/** @file\r
Provide IPsec Key Exchange (IKE) service general interfaces.\r
- \r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+ Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
0,\r
1000000,\r
FALSE,\r
- {0,0,0,0},\r
- {0,0,0,0},\r
+ {{0,0,0,0}},\r
+ {{0,0,0,0}},\r
IKE_DEFAULT_PORT,\r
- {0,0,0,0},\r
+ {{0,0,0,0}},\r
0\r
};\r
\r
0,\r
1000000,\r
//Access Point\r
- {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0},\r
+ {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},\r
IKE_DEFAULT_PORT,\r
- {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0},\r
+ {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},\r
0\r
};\r
\r
Check if the NIC handle is binded to a Udp service.\r
\r
@param[in] Private Pointer of IPSEC_PRIVATE_DATA.\r
- @param[in] NicHandle The Handle of the NIC card.\r
+ @param[in] Handle The Handle of the NIC card.\r
@param[in] IpVersion The version of the IP stack.\r
\r
@return a pointer of IKE_UDP_SERVICE.\r
\r
/**\r
Configure a UDPIO's UDP4 instance.\r
- \r
- This fuction is called by the UdpIoCreateIo() to configures a \r
+\r
+ This fuction is called by the UdpIoCreateIo() to configures a\r
UDP4 instance.\r
- \r
+\r
@param[in] UdpIo The UDP_IO to be configured.\r
@param[in] Context User-defined data when calling UdpIoCreateIo().\r
- \r
+\r
@retval EFI_SUCCESS The configuration succeeded.\r
@retval Others The UDP4 instance fails to configure.\r
\r
\r
/**\r
Configure a UDPIO's UDP6 instance.\r
- \r
- This fuction is called by the UdpIoCreateIo()to configure a \r
+\r
+ This fuction is called by the UdpIoCreateIo()to configure a\r
UDP6 instance.\r
- \r
+\r
@param[in] UdpIo The UDP_IO to be configured.\r
@param[in] Context User-defined data when calling UdpIoCreateIo().\r
- \r
+\r
@retval EFI_SUCCESS The configuration succeeded.\r
@retval Others The configuration fails.\r
\r
\r
/**\r
Open and configure the related output UDPIO for IKE packet sending.\r
- \r
- If the UdpService is not configured, this fuction calls UdpIoCreatIo() to \r
+\r
+ If the UdpService is not configured, this fuction calls UdpIoCreatIo() to\r
create UDPIO to bind this UdpService for IKE packet sending. If the UdpService\r
has already been configured, then return.\r
- \r
+\r
@param[in] UdpService The UDP_IO to be configured.\r
@param[in] RemoteIp User-defined data when calling UdpIoCreateIo().\r
- \r
+\r
@retval EFI_SUCCESS The configuration is successful.\r
@retval Others The configuration fails.\r
\r
IN EFI_IP_ADDRESS *RemoteIp\r
)\r
{\r
- EFI_STATUS Status;\r
- EFI_IP4_CONFIG_PROTOCOL *Ip4Cfg;\r
- EFI_IP4_IPCONFIG_DATA *Ip4CfgData;\r
- UINTN BufSize;\r
- EFI_IP6_MODE_DATA Ip6ModeData;\r
- EFI_UDP6_PROTOCOL *Udp6;\r
+ EFI_STATUS Status;\r
+ EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;\r
+ EFI_IP4_CONFIG2_INTERFACE_INFO *IfInfo;\r
+ UINTN BufSize;\r
+ EFI_IP6_MODE_DATA Ip6ModeData;\r
+ EFI_UDP6_PROTOCOL *Udp6;\r
\r
Status = EFI_SUCCESS;\r
- Ip4CfgData = NULL;\r
+ IfInfo = NULL;\r
BufSize = 0;\r
\r
//\r
//\r
Status = gBS->HandleProtocol (\r
UdpService->NicHandle,\r
- &gEfiIp4ConfigProtocolGuid,\r
- (VOID **) &Ip4Cfg\r
+ &gEfiIp4Config2ProtocolGuid,\r
+ (VOID **) &Ip4Cfg2\r
);\r
\r
if (EFI_ERROR (Status)) {\r
goto ON_EXIT;\r
}\r
\r
- Status = Ip4Cfg->GetData (Ip4Cfg, &BufSize, NULL);\r
+ //\r
+ // Get the interface information size.\r
+ //\r
+ Status = Ip4Cfg2->GetData (\r
+ Ip4Cfg2,\r
+ Ip4Config2DataTypeInterfaceInfo,\r
