]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Include/Library/TlsLib.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UefiCpuPkg: Move AsmRelocateApLoopStart from Mpfuncs.nasm to AmdSev.nasm
[mirror_edk2.git] / CryptoPkg / Include / Library / TlsLib.h
CommitLineData
264702a0
HW		 1/** @file\r
2 Defines TLS Library APIs.\r
3\r
0878771f 4Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
2009f6b4 5SPDX-License-Identifier: BSD-2-Clause-Patent\r
264702a0
HW		 6\r
7**/\r
8\r
9#ifndef __TLS_LIB_H__\r
10#define __TLS_LIB_H__\r
11\r
12/**\r
13 Initializes the OpenSSL library.\r
14\r
15 This function registers ciphers and digests used directly and indirectly\r
16 by SSL/TLS, and initializes the readable error messages.\r
17 This function must be called before any other action takes places.\r
18\r
0878771f
JW		 19 @retval TRUE The OpenSSL library has been initialized.\r
20 @retval FALSE Failed to initialize the OpenSSL library.\r
21\r
264702a0 22**/\r
0878771f 23BOOLEAN\r
264702a0
HW		 24EFIAPI\r
25TlsInitialize (\r
26 VOID\r
27 );\r
28\r
29/**\r
30 Free an allocated SSL_CTX object.\r
31\r
32 @param[in] TlsCtx Pointer to the SSL_CTX object to be released.\r
33\r
34**/\r
35VOID\r
36EFIAPI\r
37TlsCtxFree (\r
7c342378 38 IN VOID *TlsCtx\r
264702a0
HW		 39 );\r
40\r
41/**\r
42 Creates a new SSL_CTX object as framework to establish TLS/SSL enabled\r
43 connections.\r
44\r
45 @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
46 @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
47\r
48 @return Pointer to an allocated SSL_CTX object.\r
49 If the creation failed, TlsCtxNew() returns NULL.\r
50\r
51**/\r
52VOID *\r
53EFIAPI\r
54TlsCtxNew (\r
7c342378
MK		 55 IN UINT8 MajorVer,\r
56 IN UINT8 MinorVer\r
264702a0
HW		 57 );\r
58\r
59/**\r
60 Free an allocated TLS object.\r
61\r
62 This function removes the TLS object pointed to by Tls and frees up the\r
63 allocated memory. If Tls is NULL, nothing is done.\r
64\r
65 @param[in] Tls Pointer to the TLS object to be freed.\r
66\r
67**/\r
68VOID\r
69EFIAPI\r
70TlsFree (\r
7c342378 71 IN VOID *Tls\r
264702a0
HW		 72 );\r
73\r
74/**\r
75 Create a new TLS object for a connection.\r
76\r
77 This function creates a new TLS object for a connection. The new object\r
78 inherits the setting of the underlying context TlsCtx: connection method,\r
79 options, verification setting.\r
80\r
81 @param[in] TlsCtx Pointer to the SSL_CTX object.\r
82\r
83 @return Pointer to an allocated SSL object.\r
84 If the creation failed, TlsNew() returns NULL.\r
85\r
86**/\r
87VOID *\r
88EFIAPI\r
89TlsNew (\r
7c342378 90 IN VOID *TlsCtx\r
264702a0
HW		 91 );\r
92\r
93/**\r
94 Checks if the TLS handshake was done.\r
95\r
96 This function will check if the specified TLS handshake was done.\r
97\r
98 @param[in] Tls Pointer to the TLS object for handshake state checking.\r
99\r
100 @retval TRUE The TLS handshake was done.\r
101 @retval FALSE The TLS handshake was not done.\r
102\r
103**/\r
104BOOLEAN\r
105EFIAPI\r
106TlsInHandshake (\r
7c342378 107 IN VOID *Tls\r
264702a0
HW		 108 );\r
109\r
110/**\r
111 Perform a TLS/SSL handshake.\r
112\r
113 This function will perform a TLS/SSL handshake.\r
114\r
115 @param[in] Tls Pointer to the TLS object for handshake operation.\r
116 @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.\r
117 @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
118 Handshake packet.\r
119 @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
120 @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
121 the buffer size provided by the caller. On output, it\r
122 is the buffer size in fact needed to contain the\r
123 packet.\r
124\r
125 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
