
	452	IN EFI_HANDLE *ChildHandleBuffer\r
	453	)\r
	454	{\r
	455	return IpSecStop (\r
	456	This,\r
	457	ControllerHandle,\r
	458	NumberOfChildren,\r
	459	ChildHandleBuffer,\r
	460	IP_VERSION_6\r
	461	);\r
	462	}\r
	463	\r
	464	EFI_DRIVER_BINDING_PROTOCOL gIpSec4DriverBinding = {\r
	465	IpSec4DriverBindingSupported,\r
	466	IpSec4DriverBindingStart,\r
	467	IpSec4DriverBindingStop,\r
	468	0xa,\r
	469	NULL,\r
	470	NULL\r
	471	};\r
	472	\r
	473	EFI_DRIVER_BINDING_PROTOCOL gIpSec6DriverBinding = {\r
	474	IpSec6DriverBindingSupported,\r
	475	IpSec6DriverBindingStart,\r
	476	IpSec6DriverBindingStop,\r
	477	0xa,\r
	478	NULL,\r
	479	NULL\r
	480	};\r
	481	\r
	482	/**\r
	483	This is a callback function when the mIpSecInstance.DisabledEvent is signaled.\r
	484	\r
	485	@param[in] Event Event whose notification function is being invoked.\r
	486	@param[in] Context Pointer to the notification function's context.\r
	487	\r
	488	**/\r
	489	VOID\r
	490	EFIAPI\r
	491	IpSecCleanupAllSa (\r
	492	IN EFI_EVENT Event,\r
	493	IN VOID *Context\r
	494	)\r
	495	{\r
	496	IPSEC_PRIVATE_DATA *Private;\r
	497	Private = (IPSEC_PRIVATE_DATA *) Context;\r
	498	Private->IsIPsecDisabling = TRUE;\r
	499	IkeDeleteAllSas (Private, TRUE);\r
	500	}\r
	501	\r
	502	/**\r
	503	This is the declaration of an EFI image entry point. This entry point is\r
	504	the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
	505	both device drivers and bus drivers.\r
	506	\r
	507	The entry point for IPsec driver which installs the driver binding,\r
	508	component name protocol, IPsec Config protcolon, and IPsec protocol in\r
	509	its ImageHandle.\r
	510	\r
	511	@param[in] ImageHandle The firmware allocated handle for the UEFI image.\r
	512	@param[in] SystemTable A pointer to the EFI System Table.\r
	513	\r
	514	@retval EFI_SUCCESS The operation completed successfully.\r
	515	@retval EFI_ALREADY_STARTED The IPsec driver has been already loaded.\r
	516	@retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources.\r
	517	@retval Others The operation is failed.\r
	518	\r
	519	**/\r
	520	EFI_STATUS\r
	521	EFIAPI\r
	522	IpSecDriverEntryPoint (\r
	523	IN EFI_HANDLE ImageHandle,\r
	524	IN EFI_SYSTEM_TABLE *SystemTable\r
	525	)\r
	526	{\r
	527	EFI_STATUS Status;\r
	528	IPSEC_PRIVATE_DATA *Private;\r
	529	EFI_IPSEC2_PROTOCOL *IpSec;\r
	530	\r
	531	//\r
	532	// Check whether ipsec protocol has already been installed.\r
	533	//\r
	534	Status = gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &IpSec);\r
	535	\r
	536	if (!EFI_ERROR (Status)) {\r
	537	DEBUG ((DEBUG_WARN, "_ModuleEntryPoint: IpSec has been already loaded\n"));\r
	538	Status = EFI_ALREADY_STARTED;\r
	539	goto ON_EXIT;\r
	540	}\r
	541	\r
	542	Status = gBS->LocateProtocol (&gEfiDpcProtocolGuid, NULL, (VOID **) &mDpc);\r
	543	\r
	544	if (EFI_ERROR (Status)) {\r
	545	DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to locate EfiDpcProtocol\n"));\r
	546	goto ON_EXIT;\r
	547	}\r
	548	\r
	549	Private = AllocateZeroPool (sizeof (IPSEC_PRIVATE_DATA));\r
	550	\r
	551	if (Private == NULL) {\r
	552	DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to allocate private data\n"));\r
	553	Status = EFI_OUT_OF_RESOURCES;\r
	554	goto ON_EXIT;\r
	555	}\r
	556	//\r
