tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 07:34:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg: Convert files to CRLF line ending

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
This commit is contained in:
Hao Wu 2017-04-06 10:10:39 +08:00
parent 973f8862f2
commit 7618784b85
22 changed files with 6773 additions and 6757 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3439
NetworkPkg/HttpDxe/HttpsSupport.c
View File

File diff suppressed because it is too large Load Diff

521
NetworkPkg/HttpDxe/HttpsSupport.h
View File

@ -1,260 +1,261 @@
/** @file
The header files of miscellaneous routines specific to Https for HttpDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_HTTPS_SUPPORT_H__
#define __EFI_HTTPS_SUPPORT_H__
#define HTTPS_DEFAULT_PORT 443
#define HTTPS_FLAG "https://"
/**
Check whether the Url is from Https.
@param[in] Url The pointer to a HTTP or HTTPS URL string.
@retval TRUE The Url is from HTTPS.
@retval FALSE The Url is from HTTP.
**/
BOOLEAN
IsHttpsUrl (
IN CHAR8 *Url
);
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
@param[in] ImageHandle The firmware allocated handle for the UEFI image.
@param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
@param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
**/
EFI_HANDLE
EFIAPI
TlsCreateChild (
IN EFI_HANDLE ImageHandle,
OUT EFI_TLS_PROTOCOL **TlsProto,
OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
);
/**
Create event for the TLS receive and transmit tokens which are used to receive and
transmit TLS related messages.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@retval EFI_SUCCESS The events are created successfully.
@retval others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsCreateTxRxEvent (
IN OUT HTTP_PROTOCOL *HttpInstance
);
/**
Close events in the TlsTxToken and TlsRxToken.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
**/
VOID
EFIAPI
TlsCloseTxRxEvent (
IN HTTP_PROTOCOL *HttpInstance
);
/**
Read the TlsCaCertificate variable and configure it.
@param[in, out] HttpInstance The HTTP instance private data.
@retval EFI_SUCCESS TlsCaCertificate is configured.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
@retval Others Other error as indicated.
**/
EFI_STATUS
TlsConfigCertificate (
IN OUT HTTP_PROTOCOL *HttpInstance
);
/**
Configure TLS session data.
@param[in, out] HttpInstance The HTTP instance private data.
@retval EFI_SUCCESS TLS session data is configured.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsConfigureSession (
IN OUT HTTP_PROTOCOL *HttpInstance
);
/**
Transmit the Packet by processing the associated HTTPS token.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in] Packet The packet to transmit.
@retval EFI_SUCCESS The packet is transmitted.
@retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
TlsCommonTransmit (
IN OUT HTTP_PROTOCOL *HttpInstance,
IN NET_BUF *Packet
);
/**
Receive the Packet by processing the associated HTTPS token.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in] Packet The packet to transmit.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS The Packet is received.
@retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_TIMEOUT The operation is time out.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsCommonReceive (
IN OUT HTTP_PROTOCOL *HttpInstance,
IN NET_BUF *Packet,
IN EFI_EVENT Timeout
);
/**
Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
corresponding record data. These two parts will be put into two blocks of buffers in the
net buffer.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[out] Pdu The received TLS PDU.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS An TLS PDU is received.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
TlsReceiveOnePdu (
IN OUT HTTP_PROTOCOL *HttpInstance,
OUT NET_BUF **Pdu,
IN EFI_EVENT Timeout
);
/**
Connect one TLS session by finishing the TLS handshake process.
@param[in] HttpInstance The HTTP instance private data.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS The TLS session is established.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsConnectSession (
IN HTTP_PROTOCOL *HttpInstance,
IN EFI_EVENT Timeout
);
/**
Close the TLS session and send out the close notification message.
@param[in] HttpInstance The HTTP instance private data.
@retval EFI_SUCCESS The TLS session is closed.
@retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsCloseSession (
IN HTTP_PROTOCOL *HttpInstance
);
/**
Process one message according to the CryptMode.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in] Message Pointer to the message buffer needed to processed.
@param[in] MessageSize Pointer to the message buffer size.
@param[in] ProcessMode Process mode.
@param[in, out] Fragment Only one Fragment returned after the Message is
processed successfully.
@retval EFI_SUCCESS Message is processed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
TlsProcessMessage (
IN HTTP_PROTOCOL *HttpInstance,
IN UINT8 *Message,
IN UINTN MessageSize,
IN EFI_TLS_CRYPT_MODE ProcessMode,
IN OUT NET_FRAGMENT *Fragment
);
/**
Receive one fragment decrypted from one TLS record.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in, out] Fragment The received Fragment.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS One fragment is received.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED Something wrong decryption the message.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
HttpsReceive (
IN HTTP_PROTOCOL *HttpInstance,
IN OUT NET_FRAGMENT *Fragment,
IN EFI_EVENT Timeout
);
#endif
/** @file
The header files of miscellaneous routines specific to Https for HttpDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_HTTPS_SUPPORT_H__
#define __EFI_HTTPS_SUPPORT_H__
#define HTTPS_DEFAULT_PORT 443
#define HTTPS_FLAG "https://"
/**
Check whether the Url is from Https.
@param[in] Url The pointer to a HTTP or HTTPS URL string.
@retval TRUE The Url is from HTTPS.
@retval FALSE The Url is from HTTP.
**/
BOOLEAN
IsHttpsUrl (
IN CHAR8 *Url
);
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
@param[in] ImageHandle The firmware allocated handle for the UEFI image.
@param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
@param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
**/
EFI_HANDLE
EFIAPI
TlsCreateChild (
IN EFI_HANDLE ImageHandle,
OUT EFI_TLS_PROTOCOL **TlsProto,
OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
);
/**
Create event for the TLS receive and transmit tokens which are used to receive and
transmit TLS related messages.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@retval EFI_SUCCESS The events are created successfully.
@retval others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsCreateTxRxEvent (
IN OUT HTTP_PROTOCOL *HttpInstance
);
/**
Close events in the TlsTxToken and TlsRxToken.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
**/
VOID
EFIAPI
TlsCloseTxRxEvent (
IN HTTP_PROTOCOL *HttpInstance
);
/**
Read the TlsCaCertificate variable and configure it.
@param[in, out] HttpInstance The HTTP instance private data.
@retval EFI_SUCCESS TlsCaCertificate is configured.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
@retval Others Other error as indicated.
**/
EFI_STATUS
TlsConfigCertificate (
IN OUT HTTP_PROTOCOL *HttpInstance
);
/**
Configure TLS session data.
@param[in, out] HttpInstance The HTTP instance private data.
@retval EFI_SUCCESS TLS session data is configured.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsConfigureSession (
IN OUT HTTP_PROTOCOL *HttpInstance
);
/**
Transmit the Packet by processing the associated HTTPS token.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in] Packet The packet to transmit.
@retval EFI_SUCCESS The packet is transmitted.
@retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
TlsCommonTransmit (
IN OUT HTTP_PROTOCOL *HttpInstance,
IN NET_BUF *Packet
);
/**
Receive the Packet by processing the associated HTTPS token.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in] Packet The packet to transmit.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS The Packet is received.
@retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_TIMEOUT The operation is time out.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsCommonReceive (
IN OUT HTTP_PROTOCOL *HttpInstance,
IN NET_BUF *Packet,
IN EFI_EVENT Timeout
);
/**
Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
corresponding record data. These two parts will be put into two blocks of buffers in the
net buffer.
@param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[out] Pdu The received TLS PDU.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS An TLS PDU is received.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
TlsReceiveOnePdu (
IN OUT HTTP_PROTOCOL *HttpInstance,
OUT NET_BUF **Pdu,
IN EFI_EVENT Timeout
);
/**
Connect one TLS session by finishing the TLS handshake process.
@param[in] HttpInstance The HTTP instance private data.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS The TLS session is established.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsConnectSession (
IN HTTP_PROTOCOL *HttpInstance,
IN EFI_EVENT Timeout
);
/**
Close the TLS session and send out the close notification message.
@param[in] HttpInstance The HTTP instance private data.
@retval EFI_SUCCESS The TLS session is closed.
@retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval Others Other error as indicated.
**/
EFI_STATUS
EFIAPI
TlsCloseSession (
IN HTTP_PROTOCOL *HttpInstance
);
/**
Process one message according to the CryptMode.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in] Message Pointer to the message buffer needed to processed.
@param[in] MessageSize Pointer to the message buffer size.
@param[in] ProcessMode Process mode.
@param[in, out] Fragment Only one Fragment returned after the Message is
processed successfully.
@retval EFI_SUCCESS Message is processed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
TlsProcessMessage (
IN HTTP_PROTOCOL *HttpInstance,
IN UINT8 *Message,
IN UINTN MessageSize,
IN EFI_TLS_CRYPT_MODE ProcessMode,
IN OUT NET_FRAGMENT *Fragment
);
/**
Receive one fragment decrypted from one TLS record.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
@param[in, out] Fragment The received Fragment.
@param[in] Timeout The time to wait for connection done.
@retval EFI_SUCCESS One fragment is received.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED Something wrong decryption the message.
@retval Others Other errors as indicated.
**/
EFI_STATUS
EFIAPI
HttpsReceive (
IN HTTP_PROTOCOL *HttpInstance,
IN OUT NET_FRAGMENT *Fragment,
IN EFI_EVENT Timeout
);
#endif

51
NetworkPkg/Include/Guid/TlsAuthConfigHii.h
View File

@ -1,25 +1,26 @@
/** @file
GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
#define __TLS_AUTH_CONFIG_HII_GUID_H__
#define TLS_AUTH_CONFIG_GUID \
{ \
0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \
}
extern EFI_GUID gTlsAuthConfigGuid;
#endif
/** @file
GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
#define __TLS_AUTH_CONFIG_HII_GUID_H__
#define TLS_AUTH_CONFIG_GUID \
{ \
0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \
}
extern EFI_GUID gTlsAuthConfigGuid;
#endif

59
NetworkPkg/Include/Guid/TlsAuthentication.h
View File

@ -1,29 +1,30 @@
/** @file
This file defines TlsCaCertificate variable.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTHENTICATION_H__
#define __TLS_AUTHENTICATION_H__
// Private variable for CA Certificate configuration
//
#define EFI_TLS_CA_CERTIFICATE_GUID \
{ \
0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
}
#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
extern EFI_GUID gEfiTlsCaCertificateGuid;
#endif
/** @file
This file defines TlsCaCertificate variable.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTHENTICATION_H__
#define __TLS_AUTHENTICATION_H__
// Private variable for CA Certificate configuration
//
#define EFI_TLS_CA_CERTIFICATE_GUID \
{ \
0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
}
#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
extern EFI_GUID gEfiTlsCaCertificateGuid;
#endif

