]>
Commit | Line | Data |
---|---|---|
973f8862 HW |
1 | /** @file\r |
2 | EFI TLS Protocols as defined in UEFI 2.5.\r | |
3 | \r | |
4 | The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers\r | |
5 | to create and destroy child of the driver to communicate with other host using\r | |
6 | TLS protocol.\r | |
7 | The EFI TLS Protocol provides the ability to manage TLS session.\r | |
8 | \r | |
9 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
9344f092 | 10 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
973f8862 HW |
11 | \r |
12 | @par Revision Reference:\r | |
13 | This Protocol is introduced in UEFI Specification 2.5\r | |
14 | \r | |
15 | **/\r | |
16 | \r | |
17 | #ifndef __EFI_TLS_PROTOCOL_H__\r | |
18 | #define __EFI_TLS_PROTOCOL_H__\r | |
19 | \r | |
20 | ///\r | |
21 | /// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers to\r | |
22 | /// create and destroy child of the driver to communicate with other host using TLS\r | |
23 | /// protocol.\r | |
24 | ///\r | |
25 | #define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \\r | |
26 | { \\r | |
27 | 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d } \\r | |
28 | }\r | |
29 | \r | |
30 | ///\r | |
31 | /// The EFI TLS protocol provides the ability to manage TLS session.\r | |
32 | ///\r | |
33 | #define EFI_TLS_PROTOCOL_GUID \\r | |
34 | { \\r | |
35 | 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \\r | |
36 | }\r | |
37 | \r | |
38 | typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;\r | |
39 | \r | |
40 | ///\r | |
41 | /// EFI_TLS_SESSION_DATA_TYPE\r | |
42 | ///\r | |
43 | typedef enum {\r | |
973f8862 HW |
44 | ///\r |
45 | /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.\r | |
46 | ///\r | |
47 | EfiTlsVersion,\r | |
48 | ///\r | |
49 | /// TLS session as client or as server. The corresponding Data is of\r | |
50 | /// EFI_TLS_CONNECTION_END.\r | |
51 | ///\r | |
52 | EfiTlsConnectionEnd,\r | |
53 | ///\r | |
54 | /// A priority list of preferred algorithms for the TLS session.\r | |
55 | /// The corresponding Data is a list of EFI_TLS_CIPHER.\r | |
56 | ///\r | |
57 | EfiTlsCipherList,\r | |
58 | ///\r | |
59 | /// TLS session compression method.\r | |
60 | /// The corresponding Data is of type EFI_TLS_COMPRESSION.\r | |
61 | ///\r | |
62 | EfiTlsCompressionMethod,\r | |
63 | ///\r | |
64 | /// TLS session extension data.\r | |
65 | /// The corresponding Data is a list of type EFI_TLS_EXTENSION .\r | |
66 | ///\r | |
67 | EfiTlsExtensionData,\r | |
68 | ///\r | |
69 | /// TLS session verify method.\r | |
70 | /// The corresponding Data is of type EFI_TLS_VERIFY.\r | |
71 | ///\r | |
72 | EfiTlsVerifyMethod,\r | |
73 | ///\r | |
74 | /// TLS session data session ID.\r | |
75 | /// For SetSessionData(), it is TLS session ID used for session resumption.\r | |
76 | /// For GetSessionData(), it is the TLS session ID used for current session.\r | |
77 | /// The corresponding Data is of type EFI_TLS_SESSION_ID.\r | |
78 | ///\r | |
79 | EfiTlsSessionID,\r | |
80 | ///\r | |
81 | /// TLS session data session state.\r | |
82 | /// The corresponding Data is of type EFI_TLS_SESSION_STATE.\r | |
83 | ///\r | |
84 | EfiTlsSessionState,\r | |
973f8862 HW |
85 | ///\r |
86 | /// TLS session data client random.\r | |
87 | /// The corresponding Data is of type EFI_TLS_RANDOM.\r | |
88 | ///\r | |
89 | EfiTlsClientRandom,\r | |
90 | ///\r | |
91 | /// TLS session data server random.\r | |
92 | /// The corresponding Data is of type EFI_TLS_RANDOM.\r | |
93 | ///\r | |
94 | EfiTlsServerRandom,\r | |
