]>
Commit | Line | Data |
---|---|---|
264702a0 HW |
1 | /** @file\r |
2 | Defines TLS Library APIs.\r | |
3 | \r | |
0878771f | 4 | Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r |
2009f6b4 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
264702a0 HW |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #ifndef __TLS_LIB_H__\r | |
10 | #define __TLS_LIB_H__\r | |
11 | \r | |
12 | /**\r | |
13 | Initializes the OpenSSL library.\r | |
14 | \r | |
15 | This function registers ciphers and digests used directly and indirectly\r | |
16 | by SSL/TLS, and initializes the readable error messages.\r | |
17 | This function must be called before any other action takes places.\r | |
18 | \r | |
0878771f JW |
19 | @retval TRUE The OpenSSL library has been initialized.\r |
20 | @retval FALSE Failed to initialize the OpenSSL library.\r | |
21 | \r | |
264702a0 | 22 | **/\r |
0878771f | 23 | BOOLEAN\r |
264702a0 HW |
24 | EFIAPI\r |
25 | TlsInitialize (\r | |
26 | VOID\r | |
27 | );\r | |
28 | \r | |
29 | /**\r | |
30 | Free an allocated SSL_CTX object.\r | |
31 | \r | |
32 | @param[in] TlsCtx Pointer to the SSL_CTX object to be released.\r | |
33 | \r | |
34 | **/\r | |
35 | VOID\r | |
36 | EFIAPI\r | |
37 | TlsCtxFree (\r | |
38 | IN VOID *TlsCtx\r | |
39 | );\r | |
40 | \r | |
41 | /**\r | |
42 | Creates a new SSL_CTX object as framework to establish TLS/SSL enabled\r | |
43 | connections.\r | |
44 | \r | |
45 | @param[in] MajorVer Major Version of TLS/SSL Protocol.\r | |
46 | @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r | |
47 | \r | |
48 | @return Pointer to an allocated SSL_CTX object.\r | |
49 | If the creation failed, TlsCtxNew() returns NULL.\r | |
50 | \r | |
51 | **/\r | |
52 | VOID *\r | |
53 | EFIAPI\r | |
54 | TlsCtxNew (\r | |
55 | IN UINT8 MajorVer,\r | |
56 | IN UINT8 MinorVer\r | |
57 | );\r | |
58 | \r | |
59 | /**\r | |
60 | Free an allocated TLS object.\r | |
61 | \r | |
62 | This function removes the TLS object pointed to by Tls and frees up the\r | |
63 | allocated memory. If Tls is NULL, nothing is done.\r | |
64 | \r | |
65 | @param[in] Tls Pointer to the TLS object to be freed.\r | |
66 | \r | |
67 | **/\r | |
68 | VOID\r | |
69 | EFIAPI\r | |
70 | TlsFree (\r | |
71 | IN VOID *Tls\r | |
72 | );\r | |
73 | \r | |
74 | /**\r | |
75 | Create a new TLS object for a connection.\r | |
76 | \r | |
77 | This function creates a new TLS object for a connection. The new object\r | |
78 | inherits the setting of the underlying context TlsCtx: connection method,\r | |
79 | options, verification setting.\r | |
80 | \r | |
81 | @param[in] TlsCtx Pointer to the SSL_CTX object.\r | |
82 | \r | |
83 | @return Pointer to an allocated SSL object.\r | |
84 | If the creation failed, TlsNew() returns NULL.\r | |
85 | \r | |
86 | **/\r | |
87 | VOID *\r | |
88 | EFIAPI\r | |
89 | TlsNew (\r | |
90 | IN VOID *TlsCtx\r | |
91 | );\r | |
92 | \r | |
93 | /**\r | |
94 | Checks if the TLS handshake was done.\r | |
95 | \r | |
96 | This function will check if the specified TLS handshake was done.\r | |
97 | \r | |
98 | @param[in] Tls Pointer to the TLS object for handshake state checking.\r | |
99 | \r | |
100 | @retval TRUE The TLS handshake was done.\r | |
101 | @retval FALSE The TLS handshake was not done.\r | |
102 | \r | |
103 | **/\r | |
104 | BOOLEAN\r | |
105 | EFIAPI\r | |
106 | TlsInHandshake (\r | |
107 | IN VOID *Tls\r | |
108 | );\r | |
109 | \r | |
110 | /**\r | |
111 | Perform a TLS/SSL handshake.\r | |
112 | \r | |
113 | This function will perform a TLS/SSL handshake.\r | |
114 | \r | |
