You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
801 lines
25 KiB
801 lines
25 KiB
/** @file
|
|
Defines TLS Library APIs.
|
|
|
|
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
|
This program and the accompanying materials
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
**/
|
|
|
|
#ifndef __TLS_LIB_H__
|
|
#define __TLS_LIB_H__
|
|
|
|
/**
|
|
Initializes the OpenSSL library.
|
|
|
|
This function registers ciphers and digests used directly and indirectly
|
|
by SSL/TLS, and initializes the readable error messages.
|
|
This function must be called before any other action takes places.
|
|
|
|
@retval TRUE The OpenSSL library has been initialized.
|
|
@retval FALSE Failed to initialize the OpenSSL library.
|
|
|
|
**/
|
|
BOOLEAN
|
|
EFIAPI
|
|
TlsInitialize (
|
|
VOID
|
|
);
|
|
|
|
/**
|
|
Free an allocated SSL_CTX object.
|
|
|
|
@param[in] TlsCtx Pointer to the SSL_CTX object to be released.
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsCtxFree (
|
|
IN VOID *TlsCtx
|
|
);
|
|
|
|
/**
|
|
Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
|
|
connections.
|
|
|
|
@param[in] MajorVer Major Version of TLS/SSL Protocol.
|
|
@param[in] MinorVer Minor Version of TLS/SSL Protocol.
|
|
|
|
@return Pointer to an allocated SSL_CTX object.
|
|
If the creation failed, TlsCtxNew() returns NULL.
|
|
|
|
**/
|
|
VOID *
|
|
EFIAPI
|
|
TlsCtxNew (
|
|
IN UINT8 MajorVer,
|
|
IN UINT8 MinorVer
|
|
);
|
|
|
|
/**
|
|
Free an allocated TLS object.
|
|
|
|
This function removes the TLS object pointed to by Tls and frees up the
|
|
allocated memory. If Tls is NULL, nothing is done.
|
|
|
|
@param[in] Tls Pointer to the TLS object to be freed.
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsFree (
|
|
IN VOID *Tls
|
|
);
|
|
|
|
/**
|
|
Create a new TLS object for a connection.
|
|
|
|
This function creates a new TLS object for a connection. The new object
|
|
inherits the setting of the underlying context TlsCtx: connection method,
|
|
options, verification setting.
|
|
|
|
@param[in] TlsCtx Pointer to the SSL_CTX object.
|
|
|
|
@return Pointer to an allocated SSL object.
|
|
If the creation failed, TlsNew() returns NULL.
|
|
|
|
**/
|
|
VOID *
|
|
EFIAPI
|
|
TlsNew (
|
|
IN VOID *TlsCtx
|
|
);
|
|
|
|
/**
|
|
Checks if the TLS handshake was done.
|
|
|
|
This function will check if the specified TLS handshake was done.
|
|
|
|
@param[in] Tls Pointer to the TLS object for handshake state checking.
|
|
|
|
@retval TRUE The TLS handshake was done.
|
|
@retval FALSE The TLS handshake was not done.
|
|
|
|
**/
|
|
BOOLEAN
|
|
EFIAPI
|
|
TlsInHandshake (
|
|
IN VOID *Tls
|
|
);
|
|
|
|
/**
|
|
Perform a TLS/SSL handshake.
|
|
|
|
This function will perform a TLS/SSL handshake.
|
|
|
|
@param[in] Tls Pointer to the TLS object for handshake operation.
|
|
@param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
|
|
@param[in] BufferInSize Packet size in bytes for the most recently received TLS
|
|
Handshake packet.
|
|
@param[out] BufferOut Pointer to the buffer to hold the built packet.
|
|
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
|
|
the buffer size provided by the caller. On output, it
|
|
is the buffer size in fact needed to contain the
|
|
packet.
|
|
|
|
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
|
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
|
Tls is NULL.
|
|
BufferIn is NULL but BufferInSize is NOT 0.
|
|
BufferInSize is 0 but BufferIn is NOT NULL.
|
|
BufferOutSize is NULL.
|
|
BufferOut is NULL if *BufferOutSize is not zero.
|
|
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
|
|
@retval EFI_ABORTED Something wrong during handshake.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsDoHandshake (
|
|
IN VOID *Tls,
|
|
IN UINT8 *BufferIn, OPTIONAL
|
|
IN UINTN BufferInSize, OPTIONAL
|
|
OUT UINT8 *BufferOut, OPTIONAL
|
|
IN OUT UINTN *BufferOutSize
|
|
);
|
|
|
|
/**
|
|
Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
|
|
TLS session has errors and the response packet needs to be Alert message based on error type.
|
|
|
|
@param[in] Tls Pointer to the TLS object for state checking.
