CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0);\r
}\r
\r
+/**\r
+ Shutdown a TLS connection.\r
+\r
+ Shutdown the TLS connection without releasing the resources, meaning a new\r
+ connection can be started without calling TlsNew() and without setting\r
+ certificates etc.\r
+\r
+ @param[in] Tls Pointer to the TLS object to shutdown.\r
+\r
+ @retval EFI_SUCCESS The TLS is shutdown successfully.\r
+ @retval EFI_INVALID_PARAMETER Tls is NULL.\r
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsShutdown (\r
+ IN VOID *Tls\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED);\r
+}\r
+\r
/**\r
Set a new TLS/SSL method for a particular TLS object.\r
\r
/**\r
Adds the local private key to the specified TLS object.\r
\r
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private\r
key) into the specified TLS object for TLS negotiation.\r
\r
@param[in] Tls Pointer to the TLS object.\r
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded\r
+ or PKCS#8 private key.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL\r
+ if private key not encrypted.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_ABORTED Invalid private key data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetHostPrivateKeyEx (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN VOID *Password OPTIONAL\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);\r
+}\r
+\r
+/**\r
+ Adds the local private key to the specified TLS object.\r
+\r
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private\r
+ key) into the specified TLS object for TLS negotiation.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded\r
or PKCS#8 private key.\r
@param[in] DataSize The size of data buffer in bytes.\r
\r
CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);\r
}\r
\r
+/**\r
+ Set the signature algorithm list to used by the TLS object.\r
+\r
+ This function sets the signature algorithms for use by a specified TLS object.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of\r
+ pairs of the hash algorithm and the signature algorithm as defined\r
+ in RFC 5246\r
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.\r
+\r
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.\r
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList\r
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetSignatureAlgoList (\r
+ IN VOID *Tls,\r
+ IN UINT8 *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);\r
+}\r
+\r
+/**\r
+ Set the EC curve to be used for TLS flows\r
+\r
+ This function sets the EC curve to be used for TLS flows.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.\r
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)\r
+\r
+ @retval EFI_SUCCESS The EC curve was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.\r
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetEcCurve (\r
+ IN VOID *Tls,\r
+ IN UINT8 *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);\r
+}\r
+\r
/**\r
Gets the protocol version used by the specified TLS connection.\r
\r
CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);\r
}\r
\r
+/**\r
+ Derive keying material from a TLS connection.\r
+\r
+ This function exports keying material using the mechanism described in RFC\r
+ 5705.\r
+\r
+ @param[in] Tls Pointer to the TLS object\r
+ @param[in] Label Description of the key for the PRF function\r
+ @param[in] Context Optional context\r
+ @param[in] ContextLen The length of the context value in bytes\r
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF\r
+ @param[in] KeyBufferLen The length of the KeyBuffer\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.\r
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetExportKey (\r
+ IN VOID *Tls,\r
+ IN CONST VOID *Label,\r
+ IN CONST VOID *Context,\r
+ IN UINTN ContextLen,\r
+ OUT VOID *KeyBuffer,\r
+ IN UINTN KeyBufferLen\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (\r
+ TlsGetExportKey,\r
+ (Tls, Label, Context, ContextLen,\r
+ KeyBuffer, KeyBufferLen),\r
+ EFI_UNSUPPORTED\r
+ );\r
+}\r
+\r
// =====================================================================================\r
// Big number primitive\r
// =====================================================================================\r