270
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
View File

@ -1,135 +1,135 @@
/** @file
The DriverEntryPoint for TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsAuthConfigImpl.h"
/**
Unloads an image.
@param ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigDxeUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
Status = gBS->HandleProtocol (
ImageHandle,
&gEfiCallerIdGuid,
(VOID **) &PrivateData
);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
gBS->UninstallMultipleProtocolInterfaces (
&ImageHandle,
&gEfiCallerIdGuid,
PrivateData,
NULL
);
TlsAuthConfigFormUnload (PrivateData);
return EFI_SUCCESS;
}
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigDxeDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
PrivateData = NULL;
//
// If already started, return.
//
Status = gBS->OpenProtocol (
ImageHandle,
&gEfiCallerIdGuid,
NULL,
ImageHandle,
ImageHandle,
EFI_OPEN_PROTOCOL_TEST_PROTOCOL
);
if (!EFI_ERROR (Status)) {
return EFI_ALREADY_STARTED;
}
//
// Initialize the private data structure.
//
PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));
if (PrivateData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Initialize the HII configuration form.
//
Status = TlsAuthConfigFormInit (PrivateData);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Install private GUID.
//
Status = gBS->InstallMultipleProtocolInterfaces (
&ImageHandle,
&gEfiCallerIdGuid,
PrivateData,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
return EFI_SUCCESS;
ON_ERROR:
TlsAuthConfigFormUnload (PrivateData);
FreePool (PrivateData);
return Status;
}
/** @file
The DriverEntryPoint for TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsAuthConfigImpl.h"
/**
Unloads an image.
@param ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigDxeUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
Status = gBS->HandleProtocol (
ImageHandle,
&gEfiCallerIdGuid,
(VOID **) &PrivateData
);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
gBS->UninstallMultipleProtocolInterfaces (
&ImageHandle,
&gEfiCallerIdGuid,
PrivateData,
NULL
);
TlsAuthConfigFormUnload (PrivateData);
return EFI_SUCCESS;
}
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigDxeDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
PrivateData = NULL;
//
// If already started, return.
//
Status = gBS->OpenProtocol (
ImageHandle,
&gEfiCallerIdGuid,
NULL,
ImageHandle,
ImageHandle,
EFI_OPEN_PROTOCOL_TEST_PROTOCOL
);
if (!EFI_ERROR (Status)) {
return EFI_ALREADY_STARTED;
}
//
// Initialize the private data structure.
//
PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));
if (PrivateData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Initialize the HII configuration form.
//
Status = TlsAuthConfigFormInit (PrivateData);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Install private GUID.
//
Status = gBS->InstallMultipleProtocolInterfaces (
&ImageHandle,
&gEfiCallerIdGuid,
PrivateData,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
return EFI_SUCCESS;
ON_ERROR:
TlsAuthConfigFormUnload (PrivateData);
FreePool (PrivateData);
return Status;
}

147
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
View File

@ -1,73 +1,74 @@
## @file
# Provides the capability to configure Tls Authentication in a setup browser
# By this module, user may change the content of TlsCaCertificate.
#
# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TlsAuthConfigDxe
MODULE_UNI_FILE = TlsAuthConfigDxe.uni
FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
UNLOAD_IMAGE = TlsAuthConfigDxeUnload
#
# VALID_ARCHITECTURES = IA32 X64
#
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
NetworkPkg/NetworkPkg.dec
[Sources]
TlsAuthConfigImpl.c
TlsAuthConfigImpl.h
TlsAuthConfigNvData.h
TlsAuthConfigDxe.c
TlsAuthConfigDxeStrings.uni
TlsAuthConfigVfr.vfr
[LibraryClasses]
BaseLib
BaseMemoryLib
MemoryAllocationLib
UefiLib
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
UefiDriverEntryPoint
DebugLib
HiiLib
DevicePathLib
UefiHiiServicesLib
FileExplorerLib
PrintLib
[Protocols]
gEfiDevicePathProtocolGuid ## PRODUCES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
gTlsAuthConfigGuid ## PRODUCES ## GUID
gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
gEfiIfrTianoGuid ## CONSUMES ## HII
gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
[Depex]
gEfiHiiConfigRoutingProtocolGuid AND
gEfiHiiDatabaseProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
TlsAuthConfigDxeExtra.uni
## @file
# Provides the capability to configure Tls Authentication in a setup browser
# By this module, user may change the content of TlsCaCertificate.
#
# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TlsAuthConfigDxe
MODULE_UNI_FILE = TlsAuthConfigDxe.uni
FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
UNLOAD_IMAGE = TlsAuthConfigDxeUnload
#
# VALID_ARCHITECTURES = IA32 X64
#
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
NetworkPkg/NetworkPkg.dec
[Sources]
TlsAuthConfigImpl.c
TlsAuthConfigImpl.h
TlsAuthConfigNvData.h
TlsAuthConfigDxe.c
TlsAuthConfigDxeStrings.uni
TlsAuthConfigVfr.vfr
[LibraryClasses]
BaseLib
BaseMemoryLib
MemoryAllocationLib
UefiLib
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
UefiDriverEntryPoint
DebugLib
HiiLib
DevicePathLib
UefiHiiServicesLib
FileExplorerLib
PrintLib
[Protocols]
gEfiDevicePathProtocolGuid ## PRODUCES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
gTlsAuthConfigGuid ## PRODUCES ## GUID
gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
gEfiIfrTianoGuid ## CONSUMES ## HII
gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
[Depex]
gEfiHiiConfigRoutingProtocolGuid AND
gEfiHiiDatabaseProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
TlsAuthConfigDxeExtra.uni

42
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
View File

@ -1,21 +1,21 @@
// /** @file
// Provides the capability to configure Tls Authentication in a setup browser
//
// By this module, user may change the content of TlsCaCertificate.
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"
#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."
// /** @file
// Provides the capability to configure Tls Authentication in a setup browser
//
// By this module, user may change the content of TlsCaCertificate.
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"
#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."

38
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
View File

@ -1,19 +1,19 @@
// /** @file
// TlsAuthConfigDxe Localized Strings and Content
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"TLS Auth Config DXE"
// /** @file
// TlsAuthConfigDxe Localized Strings and Content
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"TLS Auth Config DXE"

78
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
View File

@ -1,39 +1,39 @@
/** @file
String definitions for Tls Authentication Configuration form.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"
#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."
#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"
#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."
#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"
#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."
#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"
#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."
#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"
#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."
#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"
#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"
#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"
#string STR_NULL #language en-US ""
/** @file
String definitions for Tls Authentication Configuration form.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"
#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."
#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"
#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."
#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"
#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."
#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"
#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."
#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"
#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."
#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"
#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"
#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"
#string STR_NULL #language en-US ""

