/** @file | |
Defines TLS Library APIs. | |
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> | |
SPDX-License-Identifier: BSD-2-Clause-Patent | |
**/ | |
#ifndef __TLS_LIB_H__ | |
#define __TLS_LIB_H__ | |
/** | |
Initializes the OpenSSL library. | |
This function registers ciphers and digests used directly and indirectly | |
by SSL/TLS, and initializes the readable error messages. | |
This function must be called before any other action takes places. | |
@retval TRUE The OpenSSL library has been initialized. | |
@retval FALSE Failed to initialize the OpenSSL library. | |
**/ | |
BOOLEAN | |
EFIAPI | |
TlsInitialize ( | |
VOID | |
); | |
/** | |
Free an allocated SSL_CTX object. | |
@param[in] TlsCtx Pointer to the SSL_CTX object to be released. | |
**/ | |
VOID | |
EFIAPI | |
TlsCtxFree ( | |
IN VOID *TlsCtx | |
); | |
/** | |
Creates a new SSL_CTX object as framework to establish TLS/SSL enabled | |
connections. | |
@param[in] MajorVer Major Version of TLS/SSL Protocol. | |
@param[in] MinorVer Minor Version of TLS/SSL Protocol. | |
@return Pointer to an allocated SSL_CTX object. | |
If the creation failed, TlsCtxNew() returns NULL. | |
**/ | |
VOID * | |
EFIAPI | |
TlsCtxNew ( | |
IN UINT8 MajorVer, | |
IN UINT8 MinorVer | |
); | |
/** | |
Free an allocated TLS object. | |
This function removes the TLS object pointed to by Tls and frees up the | |
allocated memory. If Tls is NULL, nothing is done. | |
@param[in] Tls Pointer to the TLS object to be freed. | |
**/ | |
VOID | |
EFIAPI | |
TlsFree ( | |
IN VOID *Tls | |
); | |
/** | |
Create a new TLS object for a connection. | |
This function creates a new TLS object for a connection. The new object | |
inherits the setting of the underlying context TlsCtx: connection method, | |
options, verification setting. | |
@param[in] TlsCtx Pointer to the SSL_CTX object. | |
@return Pointer to an allocated SSL object. | |
If the creation failed, TlsNew() returns NULL. | |
**/ | |
VOID * | |
EFIAPI | |
TlsNew ( | |
IN VOID *TlsCtx | |
); | |
/** | |
Checks if the TLS handshake was done. | |
This function will check if the specified TLS handshake was done. | |
@param[in] Tls Pointer to the TLS object for handshake state checking. | |
@retval TRUE The TLS handshake was done. | |
@retval FALSE The TLS handshake was not done. | |
**/ | |
BOOLEAN | |
EFIAPI | |
TlsInHandshake ( | |
IN VOID *Tls | |
); | |
/** | |
Perform a TLS/SSL handshake. | |
This function will perform a TLS/SSL handshake. | |
@param[in] Tls Pointer to the TLS object for handshake operation. | |
@param[in] BufferIn Pointer to the most recently received TLS Handshake packet. | |
@param[in] BufferInSize Packet size in bytes for the most recently received TLS | |
Handshake packet. | |
@param[out] BufferOut Pointer to the buffer to hold the built packet. | |
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is | |
the buffer size provided by the caller. On output, it | |
is the buffer size in fact needed to contain the | |
packet. | |
@retval EFI_SUCCESS The required TLS packet is built successfully. | |
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: | |
Tls is NULL. | |
BufferIn is NULL but BufferInSize is NOT 0. | |
BufferInSize is 0 but BufferIn is NOT NULL. | |
BufferOutSize is NULL. | |
BufferOut is NULL if *BufferOutSize is not zero. | |
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet. | |
@retval EFI_ABORTED Something wrong during handshake. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsDoHandshake ( | |
IN VOID *Tls, | |
IN UINT8 *BufferIn OPTIONAL, | |
IN UINTN BufferInSize OPTIONAL, | |
OUT UINT8 *BufferOut OPTIONAL, | |
IN OUT UINTN *BufferOutSize | |
); | |
/** | |
Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero, | |
TLS session has errors and the response packet needs to be Alert message based on error type. | |
@param[in] Tls Pointer to the TLS object for state checking. | |
@param[in] BufferIn Pointer to the most recently received TLS Alert packet. | |
@param[in] BufferInSize Packet size in bytes for the most recently received TLS | |