126 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
127 Tls is NULL.\r
128 BufferIn is NULL but BufferInSize is NOT 0.\r
129 BufferInSize is 0 but BufferIn is NOT NULL.\r
130 BufferOutSize is NULL.\r
131 BufferOut is NULL if *BufferOutSize is not zero.\r
132 @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
133 @retval EFI_ABORTED Something wrong during handshake.\r
134\r
135**/\r
136EFI_STATUS\r
137EFIAPI\r
138TlsDoHandshake (\r
7c342378
MK		 139 IN VOID *Tls,\r
140 IN UINT8 *BufferIn OPTIONAL,\r
141 IN UINTN BufferInSize OPTIONAL,\r
142 OUT UINT8 *BufferOut OPTIONAL,\r
143 IN OUT UINTN *BufferOutSize\r
264702a0
HW		 144 );\r
145\r
146/**\r
147 Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,\r
148 TLS session has errors and the response packet needs to be Alert message based on error type.\r
149\r
150 @param[in] Tls Pointer to the TLS object for state checking.\r
151 @param[in] BufferIn Pointer to the most recently received TLS Alert packet.\r
152 @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
153 Alert packet.\r
154 @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
155 @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
156 the buffer size provided by the caller. On output, it\r
157 is the buffer size in fact needed to contain the\r
158 packet.\r
159\r
160 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
161 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
162 Tls is NULL.\r
163 BufferIn is NULL but BufferInSize is NOT 0.\r
164 BufferInSize is 0 but BufferIn is NOT NULL.\r
165 BufferOutSize is NULL.\r
166 BufferOut is NULL if *BufferOutSize is not zero.\r
167 @retval EFI_ABORTED An error occurred.\r
168 @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
169\r
170**/\r
171EFI_STATUS\r
172EFIAPI\r
173TlsHandleAlert (\r
7c342378
MK		 174 IN VOID *Tls,\r
175 IN UINT8 *BufferIn OPTIONAL,\r
176 IN UINTN BufferInSize OPTIONAL,\r
177 OUT UINT8 *BufferOut OPTIONAL,\r
178 IN OUT UINTN *BufferOutSize\r
264702a0
HW		 179 );\r
180\r
181/**\r
182 Build the CloseNotify packet.\r
183\r
184 @param[in] Tls Pointer to the TLS object for state checking.\r
185 @param[in, out] Buffer Pointer to the buffer to hold the built packet.\r
186 @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
187 the buffer size provided by the caller. On output, it\r
188 is the buffer size in fact needed to contain the\r
189 packet.\r
190\r
191 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
192 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
193 Tls is NULL.\r
194 BufferSize is NULL.\r
195 Buffer is NULL if *BufferSize is not zero.\r
196 @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
197\r
198**/\r
199EFI_STATUS\r
200EFIAPI\r
201TlsCloseNotify (\r
7c342378
MK		 202 IN VOID *Tls,\r
203 IN OUT UINT8 *Buffer,\r
204 IN OUT UINTN *BufferSize\r
264702a0
HW		 205 );\r
206\r
207/**\r
208 Attempts to read bytes from one TLS object and places the data in Buffer.\r
209\r
210 This function will attempt to read BufferSize bytes from the TLS object\r
211 and places the data in Buffer.\r
212\r
213 @param[in] Tls Pointer to the TLS object.\r
214 @param[in,out] Buffer Pointer to the buffer to store the data.\r
215 @param[in] BufferSize The size of Buffer in bytes.\r
216\r
217 @retval >0 The amount of data successfully read from the TLS object.\r
218 @retval <=0 No data was successfully read.\r
219\r
220**/\r
221INTN\r
222EFIAPI\r
223TlsCtrlTrafficOut (\r
7c342378
MK		 224 IN VOID *Tls,\r
225 IN OUT VOID *Buffer,\r
226 IN UINTN BufferSize\r
264702a0
HW		 227 );\r
228\r
229/**\r
230 Attempts to write data from the buffer to TLS object.\r
231\r
232 This function will attempt to write BufferSize bytes data from the Buffer\r
233 to the TLS object.\r
234\r
