]>
Commit | Line | Data |
---|---|---|
264702a0 HW |
1 | /** @file\r |
2 | Defines TLS Library APIs.\r | |
3 | \r | |
0878771f | 4 | Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r |
264702a0 HW |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #ifndef __TLS_LIB_H__\r | |
16 | #define __TLS_LIB_H__\r | |
17 | \r | |
18 | /**\r | |
19 | Initializes the OpenSSL library.\r | |
20 | \r | |
21 | This function registers ciphers and digests used directly and indirectly\r | |
22 | by SSL/TLS, and initializes the readable error messages.\r | |
23 | This function must be called before any other action takes places.\r | |
24 | \r | |
0878771f JW |
25 | @retval TRUE The OpenSSL library has been initialized.\r |
26 | @retval FALSE Failed to initialize the OpenSSL library.\r | |
27 | \r | |
264702a0 | 28 | **/\r |
0878771f | 29 | BOOLEAN\r |
264702a0 HW |
30 | EFIAPI\r |
31 | TlsInitialize (\r | |
32 | VOID\r | |
33 | );\r | |
34 | \r | |
35 | /**\r | |
36 | Free an allocated SSL_CTX object.\r | |
37 | \r | |
38 | @param[in] TlsCtx Pointer to the SSL_CTX object to be released.\r | |
39 | \r | |
40 | **/\r | |
41 | VOID\r | |
42 | EFIAPI\r | |
43 | TlsCtxFree (\r | |
44 | IN VOID *TlsCtx\r | |
45 | );\r | |
46 | \r | |
47 | /**\r | |
48 | Creates a new SSL_CTX object as framework to establish TLS/SSL enabled\r | |
49 | connections.\r | |
50 | \r | |
51 | @param[in] MajorVer Major Version of TLS/SSL Protocol.\r | |
52 | @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r | |
53 | \r | |
54 | @return Pointer to an allocated SSL_CTX object.\r | |
55 | If the creation failed, TlsCtxNew() returns NULL.\r | |
56 | \r | |
57 | **/\r | |
58 | VOID *\r | |
59 | EFIAPI\r | |
60 | TlsCtxNew (\r | |
61 | IN UINT8 MajorVer,\r | |
62 | IN UINT8 MinorVer\r | |
63 | );\r | |
64 | \r | |
65 | /**\r | |
66 | Free an allocated TLS object.\r | |
67 | \r | |
68 | This function removes the TLS object pointed to by Tls and frees up the\r | |
69 | allocated memory. If Tls is NULL, nothing is done.\r | |
70 | \r | |
71 | @param[in] Tls Pointer to the TLS object to be freed.\r | |
72 | \r | |
73 | **/\r | |
74 | VOID\r | |
75 | EFIAPI\r | |
76 | TlsFree (\r | |
77 | IN VOID *Tls\r | |
78 | );\r | |
79 | \r | |
80 | /**\r | |
81 | Create a new TLS object for a connection.\r | |
82 | \r | |
83 | This function creates a new TLS object for a connection. The new object\r | |
84 | inherits the setting of the underlying context TlsCtx: connection method,\r | |
85 | options, verification setting.\r | |
86 | \r | |
87 | @param[in] TlsCtx Pointer to the SSL_CTX object.\r | |
88 | \r | |
89 | @return Pointer to an allocated SSL object.\r | |
90 | If the creation failed, TlsNew() returns NULL.\r | |
91 | \r | |
92 | **/\r | |
93 | VOID *\r | |
94 | EFIAPI\r | |
95 | TlsNew (\r | |
96 | IN VOID *TlsCtx\r | |
97 | );\r | |
98 | \r | |
99 | /**\r | |
100 | Checks if the TLS handshake was done.\r | |
101 | \r | |
102 | This function will check if the specified TLS handshake was done.\r | |
103 | \r | |
104 | @param[in] Tls Pointer to the TLS object for handshake state checking.\r | |
105 | \r | |
106 | @retval TRUE The TLS handshake was done.\r | |
107 | @retval FALSE The TLS handshake was not done.\r | |
108 | \r | |
109 | **/\r | |
110 | BOOLEAN\r | |
111 | EFIAPI\r | |
112 | TlsInHandshake (\r | |
113 | IN VOID *Tls\r | |
114 | );\r | |
115 | \r | |
116 | /**\r | |
117 | Perform a TLS/SSL handshake.\r | |
118 | \r | |
119 | This function will perform a TLS/SSL handshake.\r | |
120 | \r | |
121 | @param[in] Tls Pointer to the TLS object for handshake operation.\r | |