Alert packet. | |
@param[out] BufferOut Pointer to the buffer to hold the built packet. | |
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is | |
the buffer size provided by the caller. On output, it | |
is the buffer size in fact needed to contain the | |
packet. | |
@retval EFI_SUCCESS The required TLS packet is built successfully. | |
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: | |
Tls is NULL. | |
BufferIn is NULL but BufferInSize is NOT 0. | |
BufferInSize is 0 but BufferIn is NOT NULL. | |
BufferOutSize is NULL. | |
BufferOut is NULL if *BufferOutSize is not zero. | |
@retval EFI_ABORTED An error occurred. | |
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsHandleAlert ( | |
IN VOID *Tls, | |
IN UINT8 *BufferIn OPTIONAL, | |
IN UINTN BufferInSize OPTIONAL, | |
OUT UINT8 *BufferOut OPTIONAL, | |
IN OUT UINTN *BufferOutSize | |
); | |
/** | |
Build the CloseNotify packet. | |
@param[in] Tls Pointer to the TLS object for state checking. | |
@param[in, out] Buffer Pointer to the buffer to hold the built packet. | |
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is | |
the buffer size provided by the caller. On output, it | |
is the buffer size in fact needed to contain the | |
packet. | |
@retval EFI_SUCCESS The required TLS packet is built successfully. | |
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: | |
Tls is NULL. | |
BufferSize is NULL. | |
Buffer is NULL if *BufferSize is not zero. | |
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsCloseNotify ( | |
IN VOID *Tls, | |
IN OUT UINT8 *Buffer, | |
IN OUT UINTN *BufferSize | |
); | |
/** | |
Attempts to read bytes from one TLS object and places the data in Buffer. | |
This function will attempt to read BufferSize bytes from the TLS object | |
and places the data in Buffer. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] Buffer Pointer to the buffer to store the data. | |
@param[in] BufferSize The size of Buffer in bytes. | |
@retval >0 The amount of data successfully read from the TLS object. | |
@retval <=0 No data was successfully read. | |
**/ | |
INTN | |
EFIAPI | |
TlsCtrlTrafficOut ( | |
IN VOID *Tls, | |
IN OUT VOID *Buffer, | |
IN UINTN BufferSize | |
); | |
/** | |
Attempts to write data from the buffer to TLS object. | |
This function will attempt to write BufferSize bytes data from the Buffer | |
to the TLS object. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] Buffer Pointer to the data buffer. | |
@param[in] BufferSize The size of Buffer in bytes. | |
@retval >0 The amount of data successfully written to the TLS object. | |
@retval <=0 No data was successfully written. | |
**/ | |
INTN | |
EFIAPI | |
TlsCtrlTrafficIn ( | |
IN VOID *Tls, | |
IN VOID *Buffer, | |
IN UINTN BufferSize | |
); | |
/** | |
Attempts to read bytes from the specified TLS connection into the buffer. | |
This function tries to read BufferSize bytes data from the specified TLS | |
connection into the Buffer. | |
@param[in] Tls Pointer to the TLS connection for data reading. | |
@param[in,out] Buffer Pointer to the data buffer. | |
@param[in] BufferSize The size of Buffer in bytes. | |
@retval >0 The read operation was successful, and return value is the | |
number of bytes actually read from the TLS connection. | |
@retval <=0 The read operation was not successful. | |
**/ | |
INTN | |
EFIAPI | |
TlsRead ( | |
IN VOID *Tls, | |
IN OUT VOID *Buffer, | |
IN UINTN BufferSize | |
); | |
/** | |
Attempts to write data to a TLS connection. | |
This function tries to write BufferSize bytes data from the Buffer into the | |
specified TLS connection. | |
@param[in] Tls Pointer to the TLS connection for data writing. | |
@param[in] Buffer Pointer to the data buffer. | |
@param[in] BufferSize The size of Buffer in bytes. | |
@retval >0 The write operation was successful, and return value is the | |
number of bytes actually written to the TLS connection. | |
@retval <=0 The write operation was not successful. | |
**/ | |
INTN | |
EFIAPI | |
TlsWrite ( | |
