mirror of https://github.com/acidanthera/audk.git
624 lines
16 KiB
C
624 lines
16 KiB
C
/** @file
|
|
SSL/TLS Configuration Null Library Wrapper Implementation.
|
|
|
|
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
|
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
|
|
#include "InternalTlsLib.h"
|
|
|
|
/**
|
|
Set a new TLS/SSL method for a particular TLS object.
|
|
|
|
This function sets a new TLS/SSL method for a particular TLS object.
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
@param[in] MajorVer Major Version of TLS/SSL Protocol.
|
|
@param[in] MinorVer Minor Version of TLS/SSL Protocol.
|
|
|
|
@retval EFI_SUCCESS The TLS/SSL method was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetVersion (
|
|
IN VOID *Tls,
|
|
IN UINT8 MajorVer,
|
|
IN UINT8 MinorVer
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Set TLS object to work in client or server mode.
|
|
|
|
This function prepares a TLS object to work in client or server mode.
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
@param[in] IsServer Work in server mode.
|
|
|
|
@retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetConnectionEnd (
|
|
IN VOID *Tls,
|
|
IN BOOLEAN IsServer
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Set the ciphers list to be used by the TLS object.
|
|
|
|
This function sets the ciphers for use by a specified TLS object.
|
|
|
|
@param[in] Tls Pointer to a TLS object.
|
|
@param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16
|
|
cipher identifier comes from the TLS Cipher Suite
|
|
Registry of the IANA, interpreting Byte1 and Byte2
|
|
in network (big endian) byte order.
|
|
@param[in] CipherNum The number of cipher in the list.
|
|
|
|
@retval EFI_SUCCESS The ciphers list was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.
|
|
@retval EFI_OUT_OF_RESOURCES Memory allocation failed.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCipherList (
|
|
IN VOID *Tls,
|
|
IN UINT16 *CipherId,
|
|
IN UINTN CipherNum
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Set the compression method for TLS/SSL operations.
|
|
|
|
This function handles TLS/SSL integrated compression methods.
|
|
|
|
@param[in] CompMethod The compression method ID.
|
|
|
|
@retval EFI_SUCCESS The compression method for the communication was
|
|
set successfully.
|
|
@retval EFI_UNSUPPORTED Unsupported compression method.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCompressionMethod (
|
|
IN UINT8 CompMethod
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Set peer certificate verification mode for the TLS connection.
|
|
|
|
This function sets the verification mode flags for the TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] VerifyMode A set of logically or'ed verification mode flags.
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsSetVerify (
|
|
IN VOID *Tls,
|
|
IN UINT32 VerifyMode
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
}
|
|
|
|
// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [BEGIN]
|
|
|
|
/**
|
|
Set the specified host name to be verified.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Flags The setting flags during the validation.
|
|
@param[in] HostName The specified host name to be verified.
|
|
|
|
@retval EFI_SUCCESS The HostName setting was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_ABORTED Invalid HostName setting.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetVerifyHost (
|
|
IN VOID *Tls,
|
|
IN UINT32 Flags,
|
|
IN CHAR8 *HostName
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [END]
|
|
|
|
/**
|
|
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
|
|
|
This function sets a session ID to be used when the TLS/SSL connection is
|
|
to be established.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] SessionId Session ID data used for session resumption.
|
|
@param[in] SessionIdLen Length of Session ID in bytes.
|
|
|
|
@retval EFI_SUCCESS Session ID was set successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED No available session for ID setting.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetSessionId (
|
|
IN VOID *Tls,
|
|
IN UINT8 *SessionId,
|
|
IN UINT16 SessionIdLen
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Adds the CA to the cert store when requesting Server or Client authentication.
|
|
|
|
This function adds the CA certificate to the list of CAs when requesting
|
|
Server or Client authentication for the chosen TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded binary
|
|
X.509 certificate or PEM-encoded X.509 certificate.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
|
|
@retval EFI_ABORTED Invalid X.509 certificate.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCaCertificate (
|
|
IN VOID *Tls,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Loads the local public certificate into the specified TLS object.
|
|
|
|
This function loads the X.509 certificate into the specified TLS object
|
|
for TLS negotiation.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded binary
|
|
X.509 certificate or PEM-encoded X.509 certificate.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
|
|
@retval EFI_ABORTED Invalid X.509 certificate.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetHostPublicCert (
|
|
IN VOID *Tls,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Adds the local private key to the specified TLS object.
|
|
|
|
This function adds the local private key (PEM-encoded RSA or PKCS#8 private
|
|
key) into the specified TLS object for TLS negotiation.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in] Data Pointer to the data buffer of a PEM-encoded RSA
|
|
or PKCS#8 private key.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_ABORTED Invalid private key data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetHostPrivateKey (
|
|
IN VOID *Tls,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Adds the CA-supplied certificate revocation list for certificate validation.
|
|
|
|
This function adds the CA-supplied certificate revocation list data for
|
|
certificate validity checking.
|
|
|
|
@param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
|
|
@param[in] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_ABORTED Invalid CRL data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsSetCertRevocationList (
|
|
IN VOID *Data,
|
|
IN UINTN DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the protocol version used by the specified TLS connection.
|
|
|
|
This function returns the protocol version used by the specified TLS
|
|
connection.
