]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/TlsDxe/TlsProtocol.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
BaseTools:build failure in CLANGPDB tool chain
[mirror_edk2.git] / NetworkPkg / TlsDxe / TlsProtocol.c
1 /** @file
2 Implementation of EFI TLS Protocol Interfaces.
3
4 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
5
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9
10 #include "TlsImpl.h"
11
12 EFI_TLS_PROTOCOL mTlsProtocol = {
13 TlsSetSessionData,
14 TlsGetSessionData,
15 TlsBuildResponsePacket,
16 TlsProcessPacket
17 };
18
19 /**
20 Set TLS session data.
21
22 The SetSessionData() function set data for a new TLS session. All session data should
23 be set before BuildResponsePacket() invoked.
24
25 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
26 @param[in] DataType TLS session data type.
27 @param[in] Data Pointer to session data.
28 @param[in] DataSize Total size of session data.
29
30 @retval EFI_SUCCESS The TLS session data is set successfully.
31 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
32 This is NULL.
33 Data is NULL.
34 DataSize is 0.
35 DataSize is invalid for DataType.
36 @retval EFI_UNSUPPORTED The DataType is unsupported.
37 @retval EFI_ACCESS_DENIED If the DataType is one of below:
38 EfiTlsClientRandom
39 EfiTlsServerRandom
40 EfiTlsKeyMaterial
41 @retval EFI_NOT_READY Current TLS session state is NOT
42 EfiTlsSessionStateNotStarted.
43 @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
44 **/
45 EFI_STATUS
46 EFIAPI
47 TlsSetSessionData (
48 IN EFI_TLS_PROTOCOL *This,
49 IN EFI_TLS_SESSION_DATA_TYPE DataType,
50 IN VOID *Data,
51 IN UINTN DataSize
52 )
53 {
54 EFI_STATUS Status;
55 TLS_INSTANCE *Instance;
56 UINT16 *CipherId;
57 CONST EFI_TLS_CIPHER *TlsCipherList;
58 UINTN CipherCount;
59 CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;
60 EFI_TLS_VERIFY VerifyMethod;
61 UINTN VerifyMethodSize;
62 UINTN Index;
63
64 EFI_TPL OldTpl;
65
66 Status = EFI_SUCCESS;
67 CipherId = NULL;
68 VerifyMethodSize = sizeof (EFI_TLS_VERIFY);
69
70 if (This == NULL || Data == NULL || DataSize == 0) {
71 return EFI_INVALID_PARAMETER;
72 }
73
74 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
75
76 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
77
78 if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){
79 Status = EFI_NOT_READY;
80 goto ON_EXIT;
81 }
82
83 switch (DataType) {
84 //
85 // Session Configuration
86 //
87 case EfiTlsVersion:
88 if (DataSize != sizeof (EFI_TLS_VERSION)) {
89 Status = EFI_INVALID_PARAMETER;
90 goto ON_EXIT;
91 }
92
93 Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);
94 break;
95 case EfiTlsConnectionEnd:
96 if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
97 Status = EFI_INVALID_PARAMETER;
98 goto ON_EXIT;
99 }
100
101 Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));
102 break;
103 case EfiTlsCipherList:
104 if (DataSize % sizeof (EFI_TLS_CIPHER) != 0) {
105 Status = EFI_INVALID_PARAMETER;
106 goto ON_EXIT;
107 }
108
109 CipherId = AllocatePool (DataSize);
110 if (CipherId == NULL) {
111 Status = EFI_OUT_OF_RESOURCES;
112 goto ON_EXIT;
113 }
114
115 TlsCipherList = (CONST EFI_TLS_CIPHER *) Data;
116 CipherCount = DataSize / sizeof (EFI_TLS_CIPHER);
117 for (Index = 0; Index < CipherCount; Index++) {
118 CipherId[Index] = ((TlsCipherList[Index].Data1 << 8) |
119 TlsCipherList[Index].Data2);
120 }
121
122 Status = TlsSetCipherList (Instance->TlsConn, CipherId, CipherCount);
123
124 FreePool (CipherId);
125 break;
126 case EfiTlsCompressionMethod:
127 //
128 // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the
129 // record protocol will not be compressed.