3377
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
View File

File diff suppressed because it is too large Load Diff

564
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
View File

@ -1,282 +1,282 @@
/** @file
Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_IMPL_H__
#define __TLS_AUTH_CONFIG_IMPL_H__
#include <Uefi.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/SimpleFileSystem.h>
//
// Libraries
//
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/DevicePathLib.h>
#include <Library/HiiLib.h>
#include <Library/UefiHiiServicesLib.h>
#include <Library/FileExplorerLib.h>
#include <Library/PrintLib.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/TlsAuthentication.h>
//
// Include files with function prototypes
//
#include "TlsAuthConfigNvData.h"
extern UINT8 TlsAuthConfigDxeStrings[];
extern UINT8 TlsAuthConfigVfrBin[];
#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')
#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;
typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
EFI_FILE_HANDLE FHandle;
UINT16 *FileName;
};
struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE RegisteredHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
EFI_GUID *CertGuid;
};
/**
Unload the configuration form, this includes: delete all the configuration
entries, uninstall the form callback protocol, and free the resources used.
The form will only be unload completely when both IP4 and IP6 stack are stopped.
@param[in] Private Pointer to the driver private data.
@retval EFI_SUCCESS The configuration form is unloaded.
@retval Others Failed to unload the form.
**/
EFI_STATUS
TlsAuthConfigFormUnload (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
);
/**
Initialize the configuration form.
@param[in] Private Pointer to the driver private data.
@retval EFI_SUCCESS The configuration form is initialized.
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
**/
EFI_STATUS
TlsAuthConfigFormInit (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
);
/**
This function allows the caller to request the current
configuration for one or more named elements. The resulting
string is in <ConfigAltResp> format. Any and all alternative
configuration strings shall also be appended to the end of the
current configuration string. If they are, they must appear
after the current configuration. They must contain the same
routing (GUID, NAME, PATH) as the current configuration string.
They must have an additional description indicating the type of
alternative configuration the string represents,
"ALTCFG=<StringToken>". That <StringToken> (when
converted from Hex UNICODE to binary) is a reference to a
string in the associated string pack.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Request A null-terminated Unicode string in
<ConfigRequest> format. Note that this
includes the routing information as well as
the configurable name / value pairs. It is
invalid for this string to be in
<MultiConfigRequest> format.
If a NULL is passed in for the Request field,
all of the settings being abstracted by this function
will be returned in the Results field. In addition,
if a ConfigHdr is passed in with no request elements,
all of the settings being abstracted for that particular
ConfigHdr reference will be returned in the Results Field.
@param Progress On return, points to a character in the
Request string. Points to the string's null
terminator if request was successful. Points
to the most recent "&" before the first
failing name / value pair (or the beginning
of the string if the failure is in the first
name / value pair) if the request was not
successful.
@param Results A null-terminated Unicode string in
<MultiConfigAltResp> format which has all values
filled in for the names in the Request string.
String to be allocated by the called function.
@retval EFI_SUCCESS The Results string is filled with the
values corresponding to all requested
names.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the
parts of the results that must be
stored awaiting possible future
protocols.
@retval EFI_NOT_FOUND Routing data doesn't match any
known driver. Progress set to the
first character in the routing header.
Note: There is no requirement that the
driver validate the routing data. It
must skip the <ConfigHdr> in order to
process the names.
@retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
to most recent "&" before the
error or the beginning of the
string.
@retval EFI_INVALID_PARAMETER Unknown name. Progress points
to the & before the name in
question.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
);
/**
This function applies changes in a driver's configuration.
Input is a Configuration, which has the routing data for this
driver followed by name / value configuration pairs. The driver
must apply those pairs to its configurable storage. If the
driver's configuration is stored in a linear block of data
and the driver's name / value pairs are in <BlockConfig>
format, it may use the ConfigToBlock helper function (above) to
simplify the job.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Configuration A null-terminated Unicode string in
<ConfigString> format.
@param Progress A pointer to a string filled in with the
offset of the most recent '&' before the
first failing name / value pair (or the
beginn ing of the string if the failure
is in the first name / value pair) or
the terminating NULL if all was
successful.
@retval EFI_SUCCESS The results have been distributed or are
awaiting distribution.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the
parts of the results that must be
stored awaiting possible future
protocols.
@retval EFI_INVALID_PARAMETERS Passing in a NULL for the
Results parameter would result
in this type of error.
@retval EFI_NOT_FOUND Target for the specified routing data
was not found
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
);
/**
This function is called to provide results data to the driver.
This data consists of a unique key that is used to identify
which data is either being passed back or being asked for.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Action Specifies the type of action taken by the browser.
@param QuestionId A unique value which is sent to the original
exporting driver so that it can identify the type
of data to expect. The format of the data tends to
vary based on the opcode that generated the callback.
@param Type The type of value for the question.
@param Value A pointer to the data being sent to the original
exporting driver.
@param ActionRequest On return, points to the action requested by the
callback function.
@retval EFI_SUCCESS The callback successfully handled the action.
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
variable and its data.
@retval EFI_DEVICE_ERROR The variable could not be saved.
@retval EFI_UNSUPPORTED The specified Action is not supported by the
callback.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN OUT EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
#endif
/** @file
Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_IMPL_H__
#define __TLS_AUTH_CONFIG_IMPL_H__
#include <Uefi.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/SimpleFileSystem.h>
//
// Libraries
//
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/DevicePathLib.h>
#include <Library/HiiLib.h>
#include <Library/UefiHiiServicesLib.h>
#include <Library/FileExplorerLib.h>
#include <Library/PrintLib.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/TlsAuthentication.h>
//
// Include files with function prototypes
//
#include "TlsAuthConfigNvData.h"
extern UINT8 TlsAuthConfigDxeStrings[];
extern UINT8 TlsAuthConfigVfrBin[];
#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')
#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;
typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
EFI_FILE_HANDLE FHandle;
UINT16 *FileName;
};
struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE RegisteredHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
EFI_GUID *CertGuid;
};
/**
Unload the configuration form, this includes: delete all the configuration
entries, uninstall the form callback protocol, and free the resources used.
The form will only be unload completely when both IP4 and IP6 stack are stopped.
@param[in] Private Pointer to the driver private data.
@retval EFI_SUCCESS The configuration form is unloaded.
@retval Others Failed to unload the form.
**/
EFI_STATUS
TlsAuthConfigFormUnload (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
);
/**
Initialize the configuration form.
@param[in] Private Pointer to the driver private data.
@retval EFI_SUCCESS The configuration form is initialized.
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
**/
EFI_STATUS
TlsAuthConfigFormInit (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
);
/**
This function allows the caller to request the current
configuration for one or more named elements. The resulting
string is in <ConfigAltResp> format. Any and all alternative
configuration strings shall also be appended to the end of the
current configuration string. If they are, they must appear
after the current configuration. They must contain the same
routing (GUID, NAME, PATH) as the current configuration string.
They must have an additional description indicating the type of
alternative configuration the string represents,
"ALTCFG=<StringToken>". That <StringToken> (when
converted from Hex UNICODE to binary) is a reference to a
string in the associated string pack.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Request A null-terminated Unicode string in
<ConfigRequest> format. Note that this
includes the routing information as well as
the configurable name / value pairs. It is
invalid for this string to be in
<MultiConfigRequest> format.
If a NULL is passed in for the Request field,
all of the settings being abstracted by this function
will be returned in the Results field. In addition,
if a ConfigHdr is passed in with no request elements,
all of the settings being abstracted for that particular
ConfigHdr reference will be returned in the Results Field.
@param Progress On return, points to a character in the
Request string. Points to the string's null
terminator if request was successful. Points
to the most recent "&" before the first
failing name / value pair (or the beginning
of the string if the failure is in the first
name / value pair) if the request was not
successful.
@param Results A null-terminated Unicode string in
<MultiConfigAltResp> format which has all values
filled in for the names in the Request string.
String to be allocated by the called function.
@retval EFI_SUCCESS The Results string is filled with the
values corresponding to all requested
names.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the
parts of the results that must be
stored awaiting possible future
protocols.
@retval EFI_NOT_FOUND Routing data doesn't match any
known driver. Progress set to the
first character in the routing header.
Note: There is no requirement that the
driver validate the routing data. It
must skip the <ConfigHdr> in order to
process the names.
@retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
to most recent "&" before the
error or the beginning of the
string.
@retval EFI_INVALID_PARAMETER Unknown name. Progress points
to the & before the name in
question.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
);
/**
This function applies changes in a driver's configuration.
Input is a Configuration, which has the routing data for this
driver followed by name / value configuration pairs. The driver
must apply those pairs to its configurable storage. If the
driver's configuration is stored in a linear block of data
and the driver's name / value pairs are in <BlockConfig>
format, it may use the ConfigToBlock helper function (above) to
simplify the job.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Configuration A null-terminated Unicode string in
<ConfigString> format.
@param Progress A pointer to a string filled in with the
offset of the most recent '&' before the
first failing name / value pair (or the
beginn ing of the string if the failure
is in the first name / value pair) or
the terminating NULL if all was
successful.
@retval EFI_SUCCESS The results have been distributed or are
awaiting distribution.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the
parts of the results that must be
stored awaiting possible future
protocols.
@retval EFI_INVALID_PARAMETERS Passing in a NULL for the
Results parameter would result
in this type of error.
@retval EFI_NOT_FOUND Target for the specified routing data
was not found
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
);
/**
This function is called to provide results data to the driver.
This data consists of a unique key that is used to identify
which data is either being passed back or being asked for.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Action Specifies the type of action taken by the browser.
@param QuestionId A unique value which is sent to the original
exporting driver so that it can identify the type
of data to expect. The format of the data tends to
vary based on the opcode that generated the callback.
@param Type The type of value for the question.
@param Value A pointer to the data being sent to the original
exporting driver.
@param ActionRequest On return, points to the action requested by the
callback function.
@retval EFI_SUCCESS The callback successfully handled the action.
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
variable and its data.
@retval EFI_DEVICE_ERROR The variable could not be saved.
@retval EFI_UNSUPPORTED The specified Action is not supported by the
callback.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN OUT EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
#endif

99
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
View File

@ -1,49 +1,50 @@
/** @file
Header file for NV data structure definition.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
#define __TLS_AUTH_CONFIG_NV_DATA_H__
#include <Guid/TlsAuthConfigHii.h>
#define TLS_AUTH_CONFIG_GUID_SIZE 36
#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
#define TLS_AUTH_CONFIG_FORMID1_FORM 1
#define TLS_AUTH_CONFIG_FORMID2_FORM 2
#define TLS_AUTH_CONFIG_FORMID3_FORM 3
#define TLS_AUTH_CONFIG_FORMID4_FORM 4
#define TLS_AUTH_CONFIG_FORMID5_FORM 5
#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
#define OPTION_DEL_CA_ESTION_ID 0x2000
#define OPTION_CONFIG_RANGE 0x1000
#define LABEL_CA_DELETE 0x1101
#define LABEL_END 0xffff
typedef struct {
CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
} TLS_AUTH_CONFIG_IFR_NVDATA;
#endif
/** @file
Header file for NV data structure definition.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
#define __TLS_AUTH_CONFIG_NV_DATA_H__
#include <Guid/TlsAuthConfigHii.h>
#define TLS_AUTH_CONFIG_GUID_SIZE 36
#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
#define TLS_AUTH_CONFIG_FORMID1_FORM 1
#define TLS_AUTH_CONFIG_FORMID2_FORM 2
#define TLS_AUTH_CONFIG_FORMID3_FORM 3
#define TLS_AUTH_CONFIG_FORMID4_FORM 4
#define TLS_AUTH_CONFIG_FORMID5_FORM 5
#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
#define OPTION_DEL_CA_ESTION_ID 0x2000
#define OPTION_CONFIG_RANGE 0x1000
#define LABEL_CA_DELETE 0x1101
#define LABEL_END 0xffff
typedef struct {
CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
} TLS_AUTH_CONFIG_IFR_NVDATA;
#endif

305
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
View File

@ -1,152 +1,153 @@
/** @file
VFR file used by TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsAuthConfigNvData.h"
formset
guid = TLS_AUTH_CONFIG_GUID,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
varstore TLS_AUTH_CONFIG_IFR_NVDATA,
name = TLS_AUTH_CONFIG_IFR_NVDATA,
guid = TLS_AUTH_CONFIG_GUID;
//
// ##1 Form1: Main form for Tls Auth configration
//
form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display Server CA configration
//
goto TLS_AUTH_CONFIG_FORMID2_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display Client cert configration
//
grayoutif TRUE; /// Current unsupported.
goto TLS_AUTH_CONFIG_FORMID3_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
endif;
endform;
//
// ##2 Form2: CA configuration
//
form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID4_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID5_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
endform;
//
// ##3 Form3 : Client cert configuration
//
form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
subtitle text = STRING_TOKEN(STR_NULL);
//
// TODO...
//
endform;
//
// ##4 Form4: Enroll cert for CA
//
form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID4_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
subtitle text = STRING_TOKEN(STR_NULL);
label TLS_AUTH_CONFIG_FORMID4_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
minsize = TLS_AUTH_CONFIG_GUID_SIZE,
maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID1_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
goto TLS_AUTH_CONFIG_FORMID1_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
endform;
//
// ##5 Form5: Delete cert for CA
//
form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
label LABEL_CA_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
endformset;
/** @file
VFR file used by TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsAuthConfigNvData.h"
formset
guid = TLS_AUTH_CONFIG_GUID,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
varstore TLS_AUTH_CONFIG_IFR_NVDATA,
name = TLS_AUTH_CONFIG_IFR_NVDATA,
guid = TLS_AUTH_CONFIG_GUID;
//
// ##1 Form1: Main form for Tls Auth configration
//
form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display Server CA configration
//
goto TLS_AUTH_CONFIG_FORMID2_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display Client cert configration
//
grayoutif TRUE; /// Current unsupported.
goto TLS_AUTH_CONFIG_FORMID3_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
endif;
endform;
//
// ##2 Form2: CA configuration
//
form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID4_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID5_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
endform;
//
// ##3 Form3 : Client cert configuration
//
form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
subtitle text = STRING_TOKEN(STR_NULL);
//
// TODO...
//
endform;
//
// ##4 Form4: Enroll cert for CA
//
form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID4_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
subtitle text = STRING_TOKEN(STR_NULL);
label TLS_AUTH_CONFIG_FORMID4_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
minsize = TLS_AUTH_CONFIG_GUID_SIZE,
maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID1_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
goto TLS_AUTH_CONFIG_FORMID1_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
endform;
//
// ##5 Form5: Delete cert for CA
//
form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
label LABEL_CA_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
endformset;

