2019-09-25 19:14:40 +02:00
|
|
|
/** @file
|
|
|
|
SSL/TLS Configuration Null Library Wrapper Implementation.
|
|
|
|
|
|
|
|
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
|
|
|
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "InternalTlsLib.h"
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set a new TLS/SSL method for a particular TLS object.
|
|
|
|
|
|
|
|
This function sets a new TLS/SSL method for a particular TLS object.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
|
|
@param[in] MajorVer Major Version of TLS/SSL Protocol.
|
|
|
|
@param[in] MinorVer Minor Version of TLS/SSL Protocol.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The TLS/SSL method was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetVersion (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT8 MajorVer,
|
|
|
|
IN UINT8 MinorVer
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set TLS object to work in client or server mode.
|
|
|
|
|
|
|
|
This function prepares a TLS object to work in client or server mode.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
|
|
@param[in] IsServer Work in server mode.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetConnectionEnd (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN BOOLEAN IsServer
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set the ciphers list to be used by the TLS object.
|
|
|
|
|
|
|
|
This function sets the ciphers for use by a specified TLS object.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
|
|
@param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16
|
|
|
|
cipher identifier comes from the TLS Cipher Suite
|
|
|
|
Registry of the IANA, interpreting Byte1 and Byte2
|
|
|
|
in network (big endian) byte order.
|
|
|
|
@param[in] CipherNum The number of cipher in the list.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The ciphers list was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Memory allocation failed.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetCipherList (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT16 *CipherId,
|
|
|
|
IN UINTN CipherNum
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set the compression method for TLS/SSL operations.
|
|
|
|
|
|
|
|
This function handles TLS/SSL integrated compression methods.
|
|
|
|
|
|
|
|
@param[in] CompMethod The compression method ID.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The compression method for the communication was
|
|
|
|
set successfully.
|
|
|
|
@retval EFI_UNSUPPORTED Unsupported compression method.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetCompressionMethod (
|
|
|
|
IN UINT8 CompMethod
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set peer certificate verification mode for the TLS connection.
|
|
|
|
|
|
|
|
This function sets the verification mode flags for the TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in] VerifyMode A set of logically or'ed verification mode flags.
|
|
|
|
|
|
|
|
**/
|
|
|
|
VOID
|
|
|
|
EFIAPI
|
|
|
|
TlsSetVerify (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT32 VerifyMode
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set the specified host name to be verified.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in] Flags The setting flags during the validation.
|
|
|
|
@param[in] HostName The specified host name to be verified.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The HostName setting was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_ABORTED Invalid HostName setting.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetVerifyHost (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT32 Flags,
|
|
|
|
IN CHAR8 *HostName
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
|
|
|
|
|
|
|
This function sets a session ID to be used when the TLS/SSL connection is
|
|
|
|
to be established.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in] SessionId Session ID data used for session resumption.
|
|
|
|
@param[in] SessionIdLen Length of Session ID in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Session ID was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED No available session for ID setting.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetSessionId (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT8 *SessionId,
|
|
|
|
IN UINT16 SessionIdLen
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Adds the CA to the cert store when requesting Server or Client authentication.
|
|
|
|
|
|
|
|
This function adds the CA certificate to the list of CAs when requesting
|
|
|
|
Server or Client authentication for the chosen TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded binary
|
|
|
|
X.509 certificate or PEM-encoded X.509 certificate.
|
|
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
|
|
|
|
@retval EFI_ABORTED Invalid X.509 certificate.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetCaCertificate (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN VOID *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Loads the local public certificate into the specified TLS object.
|
|
|
|
|
|
|
|
This function loads the X.509 certificate into the specified TLS object
|
|
|
|
for TLS negotiation.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded binary
|
|
|
|
X.509 certificate or PEM-encoded X.509 certificate.
|
|
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
|
|
|
|
@retval EFI_ABORTED Invalid X.509 certificate.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetHostPublicCert (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN VOID *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Adds the local private key to the specified TLS object.
|
|
|
|
|
2022-09-25 11:14:06 +02:00
|
|
|
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
|
2019-09-25 19:14:40 +02:00
|
|
|
key) into the specified TLS object for TLS negotiation.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
2022-09-25 11:14:06 +02:00
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
|
|
|
|
or PKCS#8 private key.