130 // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html
131 // The TLS RFC does however not specify compression methods or their corresponding identifiers,
132 // so there is currently no compatible way to integrate compression with unknown peers.
133 // It is therefore currently not recommended to integrate compression into applications.
134 // Applications for non-public use may agree on certain compression methods.
135 // Using different compression methods with the same identifier will lead to connection failure.
136 //
137 for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {
138 Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
139 if (EFI_ERROR (Status)) {
140 break;
141 }
142 }
143
144 break;
145 case EfiTlsExtensionData:
146 Status = EFI_UNSUPPORTED;
147 goto ON_EXIT;
148 case EfiTlsVerifyMethod:
149 if (DataSize != sizeof (EFI_TLS_VERIFY)) {
150 Status = EFI_INVALID_PARAMETER;
151 goto ON_EXIT;
152 }
153
154 TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
155 break;
156 case EfiTlsVerifyHost:
157 if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {
158 Status = EFI_INVALID_PARAMETER;
159 goto ON_EXIT;
160 }
161
162 TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;
163
164 if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&
165 (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {
166 Status = EFI_INVALID_PARAMETER;
167 goto ON_EXIT;
168 }
169
170 if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&
171 ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||
172 (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {
173 Status = EFI_INVALID_PARAMETER;
174 goto ON_EXIT;
175 }
176
177 Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);
178 if (EFI_ERROR (Status)) {
179 goto ON_EXIT;
180 }
181
182 if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {
183 Status = EFI_INVALID_PARAMETER;
184 goto ON_EXIT;
185 }
186
187 Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);
188
189 break;
190 case EfiTlsSessionID:
191 if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
192 Status = EFI_INVALID_PARAMETER;
193 goto ON_EXIT;
194 }
195
196 Status = TlsSetSessionId (
197 Instance->TlsConn,
198 ((EFI_TLS_SESSION_ID *) Data)->Data,
199 ((EFI_TLS_SESSION_ID *) Data)->Length
200 );
201 break;
202 case EfiTlsSessionState:
203 if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
204 Status = EFI_INVALID_PARAMETER;
205 goto ON_EXIT;
206 }
207
208 Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
209 break;
210 //
211 // Session information
212 //
213 case EfiTlsClientRandom:
214 Status = EFI_ACCESS_DENIED;
215 break;
216 case EfiTlsServerRandom:
217 Status = EFI_ACCESS_DENIED;
218 break;
219 case EfiTlsKeyMaterial:
220 Status = EFI_ACCESS_DENIED;
221 break;
222 //
223 // Unsupported type.
224 //
225 default:
226 Status = EFI_UNSUPPORTED;
227 }
228
229 ON_EXIT:
230 gBS->RestoreTPL (OldTpl);
231 return Status;
232 }
233
234 /**
235 Get TLS session data.
236
237 The GetSessionData() function return the TLS session information.
238
239 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
240 @param[in] DataType TLS session data type.
241 @param[in, out] Data Pointer to session data.
242 @param[in, out] DataSize Total size of session data. On input, it means
243 the size of Data buffer. On output, it means the size
244 of copied Data buffer if EFI_SUCCESS, and means the
245 size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
246
247 @retval EFI_SUCCESS The TLS session data is got successfully.
248 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
249 This is NULL.
250 DataSize is NULL.
251 Data is NULL if *DataSize is not zero.
252 @retval EFI_UNSUPPORTED The DataType is unsupported.
253 @retval EFI_NOT_FOUND The TLS session data is not found.
254 @retval EFI_NOT_READY The DataType is not ready in current session state.