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@return The protocol version of the specified TLS connection.
|
|
|
|
**/
|
|
UINT16
|
|
EFIAPI
|
|
TlsGetVersion (
|
|
IN VOID *Tls
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
Gets the connection end of the specified TLS connection.
|
|
|
|
This function returns the connection end (as client or as server) used by
|
|
the specified TLS connection.
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@return The connection end used by the specified TLS connection.
|
|
|
|
**/
|
|
UINT8
|
|
EFIAPI
|
|
TlsGetConnectionEnd (
|
|
IN VOID *Tls
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
Gets the cipher suite used by the specified TLS connection.
|
|
|
|
This function returns current cipher suite used by the specified
|
|
TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] CipherId The cipher suite used by the TLS object.
|
|
|
|
@retval EFI_SUCCESS The cipher suite was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Unsupported cipher suite.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCurrentCipher (
|
|
IN VOID *Tls,
|
|
IN OUT UINT16 *CipherId
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the compression methods used by the specified TLS connection.
|
|
|
|
This function returns current integrated compression methods used by
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] CompressionId The current compression method used by
|
|
the TLS object.
|
|
|
|
@retval EFI_SUCCESS The compression method was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_ABORTED Invalid Compression method.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCurrentCompressionId (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *CompressionId
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the verification mode currently set in the TLS connection.
|
|
|
|
This function returns the peer verification mode currently set in the
|
|
specified TLS connection.
|
|
|
|
If Tls is NULL, then ASSERT().
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
|
|
@return The verification mode set in the specified TLS connection.
|
|
|
|
**/
|
|
UINT32
|
|
EFIAPI
|
|
TlsGetVerify (
|
|
IN VOID *Tls
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
Gets the session ID used by the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL session ID currently used by the
|
|
specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] SessionId Buffer to contain the returned session ID.
|
|
@param[in,out] SessionIdLen The length of Session ID in bytes.
|
|
|
|
@retval EFI_SUCCESS The Session ID was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Invalid TLS/SSL session.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetSessionId (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *SessionId,
|
|
IN OUT UINT16 *SessionIdLen
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the client random data used in the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL client random data currently used in
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] ClientRandom Buffer to contain the returned client
|
|
random data (32 bytes).
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsGetClientRandom (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *ClientRandom
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
}
|
|
|
|
/**
|
|
Gets the server random data used in the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL server random data currently used in
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] ServerRandom Buffer to contain the returned server
|
|
random data (32 bytes).
|
|
|
|
**/
|
|
VOID
|
|
EFIAPI
|
|
TlsGetServerRandom (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *ServerRandom
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
}
|
|
|
|
/**
|
|
Gets the master key data used in the specified TLS connection.
|
|
|
|
This function returns the TLS/SSL master key material currently used in
|
|
the specified TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[in,out] KeyMaterial Buffer to contain the returned key material.
|
|
|
|
@retval EFI_SUCCESS Key material was returned successfully.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_UNSUPPORTED Invalid TLS/SSL session.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetKeyMaterial (
|
|
IN VOID *Tls,
|
|
IN OUT UINT8 *KeyMaterial
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the CA Certificate from the cert store.
|
|
|
|
This function returns the CA certificate for the chosen
|
|
TLS connection.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[out] Data Pointer to the data buffer to receive the CA
|
|
certificate data sent to the client.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCaCertificate (
|
|
IN VOID *Tls,
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the local public Certificate set in the specified TLS object.
|
|
|
|
This function returns the local public certificate which was currently set
|
|
in the specified TLS object.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[out] Data Pointer to the data buffer to receive the local
|
|
public certificate.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_INVALID_PARAMETER The parameter is invalid.
|
|
@retval EFI_NOT_FOUND The certificate is not found.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetHostPublicCert (
|
|
IN VOID *Tls,
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the local private key set in the specified TLS object.
|
|
|
|
This function returns the local private key data which was currently set
|
|
in the specified TLS object.
|
|
|
|
@param[in] Tls Pointer to the TLS object.
|
|
@param[out] Data Pointer to the data buffer to receive the local
|
|
private key data.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetHostPrivateKey (
|
|
IN VOID *Tls,
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
Gets the CA-supplied certificate revocation list data set in the specified
|
|
TLS object.
|
|
|
|
This function returns the CA-supplied certificate revocation list data which
|
|
was currently set in the specified TLS object.
|
|
|
|
@param[out] Data Pointer to the data buffer to receive the CRL data.
|
|
@param[in,out] DataSize The size of data buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS The operation succeeded.
|
|
@retval EFI_UNSUPPORTED This function is not supported.
|
|
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
TlsGetCertRevocationList (
|
|
OUT VOID *Data,
|
|
IN OUT UINTN *DataSize
|
|
)
|
|
{
|
|
ASSERT (FALSE);
|
|
return EFI_UNSUPPORTED;
|
|
}
|