305
NetworkPkg/TlsDxe/TlsConfigProtocol.c
View File

@ -1,152 +1,153 @@
/** @file
Implementation of EFI TLS Configuration Protocol Interfaces.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsImpl.h"
EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
TlsConfigurationSetData,
TlsConfigurationGetData
};
/**
Set TLS configuration data.
The SetData() function sets TLS configuration to non-volatile storage or volatile
storage.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in] Data Pointer to configuration data.
@param[in] DataSize Total size of configuration data.
@retval EFI_SUCCESS The TLS configuration data is set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
Data is NULL.
DataSize is 0.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
**/
EFI_STATUS
EFIAPI
TlsConfigurationSetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN VOID *Data,
IN UINTN DataSize
)
{
EFI_STATUS Status;
TLS_INSTANCE *Instance;
EFI_TPL OldTpl;
Status = EFI_SUCCESS;
if (This == NULL || Data == NULL || DataSize == 0) {
return EFI_INVALID_PARAMETER;
}
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
switch (DataType) {
case EfiTlsConfigDataTypeCACertificate:
Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPublicCert:
Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPrivateKey:
Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeCertRevocationList:
Status = TlsSetCertRevocationList (Data, DataSize);
break;
default:
Status = EFI_UNSUPPORTED;
}
gBS->RestoreTPL (OldTpl);
return Status;
}
/**
Get TLS configuration data.
The GetData() function gets TLS configuration.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in, out] Data Pointer to configuration data.
@param[in, out] DataSize Total size of configuration data. On input, it means
the size of Data buffer. On output, it means the size
of copied Data buffer if EFI_SUCCESS, and means the
size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
@retval EFI_SUCCESS The TLS configuration data is got successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
DataSize is NULL.
Data is NULL if *DataSize is not zero.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_NOT_FOUND The TLS configuration data is not found.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
**/
EFI_STATUS
EFIAPI
TlsConfigurationGetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN OUT VOID *Data, OPTIONAL
IN OUT UINTN *DataSize
)
{
EFI_STATUS Status;
TLS_INSTANCE *Instance;
EFI_TPL OldTpl;
Status = EFI_SUCCESS;
if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
return EFI_INVALID_PARAMETER;
}
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
switch (DataType) {
case EfiTlsConfigDataTypeCACertificate:
Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPublicCert:
Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPrivateKey:
Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeCertRevocationList:
Status = TlsGetCertRevocationList (Data, DataSize);
break;
default:
Status = EFI_UNSUPPORTED;
}
gBS->RestoreTPL (OldTpl);
return Status;
}
/** @file
Implementation of EFI TLS Configuration Protocol Interfaces.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsImpl.h"
EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
TlsConfigurationSetData,
TlsConfigurationGetData
};
/**
Set TLS configuration data.
The SetData() function sets TLS configuration to non-volatile storage or volatile
storage.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in] Data Pointer to configuration data.
@param[in] DataSize Total size of configuration data.
@retval EFI_SUCCESS The TLS configuration data is set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
Data is NULL.
DataSize is 0.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
**/
EFI_STATUS
EFIAPI
TlsConfigurationSetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN VOID *Data,
IN UINTN DataSize
)
{
EFI_STATUS Status;
TLS_INSTANCE *Instance;
EFI_TPL OldTpl;
Status = EFI_SUCCESS;
if (This == NULL || Data == NULL || DataSize == 0) {
return EFI_INVALID_PARAMETER;
}
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
switch (DataType) {
case EfiTlsConfigDataTypeCACertificate:
Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPublicCert:
Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPrivateKey:
Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeCertRevocationList:
Status = TlsSetCertRevocationList (Data, DataSize);
break;
default:
Status = EFI_UNSUPPORTED;
}
gBS->RestoreTPL (OldTpl);
return Status;
}
/**
Get TLS configuration data.
The GetData() function gets TLS configuration.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in, out] Data Pointer to configuration data.
@param[in, out] DataSize Total size of configuration data. On input, it means
the size of Data buffer. On output, it means the size
of copied Data buffer if EFI_SUCCESS, and means the
size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
@retval EFI_SUCCESS The TLS configuration data is got successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
DataSize is NULL.
Data is NULL if *DataSize is not zero.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_NOT_FOUND The TLS configuration data is not found.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
**/
EFI_STATUS
EFIAPI
TlsConfigurationGetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN OUT VOID *Data, OPTIONAL
IN OUT UINTN *DataSize
)
{
EFI_STATUS Status;
TLS_INSTANCE *Instance;
EFI_TPL OldTpl;
Status = EFI_SUCCESS;
if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
return EFI_INVALID_PARAMETER;
}
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
switch (DataType) {
case EfiTlsConfigDataTypeCACertificate:
Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPublicCert:
Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeHostPrivateKey:
Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
break;
case EfiTlsConfigDataTypeCertRevocationList:
Status = TlsGetCertRevocationList (Data, DataSize);
break;
default:
Status = EFI_UNSUPPORTED;
}
gBS->RestoreTPL (OldTpl);
return Status;
}

