CryptoPkg/TlsLib: rewrite TlsSetCipherList()
[mirror_edk2.git] / CryptoPkg / Include / Library / TlsLib.h
CommitLineData
264702a0
HW
1/** @file\r
2 Defines TLS Library APIs.\r
3\r
0878771f 4Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
264702a0
HW
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#ifndef __TLS_LIB_H__\r
16#define __TLS_LIB_H__\r
17\r
18/**\r
19 Initializes the OpenSSL library.\r
20\r
21 This function registers ciphers and digests used directly and indirectly\r
22 by SSL/TLS, and initializes the readable error messages.\r
23 This function must be called before any other action takes places.\r
24\r
0878771f
JW
25 @retval TRUE The OpenSSL library has been initialized.\r
26 @retval FALSE Failed to initialize the OpenSSL library.\r
27\r
264702a0 28**/\r
0878771f 29BOOLEAN\r
264702a0
HW
30EFIAPI\r
31TlsInitialize (\r
32 VOID\r
33 );\r
34\r
35/**\r
36 Free an allocated SSL_CTX object.\r
37\r
38 @param[in] TlsCtx Pointer to the SSL_CTX object to be released.\r
39\r
40**/\r
41VOID\r
42EFIAPI\r
43TlsCtxFree (\r
44 IN VOID *TlsCtx\r
45 );\r
46\r
47/**\r
48 Creates a new SSL_CTX object as framework to establish TLS/SSL enabled\r
49 connections.\r
50\r
51 @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
52 @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
53\r
54 @return Pointer to an allocated SSL_CTX object.\r
55 If the creation failed, TlsCtxNew() returns NULL.\r
56\r
57**/\r
58VOID *\r
59EFIAPI\r
60TlsCtxNew (\r
61 IN UINT8 MajorVer,\r
62 IN UINT8 MinorVer\r
63 );\r
64\r
65/**\r
66 Free an allocated TLS object.\r
67\r
68 This function removes the TLS object pointed to by Tls and frees up the\r
69 allocated memory. If Tls is NULL, nothing is done.\r
70\r
71 @param[in] Tls Pointer to the TLS object to be freed.\r
72\r
73**/\r
74VOID\r
75EFIAPI\r
76TlsFree (\r
77 IN VOID *Tls\r
78 );\r
79\r
80/**\r
81 Create a new TLS object for a connection.\r
82\r
83 This function creates a new TLS object for a connection. The new object\r
84 inherits the setting of the underlying context TlsCtx: connection method,\r
85 options, verification setting.\r
86\r
87 @param[in] TlsCtx Pointer to the SSL_CTX object.\r
88\r
89 @return Pointer to an allocated SSL object.\r
90 If the creation failed, TlsNew() returns NULL.\r
91\r
92**/\r
93VOID *\r
94EFIAPI\r
95TlsNew (\r
96 IN VOID *TlsCtx\r
97 );\r
98\r
99/**\r
100 Checks if the TLS handshake was done.\r
101\r
102 This function will check if the specified TLS handshake was done.\r
103\r
104 @param[in] Tls Pointer to the TLS object for handshake state checking.\r
105\r
106 @retval TRUE The TLS handshake was done.\r
107 @retval FALSE The TLS handshake was not done.\r
108\r
109**/\r
110BOOLEAN\r
111EFIAPI\r
112TlsInHandshake (\r
113 IN VOID *Tls\r
114 );\r
115\r
116/**\r
117 Perform a TLS/SSL handshake.\r
118\r
119 This function will perform a TLS/SSL handshake.\r
120\r
121 @param[in] Tls Pointer to the TLS object for handshake operation.\r
122 @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.\r
123 @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
124 Handshake packet.\r
125 @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
126 @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
127 the buffer size provided by the caller. On output, it\r
128 is the buffer size in fact needed to contain the\r
129 packet.\r
130\r
131 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
132 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
133 Tls is NULL.\r
134 BufferIn is NULL but BufferInSize is NOT 0.\r
135 BufferInSize is 0 but BufferIn is NOT NULL.\r
136 BufferOutSize is NULL.\r
137 BufferOut is NULL if *BufferOutSize is not zero.\r
138 @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
139 @retval EFI_ABORTED Something wrong during handshake.\r
140\r
141**/\r
142EFI_STATUS\r
143EFIAPI\r
144TlsDoHandshake (\r
145 IN VOID *Tls,\r
146 IN UINT8 *BufferIn, OPTIONAL\r
147 IN UINTN BufferInSize, OPTIONAL\r
148 OUT UINT8 *BufferOut, OPTIONAL\r