115 | @param[in] Tls Pointer to the TLS object for handshake operation.\r | |
116 | @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.\r | |
117 | @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r | |
118 | Handshake packet.\r | |
119 | @param[out] BufferOut Pointer to the buffer to hold the built packet.\r | |
120 | @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r | |
121 | the buffer size provided by the caller. On output, it\r | |
122 | is the buffer size in fact needed to contain the\r | |
123 | packet.\r | |
124 | \r | |
125 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
126 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
127 | Tls is NULL.\r | |
128 | BufferIn is NULL but BufferInSize is NOT 0.\r | |
129 | BufferInSize is 0 but BufferIn is NOT NULL.\r | |
130 | BufferOutSize is NULL.\r | |
131 | BufferOut is NULL if *BufferOutSize is not zero.\r | |
132 | @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r | |
133 | @retval EFI_ABORTED Something wrong during handshake.\r | |
134 | \r | |
135 | **/\r | |
136 | EFI_STATUS\r | |
137 | EFIAPI\r | |
138 | TlsDoHandshake (\r | |
139 | IN VOID *Tls,\r | |
140 | IN UINT8 *BufferIn, OPTIONAL\r | |
141 | IN UINTN BufferInSize, OPTIONAL\r | |
142 | OUT UINT8 *BufferOut, OPTIONAL\r | |
143 | IN OUT UINTN *BufferOutSize\r | |
144 | );\r | |
145 | \r | |
146 | /**\r | |
147 | Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,\r | |
148 | TLS session has errors and the response packet needs to be Alert message based on error type.\r | |
149 | \r | |
150 | @param[in] Tls Pointer to the TLS object for state checking.\r | |
151 | @param[in] BufferIn Pointer to the most recently received TLS Alert packet.\r | |
152 | @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r | |
153 | Alert packet.\r | |
154 | @param[out] BufferOut Pointer to the buffer to hold the built packet.\r | |
155 | @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r | |
156 | the buffer size provided by the caller. On output, it\r | |
157 | is the buffer size in fact needed to contain the\r | |
158 | packet.\r | |
159 | \r | |
160 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
161 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
162 | Tls is NULL.\r | |
163 | BufferIn is NULL but BufferInSize is NOT 0.\r | |
164 | BufferInSize is 0 but BufferIn is NOT NULL.\r | |
165 | BufferOutSize is NULL.\r | |
166 | BufferOut is NULL if *BufferOutSize is not zero.\r | |
167 | @retval EFI_ABORTED An error occurred.\r | |
168 | @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r | |
169 | \r | |
170 | **/\r | |
171 | EFI_STATUS\r | |
172 | EFIAPI\r | |
173 | TlsHandleAlert (\r | |
174 | IN VOID *Tls,\r | |
175 | IN UINT8 *BufferIn, OPTIONAL\r | |
176 | IN UINTN BufferInSize, OPTIONAL\r | |
177 | OUT UINT8 *BufferOut, OPTIONAL\r | |
178 | IN OUT UINTN *BufferOutSize\r | |
179 | );\r | |
180 | \r | |
181 | /**\r | |
182 | Build the CloseNotify packet.\r | |
183 | \r | |
184 | @param[in] Tls Pointer to the TLS object for state checking.\r | |
185 | @param[in, out] Buffer Pointer to the buffer to hold the built packet.\r | |
186 | @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r | |
187 | the buffer size provided by the caller. On output, it\r | |
188 | is the buffer size in fact needed to contain the\r | |
189 | packet.\r | |
190 | \r | |
191 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
192 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
193 | Tls is NULL.\r | |
194 | BufferSize is NULL.\r | |
195 | Buffer is NULL if *BufferSize is not zero.\r | |
196 | @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r | |