|
|
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@param[in] Password Pointer to NULL-terminated private key password, set it to NULL
|
|
|
|
if private key not encrypted.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
@retval EFI_ABORTED Invalid private key data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetHostPrivateKeyEx (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN VOID *Data,
|
|
|
|
IN UINTN DataSize,
|
|
|
|
IN VOID *Password OPTIONAL
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Adds the local private key to the specified TLS object.
|
|
|
|
|
|
|
|
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
|
|
|
|
key) into the specified TLS object for TLS negotiation.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
|
2019-09-25 19:14:40 +02:00
|
|
|
or PKCS#8 private key.
|
|
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
@retval EFI_ABORTED Invalid private key data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetHostPrivateKey (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN VOID *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Adds the CA-supplied certificate revocation list for certificate validation.
|
|
|
|
|
|
|
|
This function adds the CA-supplied certificate revocation list data for
|
|
|
|
certificate validity checking.
|
|
|
|
|
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
|
|
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
@retval EFI_ABORTED Invalid CRL data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetCertRevocationList (
|
|
|
|
IN VOID *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
2022-09-25 11:14:06 +02:00
|
|
|
/**
|
|
|
|
Set the signature algorithm list to used by the TLS object.
|
|
|
|
|
|
|
|
This function sets the signature algorithms for use by a specified TLS object.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
|
|
@param[in] Data Array of UINT8 of signature algorithms. The array consists of
|
|
|
|
pairs of the hash algorithm and the signature algorithm as defined
|
|
|
|
in RFC 5246
|
|
|
|
@param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The signature algorithm list was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameters are invalid.
|
|
|
|
@retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Memory allocation failed.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetSignatureAlgoList (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT8 *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Set the EC curve to be used for TLS flows
|
|
|
|
|
|
|
|
This function sets the EC curve to be used for TLS flows.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
|
|
@param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
|
|
|
|
@param[in] DataSize Size of Data, it should be sizeof (UINT32)
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The EC curve was set successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameters are invalid.
|
|
|
|
@retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsSetEcCurve (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN UINT8 *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
2019-09-25 19:14:40 +02:00
|
|
|
/**
|
|
|
|
Gets the protocol version used by the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns the protocol version used by the specified TLS
|
|
|
|
connection.
|
|
|
|
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
|
|
|
|
@return The protocol version of the specified TLS connection.
|
|
|
|
|
|
|
|
**/
|
|
|
|
UINT16
|
|
|
|
EFIAPI
|
|
|
|
TlsGetVersion (
|
|
|
|
IN VOID *Tls
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the connection end of the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns the connection end (as client or as server) used by
|
|
|
|
the specified TLS connection.
|
|
|
|
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
|
|
|
|
@return The connection end used by the specified TLS connection.
|
|
|
|
|
|
|
|
**/
|
|
|
|
UINT8
|
|
|
|
EFIAPI
|
|
|
|
TlsGetConnectionEnd (
|
|
|
|
IN VOID *Tls
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the cipher suite used by the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns current cipher suite used by the specified
|
|
|
|
TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in,out] CipherId The cipher suite used by the TLS object.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The cipher suite was returned successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED Unsupported cipher suite.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetCurrentCipher (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN OUT UINT16 *CipherId
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the compression methods used by the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns current integrated compression methods used by
|
|
|
|
the specified TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in,out] CompressionId The current compression method used by
|
|
|
|
the TLS object.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The compression method was returned successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_ABORTED Invalid Compression method.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetCurrentCompressionId (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN OUT UINT8 *CompressionId
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the verification mode currently set in the TLS connection.
|
|
|
|
|
|
|
|
This function returns the peer verification mode currently set in the
|
|
|
|
specified TLS connection.
|
|
|
|
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
|
|
|
|
@return The verification mode set in the specified TLS connection.
|
|
|
|
|
|
|
|
**/
|
|
|
|
UINT32
|
|
|
|
EFIAPI
|
|
|
|
TlsGetVerify (
|
|
|
|
IN VOID *Tls
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the session ID used by the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns the TLS/SSL session ID currently used by the
|
|
|
|
specified TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in,out] SessionId Buffer to contain the returned session ID.