149 IN OUT UINTN *BufferOutSize\r
150 );\r
151\r
152/**\r
153 Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,\r
154 TLS session has errors and the response packet needs to be Alert message based on error type.\r
155\r
156 @param[in] Tls Pointer to the TLS object for state checking.\r
157 @param[in] BufferIn Pointer to the most recently received TLS Alert packet.\r
158 @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
159 Alert packet.\r
160 @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
161 @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
162 the buffer size provided by the caller. On output, it\r
163 is the buffer size in fact needed to contain the\r
164 packet.\r
165\r
166 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
167 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
168 Tls is NULL.\r
169 BufferIn is NULL but BufferInSize is NOT 0.\r
170 BufferInSize is 0 but BufferIn is NOT NULL.\r
171 BufferOutSize is NULL.\r
172 BufferOut is NULL if *BufferOutSize is not zero.\r
173 @retval EFI_ABORTED An error occurred.\r
174 @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
175\r
176**/\r
177EFI_STATUS\r
178EFIAPI\r
179TlsHandleAlert (\r
180 IN VOID *Tls,\r
181 IN UINT8 *BufferIn, OPTIONAL\r
182 IN UINTN BufferInSize, OPTIONAL\r
183 OUT UINT8 *BufferOut, OPTIONAL\r
184 IN OUT UINTN *BufferOutSize\r
185 );\r
186\r
187/**\r
188 Build the CloseNotify packet.\r
189\r
190 @param[in] Tls Pointer to the TLS object for state checking.\r
191 @param[in, out] Buffer Pointer to the buffer to hold the built packet.\r
192 @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
193 the buffer size provided by the caller. On output, it\r
194 is the buffer size in fact needed to contain the\r
195 packet.\r
196\r
197 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
198 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
199 Tls is NULL.\r
200 BufferSize is NULL.\r
201 Buffer is NULL if *BufferSize is not zero.\r
202 @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
203\r
204**/\r
205EFI_STATUS\r
206EFIAPI\r
207TlsCloseNotify (\r
208 IN VOID *Tls,\r
209 IN OUT UINT8 *Buffer,\r
210 IN OUT UINTN *BufferSize\r
211 );\r
212\r
213/**\r
214 Attempts to read bytes from one TLS object and places the data in Buffer.\r
215\r
216 This function will attempt to read BufferSize bytes from the TLS object\r
217 and places the data in Buffer.\r
218\r
219 @param[in] Tls Pointer to the TLS object.\r
220 @param[in,out] Buffer Pointer to the buffer to store the data.\r
221 @param[in] BufferSize The size of Buffer in bytes.\r
222\r
223 @retval >0 The amount of data successfully read from the TLS object.\r
224 @retval <=0 No data was successfully read.\r
225\r
226**/\r
227INTN\r
228EFIAPI\r
229TlsCtrlTrafficOut (\r
230 IN VOID *Tls,\r
231 IN OUT VOID *Buffer,\r
232 IN UINTN BufferSize\r
233 );\r
234\r
235/**\r
236 Attempts to write data from the buffer to TLS object.\r
237\r
238 This function will attempt to write BufferSize bytes data from the Buffer\r
239 to the TLS object.\r
240\r
241 @param[in] Tls Pointer to the TLS object.\r
242 @param[in] Buffer Pointer to the data buffer.\r
243 @param[in] BufferSize The size of Buffer in bytes.\r
244\r
245 @retval >0 The amount of data successfully written to the TLS object.\r
246 @retval <=0 No data was successfully written.\r
247\r
248**/\r
249INTN\r
250EFIAPI\r
251TlsCtrlTrafficIn (\r
252 IN VOID *Tls,\r
253 IN VOID *Buffer,\r
254 IN UINTN BufferSize\r
255 );\r
256\r
257/**\r
258 Attempts to read bytes from the specified TLS connection into the buffer.\r
259\r
260 This function tries to read BufferSize bytes data from the specified TLS\r
261 connection into the Buffer.\r
262\r
263 @param[in] Tls Pointer to the TLS connection for data reading.\r
264 @param[in,out] Buffer Pointer to the data buffer.\r
265 @param[in] BufferSize The size of Buffer in bytes.\r
266\r
267 @retval >0 The read operation was successful, and return value is the\r