235 @param[in] Tls Pointer to the TLS object.\r
236 @param[in] Buffer Pointer to the data buffer.\r
237 @param[in] BufferSize The size of Buffer in bytes.\r
238\r
239 @retval >0 The amount of data successfully written to the TLS object.\r
240 @retval <=0 No data was successfully written.\r
241\r
242**/\r
243INTN\r
244EFIAPI\r
245TlsCtrlTrafficIn (\r
7c342378
MK		 246 IN VOID *Tls,\r
247 IN VOID *Buffer,\r
248 IN UINTN BufferSize\r
264702a0
HW		 249 );\r
250\r
251/**\r
252 Attempts to read bytes from the specified TLS connection into the buffer.\r
253\r
254 This function tries to read BufferSize bytes data from the specified TLS\r
255 connection into the Buffer.\r
256\r
257 @param[in] Tls Pointer to the TLS connection for data reading.\r
258 @param[in,out] Buffer Pointer to the data buffer.\r
259 @param[in] BufferSize The size of Buffer in bytes.\r
260\r
261 @retval >0 The read operation was successful, and return value is the\r
262 number of bytes actually read from the TLS connection.\r
263 @retval <=0 The read operation was not successful.\r
264\r
265**/\r
266INTN\r
267EFIAPI\r
268TlsRead (\r
7c342378
MK		 269 IN VOID *Tls,\r
270 IN OUT VOID *Buffer,\r
271 IN UINTN BufferSize\r
264702a0
HW		 272 );\r
273\r
274/**\r
275 Attempts to write data to a TLS connection.\r
276\r
277 This function tries to write BufferSize bytes data from the Buffer into the\r
278 specified TLS connection.\r
279\r
280 @param[in] Tls Pointer to the TLS connection for data writing.\r
281 @param[in] Buffer Pointer to the data buffer.\r
282 @param[in] BufferSize The size of Buffer in bytes.\r
283\r
284 @retval >0 The write operation was successful, and return value is the\r
285 number of bytes actually written to the TLS connection.\r
286 @retval <=0 The write operation was not successful.\r
287\r
288**/\r
289INTN\r
290EFIAPI\r
291TlsWrite (\r
7c342378
MK		 292 IN VOID *Tls,\r
293 IN VOID *Buffer,\r
294 IN UINTN BufferSize\r
264702a0
HW		 295 );\r
296\r
bb78d969
YL		 297/**\r
298 Shutdown a TLS connection.\r
299\r
300 Shutdown the TLS connection without releasing the resources, meaning a new\r
301 connection can be started without calling TlsNew() and without setting\r
302 certificates etc.\r
303\r
304 @param[in] Tls Pointer to the TLS object to shutdown.\r
305\r
306 @retval EFI_SUCCESS The TLS is shutdown successfully.\r
307 @retval EFI_INVALID_PARAMETER Tls is NULL.\r
308 @retval EFI_PROTOCOL_ERROR Some other error occurred.\r
309**/\r
310EFI_STATUS\r
311EFIAPI\r
312TlsShutdown (\r
313 IN VOID *Tls\r
314 );\r
315\r
264702a0
HW		 316/**\r
317 Set a new TLS/SSL method for a particular TLS object.\r
318\r
319 This function sets a new TLS/SSL method for a particular TLS object.\r
320\r
321 @param[in] Tls Pointer to a TLS object.\r
322 @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
323 @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
324\r
325 @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r
326 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
327 @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r
328\r
329**/\r
330EFI_STATUS\r
331EFIAPI\r
332TlsSetVersion (\r
7c342378
MK		 333 IN VOID *Tls,\r
334 IN UINT8 MajorVer,\r
335 IN UINT8 MinorVer\r
264702a0
HW		 336 );\r
337\r
338/**\r
339 Set TLS object to work in client or server mode.\r
340\r
341 This function prepares a TLS object to work in client or server mode.\r
342\r
343 @param[in] Tls Pointer to a TLS object.\r
344 @param[in] IsServer Work in server mode.\r
345\r
346 @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r
347 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
348 @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r
349\r
350**/\r
351EFI_STATUS\r
352EFIAPI\r
353TlsSetConnectionEnd (\r