	557	// Create disable event to cleanup all SA when ipsec disabled by user.\r
	558	//\r
	559	Status = gBS->CreateEvent (\r
	560	EVT_NOTIFY_SIGNAL,\r
	561	TPL_CALLBACK,\r
	562	IpSecCleanupAllSa,\r
	563	Private,\r
	564	&mIpSecInstance.DisabledEvent\r
	565	);\r
	566	if (EFI_ERROR (Status)) {\r
	567	DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to create disable event\n"));\r
	568	goto ON_FREE_PRIVATE;\r
	569	}\r
	570	\r
	571	Private->Signature = IPSEC_PRIVATE_DATA_SIGNATURE;\r
	572	Private->ImageHandle = ImageHandle;\r
	573	CopyMem (&Private->IpSec, &mIpSecInstance, sizeof (EFI_IPSEC2_PROTOCOL));\r
	574	\r
	575	//\r
	576	// Initilize Private's members. Thess members is used for IKE.\r
	577	//\r
	578	InitializeListHead (&Private->Udp4List);\r
	579	InitializeListHead (&Private->Udp6List);\r
	580	InitializeListHead (&Private->Ikev1SessionList);\r
	581	InitializeListHead (&Private->Ikev1EstablishedList);\r
	582	InitializeListHead (&Private->Ikev2SessionList);\r
	583	InitializeListHead (&Private->Ikev2EstablishedList);\r
	584	\r
	585	RandomSeed (NULL, 0);\r
	586	//\r
	587	// Initialize the ipsec config data and restore it from variable.\r
	588	//\r
	589	Status = IpSecConfigInitialize (Private);\r
	590	if (EFI_ERROR (Status)) {\r
	591	DEBUG ((DEBUG_ERROR, "_ModuleEntryPoint: Failed to initialize IpSecConfig\n"));\r
	592	goto ON_CLOSE_EVENT;\r
	593	}\r
	594	//\r
	595	// Install ipsec protocol which is used by ip driver to process ipsec header.\r
	596	//\r
	597	Status = gBS->InstallMultipleProtocolInterfaces (\r
	598	&Private->Handle,\r
	599	&gEfiIpSec2ProtocolGuid,\r
	600	&Private->IpSec,\r
	601	NULL\r
	602	);\r
	603	if (EFI_ERROR (Status)) {\r
	604	goto ON_UNINSTALL_CONFIG;\r
	605	}\r
	606	\r
	607	Status = EfiLibInstallDriverBindingComponentName2 (\r
	608	ImageHandle,\r
	609	SystemTable,\r
	610	&gIpSec4DriverBinding,\r
	611	ImageHandle,\r
	612	&gIpSecComponentName,\r
	613	&gIpSecComponentName2\r
	614	);\r
	615	if (EFI_ERROR (Status)) {\r
	616	goto ON_UNINSTALL_IPSEC;\r
	617	}\r
	618	\r
	619	Status = EfiLibInstallDriverBindingComponentName2 (\r
	620	ImageHandle,\r
	621	SystemTable,\r
	622	&gIpSec6DriverBinding,\r
	623	NULL,\r
	624	&gIpSecComponentName,\r
	625	&gIpSecComponentName2\r
	626	);\r
	627	if (EFI_ERROR (Status)) {\r
	628	goto ON_UNINSTALL_IPSEC4_DB;\r
	629	}\r
	630	\r
	631	return Status;\r
	632	\r
	633	ON_UNINSTALL_IPSEC4_DB:\r
	634	gBS->UninstallMultipleProtocolInterfaces (\r
	635	ImageHandle,\r
	636	&gEfiDriverBindingProtocolGuid,\r
	637	&gIpSec4DriverBinding,\r
	638	&gEfiComponentName2ProtocolGuid,\r
	639	&gIpSecComponentName2,\r
	640	&gEfiComponentNameProtocolGuid,\r
	641	&gIpSecComponentName,\r
	642	NULL\r
	643	);\r
	644	\r
	645	ON_UNINSTALL_IPSEC:\r
	646	gBS->UninstallProtocolInterface (\r
	647	Private->Handle,\r
	648	&gEfiIpSec2ProtocolGuid,\r
	649	&Private->IpSec\r
	650	);\r
	651	ON_UNINSTALL_CONFIG:\r
	652	gBS->UninstallProtocolInterface (\r
	653	Private->Handle,\r
	654	&gEfiIpSecConfigProtocolGuid,\r
	655	&Private->IpSecConfig\r
	656	);\r
	657	ON_CLOSE_EVENT:\r
	658	gBS->CloseEvent (mIpSecInstance.DisabledEvent);\r
	659	mIpSecInstance.DisabledEvent = NULL;\r
	660	ON_FREE_PRIVATE:\r
	661	FreePool (Private);\r
	662	ON_EXIT:\r
	663	return Status;\r
	664	}\r
	665	\r