197 | \r | |
198 | **/\r | |
199 | EFI_STATUS\r | |
200 | EFIAPI\r | |
201 | TlsCloseNotify (\r | |
202 | IN VOID *Tls,\r | |
203 | IN OUT UINT8 *Buffer,\r | |
204 | IN OUT UINTN *BufferSize\r | |
205 | );\r | |
206 | \r | |
207 | /**\r | |
208 | Attempts to read bytes from one TLS object and places the data in Buffer.\r | |
209 | \r | |
210 | This function will attempt to read BufferSize bytes from the TLS object\r | |
211 | and places the data in Buffer.\r | |
212 | \r | |
213 | @param[in] Tls Pointer to the TLS object.\r | |
214 | @param[in,out] Buffer Pointer to the buffer to store the data.\r | |
215 | @param[in] BufferSize The size of Buffer in bytes.\r | |
216 | \r | |
217 | @retval >0 The amount of data successfully read from the TLS object.\r | |
218 | @retval <=0 No data was successfully read.\r | |
219 | \r | |
220 | **/\r | |
221 | INTN\r | |
222 | EFIAPI\r | |
223 | TlsCtrlTrafficOut (\r | |
224 | IN VOID *Tls,\r | |
225 | IN OUT VOID *Buffer,\r | |
226 | IN UINTN BufferSize\r | |
227 | );\r | |
228 | \r | |
229 | /**\r | |
230 | Attempts to write data from the buffer to TLS object.\r | |
231 | \r | |
232 | This function will attempt to write BufferSize bytes data from the Buffer\r | |
233 | to the TLS object.\r | |
234 | \r | |
235 | @param[in] Tls Pointer to the TLS object.\r | |
236 | @param[in] Buffer Pointer to the data buffer.\r | |
237 | @param[in] BufferSize The size of Buffer in bytes.\r | |
238 | \r | |
239 | @retval >0 The amount of data successfully written to the TLS object.\r | |
240 | @retval <=0 No data was successfully written.\r | |
241 | \r | |
242 | **/\r | |
243 | INTN\r | |
244 | EFIAPI\r | |
245 | TlsCtrlTrafficIn (\r | |
246 | IN VOID *Tls,\r | |
247 | IN VOID *Buffer,\r | |
248 | IN UINTN BufferSize\r | |
249 | );\r | |
250 | \r | |
251 | /**\r | |
252 | Attempts to read bytes from the specified TLS connection into the buffer.\r | |
253 | \r | |
254 | This function tries to read BufferSize bytes data from the specified TLS\r | |
255 | connection into the Buffer.\r | |
256 | \r | |
257 | @param[in] Tls Pointer to the TLS connection for data reading.\r | |
258 | @param[in,out] Buffer Pointer to the data buffer.\r | |
259 | @param[in] BufferSize The size of Buffer in bytes.\r | |
260 | \r | |
261 | @retval >0 The read operation was successful, and return value is the\r | |
262 | number of bytes actually read from the TLS connection.\r | |
263 | @retval <=0 The read operation was not successful.\r | |
264 | \r | |
265 | **/\r | |
266 | INTN\r | |
267 | EFIAPI\r | |
268 | TlsRead (\r | |
269 | IN VOID *Tls,\r | |
270 | IN OUT VOID *Buffer,\r | |
271 | IN UINTN BufferSize\r | |
272 | );\r | |
273 | \r | |
274 | /**\r | |
275 | Attempts to write data to a TLS connection.\r | |
276 | \r | |
277 | This function tries to write BufferSize bytes data from the Buffer into the\r | |
278 | specified TLS connection.\r | |
279 | \r | |
280 | @param[in] Tls Pointer to the TLS connection for data writing.\r | |
281 | @param[in] Buffer Pointer to the data buffer.\r | |
282 | @param[in] BufferSize The size of Buffer in bytes.\r | |
283 | \r | |
284 | @retval >0 The write operation was successful, and return value is the\r | |
285 | number of bytes actually written to the TLS connection.\r | |
286 | @retval <=0 The write operation was not successful.\r | |
287 | \r | |
288 | **/\r | |
289 | INTN\r | |
290 | EFIAPI\r | |
291 | TlsWrite (\r | |
292 | IN VOID *Tls,\r | |
293 | IN VOID *Buffer,\r | |
294 | IN UINTN BufferSize\r | |
295 | );\r | |
296 | \r | |
297 | /**\r | |