993
NetworkPkg/TlsDxe/TlsDriver.c
View File

@ -1,496 +1,497 @@
/** @file
The Driver Binding and Service Binding Protocol for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsImpl.h"
EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
TlsServiceBindingCreateChild,
TlsServiceBindingDestroyChild
};
/**
Release all the resources used by the TLS instance.
@param[in] Instance The TLS instance data.
**/
VOID
TlsCleanInstance (
IN TLS_INSTANCE *Instance
)
{
if (Instance != NULL) {
if (Instance->TlsConn != NULL) {
TlsFree (Instance->TlsConn);
}
FreePool (Instance);
}
}
/**
Create the TLS instance and initialize it.
@param[in] Service The pointer to the TLS service.
@param[out] Instance The pointer to the TLS instance.
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
@retval EFI_SUCCESS The TLS instance is created.
**/
EFI_STATUS
TlsCreateInstance (
IN TLS_SERVICE *Service,
OUT TLS_INSTANCE **Instance
)
{
TLS_INSTANCE *TlsInstance;
*Instance = NULL;
TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
if (TlsInstance == NULL) {
return EFI_OUT_OF_RESOURCES;
}
TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
InitializeListHead (&TlsInstance->Link);
TlsInstance->InDestroy = FALSE;
TlsInstance->Service = Service;
CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof (TlsInstance->TlsConfig));
TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
*Instance = TlsInstance;
return EFI_SUCCESS;
}
/**
Release all the resources used by the TLS service binding instance.
@param[in] Service The TLS service data.
**/
VOID
TlsCleanService (
IN TLS_SERVICE *Service
)
{
if (Service != NULL) {
if (Service->TlsCtx != NULL) {
TlsCtxFree (Service->TlsCtx);
}
FreePool (Service);
}
}
/**
Create then initialize a TLS service.
@param[in] Image ImageHandle of the TLS driver
@param[out] Service The service for TLS driver
@retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
@retval EFI_SUCCESS The service is created for the driver.
**/
EFI_STATUS
TlsCreateService (
IN EFI_HANDLE Image,
OUT TLS_SERVICE **Service
)
{
TLS_SERVICE *TlsService;
ASSERT (Service != NULL);
*Service = NULL;
//
// Allocate a TLS Service Data
//
TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
if (TlsService == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Initialize TLS Service Data
//
TlsService->Signature = TLS_SERVICE_SIGNATURE;
CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof (TlsService->ServiceBinding));
TlsService->TlsChildrenNum = 0;
InitializeListHead (&TlsService->TlsChildrenList);
TlsService->ImageHandle = Image;
*Service = TlsService;
return EFI_SUCCESS;
}
/**
Unloads an image.
@param[in] ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
UINTN HandleNum;
EFI_HANDLE *HandleBuffer;
UINT32 Index;
EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
TLS_SERVICE *TlsService;
HandleBuffer = NULL;
ServiceBinding = NULL;
TlsService = NULL;
//
// Locate all the handles with Tls service binding protocol.
//
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiTlsServiceBindingProtocolGuid,
NULL,
&HandleNum,
&HandleBuffer
);
if (EFI_ERROR (Status)) {
return Status;
}
for (Index = 0; Index < HandleNum; Index++) {
//
// Firstly, find ServiceBinding interface
//
Status = gBS->OpenProtocol (
HandleBuffer[Index],
&gEfiTlsServiceBindingProtocolGuid,
(VOID **) &ServiceBinding,
ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
//
// Then, uninstall ServiceBinding interface
//
Status = gBS->UninstallMultipleProtocolInterfaces (
HandleBuffer[Index],
&gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
TlsCleanService (TlsService);
}
if (HandleBuffer != NULL) {
FreePool (HandleBuffer);
}
return EFI_SUCCESS;
}
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
TLS_SERVICE *TlsService;
//
// Create TLS Service
//
Status = TlsCreateService (ImageHandle, &TlsService);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (TlsService != NULL);
//
// Initializes the OpenSSL library.
//
TlsInitialize ();
//
// Create a new SSL_CTX object as framework to establish TLS/SSL enabled
// connections. TLS 1.0 is used as the default version.
//
TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, TLS10_PROTOCOL_VERSION_MINOR);
if (TlsService->TlsCtx == NULL) {
FreePool (TlsService);
return EFI_ABORTED;
}
//
// Install the TlsServiceBinding Protocol onto Handle
//
Status = gBS->InstallMultipleProtocolInterfaces (
&TlsService->Handle,
&gEfiTlsServiceBindingProtocolGuid,
&TlsService->ServiceBinding,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_CLEAN_SERVICE;
}
return Status;
ON_CLEAN_SERVICE:
TlsCleanService (TlsService);
return Status;
}
/**
Creates a child handle and installs a protocol.
The CreateChild() function installs a protocol on ChildHandle.
If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
@param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
then a new handle is created. If it is a pointer to an existing UEFI handle,
then the protocol is added to the existing UEFI handle.
@retval EFI_SUCCES The protocol was added to ChildHandle.
@retval EFI_INVALID_PARAMETER ChildHandle is NULL.
@retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
the child.
@retval other The child handle was not created.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingCreateChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE *ChildHandle
)
{
TLS_SERVICE *TlsService;
TLS_INSTANCE *TlsInstance;
EFI_STATUS Status;
EFI_TPL OldTpl;
if ((This == NULL) || (ChildHandle == NULL)) {
return EFI_INVALID_PARAMETER;
}
TlsService = TLS_SERVICE_FROM_THIS (This);
Status = TlsCreateInstance (TlsService, &TlsInstance);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (TlsInstance != NULL);
//
// Create a new TLS connection object.
//
TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
if (TlsInstance->TlsConn == NULL) {
Status = EFI_ABORTED;
goto ON_ERROR;
}
//
// Set default ConnectionEnd to EfiTlsClient
//
Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Install TLS protocol and configuration protocol onto ChildHandle
//
Status = gBS->InstallMultipleProtocolInterfaces (
ChildHandle,
&gEfiTlsProtocolGuid,
&TlsInstance->Tls,
&gEfiTlsConfigurationProtocolGuid,
&TlsInstance->TlsConfig,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
TlsInstance->ChildHandle = *ChildHandle;
//
// Add it to the TLS service's child list.
//
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
TlsService->TlsChildrenNum++;
gBS->RestoreTPL (OldTpl);
return EFI_SUCCESS;
ON_ERROR:
TlsCleanInstance (TlsInstance);
return Status;
}
/**
Destroys a child handle with a protocol installed on it.
The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
that was installed by CreateChild() from ChildHandle. If the removed protocol is the
last protocol on ChildHandle, then ChildHandle is destroyed.
@param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param ChildHandle Handle of the child to destroy.
@retval EFI_SUCCES The protocol was removed from ChildHandle.
@retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
@retval EFI_INVALID_PARAMETER Child handle is NULL.
@retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
because its services are being used.
@retval other The child handle was not destroyed.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingDestroyChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE ChildHandle
)
{
TLS_SERVICE *TlsService;
TLS_INSTANCE *TlsInstance;
EFI_TLS_PROTOCOL *Tls;
EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
EFI_STATUS Status;
EFI_TPL OldTpl;
if ((This == NULL) || (ChildHandle == NULL)) {
return EFI_INVALID_PARAMETER;
}
TlsService = TLS_SERVICE_FROM_THIS (This);
//
// Find TLS protocol interface installed in ChildHandle
//
Status = gBS->OpenProtocol (
ChildHandle,
&gEfiTlsProtocolGuid,
(VOID **) &Tls,
TlsService->ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Find TLS configuration protocol interface installed in ChildHandle
//
Status = gBS->OpenProtocol (
ChildHandle,
&gEfiTlsConfigurationProtocolGuid,
(VOID **) &TlsConfig,
TlsService->ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
if (TlsInstance->Service != TlsService) {
return EFI_INVALID_PARAMETER;
}
if (TlsInstance->InDestroy) {
return EFI_SUCCESS;
}
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
TlsInstance->InDestroy = TRUE;
//
// Uninstall the TLS protocol and TLS Configuration Protocol interface installed in ChildHandle.
//
Status = gBS->UninstallMultipleProtocolInterfaces (
ChildHandle,
&gEfiTlsProtocolGuid,
Tls,
&gEfiTlsConfigurationProtocolGuid,
TlsConfig,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
RemoveEntryList (&TlsInstance->Link);
TlsService->TlsChildrenNum--;
gBS->RestoreTPL (OldTpl);
TlsCleanInstance (TlsInstance);
return EFI_SUCCESS;
}
/** @file
The Driver Binding and Service Binding Protocol for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsImpl.h"
EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
TlsServiceBindingCreateChild,
TlsServiceBindingDestroyChild
};
/**
Release all the resources used by the TLS instance.
@param[in] Instance The TLS instance data.
**/
VOID
TlsCleanInstance (
IN TLS_INSTANCE *Instance
)
{
if (Instance != NULL) {
if (Instance->TlsConn != NULL) {
TlsFree (Instance->TlsConn);
}
FreePool (Instance);
}
}
/**
Create the TLS instance and initialize it.
@param[in] Service The pointer to the TLS service.
@param[out] Instance The pointer to the TLS instance.
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
@retval EFI_SUCCESS The TLS instance is created.
**/
EFI_STATUS
TlsCreateInstance (
IN TLS_SERVICE *Service,
OUT TLS_INSTANCE **Instance
)
{
TLS_INSTANCE *TlsInstance;
*Instance = NULL;
TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
if (TlsInstance == NULL) {
return EFI_OUT_OF_RESOURCES;
}
TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
InitializeListHead (&TlsInstance->Link);
TlsInstance->InDestroy = FALSE;
TlsInstance->Service = Service;
CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof (TlsInstance->TlsConfig));
TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
*Instance = TlsInstance;
return EFI_SUCCESS;
}
/**
Release all the resources used by the TLS service binding instance.
@param[in] Service The TLS service data.
**/
VOID
TlsCleanService (
IN TLS_SERVICE *Service
)
{
if (Service != NULL) {
if (Service->TlsCtx != NULL) {
TlsCtxFree (Service->TlsCtx);
}
FreePool (Service);
}
}
/**
Create then initialize a TLS service.
@param[in] Image ImageHandle of the TLS driver
@param[out] Service The service for TLS driver
@retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
@retval EFI_SUCCESS The service is created for the driver.
**/
EFI_STATUS
TlsCreateService (
IN EFI_HANDLE Image,
OUT TLS_SERVICE **Service
)
{
TLS_SERVICE *TlsService;
ASSERT (Service != NULL);
*Service = NULL;
//
// Allocate a TLS Service Data
//
TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
if (TlsService == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Initialize TLS Service Data
//
TlsService->Signature = TLS_SERVICE_SIGNATURE;
CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof (TlsService->ServiceBinding));
TlsService->TlsChildrenNum = 0;
InitializeListHead (&TlsService->TlsChildrenList);
TlsService->ImageHandle = Image;
*Service = TlsService;
return EFI_SUCCESS;
}
/**
Unloads an image.
@param[in] ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
UINTN HandleNum;
EFI_HANDLE *HandleBuffer;
UINT32 Index;
EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
TLS_SERVICE *TlsService;
HandleBuffer = NULL;
ServiceBinding = NULL;
TlsService = NULL;
//
// Locate all the handles with Tls service binding protocol.
//
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiTlsServiceBindingProtocolGuid,
NULL,
&HandleNum,
&HandleBuffer
);
if (EFI_ERROR (Status)) {
return Status;
}
for (Index = 0; Index < HandleNum; Index++) {
//
// Firstly, find ServiceBinding interface
//
Status = gBS->OpenProtocol (
HandleBuffer[Index],
&gEfiTlsServiceBindingProtocolGuid,
(VOID **) &ServiceBinding,
ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
//
// Then, uninstall ServiceBinding interface
//
Status = gBS->UninstallMultipleProtocolInterfaces (
HandleBuffer[Index],
&gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
TlsCleanService (TlsService);
}
if (HandleBuffer != NULL) {
FreePool (HandleBuffer);
}
return EFI_SUCCESS;
}
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
TLS_SERVICE *TlsService;
//
// Create TLS Service
//
Status = TlsCreateService (ImageHandle, &TlsService);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (TlsService != NULL);
//
// Initializes the OpenSSL library.
//
TlsInitialize ();
//
// Create a new SSL_CTX object as framework to establish TLS/SSL enabled
// connections. TLS 1.0 is used as the default version.
//
TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, TLS10_PROTOCOL_VERSION_MINOR);
if (TlsService->TlsCtx == NULL) {
FreePool (TlsService);
return EFI_ABORTED;
}
//
// Install the TlsServiceBinding Protocol onto Handle
//
Status = gBS->InstallMultipleProtocolInterfaces (
&TlsService->Handle,
&gEfiTlsServiceBindingProtocolGuid,
&TlsService->ServiceBinding,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_CLEAN_SERVICE;
}
return Status;
ON_CLEAN_SERVICE:
TlsCleanService (TlsService);
return Status;
}
/**
Creates a child handle and installs a protocol.
The CreateChild() function installs a protocol on ChildHandle.
If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
@param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
then a new handle is created. If it is a pointer to an existing UEFI handle,
then the protocol is added to the existing UEFI handle.
@retval EFI_SUCCES The protocol was added to ChildHandle.
@retval EFI_INVALID_PARAMETER ChildHandle is NULL.
@retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
the child.
@retval other The child handle was not created.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingCreateChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE *ChildHandle
)
{
TLS_SERVICE *TlsService;
TLS_INSTANCE *TlsInstance;
EFI_STATUS Status;
EFI_TPL OldTpl;
if ((This == NULL) || (ChildHandle == NULL)) {
return EFI_INVALID_PARAMETER;
}
TlsService = TLS_SERVICE_FROM_THIS (This);
Status = TlsCreateInstance (TlsService, &TlsInstance);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (TlsInstance != NULL);
//
// Create a new TLS connection object.
//
TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
if (TlsInstance->TlsConn == NULL) {
Status = EFI_ABORTED;
goto ON_ERROR;
}
//
// Set default ConnectionEnd to EfiTlsClient
//
Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Install TLS protocol and configuration protocol onto ChildHandle
//
Status = gBS->InstallMultipleProtocolInterfaces (
ChildHandle,
&gEfiTlsProtocolGuid,
&TlsInstance->Tls,
&gEfiTlsConfigurationProtocolGuid,
&TlsInstance->TlsConfig,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
TlsInstance->ChildHandle = *ChildHandle;
//
// Add it to the TLS service's child list.
//
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
TlsService->TlsChildrenNum++;
gBS->RestoreTPL (OldTpl);
return EFI_SUCCESS;
ON_ERROR:
TlsCleanInstance (TlsInstance);
return Status;
}
/**
Destroys a child handle with a protocol installed on it.
The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
that was installed by CreateChild() from ChildHandle. If the removed protocol is the
last protocol on ChildHandle, then ChildHandle is destroyed.
@param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param ChildHandle Handle of the child to destroy.
@retval EFI_SUCCES The protocol was removed from ChildHandle.
@retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
@retval EFI_INVALID_PARAMETER Child handle is NULL.
@retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
because its services are being used.
@retval other The child handle was not destroyed.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingDestroyChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE ChildHandle
)
{
TLS_SERVICE *TlsService;
TLS_INSTANCE *TlsInstance;
EFI_TLS_PROTOCOL *Tls;
EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
EFI_STATUS Status;
EFI_TPL OldTpl;
if ((This == NULL) || (ChildHandle == NULL)) {
return EFI_INVALID_PARAMETER;
}
TlsService = TLS_SERVICE_FROM_THIS (This);
//
// Find TLS protocol interface installed in ChildHandle
//
Status = gBS->OpenProtocol (
ChildHandle,
&gEfiTlsProtocolGuid,
(VOID **) &Tls,
TlsService->ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Find TLS configuration protocol interface installed in ChildHandle
//
Status = gBS->OpenProtocol (
ChildHandle,
&gEfiTlsConfigurationProtocolGuid,
(VOID **) &TlsConfig,
TlsService->ImageHandle,
NULL,
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
);
if (EFI_ERROR (Status)) {
return Status;
}
TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
if (TlsInstance->Service != TlsService) {
return EFI_INVALID_PARAMETER;
}
if (TlsInstance->InDestroy) {
return EFI_SUCCESS;
}
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
TlsInstance->InDestroy = TRUE;
//
// Uninstall the TLS protocol and TLS Configuration Protocol interface installed in ChildHandle.
//
Status = gBS->UninstallMultipleProtocolInterfaces (
ChildHandle,
&gEfiTlsProtocolGuid,
Tls,
&gEfiTlsConfigurationProtocolGuid,
TlsConfig,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
RemoveEntryList (&TlsInstance->Link);
TlsService->TlsChildrenNum--;
gBS->RestoreTPL (OldTpl);
TlsCleanInstance (TlsInstance);
return EFI_SUCCESS;
}