IN VOID *Tls, | |
IN VOID *Buffer, | |
IN UINTN BufferSize | |
); | |
/** | |
Shutdown a TLS connection. | |
Shutdown the TLS connection without releasing the resources, meaning a new | |
connection can be started without calling TlsNew() and without setting | |
certificates etc. | |
@param[in] Tls Pointer to the TLS object to shutdown. | |
@retval EFI_SUCCESS The TLS is shutdown successfully. | |
@retval EFI_INVALID_PARAMETER Tls is NULL. | |
@retval EFI_PROTOCOL_ERROR Some other error occurred. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsShutdown ( | |
IN VOID *Tls | |
); | |
/** | |
Set a new TLS/SSL method for a particular TLS object. | |
This function sets a new TLS/SSL method for a particular TLS object. | |
@param[in] Tls Pointer to a TLS object. | |
@param[in] MajorVer Major Version of TLS/SSL Protocol. | |
@param[in] MinorVer Minor Version of TLS/SSL Protocol. | |
@retval EFI_SUCCESS The TLS/SSL method was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED Unsupported TLS/SSL method. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetVersion ( | |
IN VOID *Tls, | |
IN UINT8 MajorVer, | |
IN UINT8 MinorVer | |
); | |
/** | |
Set TLS object to work in client or server mode. | |
This function prepares a TLS object to work in client or server mode. | |
@param[in] Tls Pointer to a TLS object. | |
@param[in] IsServer Work in server mode. | |
@retval EFI_SUCCESS The TLS/SSL work mode was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetConnectionEnd ( | |
IN VOID *Tls, | |
IN BOOLEAN IsServer | |
); | |
/** | |
Set the ciphers list to be used by the TLS object. | |
This function sets the ciphers for use by a specified TLS object. | |
@param[in] Tls Pointer to a TLS object. | |
@param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16 | |
cipher identifier comes from the TLS Cipher Suite | |
Registry of the IANA, interpreting Byte1 and Byte2 | |
in network (big endian) byte order. | |
@param[in] CipherNum The number of cipher in the list. | |
@retval EFI_SUCCESS The ciphers list was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId. | |
@retval EFI_OUT_OF_RESOURCES Memory allocation failed. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetCipherList ( | |
IN VOID *Tls, | |
IN UINT16 *CipherId, | |
IN UINTN CipherNum | |
); | |
/** | |
Set the compression method for TLS/SSL operations. | |
This function handles TLS/SSL integrated compression methods. | |
@param[in] CompMethod The compression method ID. | |
@retval EFI_SUCCESS The compression method for the communication was | |
set successfully. | |
@retval EFI_UNSUPPORTED Unsupported compression method. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetCompressionMethod ( | |
IN UINT8 CompMethod | |
); | |
/** | |
Set peer certificate verification mode for the TLS connection. | |
This function sets the verification mode flags for the TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] VerifyMode A set of logically or'ed verification mode flags. | |
**/ | |
VOID | |
EFIAPI | |
TlsSetVerify ( | |
IN VOID *Tls, | |
IN UINT32 VerifyMode | |
); | |
/** | |
Set the specified host name to be verified. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] Flags The setting flags during the validation. | |
@param[in] HostName The specified host name to be verified. | |
@retval EFI_SUCCESS The HostName setting was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_ABORTED Invalid HostName setting. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetVerifyHost ( | |
IN VOID *Tls, | |
IN UINT32 Flags, | |
IN CHAR8 *HostName | |
); | |
/** | |
Sets a TLS/SSL session ID to be used during TLS/SSL connect. | |
This function sets a session ID to be used when the TLS/SSL connection is | |
to be established. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] SessionId Session ID data used for session resumption. | |
@param[in] SessionIdLen Length of Session ID in bytes. | |
@retval EFI_SUCCESS Session ID was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED No available session for ID setting. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetSessionId ( | |