298 | Set a new TLS/SSL method for a particular TLS object.\r | |
299 | \r | |
300 | This function sets a new TLS/SSL method for a particular TLS object.\r | |
301 | \r | |
302 | @param[in] Tls Pointer to a TLS object.\r | |
303 | @param[in] MajorVer Major Version of TLS/SSL Protocol.\r | |
304 | @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r | |
305 | \r | |
306 | @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r | |
307 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
308 | @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r | |
309 | \r | |
310 | **/\r | |
311 | EFI_STATUS\r | |
312 | EFIAPI\r | |
313 | TlsSetVersion (\r | |
314 | IN VOID *Tls,\r | |
315 | IN UINT8 MajorVer,\r | |
316 | IN UINT8 MinorVer\r | |
317 | );\r | |
318 | \r | |
319 | /**\r | |
320 | Set TLS object to work in client or server mode.\r | |
321 | \r | |
322 | This function prepares a TLS object to work in client or server mode.\r | |
323 | \r | |
324 | @param[in] Tls Pointer to a TLS object.\r | |
325 | @param[in] IsServer Work in server mode.\r | |
326 | \r | |
327 | @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r | |
328 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
329 | @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r | |
330 | \r | |
331 | **/\r | |
332 | EFI_STATUS\r | |
333 | EFIAPI\r | |
334 | TlsSetConnectionEnd (\r | |
335 | IN VOID *Tls,\r | |
336 | IN BOOLEAN IsServer\r | |
337 | );\r | |
338 | \r | |
339 | /**\r | |
340 | Set the ciphers list to be used by the TLS object.\r | |
341 | \r | |
342 | This function sets the ciphers for use by a specified TLS object.\r | |
343 | \r | |
344 | @param[in] Tls Pointer to a TLS object.\r | |
2167c7f7 LE |
345 | @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16\r |
346 | cipher identifier comes from the TLS Cipher Suite\r | |
347 | Registry of the IANA, interpreting Byte1 and Byte2\r | |
348 | in network (big endian) byte order.\r | |
264702a0 HW |
349 | @param[in] CipherNum The number of cipher in the list.\r |
350 | \r | |
351 | @retval EFI_SUCCESS The ciphers list was set successfully.\r | |
352 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
2167c7f7 LE |
353 | @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.\r |
354 | @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r | |
264702a0 HW |
355 | \r |
356 | **/\r | |
357 | EFI_STATUS\r | |
358 | EFIAPI\r | |
359 | TlsSetCipherList (\r | |
360 | IN VOID *Tls,\r | |
361 | IN UINT16 *CipherId,\r | |
362 | IN UINTN CipherNum\r | |
363 | );\r | |
364 | \r | |
365 | /**\r | |
366 | Set the compression method for TLS/SSL operations.\r | |
367 | \r | |
368 | This function handles TLS/SSL integrated compression methods.\r | |
369 | \r | |
370 | @param[in] CompMethod The compression method ID.\r | |
371 | \r | |
372 | @retval EFI_SUCCESS The compression method for the communication was\r | |
373 | set successfully.\r | |
374 | @retval EFI_UNSUPPORTED Unsupported compression method.\r | |
375 | \r | |
376 | **/\r | |
377 | EFI_STATUS\r | |
378 | EFIAPI\r | |
379 | TlsSetCompressionMethod (\r | |
380 | IN UINT8 CompMethod\r | |
381 | );\r | |
382 | \r | |
383 | /**\r | |
384 | Set peer certificate verification mode for the TLS connection.\r | |
385 | \r | |
386 | This function sets the verification mode flags for the TLS connection.\r | |
387 | \r | |
388 | @param[in] Tls Pointer to the TLS object.\r | |
389 | @param[in] VerifyMode A set of logically or'ed verification mode flags.\r | |
390 | \r | |
391 | **/\r | |
392 | VOID\r | |
393 | EFIAPI\r | |
394 | TlsSetVerify (\r | |
395 | IN VOID *Tls,\r | |