268 number of bytes actually read from the TLS connection.\r
269 @retval <=0 The read operation was not successful.\r
270\r
271**/\r
272INTN\r
273EFIAPI\r
274TlsRead (\r
275 IN VOID *Tls,\r
276 IN OUT VOID *Buffer,\r
277 IN UINTN BufferSize\r
278 );\r
279\r
280/**\r
281 Attempts to write data to a TLS connection.\r
282\r
283 This function tries to write BufferSize bytes data from the Buffer into the\r
284 specified TLS connection.\r
285\r
286 @param[in] Tls Pointer to the TLS connection for data writing.\r
287 @param[in] Buffer Pointer to the data buffer.\r
288 @param[in] BufferSize The size of Buffer in bytes.\r
289\r
290 @retval >0 The write operation was successful, and return value is the\r
291 number of bytes actually written to the TLS connection.\r
292 @retval <=0 The write operation was not successful.\r
293\r
294**/\r
295INTN\r
296EFIAPI\r
297TlsWrite (\r
298 IN VOID *Tls,\r
299 IN VOID *Buffer,\r
300 IN UINTN BufferSize\r
301 );\r
302\r
303/**\r
304 Set a new TLS/SSL method for a particular TLS object.\r
305\r
306 This function sets a new TLS/SSL method for a particular TLS object.\r
307\r
308 @param[in] Tls Pointer to a TLS object.\r
309 @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
310 @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
311\r
312 @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r
313 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
314 @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r
315\r
316**/\r
317EFI_STATUS\r
318EFIAPI\r
319TlsSetVersion (\r
320 IN VOID *Tls,\r
321 IN UINT8 MajorVer,\r
322 IN UINT8 MinorVer\r
323 );\r
324\r
325/**\r
326 Set TLS object to work in client or server mode.\r
327\r
328 This function prepares a TLS object to work in client or server mode.\r
329\r
330 @param[in] Tls Pointer to a TLS object.\r
331 @param[in] IsServer Work in server mode.\r
332\r
333 @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r
334 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
335 @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r
336\r
337**/\r
338EFI_STATUS\r
339EFIAPI\r
340TlsSetConnectionEnd (\r
341 IN VOID *Tls,\r
342 IN BOOLEAN IsServer\r
343 );\r
344\r
345/**\r
346 Set the ciphers list to be used by the TLS object.\r
347\r
348 This function sets the ciphers for use by a specified TLS object.\r
349\r
350 @param[in] Tls Pointer to a TLS object.\r
2167c7f7
LE
351 @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16\r
352 cipher identifier comes from the TLS Cipher Suite\r
353 Registry of the IANA, interpreting Byte1 and Byte2\r
354 in network (big endian) byte order.\r
264702a0
HW
355 @param[in] CipherNum The number of cipher in the list.\r
356\r
357 @retval EFI_SUCCESS The ciphers list was set successfully.\r
358 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
2167c7f7
LE
359 @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.\r
360 @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r
264702a0
HW
361\r
362**/\r
363EFI_STATUS\r
364EFIAPI\r
365TlsSetCipherList (\r
366 IN VOID *Tls,\r
367 IN UINT16 *CipherId,\r
368 IN UINTN CipherNum\r
369 );\r
370\r
371/**\r
372 Set the compression method for TLS/SSL operations.\r
373\r
374 This function handles TLS/SSL integrated compression methods.\r
375\r
376 @param[in] CompMethod The compression method ID.\r
377\r
378 @retval EFI_SUCCESS The compression method for the communication was\r
379 set successfully.\r
380 @retval EFI_UNSUPPORTED Unsupported compression method.\r
381\r
382**/\r
383EFI_STATUS\r
384EFIAPI\r
385TlsSetCompressionMethod (\r
386 IN UINT8 CompMethod\r
387 );\r
388\r
389/**\r
390 Set peer certificate verification mode for the TLS connection.\r
391\r
392 This function sets the verification mode flags for the TLS connection.\r
393\r
394 @param[in] Tls Pointer to the TLS object.\r
395 @param[in] VerifyMode A set of logically or'ed verification mode flags.\r
396\r
397**/\r
398VOID\r
399EFIAPI\r
400TlsSetVerify (\r
401 IN VOID *Tls,\r
402 IN UINT32 VerifyMode\r
403 );\r
404\r