255 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
256 **/
257 EFI_STATUS
258 EFIAPI
259 TlsGetSessionData (
260 IN EFI_TLS_PROTOCOL *This,
261 IN EFI_TLS_SESSION_DATA_TYPE DataType,
262 IN OUT VOID *Data, OPTIONAL
263 IN OUT UINTN *DataSize
264 )
265 {
266 EFI_STATUS Status;
267 TLS_INSTANCE *Instance;
268
269 EFI_TPL OldTpl;
270
271 Status = EFI_SUCCESS;
272
273 if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
274 return EFI_INVALID_PARAMETER;
275 }
276
277 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
278
279 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
280
281 if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
282 (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
283 DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
284 Status = EFI_NOT_READY;
285 goto ON_EXIT;
286 }
287
288 switch (DataType) {
289 case EfiTlsVersion:
290 if (*DataSize < sizeof (EFI_TLS_VERSION)) {
291 *DataSize = sizeof (EFI_TLS_VERSION);
292 Status = EFI_BUFFER_TOO_SMALL;
293 goto ON_EXIT;
294 }
295 *DataSize = sizeof (EFI_TLS_VERSION);
296 *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
297 break;
298 case EfiTlsConnectionEnd:
299 if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
300 *DataSize = sizeof (EFI_TLS_CONNECTION_END);
301 Status = EFI_BUFFER_TOO_SMALL;
302 goto ON_EXIT;
303 }
304 *DataSize = sizeof (EFI_TLS_CONNECTION_END);
305 *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
306 break;
307 case EfiTlsCipherList:
308 //
309 // Get the current session cipher suite.
310 //
311 if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
312 *DataSize = sizeof (EFI_TLS_CIPHER);
313 Status = EFI_BUFFER_TOO_SMALL;
314 goto ON_EXIT;
315 }
316 *DataSize = sizeof(EFI_TLS_CIPHER);
317 Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
318 *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
319 break;
320 case EfiTlsCompressionMethod:
321 //
322 // Get the current session compression method.
323 //
324 if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
325 *DataSize = sizeof (EFI_TLS_COMPRESSION);
326 Status = EFI_BUFFER_TOO_SMALL;
327 goto ON_EXIT;
328 }
329 *DataSize = sizeof (EFI_TLS_COMPRESSION);
330 Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);
331 break;
332 case EfiTlsExtensionData:
333 Status = EFI_UNSUPPORTED;
334 goto ON_EXIT;
335 case EfiTlsVerifyMethod:
336 if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
337 *DataSize = sizeof (EFI_TLS_VERIFY);
338 Status = EFI_BUFFER_TOO_SMALL;
339 goto ON_EXIT;
340 }
341 *DataSize = sizeof (EFI_TLS_VERIFY);
342 *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
343 break;
344 case EfiTlsSessionID:
345 if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
346 *DataSize = sizeof (EFI_TLS_SESSION_ID);
347 Status = EFI_BUFFER_TOO_SMALL;
348 goto ON_EXIT;
349 }
350 *DataSize = sizeof (EFI_TLS_SESSION_ID);
351 Status = TlsGetSessionId (
352 Instance->TlsConn,
353 ((EFI_TLS_SESSION_ID *) Data)->Data,
354 &(((EFI_TLS_SESSION_ID *) Data)->Length)
355 );
356 break;
357 case EfiTlsSessionState:
358 if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
359 *DataSize = sizeof (EFI_TLS_SESSION_STATE);
360 Status = EFI_BUFFER_TOO_SMALL;
361 goto ON_EXIT;
362 }
363 *DataSize = sizeof (EFI_TLS_SESSION_STATE);
364 CopyMem (Data, &Instance->TlsSessionState, *DataSize);
365 break;
366 case EfiTlsClientRandom:
367 if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
368 *DataSize = sizeof (EFI_TLS_RANDOM);
369 Status = EFI_BUFFER_TOO_SMALL;
370 goto ON_EXIT;
371 }
372 *DataSize = sizeof (EFI_TLS_RANDOM);
373 TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
374 break;
375 case EfiTlsServerRandom:
376 if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
377 *DataSize = sizeof (EFI_TLS_RANDOM);
378 Status = EFI_BUFFER_TOO_SMALL;
379 goto ON_EXIT;
380 }
381 *DataSize = sizeof (EFI_TLS_RANDOM);
382 TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
383 break;
384 case EfiTlsKeyMaterial:
385 if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
386 *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
387 Status = EFI_BUFFER_TOO_SMALL;
388 goto ON_EXIT;
389 }
390 *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
391 Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
392 break;
393 //
394 // Unsupported type.