7c342378
MK		 354 IN VOID *Tls,\r
355 IN BOOLEAN IsServer\r
264702a0
HW		 356 );\r
357\r
358/**\r
359 Set the ciphers list to be used by the TLS object.\r
360\r
361 This function sets the ciphers for use by a specified TLS object.\r
362\r
363 @param[in] Tls Pointer to a TLS object.\r
2167c7f7
LE		 364 @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16\r
365 cipher identifier comes from the TLS Cipher Suite\r
366 Registry of the IANA, interpreting Byte1 and Byte2\r
367 in network (big endian) byte order.\r
264702a0
HW		 368 @param[in] CipherNum The number of cipher in the list.\r
369\r
370 @retval EFI_SUCCESS The ciphers list was set successfully.\r
371 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
2167c7f7
LE		 372 @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.\r
373 @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r
264702a0
HW		 374\r
375**/\r
376EFI_STATUS\r
377EFIAPI\r
378TlsSetCipherList (\r
7c342378
MK		 379 IN VOID *Tls,\r
380 IN UINT16 *CipherId,\r
381 IN UINTN CipherNum\r
264702a0
HW		 382 );\r
383\r
384/**\r
385 Set the compression method for TLS/SSL operations.\r
386\r
387 This function handles TLS/SSL integrated compression methods.\r
388\r
389 @param[in] CompMethod The compression method ID.\r
390\r
391 @retval EFI_SUCCESS The compression method for the communication was\r
392 set successfully.\r
393 @retval EFI_UNSUPPORTED Unsupported compression method.\r
394\r
395**/\r
396EFI_STATUS\r
397EFIAPI\r
398TlsSetCompressionMethod (\r
7c342378 399 IN UINT8 CompMethod\r
264702a0
HW		 400 );\r
401\r
402/**\r
403 Set peer certificate verification mode for the TLS connection.\r
404\r
405 This function sets the verification mode flags for the TLS connection.\r
406\r
407 @param[in] Tls Pointer to the TLS object.\r
408 @param[in] VerifyMode A set of logically or'ed verification mode flags.\r
409\r
410**/\r
411VOID\r
412EFIAPI\r
413TlsSetVerify (\r
7c342378
MK		 414 IN VOID *Tls,\r
415 IN UINT32 VerifyMode\r
264702a0
HW		 416 );\r
417\r
2ca74e1a
WJ		 418/**\r
419 Set the specified host name to be verified.\r
420\r
421 @param[in] Tls Pointer to the TLS object.\r
422 @param[in] Flags The setting flags during the validation.\r
423 @param[in] HostName The specified host name to be verified.\r
424\r
425 @retval EFI_SUCCESS The HostName setting was set successfully.\r
426 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
427 @retval EFI_ABORTED Invalid HostName setting.\r
428\r
429**/\r
430EFI_STATUS\r
431EFIAPI\r
432TlsSetVerifyHost (\r
7c342378
MK		 433 IN VOID *Tls,\r
434 IN UINT32 Flags,\r
435 IN CHAR8 *HostName\r
2ca74e1a
WJ		 436 );\r
437\r
264702a0
HW		 438/**\r
439 Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
440\r
441 This function sets a session ID to be used when the TLS/SSL connection is\r
442 to be established.\r
443\r
444 @param[in] Tls Pointer to the TLS object.\r
445 @param[in] SessionId Session ID data used for session resumption.\r
446 @param[in] SessionIdLen Length of Session ID in bytes.\r
447\r
448 @retval EFI_SUCCESS Session ID was set successfully.\r
449 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
450 @retval EFI_UNSUPPORTED No available session for ID setting.\r
451\r
452**/\r
453EFI_STATUS\r
454EFIAPI\r
455TlsSetSessionId (\r
7c342378
MK		 456 IN VOID *Tls,\r
457 IN UINT8 *SessionId,\r
458 IN UINT16 SessionIdLen\r
264702a0
HW		 459 );\r
460\r
461/**\r
462 Adds the CA to the cert store when requesting Server or Client authentication.\r
463\r
464 This function adds the CA certificate to the list of CAs when requesting\r
465 Server or Client authentication for the chosen TLS connection.\r
466\r
467 @param[in] Tls Pointer to the TLS object.\r
468 @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