IN VOID *Tls, | |
IN UINT8 *SessionId, | |
IN UINT16 SessionIdLen | |
); | |
/** | |
Adds the CA to the cert store when requesting Server or Client authentication. | |
This function adds the CA certificate to the list of CAs when requesting | |
Server or Client authentication for the chosen TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] Data Pointer to the data buffer of a DER-encoded binary | |
X.509 certificate or PEM-encoded X.509 certificate. | |
@param[in] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated. | |
@retval EFI_ABORTED Invalid X.509 certificate. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetCaCertificate ( | |
IN VOID *Tls, | |
IN VOID *Data, | |
IN UINTN DataSize | |
); | |
/** | |
Loads the local public certificate into the specified TLS object. | |
This function loads the X.509 certificate into the specified TLS object | |
for TLS negotiation. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] Data Pointer to the data buffer of a DER-encoded binary | |
X.509 certificate or PEM-encoded X.509 certificate. | |
@param[in] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_OUT_OF_RESOURCES Required resources could not be allocated. | |
@retval EFI_ABORTED Invalid X.509 certificate. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetHostPublicCert ( | |
IN VOID *Tls, | |
IN VOID *Data, | |
IN UINTN DataSize | |
); | |
/** | |
Adds the local private key to the specified TLS object. | |
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private | |
key) into the specified TLS object for TLS negotiation. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded | |
or PKCS#8 private key. | |
@param[in] DataSize The size of data buffer in bytes. | |
@param[in] Password Pointer to NULL-terminated private key password, set it to NULL | |
if private key not encrypted. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
@retval EFI_ABORTED Invalid private key data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetHostPrivateKeyEx ( | |
IN VOID *Tls, | |
IN VOID *Data, | |
IN UINTN DataSize, | |
IN VOID *Password OPTIONAL | |
); | |
/** | |
Adds the local private key to the specified TLS object. | |
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private | |
key) into the specified TLS object for TLS negotiation. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded | |
or PKCS#8 private key. | |
@param[in] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
@retval EFI_ABORTED Invalid private key data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetHostPrivateKey ( | |
IN VOID *Tls, | |
IN VOID *Data, | |
IN UINTN DataSize | |
); | |
/** | |
Adds the CA-supplied certificate revocation list for certificate validation. | |
This function adds the CA-supplied certificate revocation list data for | |
certificate validity checking. | |
@param[in] Data Pointer to the data buffer of a DER-encoded CRL data. | |
@param[in] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
@retval EFI_ABORTED Invalid CRL data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetCertRevocationList ( | |
IN VOID *Data, | |
IN UINTN DataSize | |
); | |
/** | |
Set the signature algorithm list to used by the TLS object. | |
This function sets the signature algorithms for use by a specified TLS object. | |
@param[in] Tls Pointer to a TLS object. | |
@param[in] Data Array of UINT8 of signature algorithms. The array consists of | |
pairs of the hash algorithm and the signature algorithm as defined | |
in RFC 5246 | |
@param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2. | |
@retval EFI_SUCCESS The signature algorithm list was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameters are invalid. | |
@retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList | |
@retval EFI_OUT_OF_RESOURCES Memory allocation failed. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetSignatureAlgoList ( | |
IN VOID *Tls, | |
IN UINT8 *Data, | |
