projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| 264702a0 HW |
1 | /** @file\r |
| 2 | SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.\r | |
| 3 | \r | |
| 4 | Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r | |
| 5 | (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r | |
| 6 | This program and the accompanying materials\r | |
| 7 | are licensed and made available under the terms and conditions of the BSD License\r | |
| 8 | which accompanies this distribution. The full text of the license may be found at\r | |
| 9 | http://opensource.org/licenses/bsd-license.php\r | |
| 10 | \r | |
| 11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
| 12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
| 13 | \r | |
| 14 | **/\r | |
| 15 | \r | |
| 16 | #include "InternalTlsLib.h"\r | |
| 17 | \r | |
| 18 | typedef struct {\r | |
| 19 | //\r | |
| 20 | // IANA/IETF defined Cipher Suite ID\r | |
| 21 | //\r | |
| 22 | UINT16 IanaCipher;\r | |
| 23 | //\r | |
| 24 | // OpenSSL-used Cipher Suite String\r | |
| 25 | //\r | |
| 26 | CONST CHAR8 *OpensslCipher;\r | |
| 27 | } TLS_CIPHER_PAIR;\r | |
| 28 | \r | |
| 29 | //\r | |
| 30 | // The mapping table between IANA/IETF Cipher Suite definitions and\r | |
| 31 | // OpenSSL-used Cipher Suite name.\r | |
| 32 | //\r | |
| 33 | STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {\r | |
| 34 | { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5\r | |
| 35 | { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA\r | |
| 36 | { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5\r | |
| 37 | { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA\r | |
| 38 | { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1\r | |
| 39 | { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\r | |
| 40 | { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2\r | |
| 41 | { 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA\r | |
| 42 | { 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA\r | |
| 43 | { 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA\r | |
| 44 | { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA\r | |
| 45 | { 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA\r | |
| 46 | { 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA\r | |
| 47 | { 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA\r | |
| 48 | { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256\r | |
| 49 | { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256\r | |
| 50 | { 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256\r | |
| 51 | { 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256\r | |
| 52 | { 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256\r | |
| 53 | { 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\r | |
| 54 | { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256\r | |
| 55 | { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256\r | |
| 56 | { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\r | |
| 57 | };\r | |
| 58 | \r | |
| 59 | /**\r | |
| 60 | Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.\r | |
| 61 | \r | |
| 62 | @param[in] CipherId The supplied IANA TLS cipher suite ID.\r | |
| 63 | \r | |
| 64 | @return The corresponding OpenSSL cipher suite string if found,\r | |
| 65 | NULL otherwise.\r | |
| 66 | \r | |
| 67 | **/\r | |
| 68 | STATIC\r | |
| 69 | CONST CHAR8 *\r | |
| 70 | TlsGetCipherString (\r | |
| 71 | IN UINT16 CipherId\r | |
| 72 | )\r | |
| 73 | {\r | |
| 74 | CONST TLS_CIPHER_PAIR *CipherEntry;\r | |
| 75 | UINTN TableSize;\r | |
| 76 | UINTN Index;\r | |
| 77 | \r | |
| 78 | CipherEntry = TlsCipherMappingTable;\r | |
| 79 | TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);\r | |
| 80 | \r | |
| 81 | //\r | |
| 82 | // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation\r | |
| 83 | //\r | |
| 84 | for (Index = 0; Index < TableSize; Index++, CipherEntry++) {\r | |
| 85 | //\r | |
| 86 | // Translate IANA cipher suite name to OpenSSL name.\r | |
| 87 | //\r | |
| 88 | if (CipherEntry->IanaCipher == CipherId) {\r | |
| 89 | return CipherEntry->OpensslCipher;\r | |
| 90 | }\r | |
| 91 | }\r | |
| 92 | \r | |
| 93 | //\r | |
| 94 | // No Cipher Mapping found, return NULL.\r | |
| 95 | //\r | |
| 96 | return NULL;\r | |
| 97 | }\r | |
| 98 | \r | |
| 99 | /**\r | |
| 100 | Set a new TLS/SSL method for a particular TLS object.\r | |
| 101 | \r | |
| 102 | This function sets a new TLS/SSL method for a particular TLS object.\r | |
| 103 | \r | |
| 104 | @param[in] Tls Pointer to a TLS object.\r | |
| 105 | @param[in] MajorVer Major Version of TLS/SSL Protocol.\r | |
| 106 | @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r | |
| 107 | \r | |
| 108 | @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r | |