395 //
396 default:
397 Status = EFI_UNSUPPORTED;
398 }
399
400 ON_EXIT:
401 gBS->RestoreTPL (OldTpl);
402 return Status;
403 }
404
405 /**
406 Build response packet according to TLS state machine. This function is only valid for
407 alert, handshake and change_cipher_spec content type.
408
409 The BuildResponsePacket() function builds TLS response packet in response to the TLS
410 request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
411 RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
412 will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
413 NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
414 session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
415 NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
416 session has errors and the response packet needs to be Alert message based on error
417 type.
418
419 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
420 @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
421 means TLS need initiate the TLS session and response
422 packet need to be ClientHello.
423 @param[in] RequestSize Packet size in bytes for the most recently received TLS
424 packet. 0 is only valid when RequestBuffer is NULL.
425 @param[out] Buffer Pointer to the buffer to hold the built packet.
426 @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
427 the buffer size provided by the caller. On output, it
428 is the buffer size in fact needed to contain the
429 packet.
430
431 @retval EFI_SUCCESS The required TLS packet is built successfully.
432 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
433 This is NULL.
434 RequestBuffer is NULL but RequestSize is NOT 0.
435 RequestSize is 0 but RequestBuffer is NOT NULL.
436 BufferSize is NULL.
437 Buffer is NULL if *BufferSize is not zero.
438 @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
439 @retval EFI_NOT_READY Current TLS session state is NOT ready to build
440 ResponsePacket.
441 @retval EFI_ABORTED Something wrong build response packet.
442 **/
443 EFI_STATUS
444 EFIAPI
445 TlsBuildResponsePacket (
446 IN EFI_TLS_PROTOCOL *This,
447 IN UINT8 *RequestBuffer, OPTIONAL
448 IN UINTN RequestSize, OPTIONAL
449 OUT UINT8 *Buffer, OPTIONAL
450 IN OUT UINTN *BufferSize
451 )
452 {
453 EFI_STATUS Status;
454 TLS_INSTANCE *Instance;
455 EFI_TPL OldTpl;
456
457 Status = EFI_SUCCESS;
458
459 if ((This == NULL) || (BufferSize == NULL) ||
460 (RequestBuffer == NULL && RequestSize != 0) ||
461 (RequestBuffer != NULL && RequestSize == 0) ||
462 (Buffer == NULL && *BufferSize !=0)) {
463 return EFI_INVALID_PARAMETER;
464 }
465
466 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
467
468 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
469
470 if(RequestBuffer == NULL && RequestSize == 0) {
471 switch (Instance->TlsSessionState) {
472 case EfiTlsSessionNotStarted:
473 //
474 // ClientHello.
475 //
476 Status = TlsDoHandshake (
477 Instance->TlsConn,
478 NULL,
479 0,
480 Buffer,
481 BufferSize
482 );
483 if (EFI_ERROR (Status)) {
484 goto ON_EXIT;
485 }
486
487 //
488 // *BufferSize should not be zero when ClientHello.
489 //
490 if (*BufferSize == 0) {
491 Status = EFI_ABORTED;
492 goto ON_EXIT;
493 }
494
495 Instance->TlsSessionState = EfiTlsSessionHandShaking;
496
497 break;
498 case EfiTlsSessionClosing:
499 //
500 // TLS session will be closed and response packet needs to be CloseNotify.
501 //
502 Status = TlsCloseNotify (
503 Instance->TlsConn,
504 Buffer,
505 BufferSize
506 );
507 if (EFI_ERROR (Status)) {
508 goto ON_EXIT;
509 }
510
511 //
512 // *BufferSize should not be zero when build CloseNotify message.
513 //
514 if (*BufferSize == 0) {
515 Status = EFI_ABORTED;
516 goto ON_EXIT;
517 }
518
519 break;
520 case EfiTlsSessionError:
521 //
522 // TLS session has errors and the response packet needs to be Alert
523 // message based on error type.
524 //
525 Status = TlsHandleAlert (
526 Instance->TlsConn,
527 NULL,
528 0,
529 Buffer,
530 BufferSize
531 );
532 if (EFI_ERROR (Status)) {
533 goto ON_EXIT;
534 }
535
536 break;
537 default:
538 //
539 // Current TLS session state is NOT ready to build ResponsePacket.