|
|
@param[in] BufferIn Pointer to the most recently received TLS Alert packet.
|
|
@param[in] BufferInSize Packet size in bytes for the most recently received TLS
|
|
Alert packet.
|
|
@param[out] BufferOut Pointer to the buffer to hold the built packet.
|
|
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
|
|
the buffer size provided by the caller. On output, it
|
|
is the buffer size in fact needed to contain the
|
|
packet.
|
|
|
|
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
|
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
|
Tls is NULL.
|
|
BufferIn is NULL but BufferInSize is NOT 0.
|
|
BufferInSize is 0 but BufferIn is NOT NULL.
|
|
BufferOutSize is NULL.
|
|
BufferOut is NULL if *BufferOutSize is not zero.
|
|
@retval EFI_ABORTED An error occurred.
|
|
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsHandleAlert (
|
|
IN VOID *Tls,
|
|
IN UINT8 *BufferIn, OPTIONAL
|
|
IN UINTN BufferInSize, OPTIONAL
|
|
OUT UINT8 *BufferOut, OPTIONAL
|
|
IN OUT UINTN *BufferOutSize
|
|
);
|
|
|
|
/**
|
|
Build the CloseNotify packet.
|
|
|
|
@param[in] Tls Pointer to the TLS object for state checking.
|
|
@param[in, out] Buffer Pointer to the buffer to hold the built packet.
|
|
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
|
|
the buffer size provided by the caller. On output, it
|
|
is the buffer size in fact needed to contain the
|
|
packet.
|
|
|
|
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
|
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
|
Tls is NULL.
|
|
BufferSize is NULL.
|
|
Buffer is NULL if *BufferSize is not zero.
|
|
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsCloseNotify (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *Buffer,
|
|
IN OUT UINTN *BufferSize
|
|
);
|
|
|
|
/**
|
|
Attempts to read bytes from one TLS object and places the data in Buffer.
|
|
|
|
This function will attempt to read BufferSize bytes from the TLS object
|
|
and places the data in Buffer.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] Buffer Pointer to the buffer to store the data.
|
|
@param[in] BufferSize The size of Buffer in bytes.
|
|
|
|
@retval >0 The amount of data successfully read from the TLS object.
|
|
@retval <=0 No data was successfully read.
|
|
|
|
**/
|
|
INTN
|
|
EFIAPI
|
|
TlsCtrlTrafficOut (
|
|
IN VOID *Tls,
|
|
IN OUT VOID *Buffer,
|
|
IN UINTN BufferSize
|
|
);
|
|
|
|
/**
|
|
Attempts to write data from the buffer to TLS object.
|
|
|
|
This function will attempt to write BufferSize bytes data from the Buffer
|
|
to the TLS object.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Buffer Pointer to the data buffer.
|
|
@param[in] BufferSize The size of Buffer in bytes.
|
|
|
|
@retval >0 The amount of data successfully written to the TLS object.
|
|
@retval <=0 No data was successfully written.
|
|
|
|
**/
|
|
INTN
|
|
EFIAPI
|
|
TlsCtrlTrafficIn (
|
|
IN VOID *Tls,
|
|
IN VOID *Buffer,
|
|
IN UINTN BufferSize
|
|
);
|
|
|
|
/**
|
|
Attempts to read bytes from the specified TLS connection into the buffer.
|
|
|
|
This function tries to read BufferSize bytes data from the specified TLS
|
|
connection into the Buffer.
|
|
|
|
@param[in] Tls Pointer to the TLS connection for data reading.
|
|
@param[in,out] Buffer Pointer to the data buffer.
|
|
@param[in] BufferSize The size of Buffer in bytes.
|
|
|
|
@retval >0 The read operation was successful, and return value is the
|
|
number of bytes actually read from the TLS connection.
|
|
@retval <=0 The read operation was not successful.
|
|
|
|
**/
|
|
INTN
|
|
EFIAPI
|
|
TlsRead (
|
|
IN VOID *Tls,
|
|
IN OUT VOID *Buffer,
|
|
IN UINTN BufferSize
|
|
);
|
|
|
|
/**
|
|
Attempts to write data to a TLS connection.
|
|
|
|
This function tries to write BufferSize bytes data from the Buffer into the
|
|
specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS connection for data writing.
|
|
@param[in] Buffer Pointer to the data buffer.
|
|
@param[in] BufferSize The size of Buffer in bytes.
|
|
|
|
@retval >0 The write operation was successful, and return value is the
|
|
number of bytes actually written to the TLS connection.
|
|
@retval <=0 The write operation was not successful.
|
|
|
|
**/
|
|
INTN
|
|
EFIAPI
|
|
TlsWrite (
|
|
IN VOID *Tls,
|
|
IN VOID *Buffer,
|
|
IN UINTN BufferSize
|
|
);
|
|
|
|
/**
|
|
Set a new TLS/SSL method for a particular TLS object.
|
|
|
|
This function sets a new TLS/SSL method for a particular TLS object.