475
NetworkPkg/TlsDxe/TlsDriver.h
View File

@ -1,237 +1,238 @@
/** @file
Header file of the Driver Binding and Service Binding Protocol for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_TLS_DRIVER_H__
#define __EFI_TLS_DRIVER_H__
#include <Uefi.h>
//
// Driver Protocols
//
#include <Protocol/ServiceBinding.h>
//
// Driver Version
//
#define TLS_VERSION 0x00000000
#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
///
/// TLS Service Data
///
typedef struct _TLS_SERVICE TLS_SERVICE;
///
/// TLS Instance Data
///
typedef struct _TLS_INSTANCE TLS_INSTANCE;
struct _TLS_SERVICE {
UINT32 Signature;
EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
UINT16 TlsChildrenNum;
LIST_ENTRY TlsChildrenList;
//
// Handle to install TlsServiceBinding protocol.
//
EFI_HANDLE Handle;
EFI_HANDLE ImageHandle;
//
// Main SSL Context object which is created by a server or client once per program
// life-time and which holds mainly default values for the SSL object which are later
// created for the connections.
//
VOID *TlsCtx;
};
struct _TLS_INSTANCE {
UINT32 Signature;
LIST_ENTRY Link;
BOOLEAN InDestroy;
TLS_SERVICE *Service;
EFI_HANDLE ChildHandle;
EFI_TLS_PROTOCOL Tls;
EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
EFI_TLS_SESSION_STATE TlsSessionState;
//
// Main SSL Connection which is created by a server or a client
// per established connection.
//
VOID *TlsConn;
};
#define TLS_SERVICE_FROM_THIS(a) \
CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
#define TLS_INSTANCE_FROM_PROTOCOL(a) \
CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
/**
Release all the resources used by the TLS instance.
@param[in] Instance The TLS instance data.
**/
VOID
TlsCleanInstance (
IN TLS_INSTANCE *Instance
);
/**
Create the TLS instance and initialize it.
@param[in] Service The pointer to the TLS service.
@param[out] Instance The pointer to the TLS instance.
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
@retval EFI_SUCCESS The TLS instance is created.
**/
EFI_STATUS
TlsCreateInstance (
IN TLS_SERVICE *Service,
OUT TLS_INSTANCE **Instance
);
/**
Release all the resources used by the TLS service binding instance.
@param[in] Service The TLS service data.
**/
VOID
TlsCleanService (
IN TLS_SERVICE *Service
);
/**
Create then initialize a TLS service.
@param[in] Image ImageHandle of the TLS driver
@param[out] Service The service for TLS driver
@retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
@retval EFI_SUCCESS The service is created for the driver.
**/
EFI_STATUS
TlsCreateService (
IN EFI_HANDLE Image,
OUT TLS_SERVICE **Service
);
/**
Unloads an image.
@param[in] ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsUnload (
IN EFI_HANDLE ImageHandle
);
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
);
/**
Creates a child handle and installs a protocol.
The CreateChild() function installs a protocol on ChildHandle.
If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
@param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
then a new handle is created. If it is a pointer to an existing UEFI handle,
then the protocol is added to the existing UEFI handle.
@retval EFI_SUCCES The protocol was added to ChildHandle.
@retval EFI_INVALID_PARAMETER ChildHandle is NULL.
@retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
the child.
@retval other The child handle was not created.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingCreateChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE *ChildHandle
);
/**
Destroys a child handle with a protocol installed on it.
The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
that was installed by CreateChild() from ChildHandle. If the removed protocol is the
last protocol on ChildHandle, then ChildHandle is destroyed.
@param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param ChildHandle Handle of the child to destroy.
@retval EFI_SUCCES The protocol was removed from ChildHandle.
@retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
@retval EFI_INVALID_PARAMETER Child handle is NULL.
@retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
because its services are being used.
@retval other The child handle was not destroyed.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingDestroyChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE ChildHandle
);
#endif
/** @file
Header file of the Driver Binding and Service Binding Protocol for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_TLS_DRIVER_H__
#define __EFI_TLS_DRIVER_H__
#include <Uefi.h>
//
// Driver Protocols
//
#include <Protocol/ServiceBinding.h>
//
// Driver Version
//
#define TLS_VERSION 0x00000000
#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
///
/// TLS Service Data
///
typedef struct _TLS_SERVICE TLS_SERVICE;
///
/// TLS Instance Data
///
typedef struct _TLS_INSTANCE TLS_INSTANCE;
struct _TLS_SERVICE {
UINT32 Signature;
EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
UINT16 TlsChildrenNum;
LIST_ENTRY TlsChildrenList;
//
// Handle to install TlsServiceBinding protocol.
//
EFI_HANDLE Handle;
EFI_HANDLE ImageHandle;
//
// Main SSL Context object which is created by a server or client once per program
// life-time and which holds mainly default values for the SSL object which are later
// created for the connections.
//
VOID *TlsCtx;
};
struct _TLS_INSTANCE {
UINT32 Signature;
LIST_ENTRY Link;
BOOLEAN InDestroy;
TLS_SERVICE *Service;
EFI_HANDLE ChildHandle;
EFI_TLS_PROTOCOL Tls;
EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
EFI_TLS_SESSION_STATE TlsSessionState;
//
// Main SSL Connection which is created by a server or a client
// per established connection.
//
VOID *TlsConn;
};
#define TLS_SERVICE_FROM_THIS(a) \
CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
#define TLS_INSTANCE_FROM_PROTOCOL(a) \
CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
/**
Release all the resources used by the TLS instance.
@param[in] Instance The TLS instance data.
**/
VOID
TlsCleanInstance (
IN TLS_INSTANCE *Instance
);
/**
Create the TLS instance and initialize it.
@param[in] Service The pointer to the TLS service.
@param[out] Instance The pointer to the TLS instance.
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
@retval EFI_SUCCESS The TLS instance is created.
**/
EFI_STATUS
TlsCreateInstance (
IN TLS_SERVICE *Service,
OUT TLS_INSTANCE **Instance
);
/**
Release all the resources used by the TLS service binding instance.
@param[in] Service The TLS service data.
**/
VOID
TlsCleanService (
IN TLS_SERVICE *Service
);
/**
Create then initialize a TLS service.
@param[in] Image ImageHandle of the TLS driver
@param[out] Service The service for TLS driver
@retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
@retval EFI_SUCCESS The service is created for the driver.
**/
EFI_STATUS
TlsCreateService (
IN EFI_HANDLE Image,
OUT TLS_SERVICE **Service
);
/**
Unloads an image.
@param[in] ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsUnload (
IN EFI_HANDLE ImageHandle
);
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
);
/**
Creates a child handle and installs a protocol.
The CreateChild() function installs a protocol on ChildHandle.
If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
@param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
then a new handle is created. If it is a pointer to an existing UEFI handle,
then the protocol is added to the existing UEFI handle.
@retval EFI_SUCCES The protocol was added to ChildHandle.
@retval EFI_INVALID_PARAMETER ChildHandle is NULL.
@retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
the child.
@retval other The child handle was not created.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingCreateChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE *ChildHandle
);
/**
Destroys a child handle with a protocol installed on it.
The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
that was installed by CreateChild() from ChildHandle. If the removed protocol is the
last protocol on ChildHandle, then ChildHandle is destroyed.
@param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
@param ChildHandle Handle of the child to destroy.
@retval EFI_SUCCES The protocol was removed from ChildHandle.
@retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
@retval EFI_INVALID_PARAMETER Child handle is NULL.
@retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
because its services are being used.
@retval other The child handle was not destroyed.
**/
EFI_STATUS
EFIAPI
TlsServiceBindingDestroyChild (
IN EFI_SERVICE_BINDING_PROTOCOL *This,
IN EFI_HANDLE ChildHandle
);
#endif

131
NetworkPkg/TlsDxe/TlsDxe.inf
View File

@ -1,65 +1,66 @@
## @file
# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
# EFI TLS Configuration Protocol.
#
# This module produces EFI TLS (Transport Layer Security) Protocol and EFI TLS
# Service Binding Protocol, to provide TLS services.
#
# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php.
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TlsDxe
FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TlsDriverEntryPoint
UNLOAD_IMAGE = TlsUnload
MODULE_UNI_FILE = TlsDxe.uni
#
# VALID_ARCHITECTURES = IA32 X64
#
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
[Sources]
TlsDriver.h
TlsDriver.c
TlsProtocol.c
TlsConfigProtocol.c
TlsImpl.h
TlsImpl.c
[LibraryClasses]
UefiDriverEntryPoint
UefiBootServicesTableLib
MemoryAllocationLib
BaseMemoryLib
BaseLib
UefiLib
DebugLib
NetLib
BaseCryptLib
TlsLib
[Protocols]
gEfiTlsServiceBindingProtocolGuid ## PRODUCES
gEfiTlsProtocolGuid ## PRODUCES
gEfiTlsConfigurationProtocolGuid ## PRODUCES
[UserExtensions.TianoCore."ExtraFiles"]
TlsDxeExtra.uni
## @file
# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
# EFI TLS Configuration Protocol.
#
# This module produces EFI TLS (Transport Layer Security) Protocol and EFI TLS
# Service Binding Protocol, to provide TLS services.
#
# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php.
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TlsDxe
FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TlsDriverEntryPoint
UNLOAD_IMAGE = TlsUnload
MODULE_UNI_FILE = TlsDxe.uni
#
# VALID_ARCHITECTURES = IA32 X64
#
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
[Sources]
TlsDriver.h
TlsDriver.c
TlsProtocol.c
TlsConfigProtocol.c
TlsImpl.h
TlsImpl.c
[LibraryClasses]
UefiDriverEntryPoint
UefiBootServicesTableLib
MemoryAllocationLib
BaseMemoryLib
BaseLib
UefiLib
DebugLib
NetLib
BaseCryptLib
TlsLib
[Protocols]
gEfiTlsServiceBindingProtocolGuid ## PRODUCES
gEfiTlsProtocolGuid ## PRODUCES
gEfiTlsConfigurationProtocolGuid ## PRODUCES
[UserExtensions.TianoCore."ExtraFiles"]
TlsDxeExtra.uni

50
NetworkPkg/TlsDxe/TlsDxe.uni
View File

@ -1,25 +1,25 @@
// /** @file
// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
// EFI TLS Configuration Protocol.
//
// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS
// services.
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
//
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
#string STR_MODULE_DESCRIPTION #language en-US "This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol to provide EFI TLS services."
// /** @file
// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
// EFI TLS Configuration Protocol.
//
// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS
// services.
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
//
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
#string STR_MODULE_DESCRIPTION #language en-US "This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol to provide EFI TLS services."

37
NetworkPkg/TlsDxe/TlsDxeExtra.uni
View File

@ -1,18 +1,19 @@
// /** @file
// TlsDxe Localized Strings and Content
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php.
//
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"EFI TLS DXE Driver"
// /** @file
// TlsDxe Localized Strings and Content
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php.
//
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"EFI TLS DXE Driver"