540 //
541 Status = EFI_NOT_READY;
542 }
543 } else {
544 //
545 // 1. Received packet may have multiple TLS record messages.
546 // 2. One TLS record message may have multiple handshake protocol.
547 // 3. Some errors may be happened in handshake.
548 // TlsDoHandshake() can handle all of those cases.
549 //
550 if (TlsInHandshake (Instance->TlsConn)) {
551 Status = TlsDoHandshake (
552 Instance->TlsConn,
553 RequestBuffer,
554 RequestSize,
555 Buffer,
556 BufferSize
557 );
558 if (EFI_ERROR (Status)) {
559 goto ON_EXIT;
560 }
561
562 if (!TlsInHandshake (Instance->TlsConn)) {
563 Instance->TlsSessionState = EfiTlsSessionDataTransferring;
564 }
565 } else {
566 //
567 // Must be alert message, Decrypt it and build the ResponsePacket.
568 //
569 ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);
570
571 Status = TlsHandleAlert (
572 Instance->TlsConn,
573 RequestBuffer,
574 RequestSize,
575 Buffer,
576 BufferSize
577 );
578 if (EFI_ERROR (Status)) {
579 if (Status != EFI_BUFFER_TOO_SMALL) {
580 Instance->TlsSessionState = EfiTlsSessionError;
581 }
582
583 goto ON_EXIT;
584 }
585 }
586 }
587
588 ON_EXIT:
589 gBS->RestoreTPL (OldTpl);
590 return Status;
591 }
592
593 /**
594 Decrypt or encrypt TLS packet during session. This function is only valid after
595 session connected and for application_data content type.
596
597 The ProcessPacket () function process each inbound or outbound TLS APP packet.
598
599 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
600 @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
601 responsible to handle the original FragmentTable while
602 it may be reallocated in TLS driver. If CryptMode is
603 EfiTlsEncrypt, on input these fragments contain the TLS
604 header and plain text TLS APP payload; on output these
605 fragments contain the TLS header and cipher text TLS
606 APP payload. If CryptMode is EfiTlsDecrypt, on input
607 these fragments contain the TLS header and cipher text
608 TLS APP payload; on output these fragments contain the
609 TLS header and plain text TLS APP payload.
610 @param[in] FragmentCount Number of fragment.
611 @param[in] CryptMode Crypt mode.
612
613 @retval EFI_SUCCESS The operation completed successfully.
614 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
615 This is NULL.
616 FragmentTable is NULL.
617 FragmentCount is NULL.
618 CryptoMode is invalid.
619 @retval EFI_NOT_READY Current TLS session state is NOT
620 EfiTlsSessionDataTransferring.
621 @retval EFI_ABORTED Something wrong decryption the message. TLS session
622 status will become EfiTlsSessionError. The caller need
623 call BuildResponsePacket() to generate Error Alert
624 message and send it out.
625 @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
626 **/
627 EFI_STATUS
628 EFIAPI
629 TlsProcessPacket (
630 IN EFI_TLS_PROTOCOL *This,
631 IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
632 IN UINT32 *FragmentCount,
633 IN EFI_TLS_CRYPT_MODE CryptMode
634 )
635 {
636 EFI_STATUS Status;
637 TLS_INSTANCE *Instance;
638
639 EFI_TPL OldTpl;
640
641 Status = EFI_SUCCESS;
642
643 if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
644 return EFI_INVALID_PARAMETER;
645 }
646
647 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
648
649 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
650
651 if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
652 Status = EFI_NOT_READY;
653 goto ON_EXIT;
654 }
655
656 //
657 // Packet sent or received may have multiple TLS record messages (Application data type).
658 // So,on input these fragments contain the TLS header and TLS APP payload;
659 // on output these fragments also contain the TLS header and TLS APP payload.
660 //
661 switch (CryptMode) {
662 case EfiTlsEncrypt:
663 Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
664 break;
665 case EfiTlsDecrypt:
666 Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
667 break;
668 default:
669 return EFI_INVALID_PARAMETER;
670 }
671
672 ON_EXIT:
673 gBS->RestoreTPL (OldTpl);
674 return Status;
675 }
676
EFI Development Kit II mirror for PVE