95 | ///\r | |
96 | /// TLS session data key material.\r | |
97 | /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.\r | |
98 | ///\r | |
99 | EfiTlsKeyMaterial,\r | |
31efec82 WJ |
100 | ///\r |
101 | /// TLS session hostname for validation which is used to verify whether the name\r | |
102 | /// within the peer certificate matches a given host name.\r | |
103 | /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE.\r | |
104 | /// The corresponding Data is of type EFI_TLS_VERIFY_HOST.\r | |
105 | ///\r | |
106 | EfiTlsVerifyHost,\r | |
973f8862 HW |
107 | \r |
108 | EfiTlsSessionDataTypeMaximum\r | |
973f8862 HW |
109 | } EFI_TLS_SESSION_DATA_TYPE;\r |
110 | \r | |
111 | ///\r | |
112 | /// EFI_TLS_VERSION\r | |
113 | /// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2).\r | |
114 | /// SSL2.0 is obsolete and should not be used.\r | |
115 | ///\r | |
116 | typedef struct {\r | |
117 | UINT8 Major;\r | |
118 | UINT8 Minor;\r | |
119 | } EFI_TLS_VERSION;\r | |
120 | \r | |
121 | ///\r | |
122 | /// EFI_TLS_CONNECTION_END to define TLS session as client or server.\r | |
123 | ///\r | |
124 | typedef enum {\r | |
125 | EfiTlsClient,\r | |
126 | EfiTlsServer,\r | |
127 | } EFI_TLS_CONNECTION_END;\r | |
128 | \r | |
129 | ///\r | |
130 | /// EFI_TLS_CIPHER\r | |
131 | /// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1.\r | |
132 | /// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher\r | |
133 | /// Suite Registry of IANA.\r | |
134 | ///\r | |
344d057a | 135 | #pragma pack (1)\r |
973f8862 HW |
136 | typedef struct {\r |
137 | UINT8 Data1;\r | |
138 | UINT8 Data2;\r | |
139 | } EFI_TLS_CIPHER;\r | |
344d057a | 140 | #pragma pack ()\r |
973f8862 HW |
141 | \r |
142 | ///\r | |
143 | /// EFI_TLS_COMPRESSION\r | |
144 | /// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749".\r | |
145 | ///\r | |
146 | typedef UINT8 EFI_TLS_COMPRESSION;\r | |
147 | \r | |
148 | ///\r | |
149 | /// EFI_TLS_EXTENSION\r | |
150 | /// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.\r | |
151 | /// Hello Messages".\r | |
152 | ///\r | |
344d057a | 153 | #pragma pack (1)\r |
973f8862 HW |
154 | typedef struct {\r |
155 | UINT16 ExtensionType;\r | |
156 | UINT16 Length;\r | |
157 | UINT8 Data[1];\r | |
158 | } EFI_TLS_EXTENSION;\r | |
344d057a | 159 | #pragma pack ()\r |
973f8862 HW |
160 | \r |
161 | ///\r | |
162 | /// EFI_TLS_VERIFY\r | |
163 | /// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two options\r | |
164 | /// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.\r | |
165 | ///\r | |
166 | typedef UINT32 EFI_TLS_VERIFY;\r | |
167 | ///\r | |
168 | /// No certificates will be sent or the TLS/SSL handshake will be continued regardless\r | |
169 | /// of the certificate verification result.\r | |
170 | ///\r | |
171 | #define EFI_TLS_VERIFY_NONE 0x0\r | |
172 | ///\r | |
173 | /// The TLS/SSL handshake is immediately terminated with an alert message containing\r | |
174 | /// the reason for the certificate verification failure.\r | |
175 | ///\r | |
176 | #define EFI_TLS_VERIFY_PEER 0x1\r | |
177 | ///\r | |
31efec82 WJ |
178 | /// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode.\r |
179 | /// TLS session will fail if client certificate is absent.\r | |
973f8862 HW |
180 | ///\r |
181 | #define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2\r | |
182 | ///\r | |
183 | /// TLS session only verify client once, and doesn't request certificate during\r | |
184 | /// re-negotiation.\r | |
185 | ///\r | |
186 | #define EFI_TLS_VERIFY_CLIENT_ONCE 0x4\r | |