122 | @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.\r | |
123 | @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r | |
124 | Handshake packet.\r | |
125 | @param[out] BufferOut Pointer to the buffer to hold the built packet.\r | |
126 | @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r | |
127 | the buffer size provided by the caller. On output, it\r | |
128 | is the buffer size in fact needed to contain the\r | |
129 | packet.\r | |
130 | \r | |
131 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
132 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
133 | Tls is NULL.\r | |
134 | BufferIn is NULL but BufferInSize is NOT 0.\r | |
135 | BufferInSize is 0 but BufferIn is NOT NULL.\r | |
136 | BufferOutSize is NULL.\r | |
137 | BufferOut is NULL if *BufferOutSize is not zero.\r | |
138 | @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r | |
139 | @retval EFI_ABORTED Something wrong during handshake.\r | |
140 | \r | |
141 | **/\r | |
142 | EFI_STATUS\r | |
143 | EFIAPI\r | |
144 | TlsDoHandshake (\r | |
145 | IN VOID *Tls,\r | |
146 | IN UINT8 *BufferIn, OPTIONAL\r | |
147 | IN UINTN BufferInSize, OPTIONAL\r | |
148 | OUT UINT8 *BufferOut, OPTIONAL\r | |
149 | IN OUT UINTN *BufferOutSize\r | |
150 | );\r | |
151 | \r | |
152 | /**\r | |
153 | Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,\r | |
154 | TLS session has errors and the response packet needs to be Alert message based on error type.\r | |
155 | \r | |
156 | @param[in] Tls Pointer to the TLS object for state checking.\r | |
157 | @param[in] BufferIn Pointer to the most recently received TLS Alert packet.\r | |
158 | @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r | |
159 | Alert packet.\r | |
160 | @param[out] BufferOut Pointer to the buffer to hold the built packet.\r | |
161 | @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r | |
162 | the buffer size provided by the caller. On output, it\r | |
163 | is the buffer size in fact needed to contain the\r | |
164 | packet.\r | |
165 | \r | |
166 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
167 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
168 | Tls is NULL.\r | |
169 | BufferIn is NULL but BufferInSize is NOT 0.\r | |
170 | BufferInSize is 0 but BufferIn is NOT NULL.\r | |
171 | BufferOutSize is NULL.\r | |
172 | BufferOut is NULL if *BufferOutSize is not zero.\r | |
173 | @retval EFI_ABORTED An error occurred.\r | |
174 | @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r | |
175 | \r | |
176 | **/\r | |
177 | EFI_STATUS\r | |
178 | EFIAPI\r | |
179 | TlsHandleAlert (\r | |
180 | IN VOID *Tls,\r | |
181 | IN UINT8 *BufferIn, OPTIONAL\r | |
182 | IN UINTN BufferInSize, OPTIONAL\r | |
183 | OUT UINT8 *BufferOut, OPTIONAL\r | |
184 | IN OUT UINTN *BufferOutSize\r | |
185 | );\r | |
186 | \r | |
187 | /**\r | |
188 | Build the CloseNotify packet.\r | |
189 | \r | |
190 | @param[in] Tls Pointer to the TLS object for state checking.\r | |
191 | @param[in, out] Buffer Pointer to the buffer to hold the built packet.\r | |
192 | @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r | |
193 | the buffer size provided by the caller. On output, it\r | |
194 | is the buffer size in fact needed to contain the\r | |
195 | packet.\r | |
196 | \r | |
197 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
198 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
199 | Tls is NULL.\r | |
200 | BufferSize is NULL.\r | |
201 | Buffer is NULL if *BufferSize is not zero.\r | |
202 | @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r | |
203 | \r | |