396 | IN UINT32 VerifyMode\r | |
397 | );\r | |
398 | \r | |
399 | /**\r | |
400 | Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r | |
401 | \r | |
402 | This function sets a session ID to be used when the TLS/SSL connection is\r | |
403 | to be established.\r | |
404 | \r | |
405 | @param[in] Tls Pointer to the TLS object.\r | |
406 | @param[in] SessionId Session ID data used for session resumption.\r | |
407 | @param[in] SessionIdLen Length of Session ID in bytes.\r | |
408 | \r | |
409 | @retval EFI_SUCCESS Session ID was set successfully.\r | |
410 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
411 | @retval EFI_UNSUPPORTED No available session for ID setting.\r | |
412 | \r | |
413 | **/\r | |
414 | EFI_STATUS\r | |
415 | EFIAPI\r | |
416 | TlsSetSessionId (\r | |
417 | IN VOID *Tls,\r | |
418 | IN UINT8 *SessionId,\r | |
419 | IN UINT16 SessionIdLen\r | |
420 | );\r | |
421 | \r | |
422 | /**\r | |
423 | Adds the CA to the cert store when requesting Server or Client authentication.\r | |
424 | \r | |
425 | This function adds the CA certificate to the list of CAs when requesting\r | |
426 | Server or Client authentication for the chosen TLS connection.\r | |
427 | \r | |
428 | @param[in] Tls Pointer to the TLS object.\r | |
429 | @param[in] Data Pointer to the data buffer of a DER-encoded binary\r | |
430 | X.509 certificate or PEM-encoded X.509 certificate.\r | |
431 | @param[in] DataSize The size of data buffer in bytes.\r | |
432 | \r | |
433 | @retval EFI_SUCCESS The operation succeeded.\r | |
434 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
435 | @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r | |
436 | @retval EFI_ABORTED Invalid X.509 certificate.\r | |
437 | \r | |
438 | **/\r | |
439 | EFI_STATUS\r | |
440 | EFIAPI\r | |
441 | TlsSetCaCertificate (\r | |
442 | IN VOID *Tls,\r | |
443 | IN VOID *Data,\r | |
444 | IN UINTN DataSize\r | |
445 | );\r | |
446 | \r | |
447 | /**\r | |
448 | Loads the local public certificate into the specified TLS object.\r | |
449 | \r | |
450 | This function loads the X.509 certificate into the specified TLS object\r | |
451 | for TLS negotiation.\r | |
452 | \r | |
453 | @param[in] Tls Pointer to the TLS object.\r | |
454 | @param[in] Data Pointer to the data buffer of a DER-encoded binary\r | |
455 | X.509 certificate or PEM-encoded X.509 certificate.\r | |
456 | @param[in] DataSize The size of data buffer in bytes.\r | |
457 | \r | |
458 | @retval EFI_SUCCESS The operation succeeded.\r | |
459 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
460 | @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r | |
461 | @retval EFI_ABORTED Invalid X.509 certificate.\r | |
462 | \r | |
463 | **/\r | |
464 | EFI_STATUS\r | |
465 | EFIAPI\r | |
466 | TlsSetHostPublicCert (\r | |
467 | IN VOID *Tls,\r | |
468 | IN VOID *Data,\r | |
469 | IN UINTN DataSize\r | |
470 | );\r | |
471 | \r | |
472 | /**\r | |
473 | Adds the local private key to the specified TLS object.\r | |
474 | \r | |
475 | This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r | |
476 | key) into the specified TLS object for TLS negotiation.\r | |
477 | \r | |
478 | @param[in] Tls Pointer to the TLS object.\r | |
479 | @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r | |
480 | or PKCS#8 private key.\r | |
481 | @param[in] DataSize The size of data buffer in bytes.\r | |
482 | \r | |
483 | @retval EFI_SUCCESS The operation succeeded.\r | |
484 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
485 | @retval EFI_ABORTED Invalid private key data.\r | |
486 | \r | |
487 | **/\r | |
488 | EFI_STATUS\r | |