187 | \r | |
31efec82 WJ |
188 | ///\r |
189 | /// EFI_TLS_VERIFY_HOST_FLAG\r | |
190 | ///\r | |
191 | typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG;\r | |
192 | ///\r | |
193 | /// There is no additional flags set for hostname validation.\r | |
194 | /// Wildcards are supported and they match only in the left-most label.\r | |
195 | ///\r | |
196 | #define EFI_TLS_VERIFY_FLAG_NONE 0x00\r | |
197 | ///\r | |
198 | /// Always check the Subject Distinguished Name (DN) in the peer certificate even if the\r | |
199 | /// certificate contains Subject Alternative Name (SAN).\r | |
200 | ///\r | |
201 | #define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT 0x01\r | |
202 | ///\r | |
203 | /// Disable the match of all wildcards.\r | |
204 | ///\r | |
205 | #define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS 0x02\r | |
206 | ///\r | |
207 | /// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www").\r | |
208 | ///\r | |
209 | #define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS 0x04\r | |
210 | ///\r | |
211 | /// Allow the "*" to match more than one labels. Otherwise, only matches a single label.\r | |
212 | ///\r | |
213 | #define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS 0x08\r | |
214 | ///\r | |
215 | /// Restrict to only match direct child sub-domains which start with ".".\r | |
216 | /// For example, a name of ".example.com" would match "www.example.com" with this flag,\r | |
217 | /// but would not match "www.sub.example.com".\r | |
218 | ///\r | |
219 | #define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10\r | |
220 | ///\r | |
221 | /// Never check the Subject Distinguished Name (DN) even there is no\r | |
222 | /// Subject Alternative Name (SAN) in the certificate.\r | |
223 | ///\r | |
224 | #define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT 0x20\r | |
225 | \r | |
226 | ///\r | |
227 | /// EFI_TLS_VERIFY_HOST\r | |
228 | ///\r | |
229 | #pragma pack (1)\r | |
230 | typedef struct {\r | |
231 | EFI_TLS_VERIFY_HOST_FLAG Flags;\r | |
232 | CHAR8 *HostName;\r | |
233 | } EFI_TLS_VERIFY_HOST;\r | |
234 | #pragma pack ()\r | |
235 | \r | |
973f8862 HW |
236 | ///\r |
237 | /// EFI_TLS_RANDOM\r | |
238 | /// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.\r | |
239 | /// Hello Messages".\r | |
240 | ///\r | |
344d057a | 241 | #pragma pack (1)\r |
973f8862 HW |
242 | typedef struct {\r |
243 | UINT32 GmtUnixTime;\r | |
244 | UINT8 RandomBytes[28];\r | |
245 | } EFI_TLS_RANDOM;\r | |
344d057a | 246 | #pragma pack ()\r |
973f8862 HW |
247 | \r |
248 | ///\r | |
249 | /// EFI_TLS_MASTER_SECRET\r | |
250 | /// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.\r | |
251 | /// Computing the Master Secret".\r | |
252 | ///\r | |
344d057a | 253 | #pragma pack (1)\r |
973f8862 HW |
254 | typedef struct {\r |
255 | UINT8 Data[48];\r | |
256 | } EFI_TLS_MASTER_SECRET;\r | |
344d057a | 257 | #pragma pack ()\r |
973f8862 HW |
258 | \r |
259 | ///\r | |
260 | /// EFI_TLS_SESSION_ID\r | |
261 | /// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. Hello Messages".\r | |
262 | ///\r | |
263 | #define MAX_TLS_SESSION_ID_LENGTH 32\r | |
344d057a | 264 | #pragma pack (1)\r |
973f8862 HW |
265 | typedef struct {\r |
266 | UINT16 Length;\r | |
267 | UINT8 Data[MAX_TLS_SESSION_ID_LENGTH];\r | |
268 | } EFI_TLS_SESSION_ID;\r | |
344d057a | 269 | #pragma pack ()\r |
973f8862 HW |
270 | \r |
271 | ///\r | |
272 | /// EFI_TLS_SESSION_STATE\r | |
273 | ///\r | |
274 | typedef enum {\r | |
275 | ///\r | |