204 | **/\r | |
205 | EFI_STATUS\r | |
206 | EFIAPI\r | |
207 | TlsCloseNotify (\r | |
208 | IN VOID *Tls,\r | |
209 | IN OUT UINT8 *Buffer,\r | |
210 | IN OUT UINTN *BufferSize\r | |
211 | );\r | |
212 | \r | |
213 | /**\r | |
214 | Attempts to read bytes from one TLS object and places the data in Buffer.\r | |
215 | \r | |
216 | This function will attempt to read BufferSize bytes from the TLS object\r | |
217 | and places the data in Buffer.\r | |
218 | \r | |
219 | @param[in] Tls Pointer to the TLS object.\r | |
220 | @param[in,out] Buffer Pointer to the buffer to store the data.\r | |
221 | @param[in] BufferSize The size of Buffer in bytes.\r | |
222 | \r | |
223 | @retval >0 The amount of data successfully read from the TLS object.\r | |
224 | @retval <=0 No data was successfully read.\r | |
225 | \r | |
226 | **/\r | |
227 | INTN\r | |
228 | EFIAPI\r | |
229 | TlsCtrlTrafficOut (\r | |
230 | IN VOID *Tls,\r | |
231 | IN OUT VOID *Buffer,\r | |
232 | IN UINTN BufferSize\r | |
233 | );\r | |
234 | \r | |
235 | /**\r | |
236 | Attempts to write data from the buffer to TLS object.\r | |
237 | \r | |
238 | This function will attempt to write BufferSize bytes data from the Buffer\r | |
239 | to the TLS object.\r | |
240 | \r | |
241 | @param[in] Tls Pointer to the TLS object.\r | |
242 | @param[in] Buffer Pointer to the data buffer.\r | |
243 | @param[in] BufferSize The size of Buffer in bytes.\r | |
244 | \r | |
245 | @retval >0 The amount of data successfully written to the TLS object.\r | |
246 | @retval <=0 No data was successfully written.\r | |
247 | \r | |
248 | **/\r | |
249 | INTN\r | |
250 | EFIAPI\r | |
251 | TlsCtrlTrafficIn (\r | |
252 | IN VOID *Tls,\r | |
253 | IN VOID *Buffer,\r | |
254 | IN UINTN BufferSize\r | |
255 | );\r | |
256 | \r | |
257 | /**\r | |
258 | Attempts to read bytes from the specified TLS connection into the buffer.\r | |
259 | \r | |
260 | This function tries to read BufferSize bytes data from the specified TLS\r | |
261 | connection into the Buffer.\r | |
262 | \r | |
263 | @param[in] Tls Pointer to the TLS connection for data reading.\r | |
264 | @param[in,out] Buffer Pointer to the data buffer.\r | |
265 | @param[in] BufferSize The size of Buffer in bytes.\r | |
266 | \r | |
267 | @retval >0 The read operation was successful, and return value is the\r | |
268 | number of bytes actually read from the TLS connection.\r | |
269 | @retval <=0 The read operation was not successful.\r | |
270 | \r | |
271 | **/\r | |
272 | INTN\r | |
273 | EFIAPI\r | |
274 | TlsRead (\r | |
275 | IN VOID *Tls,\r | |
276 | IN OUT VOID *Buffer,\r | |
277 | IN UINTN BufferSize\r | |
278 | );\r | |
279 | \r | |
280 | /**\r | |
281 | Attempts to write data to a TLS connection.\r | |
282 | \r | |
283 | This function tries to write BufferSize bytes data from the Buffer into the\r | |
284 | specified TLS connection.\r | |
285 | \r | |
286 | @param[in] Tls Pointer to the TLS connection for data writing.\r | |
287 | @param[in] Buffer Pointer to the data buffer.\r | |
288 | @param[in] BufferSize The size of Buffer in bytes.\r | |
289 | \r | |
290 | @retval >0 The write operation was successful, and return value is the\r | |
291 | number of bytes actually written to the TLS connection.\r | |
292 | @retval <=0 The write operation was not successful.\r | |
293 | \r | |
294 | **/\r | |
295 | INTN\r | |
296 | EFIAPI\r | |
297 | TlsWrite (\r | |
298 | IN VOID *Tls,\r | |
299 | IN VOID *Buffer,\r | |
300 | IN UINTN BufferSize\r | |
301 | );\r | |
302 | \r | |
303 | /**\r | |
304 | Set a new TLS/SSL method for a particular TLS object.\r | |