469 X.509 certificate or PEM-encoded X.509 certificate.\r
470 @param[in] DataSize The size of data buffer in bytes.\r
471\r
472 @retval EFI_SUCCESS The operation succeeded.\r
473 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
474 @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
475 @retval EFI_ABORTED Invalid X.509 certificate.\r
476\r
477**/\r
478EFI_STATUS\r
479EFIAPI\r
480TlsSetCaCertificate (\r
7c342378
MK		 481 IN VOID *Tls,\r
482 IN VOID *Data,\r
483 IN UINTN DataSize\r
264702a0
HW		 484 );\r
485\r
486/**\r
487 Loads the local public certificate into the specified TLS object.\r
488\r
489 This function loads the X.509 certificate into the specified TLS object\r
490 for TLS negotiation.\r
491\r
492 @param[in] Tls Pointer to the TLS object.\r
493 @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
494 X.509 certificate or PEM-encoded X.509 certificate.\r
495 @param[in] DataSize The size of data buffer in bytes.\r
496\r
497 @retval EFI_SUCCESS The operation succeeded.\r
498 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
499 @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
500 @retval EFI_ABORTED Invalid X.509 certificate.\r
501\r
502**/\r
503EFI_STATUS\r
504EFIAPI\r
505TlsSetHostPublicCert (\r
7c342378
MK		 506 IN VOID *Tls,\r
507 IN VOID *Data,\r
508 IN UINTN DataSize\r
264702a0
HW		 509 );\r
510\r
511/**\r
512 Adds the local private key to the specified TLS object.\r
513\r
bb78d969 514 This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private\r
264702a0
HW		 515 key) into the specified TLS object for TLS negotiation.\r
516\r
517 @param[in] Tls Pointer to the TLS object.\r
bb78d969
YL		 518 @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded\r
519 or PKCS#8 private key.\r
520 @param[in] DataSize The size of data buffer in bytes.\r
521 @param[in] Password Pointer to NULL-terminated private key password, set it to NULL\r
522 if private key not encrypted.\r
523\r
524 @retval EFI_SUCCESS The operation succeeded.\r
525 @retval EFI_UNSUPPORTED This function is not supported.\r
526 @retval EFI_ABORTED Invalid private key data.\r
527\r
528**/\r
529EFI_STATUS\r
530EFIAPI\r
531TlsSetHostPrivateKeyEx (\r
532 IN VOID *Tls,\r
533 IN VOID *Data,\r
534 IN UINTN DataSize,\r
535 IN VOID *Password OPTIONAL\r
536 );\r
537\r
538/**\r
539 Adds the local private key to the specified TLS object.\r
540\r
541 This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private\r
542 key) into the specified TLS object for TLS negotiation.\r
543\r
544 @param[in] Tls Pointer to the TLS object.\r
545 @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded\r
264702a0
HW		 546 or PKCS#8 private key.\r
547 @param[in] DataSize The size of data buffer in bytes.\r
548\r
549 @retval EFI_SUCCESS The operation succeeded.\r
550 @retval EFI_UNSUPPORTED This function is not supported.\r
551 @retval EFI_ABORTED Invalid private key data.\r
552\r
553**/\r
554EFI_STATUS\r
555EFIAPI\r
556TlsSetHostPrivateKey (\r
7c342378
MK		 557 IN VOID *Tls,\r
558 IN VOID *Data,\r
559 IN UINTN DataSize\r
264702a0
HW		 560 );\r
561\r
562/**\r
563 Adds the CA-supplied certificate revocation list for certificate validation.\r
564\r
565 This function adds the CA-supplied certificate revocation list data for\r
566 certificate validity checking.\r
567\r
568 @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r
569 @param[in] DataSize The size of data buffer in bytes.\r
570\r
571 @retval EFI_SUCCESS The operation succeeded.\r
572 @retval EFI_UNSUPPORTED This function is not supported.\r
573 @retval EFI_ABORTED Invalid CRL data.\r
574\r
575**/\r
576EFI_STATUS\r
577EFIAPI\r
578TlsSetCertRevocationList (\r
7c342378
MK		 579 IN VOID *Data,\r