489 | EFIAPI\r | |
490 | TlsSetHostPrivateKey (\r | |
491 | IN VOID *Tls,\r | |
492 | IN VOID *Data,\r | |
493 | IN UINTN DataSize\r | |
494 | );\r | |
495 | \r | |
496 | /**\r | |
497 | Adds the CA-supplied certificate revocation list for certificate validation.\r | |
498 | \r | |
499 | This function adds the CA-supplied certificate revocation list data for\r | |
500 | certificate validity checking.\r | |
501 | \r | |
502 | @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r | |
503 | @param[in] DataSize The size of data buffer in bytes.\r | |
504 | \r | |
505 | @retval EFI_SUCCESS The operation succeeded.\r | |
506 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
507 | @retval EFI_ABORTED Invalid CRL data.\r | |
508 | \r | |
509 | **/\r | |
510 | EFI_STATUS\r | |
511 | EFIAPI\r | |
512 | TlsSetCertRevocationList (\r | |
513 | IN VOID *Data,\r | |
514 | IN UINTN DataSize\r | |
515 | );\r | |
516 | \r | |
517 | /**\r | |
518 | Gets the protocol version used by the specified TLS connection.\r | |
519 | \r | |
520 | This function returns the protocol version used by the specified TLS\r | |
521 | connection.\r | |
522 | \r | |
9c14f76b JW |
523 | If Tls is NULL, then ASSERT().\r |
524 | \r | |
264702a0 HW |
525 | @param[in] Tls Pointer to the TLS object.\r |
526 | \r | |
527 | @return The protocol version of the specified TLS connection.\r | |
528 | \r | |
529 | **/\r | |
530 | UINT16\r | |
531 | EFIAPI\r | |
532 | TlsGetVersion (\r | |
533 | IN VOID *Tls\r | |
534 | );\r | |
535 | \r | |
536 | /**\r | |
537 | Gets the connection end of the specified TLS connection.\r | |
538 | \r | |
539 | This function returns the connection end (as client or as server) used by\r | |
540 | the specified TLS connection.\r | |
541 | \r | |
9c14f76b JW |
542 | If Tls is NULL, then ASSERT().\r |
543 | \r | |
264702a0 HW |
544 | @param[in] Tls Pointer to the TLS object.\r |
545 | \r | |
546 | @return The connection end used by the specified TLS connection.\r | |
547 | \r | |
548 | **/\r | |
549 | UINT8\r | |
550 | EFIAPI\r | |
551 | TlsGetConnectionEnd (\r | |
552 | IN VOID *Tls\r | |
553 | );\r | |
554 | \r | |
555 | /**\r | |
556 | Gets the cipher suite used by the specified TLS connection.\r | |
557 | \r | |
558 | This function returns current cipher suite used by the specified\r | |
559 | TLS connection.\r | |
560 | \r | |
561 | @param[in] Tls Pointer to the TLS object.\r | |
562 | @param[in,out] CipherId The cipher suite used by the TLS object.\r | |
563 | \r | |
564 | @retval EFI_SUCCESS The cipher suite was returned successfully.\r | |
565 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
566 | @retval EFI_UNSUPPORTED Unsupported cipher suite.\r | |
567 | \r | |
568 | **/\r | |
569 | EFI_STATUS\r | |
570 | EFIAPI\r | |
571 | TlsGetCurrentCipher (\r | |
572 | IN VOID *Tls,\r | |
573 | IN OUT UINT16 *CipherId\r | |
574 | );\r | |
575 | \r | |
576 | /**\r | |
577 | Gets the compression methods used by the specified TLS connection.\r | |
578 | \r | |
579 | This function returns current integrated compression methods used by\r | |
580 | the specified TLS connection.\r | |
581 | \r | |
582 | @param[in] Tls Pointer to the TLS object.\r | |
583 | @param[in,out] CompressionId The current compression method used by\r | |
584 | the TLS object.\r | |
585 | \r | |
586 | @retval EFI_SUCCESS The compression method was returned successfully.\r | |
587 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
588 | @retval EFI_ABORTED Invalid Compression method.\r | |
589 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
590 | \r | |