305 | \r | |
306 | This function sets a new TLS/SSL method for a particular TLS object.\r | |
307 | \r | |
308 | @param[in] Tls Pointer to a TLS object.\r | |
309 | @param[in] MajorVer Major Version of TLS/SSL Protocol.\r | |
310 | @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r | |
311 | \r | |
312 | @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r | |
313 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
314 | @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r | |
315 | \r | |
316 | **/\r | |
317 | EFI_STATUS\r | |
318 | EFIAPI\r | |
319 | TlsSetVersion (\r | |
320 | IN VOID *Tls,\r | |
321 | IN UINT8 MajorVer,\r | |
322 | IN UINT8 MinorVer\r | |
323 | );\r | |
324 | \r | |
325 | /**\r | |
326 | Set TLS object to work in client or server mode.\r | |
327 | \r | |
328 | This function prepares a TLS object to work in client or server mode.\r | |
329 | \r | |
330 | @param[in] Tls Pointer to a TLS object.\r | |
331 | @param[in] IsServer Work in server mode.\r | |
332 | \r | |
333 | @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r | |
334 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
335 | @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r | |
336 | \r | |
337 | **/\r | |
338 | EFI_STATUS\r | |
339 | EFIAPI\r | |
340 | TlsSetConnectionEnd (\r | |
341 | IN VOID *Tls,\r | |
342 | IN BOOLEAN IsServer\r | |
343 | );\r | |
344 | \r | |
345 | /**\r | |
346 | Set the ciphers list to be used by the TLS object.\r | |
347 | \r | |
348 | This function sets the ciphers for use by a specified TLS object.\r | |
349 | \r | |
350 | @param[in] Tls Pointer to a TLS object.\r | |
2167c7f7 LE |
351 | @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16\r |
352 | cipher identifier comes from the TLS Cipher Suite\r | |
353 | Registry of the IANA, interpreting Byte1 and Byte2\r | |
354 | in network (big endian) byte order.\r | |
264702a0 HW |
355 | @param[in] CipherNum The number of cipher in the list.\r |
356 | \r | |
357 | @retval EFI_SUCCESS The ciphers list was set successfully.\r | |
358 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
2167c7f7 LE |
359 | @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.\r |
360 | @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r | |
264702a0 HW |
361 | \r |
362 | **/\r | |
363 | EFI_STATUS\r | |
364 | EFIAPI\r | |
365 | TlsSetCipherList (\r | |
366 | IN VOID *Tls,\r | |
367 | IN UINT16 *CipherId,\r | |
368 | IN UINTN CipherNum\r | |
369 | );\r | |
370 | \r | |
371 | /**\r | |
372 | Set the compression method for TLS/SSL operations.\r | |
373 | \r | |
374 | This function handles TLS/SSL integrated compression methods.\r | |
375 | \r | |
376 | @param[in] CompMethod The compression method ID.\r | |
377 | \r | |
378 | @retval EFI_SUCCESS The compression method for the communication was\r | |
379 | set successfully.\r | |
380 | @retval EFI_UNSUPPORTED Unsupported compression method.\r | |
381 | \r | |
382 | **/\r | |
383 | EFI_STATUS\r | |
384 | EFIAPI\r | |
385 | TlsSetCompressionMethod (\r | |
386 | IN UINT8 CompMethod\r | |
387 | );\r | |
388 | \r | |
389 | /**\r | |
390 | Set peer certificate verification mode for the TLS connection.\r | |
391 | \r | |
392 | This function sets the verification mode flags for the TLS connection.\r | |
393 | \r | |
394 | @param[in] Tls Pointer to the TLS object.\r | |
395 | @param[in] VerifyMode A set of logically or'ed verification mode flags.\r | |
396 | \r | |
397 | **/\r | |
398 | VOID\r | |
399 | EFIAPI\r | |
400 | TlsSetVerify (\r | |
401 | IN VOID *Tls,\r | |
402 | IN UINT32 VerifyMode\r | |