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
@param[in] MajorVer Major Version of TLS/SSL Protocol.
|
|
@param[in] MinorVer Minor Version of TLS/SSL Protocol.
|
|
|
|
@retval EFI_SUCCESS The TLS/SSL method was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetVersion (
|
|
IN VOID *Tls,
|
|
IN UINT8 MajorVer,
|
|
IN UINT8 MinorVer
|
|
);
|
|
|
|
/**
|
|
Set TLS object to work in client or server mode.
|
|
|
|
This function prepares a TLS object to work in client or server mode.
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
@param[in] IsServer Work in server mode.
|
|
|
|
@retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetConnectionEnd (
|
|
IN VOID *Tls,
|
|
IN BOOLEAN IsServer
|
|
);
|
|
|
|
/**
|
|
Set the ciphers list to be used by the TLS object.
|
|
|
|
This function sets the ciphers for use by a specified TLS object.
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
@param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16
|
|
cipher identifier comes from the TLS Cipher Suite
|
|
Registry of the IANA, interpreting Byte1 and Byte2
|
|
in network (big endian) byte order.
|
|
@param[in] CipherNum The number of cipher in the list.
|
|
|
|
@retval EFI_SUCCESS The ciphers list was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.
|
|
@retval EFI_OUT_OF_RESOURCES Memory allocation failed.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCipherList (
|
|
IN VOID *Tls,
|
|
IN UINT16 *CipherId,
|
|
IN UINTN CipherNum
|
|
);
|
|
|
|
/**
|
|
Set the compression method for TLS/SSL operations.
|
|
|
|
This function handles TLS/SSL integrated compression methods.
|
|
|
|
@param[in] CompMethod The compression method ID.
|
|
|
|
@retval EFI_SUCCESS The compression method for the communication was
|
|
set successfully.
|
|
@retval EFI_UNSUPPORTED Unsupported compression method.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCompressionMethod (
|
|
IN UINT8 CompMethod
|
|
);
|
|
|
|
/**
|
|
Set peer certificate verification mode for the TLS connection.
|
|
|
|
This function sets the verification mode flags for the TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] VerifyMode A set of logically or'ed verification mode flags.
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsSetVerify (
|
|
IN VOID *Tls,
|
|
IN UINT32 VerifyMode
|
|
);
|
|
|
|
/**
|
|
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
|
|
|
This function sets a session ID to be used when the TLS/SSL connection is
|
|
to be established.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] SessionId Session ID data used for session resumption.
|
|
@param[in] SessionIdLen Length of Session ID in bytes.
|
|
|
|
@retval EFI_SUCCESS Session ID was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED No available session for ID setting.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetSessionId (
|
|
IN VOID *Tls,
|
|
IN UINT8 *SessionId,
|
|
IN UINT16 SessionIdLen
|
|
);
|
|
|
|
/**
|
|
Adds the CA to the cert store when requesting Server or Client authentication.
|
|
|
|
This function adds the CA certificate to the list of CAs when requesting
|
|
Server or Client authentication for the chosen TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded binary
|
|
X.509 certificate or PEM-encoded X.509 certificate.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
|
|
@retval EFI_ABORTED Invalid X.509 certificate.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCaCertificate (
|
|
IN VOID *Tls,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
);
|
|
|
|
/**
|
|
Loads the local public certificate into the specified TLS object.
|
|
|
|
This function loads the X.509 certificate into the specified TLS object
|
|
for TLS negotiation.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded binary
|
|
X.509 certificate or PEM-encoded X.509 certificate.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
|
|
@retval EFI_ABORTED Invalid X.509 certificate.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetHostPublicCert (
|
|
IN VOID *Tls,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
);
|
|
|
|
/**
|
|
Adds the local private key to the specified TLS object.
|
|
|
|
This function adds the local private key (PEM-encoded RSA or PKCS#8 private
|
|
key) into the specified TLS object for TLS negotiation.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Data Pointer to the data buffer of a PEM-encoded RSA
|
|
or PKCS#8 private key.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_ABORTED Invalid private key data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetHostPrivateKey (
|
|
IN VOID *Tls,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
);
|
|
|
|
/**
|
|
Adds the CA-supplied certificate revocation list for certificate validation.
|
|
|
|
This function adds the CA-supplied certificate revocation list data for
|
|
certificate validity checking.
|
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_ABORTED Invalid CRL data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCertRevocationList (
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
);
|
|
|
|
/**
|
|
Gets the protocol version used by the specified TLS connection.
|
|
|
|
This function returns the protocol version used by the specified TLS
|
|
connection.