276 | /// When a new child of TLS protocol is created, the initial state of TLS session\r | |
277 | /// is EfiTlsSessionNotStarted.\r | |
278 | ///\r | |
279 | EfiTlsSessionNotStarted,\r | |
280 | ///\r | |
281 | /// The consumer can call BuildResponsePacket() with NULL to get ClientHello to\r | |
282 | /// start the TLS session. Then the status is EfiTlsSessionHandShaking.\r | |
283 | ///\r | |
284 | EfiTlsSessionHandShaking,\r | |
285 | ///\r | |
286 | /// During handshake, the consumer need call BuildResponsePacket() with input\r | |
287 | /// data from peer, then get response packet and send to peer. After handshake\r | |
288 | /// finish, the TLS session status becomes EfiTlsSessionDataTransferring, and\r | |
289 | /// consumer can use ProcessPacket() for data transferring.\r | |
290 | ///\r | |
291 | EfiTlsSessionDataTransferring,\r | |
292 | ///\r | |
293 | /// Finally, if consumer wants to active close TLS session, consumer need\r | |
294 | /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and\r | |
295 | /// call BuildResponsePacket() with NULL to get CloseNotify alert message,\r | |
296 | /// and sent it out.\r | |
297 | ///\r | |
298 | EfiTlsSessionClosing,\r | |
299 | ///\r | |
300 | /// If any error happen during parsing ApplicationData content type, EFI_ABORT\r | |
301 | /// will be returned by ProcessPacket(), and TLS session state will become\r | |
302 | /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with\r | |
303 | /// NULL to get alert message and sent it out.\r | |
304 | ///\r | |
305 | EfiTlsSessionError,\r | |
306 | \r | |
307 | EfiTlsSessionStateMaximum\r | |
308 | \r | |
309 | } EFI_TLS_SESSION_STATE;\r | |
310 | \r | |
311 | ///\r | |
312 | /// EFI_TLS_FRAGMENT_DATA\r | |
313 | ///\r | |
314 | typedef struct {\r | |
315 | ///\r | |
316 | /// Length of data buffer in the fragment.\r | |
317 | ///\r | |
318 | UINT32 FragmentLength;\r | |
319 | ///\r | |
320 | /// Pointer to the data buffer in the fragment.\r | |
321 | ///\r | |
322 | VOID *FragmentBuffer;\r | |
323 | } EFI_TLS_FRAGMENT_DATA;\r | |
324 | \r | |
325 | ///\r | |
326 | /// EFI_TLS_CRYPT_MODE\r | |
327 | ///\r | |
328 | typedef enum {\r | |
329 | ///\r | |
330 | /// Encrypt data provided in the fragment buffers.\r | |
331 | ///\r | |
332 | EfiTlsEncrypt,\r | |
333 | ///\r | |
334 | /// Decrypt data provided in the fragment buffers.\r | |
335 | ///\r | |
336 | EfiTlsDecrypt,\r | |
337 | } EFI_TLS_CRYPT_MODE;\r | |
338 | \r | |
339 | /**\r | |
340 | Set TLS session data.\r | |
341 | \r | |
342 | The SetSessionData() function set data for a new TLS session. All session data should\r | |
343 | be set before BuildResponsePacket() invoked.\r | |
344 | \r | |
345 | @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r | |
346 | @param[in] DataType TLS session data type.\r | |
347 | @param[in] Data Pointer to session data.\r | |
348 | @param[in] DataSize Total size of session data.\r | |
349 | \r | |
350 | @retval EFI_SUCCESS The TLS session data is set successfully.\r | |
351 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
352 | This is NULL.\r | |
353 | Data is NULL.\r | |
354 | DataSize is 0.\r | |
355 | @retval EFI_UNSUPPORTED The DataType is unsupported.\r | |
356 | @retval EFI_ACCESS_DENIED If the DataType is one of below:\r | |
357 | EfiTlsClientRandom\r | |
358 | EfiTlsServerRandom\r | |
359 | EfiTlsKeyMaterial\r | |
360 | @retval EFI_NOT_READY Current TLS session state is NOT\r | |
361 | EfiTlsSessionStateNotStarted.\r | |
362 | @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.\r | |
363 | **/\r | |