+ &BufSize,\r
+ NULL\r
+ );\r
\r
if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
goto ON_EXIT;\r
}\r
\r
- Ip4CfgData = AllocateZeroPool (BufSize);\r
+ IfInfo = AllocateZeroPool (BufSize);\r
\r
- if (Ip4CfgData == NULL) {\r
+ if (IfInfo == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ON_EXIT;\r
}\r
\r
- Status = Ip4Cfg->GetData (Ip4Cfg, &BufSize, Ip4CfgData);\r
+ //\r
+ // Get the interface info.\r
+ //\r
+ Status = Ip4Cfg2->GetData (\r
+ Ip4Cfg2,\r
+ Ip4Config2DataTypeInterfaceInfo,\r
+ &BufSize,\r
+ IfInfo\r
+ );\r
+ \r
if (EFI_ERROR (Status)) {\r
goto ON_EXIT;\r
}\r
\r
CopyMem (\r
&UdpService->DefaultAddress.v4,\r
- &Ip4CfgData->StationAddress,\r
+ &IfInfo->StationAddress,\r
sizeof (EFI_IPv4_ADDRESS)\r
);\r
\r
UdpService->IsConfigured = TRUE;\r
\r
ON_EXIT:\r
- if (Ip4CfgData != NULL) {\r
- FreePool (Ip4CfgData);\r
+ if (IfInfo != NULL) {\r
+ FreePool (IfInfo);\r
}\r
\r
return Status;\r
\r
/**\r
Open and configure a UDPIO of Udp4 for IKE packet receiving.\r
- \r
- This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and \r
+\r
+ This function is called at the IPsecDriverBinding start. IPsec create a UDP4 and\r
UDP4 IO for each NIC handle.\r
- \r
+\r
@param[in] Private Point to IPSEC_PRIVATE_DATA\r
@param[in] Controller Handler for NIC card.\r
- \r
+ @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r
+\r
@retval EFI_SUCCESS The Operation is successful.\r
@retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
- \r
+\r
**/\r
EFI_STATUS\r
IkeOpenInputUdp4 (\r
IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Controller\r
+ IN EFI_HANDLE Controller,\r
+ IN EFI_HANDLE ImageHandle\r
)\r
{\r
IKE_UDP_SERVICE *Udp4Srv;\r
//\r
Udp4Srv->Input = UdpIoCreateIo (\r
Controller,\r
- Private->ImageHandle,\r
+ ImageHandle,\r
IkeConfigUdp4,\r
UDP_IO_UDP4_VERSION,\r
NULL\r
}\r
\r
Udp4Srv->NicHandle = Controller;\r
- Udp4Srv->ImageHandle = Private->ImageHandle;\r
+ Udp4Srv->ImageHandle = ImageHandle;\r
Udp4Srv->ListHead = &(Private->Udp4List);\r
Udp4Srv->IpVersion = UDP_IO_UDP4_VERSION;\r
Udp4Srv->IsConfigured = FALSE;\r
\r
/**\r
Open and configure a UDPIO of Udp6 for IKE packet receiving.\r
- \r
+\r
This function is called at the IPsecDriverBinding start. IPsec create a UDP6 and UDP6\r
IO for each NIC handle.\r
- \r
+\r
@param[in] Private Point to IPSEC_PRIVATE_DATA\r
@param[in] Controller Handler for NIC card.\r
- \r
+ @param[in] ImageHandle The handle that contains the EFI_DRIVER_BINDING_PROTOCOL instance.\r
+\r
@retval EFI_SUCCESS The Operation is successful.\r
@retval EFI_OUT_OF_RESOURCE The required system resource can't be allocated.\r
- \r
+\r
**/\r
EFI_STATUS\r
IkeOpenInputUdp6 (\r
IN IPSEC_PRIVATE_DATA *Private,\r
- IN EFI_HANDLE Controller\r
+ IN EFI_HANDLE Controller,\r
+ IN EFI_HANDLE ImageHandle\r
)\r
{\r
IKE_UDP_SERVICE *Udp6Srv;\r
//\r
Udp6Srv->Input = UdpIoCreateIo (\r
Controller,\r
- Private->ImageHandle,\r
+ ImageHandle,\r
IkeConfigUdp6,\r
UDP_IO_UDP6_VERSION,\r
NULL\r
}\r
\r
Udp6Srv->NicHandle = Controller;\r
- Udp6Srv->ImageHandle = Private->ImageHandle;\r
+ Udp6Srv->ImageHandle = ImageHandle;\r
Udp6Srv->ListHead = &(Private->Udp6List);\r
Udp6Srv->IpVersion = UDP_IO_UDP6_VERSION;\r
Udp6Srv->IsConfigured = FALSE;\r
\r
/**\r
The general interface of starting IPsec Key Exchange.\r
- \r
+\r
This function is called when a IKE negotiation to start getting a Key.\r
- \r
- @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for \r