IN UINTN DataSize | |
); | |
/** | |
Set the EC curve to be used for TLS flows | |
This function sets the EC curve to be used for TLS flows. | |
@param[in] Tls Pointer to a TLS object. | |
@param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492. | |
@param[in] DataSize Size of Data, it should be sizeof (UINT32) | |
@retval EFI_SUCCESS The EC curve was set successfully. | |
@retval EFI_INVALID_PARAMETER The parameters are invalid. | |
@retval EFI_UNSUPPORTED The requested TLS EC curve is not supported | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsSetEcCurve ( | |
IN VOID *Tls, | |
IN UINT8 *Data, | |
IN UINTN DataSize | |
); | |
/** | |
Gets the protocol version used by the specified TLS connection. | |
This function returns the protocol version used by the specified TLS | |
connection. | |
If Tls is NULL, then ASSERT(). | |
@param[in] Tls Pointer to the TLS object. | |
@return The protocol version of the specified TLS connection. | |
**/ | |
UINT16 | |
EFIAPI | |
TlsGetVersion ( | |
IN VOID *Tls | |
); | |
/** | |
Gets the connection end of the specified TLS connection. | |
This function returns the connection end (as client or as server) used by | |
the specified TLS connection. | |
If Tls is NULL, then ASSERT(). | |
@param[in] Tls Pointer to the TLS object. | |
@return The connection end used by the specified TLS connection. | |
**/ | |
UINT8 | |
EFIAPI | |
TlsGetConnectionEnd ( | |
IN VOID *Tls | |
); | |
/** | |
Gets the cipher suite used by the specified TLS connection. | |
This function returns current cipher suite used by the specified | |
TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] CipherId The cipher suite used by the TLS object. | |
@retval EFI_SUCCESS The cipher suite was returned successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED Unsupported cipher suite. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetCurrentCipher ( | |
IN VOID *Tls, | |
IN OUT UINT16 *CipherId | |
); | |
/** | |
Gets the compression methods used by the specified TLS connection. | |
This function returns current integrated compression methods used by | |
the specified TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] CompressionId The current compression method used by | |
the TLS object. | |
@retval EFI_SUCCESS The compression method was returned successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_ABORTED Invalid Compression method. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetCurrentCompressionId ( | |
IN VOID *Tls, | |
IN OUT UINT8 *CompressionId | |
); | |
/** | |
Gets the verification mode currently set in the TLS connection. | |
This function returns the peer verification mode currently set in the | |
specified TLS connection. | |
If Tls is NULL, then ASSERT(). | |
@param[in] Tls Pointer to the TLS object. | |
@return The verification mode set in the specified TLS connection. | |
**/ | |
UINT32 | |
EFIAPI | |
TlsGetVerify ( | |
IN VOID *Tls | |
); | |
/** | |
Gets the session ID used by the specified TLS connection. | |
This function returns the TLS/SSL session ID currently used by the | |
specified TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] SessionId Buffer to contain the returned session ID. | |
@param[in,out] SessionIdLen The length of Session ID in bytes. | |
@retval EFI_SUCCESS The Session ID was returned successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED Invalid TLS/SSL session. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetSessionId ( | |
IN VOID *Tls, | |
IN OUT UINT8 *SessionId, | |
IN OUT UINT16 *SessionIdLen | |
); | |
/** | |
Gets the client random data used in the specified TLS connection. | |
This function returns the TLS/SSL client random data currently used in | |
the specified TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] ClientRandom Buffer to contain the returned client | |
random data (32 bytes). | |
**/ | |
VOID | |
EFIAPI | |
TlsGetClientRandom ( | |
IN VOID *Tls, | |
IN OUT UINT8 *ClientRandom | |
); | |
/** | |