580 IN UINTN DataSize\r
264702a0
HW		 581 );\r
582\r
bb78d969
YL		 583/**\r
584 Set the signature algorithm list to used by the TLS object.\r
585\r
586 This function sets the signature algorithms for use by a specified TLS object.\r
587\r
588 @param[in] Tls Pointer to a TLS object.\r
589 @param[in] Data Array of UINT8 of signature algorithms. The array consists of\r
590 pairs of the hash algorithm and the signature algorithm as defined\r
591 in RFC 5246\r
592 @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.\r
593\r
594 @retval EFI_SUCCESS The signature algorithm list was set successfully.\r
595 @retval EFI_INVALID_PARAMETER The parameters are invalid.\r
596 @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList\r
597 @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r
598\r
599**/\r
600EFI_STATUS\r
601EFIAPI\r
602TlsSetSignatureAlgoList (\r
603 IN VOID *Tls,\r
604 IN UINT8 *Data,\r
605 IN UINTN DataSize\r
606 );\r
607\r
608/**\r
609 Set the EC curve to be used for TLS flows\r
610\r
611 This function sets the EC curve to be used for TLS flows.\r
612\r
613 @param[in] Tls Pointer to a TLS object.\r
614 @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.\r
615 @param[in] DataSize Size of Data, it should be sizeof (UINT32)\r
616\r
617 @retval EFI_SUCCESS The EC curve was set successfully.\r
618 @retval EFI_INVALID_PARAMETER The parameters are invalid.\r
619 @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported\r
620\r
621**/\r
622EFI_STATUS\r
623EFIAPI\r
624TlsSetEcCurve (\r
625 IN VOID *Tls,\r
626 IN UINT8 *Data,\r
627 IN UINTN DataSize\r
628 );\r
629\r
264702a0
HW		 630/**\r
631 Gets the protocol version used by the specified TLS connection.\r
632\r
633 This function returns the protocol version used by the specified TLS\r
634 connection.\r
635\r
9c14f76b
JW		 636 If Tls is NULL, then ASSERT().\r
637\r
264702a0
HW		 638 @param[in] Tls Pointer to the TLS object.\r
639\r
640 @return The protocol version of the specified TLS connection.\r
641\r
642**/\r
643UINT16\r
644EFIAPI\r
645TlsGetVersion (\r
7c342378 646 IN VOID *Tls\r
264702a0
HW		 647 );\r
648\r
649/**\r
650 Gets the connection end of the specified TLS connection.\r
651\r
652 This function returns the connection end (as client or as server) used by\r
653 the specified TLS connection.\r
654\r
9c14f76b
JW		 655 If Tls is NULL, then ASSERT().\r
656\r
264702a0
HW		 657 @param[in] Tls Pointer to the TLS object.\r
658\r
659 @return The connection end used by the specified TLS connection.\r
660\r
661**/\r
662UINT8\r
663EFIAPI\r
664TlsGetConnectionEnd (\r
7c342378 665 IN VOID *Tls\r
264702a0
HW		 666 );\r
667\r
668/**\r
669 Gets the cipher suite used by the specified TLS connection.\r
670\r
671 This function returns current cipher suite used by the specified\r
672 TLS connection.\r
673\r
674 @param[in] Tls Pointer to the TLS object.\r
675 @param[in,out] CipherId The cipher suite used by the TLS object.\r
676\r
677 @retval EFI_SUCCESS The cipher suite was returned successfully.\r
678 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
679 @retval EFI_UNSUPPORTED Unsupported cipher suite.\r
680\r
681**/\r
682EFI_STATUS\r
683EFIAPI\r
684TlsGetCurrentCipher (\r
7c342378
MK		 685 IN VOID *Tls,\r
686 IN OUT UINT16 *CipherId\r
264702a0
HW		 687 );\r
688\r
689/**\r
690 Gets the compression methods used by the specified TLS connection.\r
691\r
692 This function returns current integrated compression methods used by\r
693 the specified TLS connection.\r
694\r
695 @param[in] Tls Pointer to the TLS object.\r
696 @param[in,out] CompressionId The current compression method used by\r
697 the TLS object.\r
698\r
699 @retval EFI_SUCCESS The compression method was returned successfully.\r