+\r
+ @param[in] UdpService Point to IKE_UDP_SERVICE which will be used for\r
IKE packet sending.\r
@param[in] SpdEntry Point to the SPD entry related to the IKE negotiation.\r
@param[in] RemoteIp Point to EFI_IP_ADDRESS related to the IKE negotiation.\r
- \r
+\r
@retval EFI_SUCCESS The Operation is successful.\r
@retval EFI_ACCESS_DENIED No related PAD entry was found.\r
@retval EFI_INVALID_PARAMETER The IKE version is not supported.\r
- \r
+\r
**/\r
EFI_STATUS\r
IkeNegotiate (\r
}\r
//\r
// Try to find the IKE SA session in the IKEv1 and IKEv2 established SA session list.\r
- // \r
- IkeSaSession = (UINT8 *) Ikev2SaSessionLookup (&Private->Ikev2EstablishedList, RemoteIp); \r
+ //\r
+ IkeSaSession = (UINT8 *) Ikev2SaSessionLookup (&Private->Ikev2EstablishedList, RemoteIp);\r
\r
\r
if (IkeSaSession == NULL) {\r
if (IkeVersion != 2) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
Exchange = mIkeExchange[IkeVersion - 1];\r
//\r
// Start the quick mode stage to negotiate child SA.\r
\r
/**\r
The generic interface when receive a IKE packet.\r
- \r
+\r
This function is called when UDP IO receives a IKE packet.\r
- \r
+\r
@param[in] Packet Point to received IKE packet.\r
- @param[in] EndPoint Point to UDP_END_POINT which contains the information of \r
+ @param[in] EndPoint Point to UDP_END_POINT which contains the information of\r
Remote IP and Port.\r
@param[in] IoStatus The Status of Recieve Token.\r
@param[in] Context Point to data passed from the caller.\r
- \r
+\r
**/\r
VOID\r
EFIAPI\r
\r
/**\r
Delete all established IKE SAs and related Child SAs.\r
- \r
- This function is the subfunction of the IpSecCleanupAllSa(). It first calls \r
- IkeDeleteChildSa() to delete all Child SAs then send out the related \r
+\r
+ This function is the subfunction of the IpSecCleanupAllSa(). It first calls\r
+ IkeDeleteChildSa() to delete all Child SAs then send out the related\r
Information packet.\r
\r
- @param[in] Private Pointer of the IPSEC_PRIVATE_DATA\r
+ @param[in] Private Pointer of the IPSEC_PRIVATE_DATA\r
+ @param[in] IsDisableIpsec Indicate whether needs to disable IPsec.\r
\r
**/\r
VOID\r
IkeDeleteAllSas (\r
- IN IPSEC_PRIVATE_DATA *Private\r
+ IN IPSEC_PRIVATE_DATA *Private,\r
+ IN BOOLEAN IsDisableIpsec\r
)\r
{\r
LIST_ENTRY *Entry;\r
//\r
if (!IsListEmpty (&Private->Ikev2SessionList)) {\r
NET_LIST_FOR_EACH_SAFE (Entry, NextEntry, &Private->Ikev2SessionList) {\r
- Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry); \r
+ Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
RemoveEntryList (Entry);\r
Ikev2SaSessionFree (Ikev2SaSession);\r
}\r
}\r
- \r
+\r
//\r
// If there is no existing established IKE SA, set the Ipsec DisableFlag to TRUE\r
// and turn off the IsIPsecDisabling flag.\r
//\r
- if (IsListEmpty (&Private->Ikev2EstablishedList)) {\r
+ if (IsListEmpty (&Private->Ikev2EstablishedList) && IsDisableIpsec) {\r
Value = IPSEC_STATUS_DISABLED;\r
Status = gRT->SetVariable (\r
IPSECCONFIG_STATUS_NAME,\r
for (Entry = Private->Ikev2EstablishedList.ForwardLink; Entry != &Private->Ikev2EstablishedList;) {\r
Ikev2SaSession = IKEV2_SA_SESSION_BY_SESSION (Entry);\r
Entry = Entry->ForwardLink;\r
- \r
+\r
Ikev2SaSession->SessionCommon.State = IkeStateSaDeleting;\r
\r
//\r
if (IkeVersion == 2) {\r
Exchange = mIkeExchange[IkeVersion - 1];\r
Exchange->NegotiateInfo((UINT8*)Ikev2SaSession, NULL);\r
- } \r
+ }\r
}\r
}\r
- \r
+\r
}\r
\r
\r