403 | );\r | |
404 | \r | |
405 | /**\r | |
406 | Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r | |
407 | \r | |
408 | This function sets a session ID to be used when the TLS/SSL connection is\r | |
409 | to be established.\r | |
410 | \r | |
411 | @param[in] Tls Pointer to the TLS object.\r | |
412 | @param[in] SessionId Session ID data used for session resumption.\r | |
413 | @param[in] SessionIdLen Length of Session ID in bytes.\r | |
414 | \r | |
415 | @retval EFI_SUCCESS Session ID was set successfully.\r | |
416 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
417 | @retval EFI_UNSUPPORTED No available session for ID setting.\r | |
418 | \r | |
419 | **/\r | |
420 | EFI_STATUS\r | |
421 | EFIAPI\r | |
422 | TlsSetSessionId (\r | |
423 | IN VOID *Tls,\r | |
424 | IN UINT8 *SessionId,\r | |
425 | IN UINT16 SessionIdLen\r | |
426 | );\r | |
427 | \r | |
428 | /**\r | |
429 | Adds the CA to the cert store when requesting Server or Client authentication.\r | |
430 | \r | |
431 | This function adds the CA certificate to the list of CAs when requesting\r | |
432 | Server or Client authentication for the chosen TLS connection.\r | |
433 | \r | |
434 | @param[in] Tls Pointer to the TLS object.\r | |
435 | @param[in] Data Pointer to the data buffer of a DER-encoded binary\r | |
436 | X.509 certificate or PEM-encoded X.509 certificate.\r | |
437 | @param[in] DataSize The size of data buffer in bytes.\r | |
438 | \r | |
439 | @retval EFI_SUCCESS The operation succeeded.\r | |
440 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
441 | @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r | |
442 | @retval EFI_ABORTED Invalid X.509 certificate.\r | |
443 | \r | |
444 | **/\r | |
445 | EFI_STATUS\r | |
446 | EFIAPI\r | |
447 | TlsSetCaCertificate (\r | |
448 | IN VOID *Tls,\r | |
449 | IN VOID *Data,\r | |
450 | IN UINTN DataSize\r | |
451 | );\r | |
452 | \r | |
453 | /**\r | |
454 | Loads the local public certificate into the specified TLS object.\r | |
455 | \r | |
456 | This function loads the X.509 certificate into the specified TLS object\r | |
457 | for TLS negotiation.\r | |
458 | \r | |
459 | @param[in] Tls Pointer to the TLS object.\r | |
460 | @param[in] Data Pointer to the data buffer of a DER-encoded binary\r | |
461 | X.509 certificate or PEM-encoded X.509 certificate.\r | |
462 | @param[in] DataSize The size of data buffer in bytes.\r | |
463 | \r | |
464 | @retval EFI_SUCCESS The operation succeeded.\r | |
465 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
466 | @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r | |
467 | @retval EFI_ABORTED Invalid X.509 certificate.\r | |
468 | \r | |
469 | **/\r | |
470 | EFI_STATUS\r | |
471 | EFIAPI\r | |
472 | TlsSetHostPublicCert (\r | |
473 | IN VOID *Tls,\r | |
474 | IN VOID *Data,\r | |
475 | IN UINTN DataSize\r | |
476 | );\r | |
477 | \r | |
478 | /**\r | |
479 | Adds the local private key to the specified TLS object.\r | |
480 | \r | |
481 | This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r | |
482 | key) into the specified TLS object for TLS negotiation.\r | |
483 | \r | |
484 | @param[in] Tls Pointer to the TLS object.\r | |
485 | @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r | |
486 | or PKCS#8 private key.\r | |
487 | @param[in] DataSize The size of data buffer in bytes.\r | |
488 | \r | |
489 | @retval EFI_SUCCESS The operation succeeded.\r | |
490 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
491 | @retval EFI_ABORTED Invalid private key data.\r | |
492 | \r | |
493 | **/\r | |
494 | EFI_STATUS\r | |
495 | EFIAPI\r | |