700 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
701 @retval EFI_ABORTED Invalid Compression method.\r
702 @retval EFI_UNSUPPORTED This function is not supported.\r
703\r
704**/\r
705EFI_STATUS\r
706EFIAPI\r
707TlsGetCurrentCompressionId (\r
7c342378
MK		 708 IN VOID *Tls,\r
709 IN OUT UINT8 *CompressionId\r
264702a0
HW		 710 );\r
711\r
712/**\r
713 Gets the verification mode currently set in the TLS connection.\r
714\r
715 This function returns the peer verification mode currently set in the\r
716 specified TLS connection.\r
717\r
9c14f76b
JW		 718 If Tls is NULL, then ASSERT().\r
719\r
264702a0
HW		 720 @param[in] Tls Pointer to the TLS object.\r
721\r
722 @return The verification mode set in the specified TLS connection.\r
723\r
724**/\r
725UINT32\r
726EFIAPI\r
727TlsGetVerify (\r
7c342378 728 IN VOID *Tls\r
264702a0
HW		 729 );\r
730\r
731/**\r
732 Gets the session ID used by the specified TLS connection.\r
733\r
734 This function returns the TLS/SSL session ID currently used by the\r
735 specified TLS connection.\r
736\r
737 @param[in] Tls Pointer to the TLS object.\r
738 @param[in,out] SessionId Buffer to contain the returned session ID.\r
739 @param[in,out] SessionIdLen The length of Session ID in bytes.\r
740\r
741 @retval EFI_SUCCESS The Session ID was returned successfully.\r
742 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
743 @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
744\r
745**/\r
746EFI_STATUS\r
747EFIAPI\r
748TlsGetSessionId (\r
7c342378
MK		 749 IN VOID *Tls,\r
750 IN OUT UINT8 *SessionId,\r
751 IN OUT UINT16 *SessionIdLen\r
264702a0
HW		 752 );\r
753\r
754/**\r
755 Gets the client random data used in the specified TLS connection.\r
756\r
757 This function returns the TLS/SSL client random data currently used in\r
758 the specified TLS connection.\r
759\r
760 @param[in] Tls Pointer to the TLS object.\r
761 @param[in,out] ClientRandom Buffer to contain the returned client\r
762 random data (32 bytes).\r
763\r
764**/\r
765VOID\r
766EFIAPI\r
767TlsGetClientRandom (\r
7c342378
MK		 768 IN VOID *Tls,\r
769 IN OUT UINT8 *ClientRandom\r
264702a0
HW		 770 );\r
771\r
772/**\r
773 Gets the server random data used in the specified TLS connection.\r
774\r
775 This function returns the TLS/SSL server random data currently used in\r
776 the specified TLS connection.\r
777\r
778 @param[in] Tls Pointer to the TLS object.\r
779 @param[in,out] ServerRandom Buffer to contain the returned server\r
780 random data (32 bytes).\r
781\r
782**/\r
783VOID\r
784EFIAPI\r
785TlsGetServerRandom (\r
7c342378
MK		 786 IN VOID *Tls,\r
787 IN OUT UINT8 *ServerRandom\r
264702a0
HW		 788 );\r
789\r
790/**\r
791 Gets the master key data used in the specified TLS connection.\r
792\r
793 This function returns the TLS/SSL master key material currently used in\r
794 the specified TLS connection.\r
795\r
796 @param[in] Tls Pointer to the TLS object.\r
797 @param[in,out] KeyMaterial Buffer to contain the returned key material.\r
798\r
799 @retval EFI_SUCCESS Key material was returned successfully.\r
800 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
801 @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
802\r
803**/\r
804EFI_STATUS\r
805EFIAPI\r
806TlsGetKeyMaterial (\r
7c342378
MK		 807 IN VOID *Tls,\r
808 IN OUT UINT8 *KeyMaterial\r
264702a0
HW		 809 );\r
810\r
811/**\r
812 Gets the CA Certificate from the cert store.\r
813\r
814 This function returns the CA certificate for the chosen\r
815 TLS connection.\r
816\r
817 @param[in] Tls Pointer to the TLS object.\r
818 @param[out] Data Pointer to the data buffer to receive the CA\r
819 certificate data sent to the client.\r
820 @param[in,out] DataSize The size of data buffer in bytes.\r
821\r