405/**\r
406 Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
407\r
408 This function sets a session ID to be used when the TLS/SSL connection is\r
409 to be established.\r
410\r
411 @param[in] Tls Pointer to the TLS object.\r
412 @param[in] SessionId Session ID data used for session resumption.\r
413 @param[in] SessionIdLen Length of Session ID in bytes.\r
414\r
415 @retval EFI_SUCCESS Session ID was set successfully.\r
416 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
417 @retval EFI_UNSUPPORTED No available session for ID setting.\r
418\r
419**/\r
420EFI_STATUS\r
421EFIAPI\r
422TlsSetSessionId (\r
423 IN VOID *Tls,\r
424 IN UINT8 *SessionId,\r
425 IN UINT16 SessionIdLen\r
426 );\r
427\r
428/**\r
429 Adds the CA to the cert store when requesting Server or Client authentication.\r
430\r
431 This function adds the CA certificate to the list of CAs when requesting\r
432 Server or Client authentication for the chosen TLS connection.\r
433\r
434 @param[in] Tls Pointer to the TLS object.\r
435 @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
436 X.509 certificate or PEM-encoded X.509 certificate.\r
437 @param[in] DataSize The size of data buffer in bytes.\r
438\r
439 @retval EFI_SUCCESS The operation succeeded.\r
440 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
441 @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
442 @retval EFI_ABORTED Invalid X.509 certificate.\r
443\r
444**/\r
445EFI_STATUS\r
446EFIAPI\r
447TlsSetCaCertificate (\r
448 IN VOID *Tls,\r
449 IN VOID *Data,\r
450 IN UINTN DataSize\r
451 );\r
452\r
453/**\r
454 Loads the local public certificate into the specified TLS object.\r
455\r
456 This function loads the X.509 certificate into the specified TLS object\r
457 for TLS negotiation.\r
458\r
459 @param[in] Tls Pointer to the TLS object.\r
460 @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
461 X.509 certificate or PEM-encoded X.509 certificate.\r
462 @param[in] DataSize The size of data buffer in bytes.\r
463\r
464 @retval EFI_SUCCESS The operation succeeded.\r
465 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
466 @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
467 @retval EFI_ABORTED Invalid X.509 certificate.\r
468\r
469**/\r
470EFI_STATUS\r
471EFIAPI\r
472TlsSetHostPublicCert (\r
473 IN VOID *Tls,\r
474 IN VOID *Data,\r
475 IN UINTN DataSize\r
476 );\r
477\r
478/**\r
479 Adds the local private key to the specified TLS object.\r
480\r
481 This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r
482 key) into the specified TLS object for TLS negotiation.\r
483\r
484 @param[in] Tls Pointer to the TLS object.\r
485 @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r
486 or PKCS#8 private key.\r
487 @param[in] DataSize The size of data buffer in bytes.\r
488\r
489 @retval EFI_SUCCESS The operation succeeded.\r
490 @retval EFI_UNSUPPORTED This function is not supported.\r
491 @retval EFI_ABORTED Invalid private key data.\r
492\r
493**/\r
494EFI_STATUS\r
495EFIAPI\r
496TlsSetHostPrivateKey (\r
497 IN VOID *Tls,\r
498 IN VOID *Data,\r
499 IN UINTN DataSize\r
500 );\r
501\r
502/**\r
503 Adds the CA-supplied certificate revocation list for certificate validation.\r
504\r
505 This function adds the CA-supplied certificate revocation list data for\r
506 certificate validity checking.\r
507\r
508 @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r
509 @param[in] DataSize The size of data buffer in bytes.\r
510\r
511 @retval EFI_SUCCESS The operation succeeded.\r
512 @retval EFI_UNSUPPORTED This function is not supported.\r
513 @retval EFI_ABORTED Invalid CRL data.\r
514\r
515**/\r
516EFI_STATUS\r
517EFIAPI\r
518TlsSetCertRevocationList (\r
519 IN VOID *Data,\r
520 IN UINTN DataSize\r
521 );\r
522\r
523/**\r
524 Gets the protocol version used by the specified TLS connection.\r
525\r
526 This function returns the protocol version used by the specified TLS\r
527 connection.\r
528\r
9c14f76b
JW
529 If Tls is NULL, then ASSERT().\r
530\r