364 | typedef\r | |
365 | EFI_STATUS\r | |
366 | (EFIAPI *EFI_TLS_SET_SESSION_DATA) (\r | |
367 | IN EFI_TLS_PROTOCOL *This,\r | |
368 | IN EFI_TLS_SESSION_DATA_TYPE DataType,\r | |
369 | IN VOID *Data,\r | |
370 | IN UINTN DataSize\r | |
371 | );\r | |
372 | \r | |
373 | /**\r | |
374 | Get TLS session data.\r | |
375 | \r | |
376 | The GetSessionData() function return the TLS session information.\r | |
377 | \r | |
378 | @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r | |
379 | @param[in] DataType TLS session data type.\r | |
380 | @param[in, out] Data Pointer to session data.\r | |
381 | @param[in, out] DataSize Total size of session data. On input, it means\r | |
382 | the size of Data buffer. On output, it means the size\r | |
383 | of copied Data buffer if EFI_SUCCESS, and means the\r | |
384 | size of desired Data buffer if EFI_BUFFER_TOO_SMALL.\r | |
385 | \r | |
386 | @retval EFI_SUCCESS The TLS session data is got successfully.\r | |
387 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
388 | This is NULL.\r | |
389 | DataSize is NULL.\r | |
390 | Data is NULL if *DataSize is not zero.\r | |
391 | @retval EFI_UNSUPPORTED The DataType is unsupported.\r | |
392 | @retval EFI_NOT_FOUND The TLS session data is not found.\r | |
393 | @retval EFI_NOT_READY The DataType is not ready in current session state.\r | |
394 | @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.\r | |
395 | **/\r | |
396 | typedef\r | |
397 | EFI_STATUS\r | |
398 | (EFIAPI *EFI_TLS_GET_SESSION_DATA) (\r | |
399 | IN EFI_TLS_PROTOCOL *This,\r | |
400 | IN EFI_TLS_SESSION_DATA_TYPE DataType,\r | |
401 | IN OUT VOID *Data, OPTIONAL\r | |
402 | IN OUT UINTN *DataSize\r | |
403 | );\r | |
404 | \r | |
405 | /**\r | |
406 | Build response packet according to TLS state machine. This function is only valid for\r | |
407 | alert, handshake and change_cipher_spec content type.\r | |
408 | \r | |
409 | The BuildResponsePacket() function builds TLS response packet in response to the TLS\r | |
410 | request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and\r | |
411 | RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session\r | |
412 | will be initiated and the response packet needs to be ClientHello. If RequestBuffer is\r | |
413 | NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS\r | |
414 | session will be closed and response packet needs to be CloseNotify. If RequestBuffer is\r | |
415 | NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS\r | |
416 | session has errors and the response packet needs to be Alert message based on error\r | |
417 | type.\r | |
418 | \r | |
419 | @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r | |
420 | @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL\r | |
421 | means TLS need initiate the TLS session and response\r | |
422 | packet need to be ClientHello.\r | |
423 | @param[in] RequestSize Packet size in bytes for the most recently received TLS\r | |
424 | packet. 0 is only valid when RequestBuffer is NULL.\r | |
425 | @param[out] Buffer Pointer to the buffer to hold the built packet.\r | |
426 | @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r | |
427 | the buffer size provided by the caller. On output, it\r | |
428 | is the buffer size in fact needed to contain the\r | |
429 | packet.\r | |
430 | \r | |
431 | @retval EFI_SUCCESS The required TLS packet is built successfully.\r | |
432 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
433 | This is NULL.\r | |
434 | RequestBuffer is NULL but RequestSize is NOT 0.\r | |