496 | TlsSetHostPrivateKey (\r | |
497 | IN VOID *Tls,\r | |
498 | IN VOID *Data,\r | |
499 | IN UINTN DataSize\r | |
500 | );\r | |
501 | \r | |
502 | /**\r | |
503 | Adds the CA-supplied certificate revocation list for certificate validation.\r | |
504 | \r | |
505 | This function adds the CA-supplied certificate revocation list data for\r | |
506 | certificate validity checking.\r | |
507 | \r | |
508 | @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r | |
509 | @param[in] DataSize The size of data buffer in bytes.\r | |
510 | \r | |
511 | @retval EFI_SUCCESS The operation succeeded.\r | |
512 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
513 | @retval EFI_ABORTED Invalid CRL data.\r | |
514 | \r | |
515 | **/\r | |
516 | EFI_STATUS\r | |
517 | EFIAPI\r | |
518 | TlsSetCertRevocationList (\r | |
519 | IN VOID *Data,\r | |
520 | IN UINTN DataSize\r | |
521 | );\r | |
522 | \r | |
523 | /**\r | |
524 | Gets the protocol version used by the specified TLS connection.\r | |
525 | \r | |
526 | This function returns the protocol version used by the specified TLS\r | |
527 | connection.\r | |
528 | \r | |
9c14f76b JW |
529 | If Tls is NULL, then ASSERT().\r |
530 | \r | |
264702a0 HW |
531 | @param[in] Tls Pointer to the TLS object.\r |
532 | \r | |
533 | @return The protocol version of the specified TLS connection.\r | |
534 | \r | |
535 | **/\r | |
536 | UINT16\r | |
537 | EFIAPI\r | |
538 | TlsGetVersion (\r | |
539 | IN VOID *Tls\r | |
540 | );\r | |
541 | \r | |
542 | /**\r | |
543 | Gets the connection end of the specified TLS connection.\r | |
544 | \r | |
545 | This function returns the connection end (as client or as server) used by\r | |
546 | the specified TLS connection.\r | |
547 | \r | |
9c14f76b JW |
548 | If Tls is NULL, then ASSERT().\r |
549 | \r | |
264702a0 HW |
550 | @param[in] Tls Pointer to the TLS object.\r |
551 | \r | |
552 | @return The connection end used by the specified TLS connection.\r | |
553 | \r | |
554 | **/\r | |
555 | UINT8\r | |
556 | EFIAPI\r | |
557 | TlsGetConnectionEnd (\r | |
558 | IN VOID *Tls\r | |
559 | );\r | |
560 | \r | |
561 | /**\r | |
562 | Gets the cipher suite used by the specified TLS connection.\r | |
563 | \r | |
564 | This function returns current cipher suite used by the specified\r | |
565 | TLS connection.\r | |
566 | \r | |
567 | @param[in] Tls Pointer to the TLS object.\r | |
568 | @param[in,out] CipherId The cipher suite used by the TLS object.\r | |
569 | \r | |
570 | @retval EFI_SUCCESS The cipher suite was returned successfully.\r | |
571 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
572 | @retval EFI_UNSUPPORTED Unsupported cipher suite.\r | |
573 | \r | |
574 | **/\r | |
575 | EFI_STATUS\r | |
576 | EFIAPI\r | |
577 | TlsGetCurrentCipher (\r | |
578 | IN VOID *Tls,\r | |
579 | IN OUT UINT16 *CipherId\r | |
580 | );\r | |
581 | \r | |
582 | /**\r | |
583 | Gets the compression methods used by the specified TLS connection.\r | |
584 | \r | |
585 | This function returns current integrated compression methods used by\r | |
586 | the specified TLS connection.\r | |
587 | \r | |
588 | @param[in] Tls Pointer to the TLS object.\r | |
589 | @param[in,out] CompressionId The current compression method used by\r | |
590 | the TLS object.\r | |
591 | \r | |
592 | @retval EFI_SUCCESS The compression method was returned successfully.\r | |
593 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
594 | @retval EFI_ABORTED Invalid Compression method.\r | |
595 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
596 | \r | |
597 | **/\r | |