264702a0
HW
531 @param[in] Tls Pointer to the TLS object.\r
532\r
533 @return The protocol version of the specified TLS connection.\r
534\r
535**/\r
536UINT16\r
537EFIAPI\r
538TlsGetVersion (\r
539 IN VOID *Tls\r
540 );\r
541\r
542/**\r
543 Gets the connection end of the specified TLS connection.\r
544\r
545 This function returns the connection end (as client or as server) used by\r
546 the specified TLS connection.\r
547\r
9c14f76b
JW
548 If Tls is NULL, then ASSERT().\r
549\r
264702a0
HW
550 @param[in] Tls Pointer to the TLS object.\r
551\r
552 @return The connection end used by the specified TLS connection.\r
553\r
554**/\r
555UINT8\r
556EFIAPI\r
557TlsGetConnectionEnd (\r
558 IN VOID *Tls\r
559 );\r
560\r
561/**\r
562 Gets the cipher suite used by the specified TLS connection.\r
563\r
564 This function returns current cipher suite used by the specified\r
565 TLS connection.\r
566\r
567 @param[in] Tls Pointer to the TLS object.\r
568 @param[in,out] CipherId The cipher suite used by the TLS object.\r
569\r
570 @retval EFI_SUCCESS The cipher suite was returned successfully.\r
571 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
572 @retval EFI_UNSUPPORTED Unsupported cipher suite.\r
573\r
574**/\r
575EFI_STATUS\r
576EFIAPI\r
577TlsGetCurrentCipher (\r
578 IN VOID *Tls,\r
579 IN OUT UINT16 *CipherId\r
580 );\r
581\r
582/**\r
583 Gets the compression methods used by the specified TLS connection.\r
584\r
585 This function returns current integrated compression methods used by\r
586 the specified TLS connection.\r
587\r
588 @param[in] Tls Pointer to the TLS object.\r
589 @param[in,out] CompressionId The current compression method used by\r
590 the TLS object.\r
591\r
592 @retval EFI_SUCCESS The compression method was returned successfully.\r
593 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
594 @retval EFI_ABORTED Invalid Compression method.\r
595 @retval EFI_UNSUPPORTED This function is not supported.\r
596\r
597**/\r
598EFI_STATUS\r
599EFIAPI\r
600TlsGetCurrentCompressionId (\r
601 IN VOID *Tls,\r
602 IN OUT UINT8 *CompressionId\r
603 );\r
604\r
605/**\r
606 Gets the verification mode currently set in the TLS connection.\r
607\r
608 This function returns the peer verification mode currently set in the\r
609 specified TLS connection.\r
610\r
9c14f76b
JW
611 If Tls is NULL, then ASSERT().\r
612\r
264702a0
HW
613 @param[in] Tls Pointer to the TLS object.\r
614\r
615 @return The verification mode set in the specified TLS connection.\r
616\r
617**/\r
618UINT32\r
619EFIAPI\r
620TlsGetVerify (\r
621 IN VOID *Tls\r
622 );\r
623\r
624/**\r
625 Gets the session ID used by the specified TLS connection.\r
626\r
627 This function returns the TLS/SSL session ID currently used by the\r
628 specified TLS connection.\r
629\r
630 @param[in] Tls Pointer to the TLS object.\r
631 @param[in,out] SessionId Buffer to contain the returned session ID.\r
632 @param[in,out] SessionIdLen The length of Session ID in bytes.\r
633\r
634 @retval EFI_SUCCESS The Session ID was returned successfully.\r
635 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
636 @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
637\r
638**/\r
639EFI_STATUS\r
640EFIAPI\r
641TlsGetSessionId (\r
642 IN VOID *Tls,\r
643 IN OUT UINT8 *SessionId,\r
644 IN OUT UINT16 *SessionIdLen\r
645 );\r
646\r
647/**\r
648 Gets the client random data used in the specified TLS connection.\r
649\r
650 This function returns the TLS/SSL client random data currently used in\r
651 the specified TLS connection.\r
652\r
653 @param[in] Tls Pointer to the TLS object.\r
654 @param[in,out] ClientRandom Buffer to contain the returned client\r
655 random data (32 bytes).\r
656\r
657**/\r
658VOID\r
659EFIAPI\r
660TlsGetClientRandom (\r
661 IN VOID *Tls,\r
662 IN OUT UINT8 *ClientRandom\r
663 );\r
664\r
665/**\r
666 Gets the server random data used in the specified TLS connection.\r
667\r
668 This function returns the TLS/SSL server random data currently used in\r