435 | RequestSize is 0 but RequestBuffer is NOT NULL.\r | |
436 | BufferSize is NULL.\r | |
437 | Buffer is NULL if *BufferSize is not zero.\r | |
438 | @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r | |
439 | @retval EFI_NOT_READY Current TLS session state is NOT ready to build\r | |
440 | ResponsePacket.\r | |
441 | @retval EFI_ABORTED Something wrong build response packet.\r | |
442 | **/\r | |
443 | typedef\r | |
444 | EFI_STATUS\r | |
445 | (EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (\r | |
446 | IN EFI_TLS_PROTOCOL *This,\r | |
447 | IN UINT8 *RequestBuffer, OPTIONAL\r | |
448 | IN UINTN RequestSize, OPTIONAL\r | |
449 | OUT UINT8 *Buffer, OPTIONAL\r | |
450 | IN OUT UINTN *BufferSize\r | |
451 | );\r | |
452 | \r | |
453 | /**\r | |
454 | Decrypt or encrypt TLS packet during session. This function is only valid after\r | |
455 | session connected and for application_data content type.\r | |
456 | \r | |
457 | The ProcessPacket () function process each inbound or outbound TLS APP packet.\r | |
458 | \r | |
459 | @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r | |
460 | @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take\r | |
461 | responsible to handle the original FragmentTable while\r | |
462 | it may be reallocated in TLS driver. If CryptMode is\r | |
463 | EfiTlsEncrypt, on input these fragments contain the TLS\r | |
464 | header and plain text TLS APP payload; on output these\r | |
465 | fragments contain the TLS header and cipher text TLS\r | |
466 | APP payload. If CryptMode is EfiTlsDecrypt, on input\r | |
467 | these fragments contain the TLS header and cipher text\r | |
468 | TLS APP payload; on output these fragments contain the\r | |
469 | TLS header and plain text TLS APP payload.\r | |
470 | @param[in] FragmentCount Number of fragment.\r | |
471 | @param[in] CryptMode Crypt mode.\r | |
472 | \r | |
473 | @retval EFI_SUCCESS The operation completed successfully.\r | |
474 | @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r | |
475 | This is NULL.\r | |
476 | FragmentTable is NULL.\r | |
477 | FragmentCount is NULL.\r | |
478 | CryptoMode is invalid.\r | |
479 | @retval EFI_NOT_READY Current TLS session state is NOT\r | |
480 | EfiTlsSessionDataTransferring.\r | |
481 | @retval EFI_ABORTED Something wrong decryption the message. TLS session\r | |
482 | status will become EfiTlsSessionError. The caller need\r | |
483 | call BuildResponsePacket() to generate Error Alert\r | |
484 | message and send it out.\r | |
485 | @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.\r | |
486 | **/\r | |
487 | typedef\r | |
488 | EFI_STATUS\r | |
489 | (EFIAPI *EFI_TLS_PROCESS_PACKET) (\r | |
490 | IN EFI_TLS_PROTOCOL *This,\r | |
491 | IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r | |
492 | IN UINT32 *FragmentCount,\r | |
493 | IN EFI_TLS_CRYPT_MODE CryptMode\r | |
494 | );\r | |
495 | \r | |
496 | ///\r | |
497 | /// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS session.\r | |
498 | /// For detail of TLS, please refer to TLS related RFC.\r | |
499 | ///\r | |
500 | struct _EFI_TLS_PROTOCOL {\r | |
501 | EFI_TLS_SET_SESSION_DATA SetSessionData;\r | |
502 | EFI_TLS_GET_SESSION_DATA GetSessionData;\r | |
503 | EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket;\r | |
504 | EFI_TLS_PROCESS_PACKET ProcessPacket;\r | |
505 | };\r | |
506 | \r | |
507 | extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;\r | |
508 | extern EFI_GUID gEfiTlsProtocolGuid;\r | |
509 | \r | |
510 | #endif // __EFI_TLS_PROTOCOL_H__\r | |
511 | \r |