|
|
|
|
@param[in,out] SessionIdLen The length of Session ID in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The Session ID was returned successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED Invalid TLS/SSL session.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetSessionId (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN OUT UINT8 *SessionId,
|
|
|
|
IN OUT UINT16 *SessionIdLen
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the client random data used in the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns the TLS/SSL client random data currently used in
|
|
|
|
the specified TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in,out] ClientRandom Buffer to contain the returned client
|
|
|
|
random data (32 bytes).
|
|
|
|
|
|
|
|
**/
|
|
|
|
VOID
|
|
|
|
EFIAPI
|
|
|
|
TlsGetClientRandom (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN OUT UINT8 *ClientRandom
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the server random data used in the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns the TLS/SSL server random data currently used in
|
|
|
|
the specified TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in,out] ServerRandom Buffer to contain the returned server
|
|
|
|
random data (32 bytes).
|
|
|
|
|
|
|
|
**/
|
|
|
|
VOID
|
|
|
|
EFIAPI
|
|
|
|
TlsGetServerRandom (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN OUT UINT8 *ServerRandom
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the master key data used in the specified TLS connection.
|
|
|
|
|
|
|
|
This function returns the TLS/SSL master key material currently used in
|
|
|
|
the specified TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[in,out] KeyMaterial Buffer to contain the returned key material.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Key material was returned successfully.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_UNSUPPORTED Invalid TLS/SSL session.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetKeyMaterial (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN OUT UINT8 *KeyMaterial
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the CA Certificate from the cert store.
|
|
|
|
|
|
|
|
This function returns the CA certificate for the chosen
|
|
|
|
TLS connection.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[out] Data Pointer to the data buffer to receive the CA
|
|
|
|
certificate data sent to the client.
|
|
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetCaCertificate (
|
|
|
|
IN VOID *Tls,
|
|
|
|
OUT VOID *Data,
|
|
|
|
IN OUT UINTN *DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the local public Certificate set in the specified TLS object.
|
|
|
|
|
|
|
|
This function returns the local public certificate which was currently set
|
|
|
|
in the specified TLS object.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[out] Data Pointer to the data buffer to receive the local
|
|
|
|
public certificate.
|
|
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
|
|
@retval EFI_NOT_FOUND The certificate is not found.
|
|
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetHostPublicCert (
|
|
|
|
IN VOID *Tls,
|
|
|
|
OUT VOID *Data,
|
|
|
|
IN OUT UINTN *DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the local private key set in the specified TLS object.
|
|
|
|
|
|
|
|
This function returns the local private key data which was currently set
|
|
|
|
in the specified TLS object.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@param[out] Data Pointer to the data buffer to receive the local
|
|
|
|
private key data.
|
|
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetHostPrivateKey (
|
|
|
|
IN VOID *Tls,
|
|
|
|
OUT VOID *Data,
|
|
|
|
IN OUT UINTN *DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Gets the CA-supplied certificate revocation list data set in the specified
|
|
|
|
TLS object.
|
|
|
|
|
|
|
|
This function returns the CA-supplied certificate revocation list data which
|
|
|
|
was currently set in the specified TLS object.
|
|
|
|
|
|
|
|
@param[out] Data Pointer to the data buffer to receive the CRL data.
|
|
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetCertRevocationList (
|
|
|
|
OUT VOID *Data,
|
|
|
|
IN OUT UINTN *DataSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|
2022-09-25 11:14:06 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
Derive keying material from a TLS connection.
|
|
|
|
|
|
|
|
This function exports keying material using the mechanism described in RFC
|
|
|
|
5705.
|
|
|
|
|
|
|
|
@param[in] Tls Pointer to the TLS object
|
|
|
|
@param[in] Label Description of the key for the PRF function
|
|
|
|
@param[in] Context Optional context
|
|
|
|
@param[in] ContextLen The length of the context value in bytes
|
|
|
|
@param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
|
|
|
|
@param[in] KeyBufferLen The length of the KeyBuffer
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
|
|
@retval EFI_INVALID_PARAMETER The TLS object is invalid.
|
|
|
|
@retval EFI_PROTOCOL_ERROR Some other error occurred.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
TlsGetExportKey (
|
|
|
|
IN VOID *Tls,
|
|
|
|
IN CONST VOID *Label,
|
|
|
|
IN CONST VOID *Context,
|
|
|
|
IN UINTN ContextLen,
|
|
|
|
OUT VOID *KeyBuffer,
|
|
|
|
IN UINTN KeyBufferLen
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return EFI_UNSUPPORTED;
|
|
|
|
}
|