598 | EFI_STATUS\r | |
599 | EFIAPI\r | |
600 | TlsGetCurrentCompressionId (\r | |
601 | IN VOID *Tls,\r | |
602 | IN OUT UINT8 *CompressionId\r | |
603 | );\r | |
604 | \r | |
605 | /**\r | |
606 | Gets the verification mode currently set in the TLS connection.\r | |
607 | \r | |
608 | This function returns the peer verification mode currently set in the\r | |
609 | specified TLS connection.\r | |
610 | \r | |
9c14f76b JW |
611 | If Tls is NULL, then ASSERT().\r |
612 | \r | |
264702a0 HW |
613 | @param[in] Tls Pointer to the TLS object.\r |
614 | \r | |
615 | @return The verification mode set in the specified TLS connection.\r | |
616 | \r | |
617 | **/\r | |
618 | UINT32\r | |
619 | EFIAPI\r | |
620 | TlsGetVerify (\r | |
621 | IN VOID *Tls\r | |
622 | );\r | |
623 | \r | |
624 | /**\r | |
625 | Gets the session ID used by the specified TLS connection.\r | |
626 | \r | |
627 | This function returns the TLS/SSL session ID currently used by the\r | |
628 | specified TLS connection.\r | |
629 | \r | |
630 | @param[in] Tls Pointer to the TLS object.\r | |
631 | @param[in,out] SessionId Buffer to contain the returned session ID.\r | |
632 | @param[in,out] SessionIdLen The length of Session ID in bytes.\r | |
633 | \r | |
634 | @retval EFI_SUCCESS The Session ID was returned successfully.\r | |
635 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
636 | @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r | |
637 | \r | |
638 | **/\r | |
639 | EFI_STATUS\r | |
640 | EFIAPI\r | |
641 | TlsGetSessionId (\r | |
642 | IN VOID *Tls,\r | |
643 | IN OUT UINT8 *SessionId,\r | |
644 | IN OUT UINT16 *SessionIdLen\r | |
645 | );\r | |
646 | \r | |
647 | /**\r | |
648 | Gets the client random data used in the specified TLS connection.\r | |
649 | \r | |
650 | This function returns the TLS/SSL client random data currently used in\r | |
651 | the specified TLS connection.\r | |
652 | \r | |
653 | @param[in] Tls Pointer to the TLS object.\r | |
654 | @param[in,out] ClientRandom Buffer to contain the returned client\r | |
655 | random data (32 bytes).\r | |
656 | \r | |
657 | **/\r | |
658 | VOID\r | |
659 | EFIAPI\r | |
660 | TlsGetClientRandom (\r | |
661 | IN VOID *Tls,\r | |
662 | IN OUT UINT8 *ClientRandom\r | |
663 | );\r | |
664 | \r | |
665 | /**\r | |
666 | Gets the server random data used in the specified TLS connection.\r | |
667 | \r | |
668 | This function returns the TLS/SSL server random data currently used in\r | |
669 | the specified TLS connection.\r | |
670 | \r | |
671 | @param[in] Tls Pointer to the TLS object.\r | |
672 | @param[in,out] ServerRandom Buffer to contain the returned server\r | |
673 | random data (32 bytes).\r | |
674 | \r | |
675 | **/\r | |
676 | VOID\r | |
677 | EFIAPI\r | |
678 | TlsGetServerRandom (\r | |
679 | IN VOID *Tls,\r | |
680 | IN OUT UINT8 *ServerRandom\r | |
681 | );\r | |
682 | \r | |
683 | /**\r | |
684 | Gets the master key data used in the specified TLS connection.\r | |
685 | \r | |
686 | This function returns the TLS/SSL master key material currently used in\r | |
687 | the specified TLS connection.\r | |
688 | \r | |
689 | @param[in] Tls Pointer to the TLS object.\r | |
690 | @param[in,out] KeyMaterial Buffer to contain the returned key material.\r | |
691 | \r | |
692 | @retval EFI_SUCCESS Key material was returned successfully.\r | |
693 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
694 | @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r | |
695 | \r | |
696 | **/\r | |
697 | EFI_STATUS\r | |
698 | EFIAPI\r | |
699 | TlsGetKeyMaterial (\r | |
700 | IN VOID *Tls,\r | |