591 | **/\r | |
592 | EFI_STATUS\r | |
593 | EFIAPI\r | |
594 | TlsGetCurrentCompressionId (\r | |
595 | IN VOID *Tls,\r | |
596 | IN OUT UINT8 *CompressionId\r | |
597 | );\r | |
598 | \r | |
599 | /**\r | |
600 | Gets the verification mode currently set in the TLS connection.\r | |
601 | \r | |
602 | This function returns the peer verification mode currently set in the\r | |
603 | specified TLS connection.\r | |
604 | \r | |
9c14f76b JW |
605 | If Tls is NULL, then ASSERT().\r |
606 | \r | |
264702a0 HW |
607 | @param[in] Tls Pointer to the TLS object.\r |
608 | \r | |
609 | @return The verification mode set in the specified TLS connection.\r | |
610 | \r | |
611 | **/\r | |
612 | UINT32\r | |
613 | EFIAPI\r | |
614 | TlsGetVerify (\r | |
615 | IN VOID *Tls\r | |
616 | );\r | |
617 | \r | |
618 | /**\r | |
619 | Gets the session ID used by the specified TLS connection.\r | |
620 | \r | |
621 | This function returns the TLS/SSL session ID currently used by the\r | |
622 | specified TLS connection.\r | |
623 | \r | |
624 | @param[in] Tls Pointer to the TLS object.\r | |
625 | @param[in,out] SessionId Buffer to contain the returned session ID.\r | |
626 | @param[in,out] SessionIdLen The length of Session ID in bytes.\r | |
627 | \r | |
628 | @retval EFI_SUCCESS The Session ID was returned successfully.\r | |
629 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
630 | @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r | |
631 | \r | |
632 | **/\r | |
633 | EFI_STATUS\r | |
634 | EFIAPI\r | |
635 | TlsGetSessionId (\r | |
636 | IN VOID *Tls,\r | |
637 | IN OUT UINT8 *SessionId,\r | |
638 | IN OUT UINT16 *SessionIdLen\r | |
639 | );\r | |
640 | \r | |
641 | /**\r | |
642 | Gets the client random data used in the specified TLS connection.\r | |
643 | \r | |
644 | This function returns the TLS/SSL client random data currently used in\r | |
645 | the specified TLS connection.\r | |
646 | \r | |
647 | @param[in] Tls Pointer to the TLS object.\r | |
648 | @param[in,out] ClientRandom Buffer to contain the returned client\r | |
649 | random data (32 bytes).\r | |
650 | \r | |
651 | **/\r | |
652 | VOID\r | |
653 | EFIAPI\r | |
654 | TlsGetClientRandom (\r | |
655 | IN VOID *Tls,\r | |
656 | IN OUT UINT8 *ClientRandom\r | |
657 | );\r | |
658 | \r | |
659 | /**\r | |
660 | Gets the server random data used in the specified TLS connection.\r | |
661 | \r | |
662 | This function returns the TLS/SSL server random data currently used in\r | |
663 | the specified TLS connection.\r | |
664 | \r | |
665 | @param[in] Tls Pointer to the TLS object.\r | |
666 | @param[in,out] ServerRandom Buffer to contain the returned server\r | |
667 | random data (32 bytes).\r | |
668 | \r | |
669 | **/\r | |
670 | VOID\r | |
671 | EFIAPI\r | |
672 | TlsGetServerRandom (\r | |
673 | IN VOID *Tls,\r | |
674 | IN OUT UINT8 *ServerRandom\r | |
675 | );\r | |
676 | \r | |
677 | /**\r | |
678 | Gets the master key data used in the specified TLS connection.\r | |
679 | \r | |
680 | This function returns the TLS/SSL master key material currently used in\r | |
681 | the specified TLS connection.\r | |
682 | \r | |
683 | @param[in] Tls Pointer to the TLS object.\r | |
684 | @param[in,out] KeyMaterial Buffer to contain the returned key material.\r | |
685 | \r | |
686 | @retval EFI_SUCCESS Key material was returned successfully.\r | |
687 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
688 | @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r | |
689 | \r | |
690 | **/\r | |
691 | EFI_STATUS\r | |
692 | EFIAPI\r | |
693 | TlsGetKeyMaterial (\r | |
694 | IN VOID *Tls,\r | |