822 @retval EFI_SUCCESS The operation succeeded.\r
823 @retval EFI_UNSUPPORTED This function is not supported.\r
824 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
825\r
826**/\r
827EFI_STATUS\r
828EFIAPI\r
829TlsGetCaCertificate (\r
7c342378
MK		 830 IN VOID *Tls,\r
831 OUT VOID *Data,\r
832 IN OUT UINTN *DataSize\r
264702a0
HW		 833 );\r
834\r
835/**\r
836 Gets the local public Certificate set in the specified TLS object.\r
837\r
838 This function returns the local public certificate which was currently set\r
839 in the specified TLS object.\r
840\r
841 @param[in] Tls Pointer to the TLS object.\r
842 @param[out] Data Pointer to the data buffer to receive the local\r
843 public certificate.\r
844 @param[in,out] DataSize The size of data buffer in bytes.\r
845\r
846 @retval EFI_SUCCESS The operation succeeded.\r
847 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
848 @retval EFI_NOT_FOUND The certificate is not found.\r
849 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
850\r
851**/\r
852EFI_STATUS\r
853EFIAPI\r
854TlsGetHostPublicCert (\r
7c342378
MK		 855 IN VOID *Tls,\r
856 OUT VOID *Data,\r
857 IN OUT UINTN *DataSize\r
264702a0
HW		 858 );\r
859\r
860/**\r
861 Gets the local private key set in the specified TLS object.\r
862\r
863 This function returns the local private key data which was currently set\r
864 in the specified TLS object.\r
865\r
866 @param[in] Tls Pointer to the TLS object.\r
867 @param[out] Data Pointer to the data buffer to receive the local\r
868 private key data.\r
869 @param[in,out] DataSize The size of data buffer in bytes.\r
870\r
871 @retval EFI_SUCCESS The operation succeeded.\r
872 @retval EFI_UNSUPPORTED This function is not supported.\r
873 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
874\r
875**/\r
876EFI_STATUS\r
877EFIAPI\r
878TlsGetHostPrivateKey (\r
7c342378
MK		 879 IN VOID *Tls,\r
880 OUT VOID *Data,\r
881 IN OUT UINTN *DataSize\r
264702a0
HW		 882 );\r
883\r
884/**\r
885 Gets the CA-supplied certificate revocation list data set in the specified\r
886 TLS object.\r
887\r
888 This function returns the CA-supplied certificate revocation list data which\r
889 was currently set in the specified TLS object.\r
890\r
891 @param[out] Data Pointer to the data buffer to receive the CRL data.\r
892 @param[in,out] DataSize The size of data buffer in bytes.\r
893\r
894 @retval EFI_SUCCESS The operation succeeded.\r
895 @retval EFI_UNSUPPORTED This function is not supported.\r
896 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
897\r
898**/\r
899EFI_STATUS\r
900EFIAPI\r
901TlsGetCertRevocationList (\r
7c342378
MK		 902 OUT VOID *Data,\r
903 IN OUT UINTN *DataSize\r
264702a0
HW		 904 );\r
905\r
bb78d969
YL		 906/**\r
907 Derive keying material from a TLS connection.\r
908\r
909 This function exports keying material using the mechanism described in RFC\r
910 5705.\r
911\r
912 @param[in] Tls Pointer to the TLS object\r
913 @param[in] Label Description of the key for the PRF function\r
914 @param[in] Context Optional context\r
915 @param[in] ContextLen The length of the context value in bytes\r
916 @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF\r
917 @param[in] KeyBufferLen The length of the KeyBuffer\r
918\r
919 @retval EFI_SUCCESS The operation succeeded.\r
920 @retval EFI_INVALID_PARAMETER The TLS object is invalid.\r
921 @retval EFI_PROTOCOL_ERROR Some other error occurred.\r
922\r
923**/\r
924EFI_STATUS\r
925EFIAPI\r
926TlsGetExportKey (\r
927 IN VOID *Tls,\r
928 IN CONST VOID *Label,\r
929 IN CONST VOID *Context,\r
930 IN UINTN ContextLen,\r
931 OUT VOID *KeyBuffer,\r
932 IN UINTN KeyBufferLen\r
933 );\r
934\r
264702a0 935#endif // __TLS_LIB_H__\r
EFI Development Kit II mirror for PVE