701 | IN OUT UINT8 *KeyMaterial\r | |
702 | );\r | |
703 | \r | |
704 | /**\r | |
705 | Gets the CA Certificate from the cert store.\r | |
706 | \r | |
707 | This function returns the CA certificate for the chosen\r | |
708 | TLS connection.\r | |
709 | \r | |
710 | @param[in] Tls Pointer to the TLS object.\r | |
711 | @param[out] Data Pointer to the data buffer to receive the CA\r | |
712 | certificate data sent to the client.\r | |
713 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
714 | \r | |
715 | @retval EFI_SUCCESS The operation succeeded.\r | |
716 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
717 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
718 | \r | |
719 | **/\r | |
720 | EFI_STATUS\r | |
721 | EFIAPI\r | |
722 | TlsGetCaCertificate (\r | |
723 | IN VOID *Tls,\r | |
724 | OUT VOID *Data,\r | |
725 | IN OUT UINTN *DataSize\r | |
726 | );\r | |
727 | \r | |
728 | /**\r | |
729 | Gets the local public Certificate set in the specified TLS object.\r | |
730 | \r | |
731 | This function returns the local public certificate which was currently set\r | |
732 | in the specified TLS object.\r | |
733 | \r | |
734 | @param[in] Tls Pointer to the TLS object.\r | |
735 | @param[out] Data Pointer to the data buffer to receive the local\r | |
736 | public certificate.\r | |
737 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
738 | \r | |
739 | @retval EFI_SUCCESS The operation succeeded.\r | |
740 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
741 | @retval EFI_NOT_FOUND The certificate is not found.\r | |
742 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
743 | \r | |
744 | **/\r | |
745 | EFI_STATUS\r | |
746 | EFIAPI\r | |
747 | TlsGetHostPublicCert (\r | |
748 | IN VOID *Tls,\r | |
749 | OUT VOID *Data,\r | |
750 | IN OUT UINTN *DataSize\r | |
751 | );\r | |
752 | \r | |
753 | /**\r | |
754 | Gets the local private key set in the specified TLS object.\r | |
755 | \r | |
756 | This function returns the local private key data which was currently set\r | |
757 | in the specified TLS object.\r | |
758 | \r | |
759 | @param[in] Tls Pointer to the TLS object.\r | |
760 | @param[out] Data Pointer to the data buffer to receive the local\r | |
761 | private key data.\r | |
762 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
763 | \r | |
764 | @retval EFI_SUCCESS The operation succeeded.\r | |
765 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
766 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
767 | \r | |
768 | **/\r | |
769 | EFI_STATUS\r | |
770 | EFIAPI\r | |
771 | TlsGetHostPrivateKey (\r | |
772 | IN VOID *Tls,\r | |
773 | OUT VOID *Data,\r | |
774 | IN OUT UINTN *DataSize\r | |
775 | );\r | |
776 | \r | |
777 | /**\r | |
778 | Gets the CA-supplied certificate revocation list data set in the specified\r | |
779 | TLS object.\r | |
780 | \r | |
781 | This function returns the CA-supplied certificate revocation list data which\r | |
782 | was currently set in the specified TLS object.\r | |
783 | \r | |
784 | @param[out] Data Pointer to the data buffer to receive the CRL data.\r | |
785 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
786 | \r | |
787 | @retval EFI_SUCCESS The operation succeeded.\r | |
788 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
789 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
790 | \r | |
791 | **/\r | |
792 | EFI_STATUS\r | |
793 | EFIAPI\r | |
794 | TlsGetCertRevocationList (\r | |
795 | OUT VOID *Data,\r | |
796 | IN OUT UINTN *DataSize\r | |
797 | );\r | |
798 | \r | |
799 | #endif // __TLS_LIB_H__\r | |
800 | \r |