695 | IN OUT UINT8 *KeyMaterial\r | |
696 | );\r | |
697 | \r | |
698 | /**\r | |
699 | Gets the CA Certificate from the cert store.\r | |
700 | \r | |
701 | This function returns the CA certificate for the chosen\r | |
702 | TLS connection.\r | |
703 | \r | |
704 | @param[in] Tls Pointer to the TLS object.\r | |
705 | @param[out] Data Pointer to the data buffer to receive the CA\r | |
706 | certificate data sent to the client.\r | |
707 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
708 | \r | |
709 | @retval EFI_SUCCESS The operation succeeded.\r | |
710 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
711 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
712 | \r | |
713 | **/\r | |
714 | EFI_STATUS\r | |
715 | EFIAPI\r | |
716 | TlsGetCaCertificate (\r | |
717 | IN VOID *Tls,\r | |
718 | OUT VOID *Data,\r | |
719 | IN OUT UINTN *DataSize\r | |
720 | );\r | |
721 | \r | |
722 | /**\r | |
723 | Gets the local public Certificate set in the specified TLS object.\r | |
724 | \r | |
725 | This function returns the local public certificate which was currently set\r | |
726 | in the specified TLS object.\r | |
727 | \r | |
728 | @param[in] Tls Pointer to the TLS object.\r | |
729 | @param[out] Data Pointer to the data buffer to receive the local\r | |
730 | public certificate.\r | |
731 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
732 | \r | |
733 | @retval EFI_SUCCESS The operation succeeded.\r | |
734 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
735 | @retval EFI_NOT_FOUND The certificate is not found.\r | |
736 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
737 | \r | |
738 | **/\r | |
739 | EFI_STATUS\r | |
740 | EFIAPI\r | |
741 | TlsGetHostPublicCert (\r | |
742 | IN VOID *Tls,\r | |
743 | OUT VOID *Data,\r | |
744 | IN OUT UINTN *DataSize\r | |
745 | );\r | |
746 | \r | |
747 | /**\r | |
748 | Gets the local private key set in the specified TLS object.\r | |
749 | \r | |
750 | This function returns the local private key data which was currently set\r | |
751 | in the specified TLS object.\r | |
752 | \r | |
753 | @param[in] Tls Pointer to the TLS object.\r | |
754 | @param[out] Data Pointer to the data buffer to receive the local\r | |
755 | private key data.\r | |
756 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
757 | \r | |
758 | @retval EFI_SUCCESS The operation succeeded.\r | |
759 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
760 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
761 | \r | |
762 | **/\r | |
763 | EFI_STATUS\r | |
764 | EFIAPI\r | |
765 | TlsGetHostPrivateKey (\r | |
766 | IN VOID *Tls,\r | |
767 | OUT VOID *Data,\r | |
768 | IN OUT UINTN *DataSize\r | |
769 | );\r | |
770 | \r | |
771 | /**\r | |
772 | Gets the CA-supplied certificate revocation list data set in the specified\r | |
773 | TLS object.\r | |
774 | \r | |
775 | This function returns the CA-supplied certificate revocation list data which\r | |
776 | was currently set in the specified TLS object.\r | |
777 | \r | |
778 | @param[out] Data Pointer to the data buffer to receive the CRL data.\r | |
779 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
780 | \r | |
781 | @retval EFI_SUCCESS The operation succeeded.\r | |
782 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
783 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
784 | \r | |
785 | **/\r | |
786 | EFI_STATUS\r | |
787 | EFIAPI\r | |
788 | TlsGetCertRevocationList (\r | |
789 | OUT VOID *Data,\r | |
790 | IN OUT UINTN *DataSize\r | |
791 | );\r | |
792 | \r | |
793 | #endif // __TLS_LIB_H__\r | |
794 | \r |