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@return The protocol version of the specified TLS connection.
|
|
|
|
**/
|
|
UINT16
|
|
EFIAPI
|
|
TlsGetVersion (
|
|
IN VOID *Tls
|
|
);
|
|
|
|
/**
|
|
Gets the connection end of the specified TLS connection.
|
|
|
|
This function returns the connection end (as client or as server) used by
|
|
the specified TLS connection.
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@return The connection end used by the specified TLS connection.
|
|
|
|
**/
|
|
UINT8
|
|
EFIAPI
|
|
TlsGetConnectionEnd (
|
|
IN VOID *Tls
|
|
);
|
|
|
|
/**
|
|
Gets the cipher suite used by the specified TLS connection.
|
|
|
|
This function returns current cipher suite used by the specified
|
|
TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] CipherId The cipher suite used by the TLS object.
|
|
|
|
@retval EFI_SUCCESS The cipher suite was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Unsupported cipher suite.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCurrentCipher (
|
|
IN VOID *Tls,
|
|
IN OUT UINT16 *CipherId
|
|
);
|
|
|
|
/**
|
|
Gets the compression methods used by the specified TLS connection.
|
|
|
|
This function returns current integrated compression methods used by
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] CompressionId The current compression method used by
|
|
the TLS object.
|
|
|
|
@retval EFI_SUCCESS The compression method was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_ABORTED Invalid Compression method.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCurrentCompressionId (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *CompressionId
|
|
);
|
|
|
|
/**
|
|
Gets the verification mode currently set in the TLS connection.
|
|
|
|
This function returns the peer verification mode currently set in the
|
|
specified TLS connection.
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@return The verification mode set in the specified TLS connection.
|
|
|
|
**/
|
|
UINT32
|
|
EFIAPI
|
|
TlsGetVerify (
|
|
IN VOID *Tls
|
|
);
|
|
|
|
/**
|
|
Gets the session ID used by the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL session ID currently used by the
|
|
specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] SessionId Buffer to contain the returned session ID.
|
|
@param[in,out] SessionIdLen The length of Session ID in bytes.
|
|
|
|
@retval EFI_SUCCESS The Session ID was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Invalid TLS/SSL session.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetSessionId (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *SessionId,
|
|
IN OUT UINT16 *SessionIdLen
|
|
);
|
|
|
|
/**
|
|
Gets the client random data used in the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL client random data currently used in
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] ClientRandom Buffer to contain the returned client
|
|
random data (32 bytes).
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsGetClientRandom (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *ClientRandom
|
|
);
|
|
|
|
/**
|
|
Gets the server random data used in the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL server random data currently used in
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] ServerRandom Buffer to contain the returned server
|
|
random data (32 bytes).
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsGetServerRandom (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *ServerRandom
|
|
);
|
|
|
|
/**
|
|
Gets the master key data used in the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL master key material currently used in
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] KeyMaterial Buffer to contain the returned key material.
|
|
|
|
@retval EFI_SUCCESS Key material was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Invalid TLS/SSL session.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetKeyMaterial (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *KeyMaterial
|
|
);
|
|
|
|
/**
|
|
Gets the CA Certificate from the cert store.
|
|
|
|
This function returns the CA certificate for the chosen
|
|
TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[out] Data Pointer to the data buffer to receive the CA
|
|
certificate data sent to the client.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCaCertificate (
|
|
IN VOID *Tls,
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
);
|
|
|
|
/**
|
|
Gets the local public Certificate set in the specified TLS object.
|
|
|
|
This function returns the local public certificate which was currently set
|
|
in the specified TLS object.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[out] Data Pointer to the data buffer to receive the local
|
|
public certificate.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_NOT_FOUND The certificate is not found.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetHostPublicCert (
|
|
IN VOID *Tls,
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
);
|
|
|
|
/**
|
|
Gets the local private key set in the specified TLS object.
|
|
|
|
This function returns the local private key data which was currently set
|
|
in the specified TLS object.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[out] Data Pointer to the data buffer to receive the local
|
|
private key data.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetHostPrivateKey (
|
|
IN VOID *Tls,
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
);
|
|
|
|
/**
|
|
Gets the CA-supplied certificate revocation list data set in the specified
|
|
TLS object.
|
|
|
|
This function returns the CA-supplied certificate revocation list data which
|
|
was currently set in the specified TLS object.
|
|
|
|
@param[out] Data Pointer to the data buffer to receive the CRL data.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCertRevocationList (
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
);
|
|
|
|
#endif // __TLS_LIB_H__
|
|
|