669 the specified TLS connection.\r
670\r
671 @param[in] Tls Pointer to the TLS object.\r
672 @param[in,out] ServerRandom Buffer to contain the returned server\r
673 random data (32 bytes).\r
674\r
675**/\r
676VOID\r
677EFIAPI\r
678TlsGetServerRandom (\r
679 IN VOID *Tls,\r
680 IN OUT UINT8 *ServerRandom\r
681 );\r
682\r
683/**\r
684 Gets the master key data used in the specified TLS connection.\r
685\r
686 This function returns the TLS/SSL master key material currently used in\r
687 the specified TLS connection.\r
688\r
689 @param[in] Tls Pointer to the TLS object.\r
690 @param[in,out] KeyMaterial Buffer to contain the returned key material.\r
691\r
692 @retval EFI_SUCCESS Key material was returned successfully.\r
693 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
694 @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
695\r
696**/\r
697EFI_STATUS\r
698EFIAPI\r
699TlsGetKeyMaterial (\r
700 IN VOID *Tls,\r
701 IN OUT UINT8 *KeyMaterial\r
702 );\r
703\r
704/**\r
705 Gets the CA Certificate from the cert store.\r
706\r
707 This function returns the CA certificate for the chosen\r
708 TLS connection.\r
709\r
710 @param[in] Tls Pointer to the TLS object.\r
711 @param[out] Data Pointer to the data buffer to receive the CA\r
712 certificate data sent to the client.\r
713 @param[in,out] DataSize The size of data buffer in bytes.\r
714\r
715 @retval EFI_SUCCESS The operation succeeded.\r
716 @retval EFI_UNSUPPORTED This function is not supported.\r
717 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
718\r
719**/\r
720EFI_STATUS\r
721EFIAPI\r
722TlsGetCaCertificate (\r
723 IN VOID *Tls,\r
724 OUT VOID *Data,\r
725 IN OUT UINTN *DataSize\r
726 );\r
727\r
728/**\r
729 Gets the local public Certificate set in the specified TLS object.\r
730\r
731 This function returns the local public certificate which was currently set\r
732 in the specified TLS object.\r
733\r
734 @param[in] Tls Pointer to the TLS object.\r
735 @param[out] Data Pointer to the data buffer to receive the local\r
736 public certificate.\r
737 @param[in,out] DataSize The size of data buffer in bytes.\r
738\r
739 @retval EFI_SUCCESS The operation succeeded.\r
740 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
741 @retval EFI_NOT_FOUND The certificate is not found.\r
742 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
743\r
744**/\r
745EFI_STATUS\r
746EFIAPI\r
747TlsGetHostPublicCert (\r
748 IN VOID *Tls,\r
749 OUT VOID *Data,\r
750 IN OUT UINTN *DataSize\r
751 );\r
752\r
753/**\r
754 Gets the local private key set in the specified TLS object.\r
755\r
756 This function returns the local private key data which was currently set\r
757 in the specified TLS object.\r
758\r
759 @param[in] Tls Pointer to the TLS object.\r
760 @param[out] Data Pointer to the data buffer to receive the local\r
761 private key data.\r
762 @param[in,out] DataSize The size of data buffer in bytes.\r
763\r
764 @retval EFI_SUCCESS The operation succeeded.\r
765 @retval EFI_UNSUPPORTED This function is not supported.\r
766 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
767\r
768**/\r
769EFI_STATUS\r
770EFIAPI\r
771TlsGetHostPrivateKey (\r
772 IN VOID *Tls,\r
773 OUT VOID *Data,\r
774 IN OUT UINTN *DataSize\r
775 );\r
776\r
777/**\r
778 Gets the CA-supplied certificate revocation list data set in the specified\r
779 TLS object.\r
780\r
781 This function returns the CA-supplied certificate revocation list data which\r
782 was currently set in the specified TLS object.\r
783\r
784 @param[out] Data Pointer to the data buffer to receive the CRL data.\r
785 @param[in,out] DataSize The size of data buffer in bytes.\r
786\r
787 @retval EFI_SUCCESS The operation succeeded.\r
788 @retval EFI_UNSUPPORTED This function is not supported.\r
789 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
790\r
791**/\r
792EFI_STATUS\r
793EFIAPI\r
794TlsGetCertRevocationList (\r
795 OUT VOID *Data,\r
796 IN OUT UINTN *DataSize\r
797 );\r
798\r
799#endif // __TLS_LIB_H__\r
800\r