653
NetworkPkg/TlsDxe/TlsImpl.c
View File

@ -1,326 +1,327 @@
/** @file
The Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsImpl.h"
/**
Encrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
plain text TLS payload;
On output these fragments contain the TLS header and
cipher text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsEncryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
)
{
EFI_STATUS Status;
UINTN Index;
UINT32 BytesCopied;
UINT32 BufferInSize;
UINT8 *BufferIn;
UINT8 *BufferInPtr;
TLS_RECORD_HEADER *RecordHeaderIn;
UINT16 ThisPlainMessageSize;
TLS_RECORD_HEADER *TempRecordHeader;
UINT16 ThisMessageSize;
UINT32 BufferOutSize;
UINT8 *BufferOut;
INTN Ret;
Status = EFI_SUCCESS;
BytesCopied = 0;
BufferInSize = 0;
BufferIn = NULL;
BufferInPtr = NULL;
RecordHeaderIn = NULL;
TempRecordHeader = NULL;
BufferOutSize = 0;
BufferOut = NULL;
Ret = 0;
//
// Calculate the size according to the fragment table.
//
for (Index = 0; Index < *FragmentCount; Index++) {
BufferInSize += (*FragmentTable)[Index].FragmentLength;
}
//
// Allocate buffer for processing data.
//
BufferIn = AllocateZeroPool (BufferInSize);
if (BufferIn == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Copy all TLS plain record header and payload into BufferIn.
//
for (Index = 0; Index < *FragmentCount; Index++) {
CopyMem (
(BufferIn + BytesCopied),
(*FragmentTable)[Index].FragmentBuffer,
(*FragmentTable)[Index].FragmentLength
);
BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Parsing buffer.
//
BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisPlainMessageSize = RecordHeaderIn->Length;
TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
if (Ret > 0) {
ThisMessageSize = (UINT16) Ret;
} else {
//
// No data was successfully encrypted, continue to encrypt other messages.
//
DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));
ThisMessageSize = 0;
}
BufferOutSize += ThisMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
TempRecordHeader += ThisMessageSize;
}
FreePool (BufferIn);
BufferIn = NULL;
//
// The caller will be responsible to handle the original fragment table.
//
*FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
if (*FragmentTable == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
(*FragmentTable)[0].FragmentBuffer = BufferOut;
(*FragmentTable)[0].FragmentLength = BufferOutSize;
*FragmentCount = 1;
return Status;
ERROR:
if (BufferIn != NULL) {
FreePool (BufferIn);
BufferIn = NULL;
}
if (BufferOut != NULL) {
FreePool (BufferOut);
BufferOut = NULL;
}
return Status;
}
/**
Decrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
cipher text TLS payload;
On output these fragments contain the TLS header and
plain text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsDecryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
)
{
EFI_STATUS Status;
UINTN Index;
UINT32 BytesCopied;
UINT8 *BufferIn;
UINT32 BufferInSize;
UINT8 *BufferInPtr;
TLS_RECORD_HEADER *RecordHeaderIn;
UINT16 ThisCipherMessageSize;
TLS_RECORD_HEADER *TempRecordHeader;
UINT16 ThisPlainMessageSize;
UINT8 *BufferOut;
UINT32 BufferOutSize;
INTN Ret;
Status = EFI_SUCCESS;
BytesCopied = 0;
BufferIn = NULL;
BufferInSize = 0;
BufferInPtr = NULL;
RecordHeaderIn = NULL;
TempRecordHeader = NULL;
BufferOut = NULL;
BufferOutSize = 0;
Ret = 0;
//
// Calculate the size according to the fragment table.
//
for (Index = 0; Index < *FragmentCount; Index++) {
BufferInSize += (*FragmentTable)[Index].FragmentLength;
}
//
// Allocate buffer for processing data
//
BufferIn = AllocateZeroPool (BufferInSize);
if (BufferIn == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Copy all TLS plain record header and payload to BufferIn
//
for (Index = 0; Index < *FragmentCount; Index++) {
CopyMem (
(BufferIn + BytesCopied),
(*FragmentTable)[Index].FragmentBuffer,
(*FragmentTable)[Index].FragmentLength
);
BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Parsing buffer. Received packet may have multiple TLS record messages.
//
BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
TlsInstance->TlsSessionState = EfiTlsSessionError;
Status = EFI_ABORTED;
goto ERROR;
}
Ret = 0;
Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
if (Ret > 0) {
ThisPlainMessageSize = (UINT16) Ret;
} else {
//
// No data was successfully decrypted, continue to decrypt other messages.
//
DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
ThisPlainMessageSize = 0;
}
CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
TempRecordHeader->Length = ThisPlainMessageSize;
BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
}
FreePool (BufferIn);
BufferIn = NULL;
//
// The caller will be responsible to handle the original fragment table
//
*FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
if (*FragmentTable == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
(*FragmentTable)[0].FragmentBuffer = BufferOut;
(*FragmentTable)[0].FragmentLength = BufferOutSize;
*FragmentCount = 1;
return Status;
ERROR:
if (BufferIn != NULL) {
FreePool (BufferIn);
BufferIn = NULL;
}
if (BufferOut != NULL) {
FreePool (BufferOut);
BufferOut = NULL;
}
return Status;
}
/** @file
The Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsImpl.h"
/**
Encrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
plain text TLS payload;
On output these fragments contain the TLS header and
cipher text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsEncryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
)
{
EFI_STATUS Status;
UINTN Index;
UINT32 BytesCopied;
UINT32 BufferInSize;
UINT8 *BufferIn;
UINT8 *BufferInPtr;
TLS_RECORD_HEADER *RecordHeaderIn;
UINT16 ThisPlainMessageSize;
TLS_RECORD_HEADER *TempRecordHeader;
UINT16 ThisMessageSize;
UINT32 BufferOutSize;
UINT8 *BufferOut;
INTN Ret;
Status = EFI_SUCCESS;
BytesCopied = 0;
BufferInSize = 0;
BufferIn = NULL;
BufferInPtr = NULL;
RecordHeaderIn = NULL;
TempRecordHeader = NULL;
BufferOutSize = 0;
BufferOut = NULL;
Ret = 0;
//
// Calculate the size according to the fragment table.
//
for (Index = 0; Index < *FragmentCount; Index++) {
BufferInSize += (*FragmentTable)[Index].FragmentLength;
}
//
// Allocate buffer for processing data.
//
BufferIn = AllocateZeroPool (BufferInSize);
if (BufferIn == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Copy all TLS plain record header and payload into BufferIn.
//
for (Index = 0; Index < *FragmentCount; Index++) {
CopyMem (
(BufferIn + BytesCopied),
(*FragmentTable)[Index].FragmentBuffer,
(*FragmentTable)[Index].FragmentLength
);
BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Parsing buffer.
//
BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisPlainMessageSize = RecordHeaderIn->Length;
TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
if (Ret > 0) {
ThisMessageSize = (UINT16) Ret;
} else {
//
// No data was successfully encrypted, continue to encrypt other messages.
//
DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));
ThisMessageSize = 0;
}
BufferOutSize += ThisMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
TempRecordHeader += ThisMessageSize;
}
FreePool (BufferIn);
BufferIn = NULL;
//
// The caller will be responsible to handle the original fragment table.
//
*FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
if (*FragmentTable == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
(*FragmentTable)[0].FragmentBuffer = BufferOut;
(*FragmentTable)[0].FragmentLength = BufferOutSize;
*FragmentCount = 1;
return Status;
ERROR:
if (BufferIn != NULL) {
FreePool (BufferIn);
BufferIn = NULL;
}
if (BufferOut != NULL) {
FreePool (BufferOut);
BufferOut = NULL;
}
return Status;
}
/**
Decrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
cipher text TLS payload;
On output these fragments contain the TLS header and
plain text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsDecryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
)
{
EFI_STATUS Status;
UINTN Index;
UINT32 BytesCopied;
UINT8 *BufferIn;
UINT32 BufferInSize;
UINT8 *BufferInPtr;
TLS_RECORD_HEADER *RecordHeaderIn;
UINT16 ThisCipherMessageSize;
TLS_RECORD_HEADER *TempRecordHeader;
UINT16 ThisPlainMessageSize;
UINT8 *BufferOut;
UINT32 BufferOutSize;
INTN Ret;
Status = EFI_SUCCESS;
BytesCopied = 0;
BufferIn = NULL;
BufferInSize = 0;
BufferInPtr = NULL;
RecordHeaderIn = NULL;
TempRecordHeader = NULL;
BufferOut = NULL;
BufferOutSize = 0;
Ret = 0;
//
// Calculate the size according to the fragment table.
//
for (Index = 0; Index < *FragmentCount; Index++) {
BufferInSize += (*FragmentTable)[Index].FragmentLength;
}
//
// Allocate buffer for processing data
//
BufferIn = AllocateZeroPool (BufferInSize);
if (BufferIn == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Copy all TLS plain record header and payload to BufferIn
//
for (Index = 0; Index < *FragmentCount; Index++) {
CopyMem (
(BufferIn + BytesCopied),
(*FragmentTable)[Index].FragmentBuffer,
(*FragmentTable)[Index].FragmentLength
);
BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Parsing buffer. Received packet may have multiple TLS record messages.
//
BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
TlsInstance->TlsSessionState = EfiTlsSessionError;
Status = EFI_ABORTED;
goto ERROR;
}
Ret = 0;
Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
if (Ret > 0) {
ThisPlainMessageSize = (UINT16) Ret;
} else {
//
// No data was successfully decrypted, continue to decrypt other messages.
//
DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
ThisPlainMessageSize = 0;
}
CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
TempRecordHeader->Length = ThisPlainMessageSize;
BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
}
FreePool (BufferIn);
BufferIn = NULL;
//
// The caller will be responsible to handle the original fragment table
//
*FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
if (*FragmentTable == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
(*FragmentTable)[0].FragmentBuffer = BufferOut;
(*FragmentTable)[0].FragmentLength = BufferOutSize;
*FragmentCount = 1;
return Status;
ERROR:
if (BufferIn != NULL) {
FreePool (BufferIn);
BufferIn = NULL;
}
if (BufferOut != NULL) {
FreePool (BufferOut);
BufferOut = NULL;
}
return Status;
}