Gets the server random data used in the specified TLS connection. | |
This function returns the TLS/SSL server random data currently used in | |
the specified TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] ServerRandom Buffer to contain the returned server | |
random data (32 bytes). | |
**/ | |
VOID | |
EFIAPI | |
TlsGetServerRandom ( | |
IN VOID *Tls, | |
IN OUT UINT8 *ServerRandom | |
); | |
/** | |
Gets the master key data used in the specified TLS connection. | |
This function returns the TLS/SSL master key material currently used in | |
the specified TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[in,out] KeyMaterial Buffer to contain the returned key material. | |
@retval EFI_SUCCESS Key material was returned successfully. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_UNSUPPORTED Invalid TLS/SSL session. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetKeyMaterial ( | |
IN VOID *Tls, | |
IN OUT UINT8 *KeyMaterial | |
); | |
/** | |
Gets the CA Certificate from the cert store. | |
This function returns the CA certificate for the chosen | |
TLS connection. | |
@param[in] Tls Pointer to the TLS object. | |
@param[out] Data Pointer to the data buffer to receive the CA | |
certificate data sent to the client. | |
@param[in,out] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetCaCertificate ( | |
IN VOID *Tls, | |
OUT VOID *Data, | |
IN OUT UINTN *DataSize | |
); | |
/** | |
Gets the local public Certificate set in the specified TLS object. | |
This function returns the local public certificate which was currently set | |
in the specified TLS object. | |
@param[in] Tls Pointer to the TLS object. | |
@param[out] Data Pointer to the data buffer to receive the local | |
public certificate. | |
@param[in,out] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_INVALID_PARAMETER The parameter is invalid. | |
@retval EFI_NOT_FOUND The certificate is not found. | |
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetHostPublicCert ( | |
IN VOID *Tls, | |
OUT VOID *Data, | |
IN OUT UINTN *DataSize | |
); | |
/** | |
Gets the local private key set in the specified TLS object. | |
This function returns the local private key data which was currently set | |
in the specified TLS object. | |
@param[in] Tls Pointer to the TLS object. | |
@param[out] Data Pointer to the data buffer to receive the local | |
private key data. | |
@param[in,out] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetHostPrivateKey ( | |
IN VOID *Tls, | |
OUT VOID *Data, | |
IN OUT UINTN *DataSize | |
); | |
/** | |
Gets the CA-supplied certificate revocation list data set in the specified | |
TLS object. | |
This function returns the CA-supplied certificate revocation list data which | |
was currently set in the specified TLS object. | |
@param[out] Data Pointer to the data buffer to receive the CRL data. | |
@param[in,out] DataSize The size of data buffer in bytes. | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_UNSUPPORTED This function is not supported. | |
@retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetCertRevocationList ( | |
OUT VOID *Data, | |
IN OUT UINTN *DataSize | |
); | |
/** | |
Derive keying material from a TLS connection. | |
This function exports keying material using the mechanism described in RFC | |
5705. | |
@param[in] Tls Pointer to the TLS object | |
@param[in] Label Description of the key for the PRF function | |
@param[in] Context Optional context | |
@param[in] ContextLen The length of the context value in bytes | |
@param[out] KeyBuffer Buffer to hold the output of the TLS-PRF | |
@param[in] KeyBufferLen The length of the KeyBuffer | |
@retval EFI_SUCCESS The operation succeeded. | |
@retval EFI_INVALID_PARAMETER The TLS object is invalid. | |
@retval EFI_PROTOCOL_ERROR Some other error occurred. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
TlsGetExportKey ( | |
IN VOID *Tls, | |
IN CONST VOID *Label, | |
IN CONST VOID *Context, | |
IN UINTN ContextLen, | |
OUT VOID *KeyBuffer, | |
IN UINTN KeyBufferLen | |
); | |
#endif // __TLS_LIB_H__ |