631
NetworkPkg/TlsDxe/TlsImpl.h
View File

@ -1,315 +1,316 @@
/** @file
Header file of Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_TLS_IMPL_H__
#define __EFI_TLS_IMPL_H__
//
// Libraries
//
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/NetLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/TlsLib.h>
//
// Consumed Protocols
//
#include <Protocol/Tls.h>
#include <Protocol/TlsConfig.h>
#include <IndustryStandard/Tls1.h>
#include "TlsDriver.h"
//
// Protocol instances
//
extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
extern EFI_TLS_PROTOCOL mTlsProtocol;
extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
#define MAX_BUFFER_SIZE 32768
/**
Encrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
plain text TLS payload;
On output these fragments contain the TLS header and
cipher text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsEncryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
);
/**
Decrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
cipher text TLS payload;
On output these fragments contain the TLS header and
plain text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsDecryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
);
/**
Set TLS session data.
The SetSessionData() function set data for a new TLS session. All session data should
be set before BuildResponsePacket() invoked.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in] DataType TLS session data type.
@param[in] Data Pointer to session data.
@param[in] DataSize Total size of session data.
@retval EFI_SUCCESS The TLS session data is set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
Data is NULL.
DataSize is 0.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_ACCESS_DENIED If the DataType is one of below:
EfiTlsClientRandom
EfiTlsServerRandom
EfiTlsKeyMaterial
@retval EFI_NOT_READY Current TLS session state is NOT
EfiTlsSessionStateNotStarted.
@retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
**/
EFI_STATUS
EFIAPI
TlsSetSessionData (
IN EFI_TLS_PROTOCOL *This,
IN EFI_TLS_SESSION_DATA_TYPE DataType,
IN VOID *Data,
IN UINTN DataSize
);
/**
Get TLS session data.
The GetSessionData() function return the TLS session information.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in] DataType TLS session data type.
@param[in, out] Data Pointer to session data.
@param[in, out] DataSize Total size of session data. On input, it means
the size of Data buffer. On output, it means the size
of copied Data buffer if EFI_SUCCESS, and means the
size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
@retval EFI_SUCCESS The TLS session data is got successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
DataSize is NULL.
Data is NULL if *DataSize is not zero.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_NOT_FOUND The TLS session data is not found.
@retval EFI_NOT_READY The DataType is not ready in current session state.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
**/
EFI_STATUS
EFIAPI
TlsGetSessionData (
IN EFI_TLS_PROTOCOL *This,
IN EFI_TLS_SESSION_DATA_TYPE DataType,
IN OUT VOID *Data, OPTIONAL
IN OUT UINTN *DataSize
);
/**
Build response packet according to TLS state machine. This function is only valid for
alert, handshake and change_cipher_spec content type.
The BuildResponsePacket() function builds TLS response packet in response to the TLS
request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
session has errors and the response packet needs to be Alert message based on error
type.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
means TLS need initiate the TLS session and response
packet need to be ClientHello.
@param[in] RequestSize Packet size in bytes for the most recently received TLS
packet. 0 is only valid when RequestBuffer is NULL.
@param[out] Buffer Pointer to the buffer to hold the built packet.
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
the buffer size provided by the caller. On output, it
is the buffer size in fact needed to contain the
packet.
@retval EFI_SUCCESS The required TLS packet is built successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
RequestBuffer is NULL but RequestSize is NOT 0.
RequestSize is 0 but RequestBuffer is NOT NULL.
BufferSize is NULL.
Buffer is NULL if *BufferSize is not zero.
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
@retval EFI_NOT_READY Current TLS session state is NOT ready to build
ResponsePacket.
@retval EFI_ABORTED Something wrong build response packet.
**/
EFI_STATUS
EFIAPI
TlsBuildResponsePacket (
IN EFI_TLS_PROTOCOL *This,
IN UINT8 *RequestBuffer, OPTIONAL
IN UINTN RequestSize, OPTIONAL
OUT UINT8 *Buffer, OPTIONAL
IN OUT UINTN *BufferSize
);
/**
Decrypt or encrypt TLS packet during session. This function is only valid after
session connected and for application_data content type.
The ProcessPacket () function process each inbound or outbound TLS APP packet.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
responsible to handle the original FragmentTable while
it may be reallocated in TLS driver. If CryptMode is
EfiTlsEncrypt, on input these fragments contain the TLS
header and plain text TLS APP payload; on output these
fragments contain the TLS header and cipher text TLS
APP payload. If CryptMode is EfiTlsDecrypt, on input
these fragments contain the TLS header and cipher text
TLS APP payload; on output these fragments contain the
TLS header and plain text TLS APP payload.
@param[in] FragmentCount Number of fragment.
@param[in] CryptMode Crypt mode.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
FragmentTable is NULL.
FragmentCount is NULL.
CryptoMode is invalid.
@retval EFI_NOT_READY Current TLS session state is NOT
EfiTlsSessionDataTransferring.
@retval EFI_ABORTED Something wrong decryption the message. TLS session
status will become EfiTlsSessionError. The caller need
call BuildResponsePacket() to generate Error Alert
message and send it out.
@retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
**/
EFI_STATUS
EFIAPI
TlsProcessPacket (
IN EFI_TLS_PROTOCOL *This,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount,
IN EFI_TLS_CRYPT_MODE CryptMode
);
/**
Set TLS configuration data.
The SetData() function sets TLS configuration to non-volatile storage or volatile
storage.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in] Data Pointer to configuration data.
@param[in] DataSize Total size of configuration data.
@retval EFI_SUCCESS The TLS configuration data is set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
Data is NULL.
DataSize is 0.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
**/
EFI_STATUS
EFIAPI
TlsConfigurationSetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN VOID *Data,
IN UINTN DataSize
);
/**
Get TLS configuration data.
The GetData() function gets TLS configuration.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in, out] Data Pointer to configuration data.
@param[in, out] DataSize Total size of configuration data. On input, it means
the size of Data buffer. On output, it means the size
of copied Data buffer if EFI_SUCCESS, and means the
size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
@retval EFI_SUCCESS The TLS configuration data is got successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
DataSize is NULL.
Data is NULL if *DataSize is not zero.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_NOT_FOUND The TLS configuration data is not found.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
**/
EFI_STATUS
EFIAPI
TlsConfigurationGetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN OUT VOID *Data, OPTIONAL
IN OUT UINTN *DataSize
);
#endif
/** @file
Header file of Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_TLS_IMPL_H__
#define __EFI_TLS_IMPL_H__
//
// Libraries
//
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/NetLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/TlsLib.h>
//
// Consumed Protocols
//
#include <Protocol/Tls.h>
#include <Protocol/TlsConfig.h>
#include <IndustryStandard/Tls1.h>
#include "TlsDriver.h"
//
// Protocol instances
//
extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
extern EFI_TLS_PROTOCOL mTlsProtocol;
extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
#define MAX_BUFFER_SIZE 32768
/**
Encrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
plain text TLS payload;
On output these fragments contain the TLS header and
cipher text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsEncryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
);
/**
Decrypt the message listed in fragment.
@param[in] TlsInstance The pointer to the TLS instance.
@param[in, out] FragmentTable Pointer to a list of fragment.
On input these fragments contain the TLS header and
cipher text TLS payload;
On output these fragments contain the TLS header and
plain text TLS payload.
@param[in] FragmentCount Number of fragment.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@retval EFI_ABORTED TLS session state is incorrect.
@retval Others Other errors as indicated.
**/
EFI_STATUS
TlsDecryptPacket (
IN TLS_INSTANCE *TlsInstance,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount
);
/**
Set TLS session data.
The SetSessionData() function set data for a new TLS session. All session data should
be set before BuildResponsePacket() invoked.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in] DataType TLS session data type.
@param[in] Data Pointer to session data.
@param[in] DataSize Total size of session data.
@retval EFI_SUCCESS The TLS session data is set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
Data is NULL.
DataSize is 0.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_ACCESS_DENIED If the DataType is one of below:
EfiTlsClientRandom
EfiTlsServerRandom
EfiTlsKeyMaterial
@retval EFI_NOT_READY Current TLS session state is NOT
EfiTlsSessionStateNotStarted.
@retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
**/
EFI_STATUS
EFIAPI
TlsSetSessionData (
IN EFI_TLS_PROTOCOL *This,
IN EFI_TLS_SESSION_DATA_TYPE DataType,
IN VOID *Data,
IN UINTN DataSize
);
/**
Get TLS session data.
The GetSessionData() function return the TLS session information.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in] DataType TLS session data type.
@param[in, out] Data Pointer to session data.
@param[in, out] DataSize Total size of session data. On input, it means
the size of Data buffer. On output, it means the size
of copied Data buffer if EFI_SUCCESS, and means the
size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
@retval EFI_SUCCESS The TLS session data is got successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
DataSize is NULL.
Data is NULL if *DataSize is not zero.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_NOT_FOUND The TLS session data is not found.
@retval EFI_NOT_READY The DataType is not ready in current session state.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
**/
EFI_STATUS
EFIAPI
TlsGetSessionData (
IN EFI_TLS_PROTOCOL *This,
IN EFI_TLS_SESSION_DATA_TYPE DataType,
IN OUT VOID *Data, OPTIONAL
IN OUT UINTN *DataSize
);
/**
Build response packet according to TLS state machine. This function is only valid for
alert, handshake and change_cipher_spec content type.
The BuildResponsePacket() function builds TLS response packet in response to the TLS
request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
session has errors and the response packet needs to be Alert message based on error
type.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
means TLS need initiate the TLS session and response
packet need to be ClientHello.
@param[in] RequestSize Packet size in bytes for the most recently received TLS
packet. 0 is only valid when RequestBuffer is NULL.
@param[out] Buffer Pointer to the buffer to hold the built packet.
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
the buffer size provided by the caller. On output, it
is the buffer size in fact needed to contain the
packet.
@retval EFI_SUCCESS The required TLS packet is built successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
RequestBuffer is NULL but RequestSize is NOT 0.
RequestSize is 0 but RequestBuffer is NOT NULL.
BufferSize is NULL.
Buffer is NULL if *BufferSize is not zero.
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
@retval EFI_NOT_READY Current TLS session state is NOT ready to build
ResponsePacket.
@retval EFI_ABORTED Something wrong build response packet.
**/
EFI_STATUS
EFIAPI
TlsBuildResponsePacket (
IN EFI_TLS_PROTOCOL *This,
IN UINT8 *RequestBuffer, OPTIONAL
IN UINTN RequestSize, OPTIONAL
OUT UINT8 *Buffer, OPTIONAL
IN OUT UINTN *BufferSize
);
/**
Decrypt or encrypt TLS packet during session. This function is only valid after
session connected and for application_data content type.
The ProcessPacket () function process each inbound or outbound TLS APP packet.
@param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
@param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
responsible to handle the original FragmentTable while
it may be reallocated in TLS driver. If CryptMode is
EfiTlsEncrypt, on input these fragments contain the TLS
header and plain text TLS APP payload; on output these
fragments contain the TLS header and cipher text TLS
APP payload. If CryptMode is EfiTlsDecrypt, on input
these fragments contain the TLS header and cipher text
TLS APP payload; on output these fragments contain the
TLS header and plain text TLS APP payload.
@param[in] FragmentCount Number of fragment.
@param[in] CryptMode Crypt mode.
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
FragmentTable is NULL.
FragmentCount is NULL.
CryptoMode is invalid.
@retval EFI_NOT_READY Current TLS session state is NOT
EfiTlsSessionDataTransferring.
@retval EFI_ABORTED Something wrong decryption the message. TLS session
status will become EfiTlsSessionError. The caller need
call BuildResponsePacket() to generate Error Alert
message and send it out.
@retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
**/
EFI_STATUS
EFIAPI
TlsProcessPacket (
IN EFI_TLS_PROTOCOL *This,
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
IN UINT32 *FragmentCount,
IN EFI_TLS_CRYPT_MODE CryptMode
);
/**
Set TLS configuration data.
The SetData() function sets TLS configuration to non-volatile storage or volatile
storage.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in] Data Pointer to configuration data.
@param[in] DataSize Total size of configuration data.
@retval EFI_SUCCESS The TLS configuration data is set successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
Data is NULL.
DataSize is 0.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
**/
EFI_STATUS
EFIAPI
TlsConfigurationSetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN VOID *Data,
IN UINTN DataSize
);
/**
Get TLS configuration data.
The GetData() function gets TLS configuration.
@param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
@param[in] DataType Configuration data type.
@param[in, out] Data Pointer to configuration data.
@param[in, out] DataSize Total size of configuration data. On input, it means
the size of Data buffer. On output, it means the size
of copied Data buffer if EFI_SUCCESS, and means the
size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
@retval EFI_SUCCESS The TLS configuration data is got successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
This is NULL.
DataSize is NULL.
Data is NULL if *DataSize is not zero.
@retval EFI_UNSUPPORTED The DataType is unsupported.
@retval EFI_NOT_FOUND The TLS configuration data is not found.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
**/
EFI_STATUS
EFIAPI
TlsConfigurationGetData (
IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
IN EFI_TLS_CONFIG_DATA_TYPE DataType,
IN OUT VOID *Data, OPTIONAL
IN OUT UINTN *DataSize
);
#endif

1265
NetworkPkg/TlsDxe/TlsProtocol.c
View File

File diff suppressed because it is too large Load Diff