| 109 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 110 | @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r | |
| 111 | \r | |
| 112 | **/\r | |
| 113 | EFI_STATUS\r | |
| 114 | EFIAPI\r | |
| 115 | TlsSetVersion (\r | |
| 116 | IN VOID *Tls,\r | |
| 117 | IN UINT8 MajorVer,\r | |
| 118 | IN UINT8 MinorVer\r | |
| 119 | )\r | |
| 120 | {\r | |
| 121 | TLS_CONNECTION *TlsConn;\r | |
| 122 | UINT16 ProtoVersion;\r | |
| 123 | \r | |
| 124 | TlsConn = (TLS_CONNECTION *)Tls;\r | |
| 125 | if (TlsConn == NULL || TlsConn->Ssl == NULL) {\r | |
| 126 | return EFI_INVALID_PARAMETER;\r | |
| 127 | }\r | |
| 128 | \r | |
| 129 | ProtoVersion = (MajorVer << 8) | MinorVer;\r | |
| 130 | \r | |
| 131 | //\r | |
| 132 | // Bound TLS method to the particular specified version.\r | |
| 133 | //\r | |
| 134 | switch (ProtoVersion) {\r | |
| 135 | case TLS1_VERSION:\r | |
| 136 | //\r | |
| 137 | // TLS 1.0\r | |
| 138 | //\r | |
| 139 | SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);\r | |
| 140 | SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);\r | |
| 141 | break;\r | |
| 142 | case TLS1_1_VERSION:\r | |
| 143 | //\r | |
| 144 | // TLS 1.1\r | |
| 145 | //\r | |
| 146 | SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);\r | |
| 147 | SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);\r | |
| 148 | break;\r | |
| 149 | case TLS1_2_VERSION:\r | |
| 150 | //\r | |
| 151 | // TLS 1.2\r | |
| 152 | //\r | |
| 153 | SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);\r | |
| 154 | SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);\r | |
| 155 | break;\r | |
| 156 | default:\r | |
| 157 | //\r | |
| 158 | // Unsupported Protocol Version\r | |
| 159 | //\r | |
| 160 | return EFI_UNSUPPORTED;\r | |
| 161 | }\r | |
| 162 | \r | |
| 163 | return EFI_SUCCESS;;\r | |
| 164 | }\r | |
| 165 | \r | |
| 166 | /**\r | |
| 167 | Set TLS object to work in client or server mode.\r | |
| 168 | \r | |
| 169 | This function prepares a TLS object to work in client or server mode.\r | |
| 170 | \r | |
| 171 | @param[in] Tls Pointer to a TLS object.\r | |
| 172 | @param[in] IsServer Work in server mode.\r | |
| 173 | \r | |
| 174 | @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r | |
| 175 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 176 | @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r | |
| 177 | \r | |
| 178 | **/\r | |
| 179 | EFI_STATUS\r | |
| 180 | EFIAPI\r | |
| 181 | TlsSetConnectionEnd (\r | |
| 182 | IN VOID *Tls,\r | |
| 183 | IN BOOLEAN IsServer\r | |
| 184 | )\r | |
| 185 | {\r | |
| 186 | TLS_CONNECTION *TlsConn;\r | |
| 187 | \r | |
| 188 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 189 | if (TlsConn == NULL || TlsConn->Ssl == NULL) {\r | |
| 190 | return EFI_INVALID_PARAMETER;\r | |
| 191 | }\r | |
| 192 | \r | |
| 193 | if (!IsServer) {\r | |
| 194 | //\r | |
| 195 | // Set TLS to work in Client mode.\r | |
| 196 | //\r | |
| 197 | SSL_set_connect_state (TlsConn->Ssl);\r | |
| 198 | } else {\r | |
| 199 | //\r | |
| 200 | // Set TLS to work in Server mode.\r | |
| 201 | // It is unsupported for UEFI version currently.\r | |
| 202 | //\r | |
| 203 | //SSL_set_accept_state (TlsConn->Ssl);\r | |
| 204 | return EFI_UNSUPPORTED;\r | |
| 205 | }\r | |
| 206 | \r | |
| 207 | return EFI_SUCCESS;\r | |
| 208 | }\r | |
| 209 | \r | |
| 210 | /**\r | |
| 211 | Set the ciphers list to be used by the TLS object.\r | |
| 212 | \r | |
| 213 | This function sets the ciphers for use by a specified TLS object.\r | |
| 214 | \r | |
| 215 | @param[in] Tls Pointer to a TLS object.\r | |
| 216 | @param[in] CipherId Pointer to a UINT16 cipher Id.\r | |
| 217 | @param[in] CipherNum The number of cipher in the list.\r | |
| 218 | \r | |
| 219 | @retval EFI_SUCCESS The ciphers list was set successfully.\r | |
| 220 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 221 | @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.\r | |
| 222 | \r | |
| 223 | **/\r | |
| 224 | EFI_STATUS\r | |
| 225 | EFIAPI\r | |
| 226 | TlsSetCipherList (\r | |
| 227 | IN VOID *Tls,\r | |
| 228 | IN UINT16 *CipherId,\r | |
| 229 | IN UINTN CipherNum\r | |
| 230 | )\r | |
| 231 | {\r | |
| 232 | TLS_CONNECTION *TlsConn;\r | |
| 233 | UINTN Index;\r | |
| 234 | CONST CHAR8 *MappingName;\r | |
| 235 | CHAR8 CipherString[500];\r | |
| 236 | \r | |
| 237 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 238 | if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {\r | |
| 239 | return EFI_INVALID_PARAMETER;\r | |
| 240 | }\r | |
| 241 | \r | |
| 242 | MappingName = NULL;\r | |
| 243 | \r | |
| 244 | memset (CipherString, 0, sizeof (CipherString));\r | |
| 245 | \r | |
| 246 | for (Index = 0; Index < CipherNum; Index++) {\r | |
| 247 | //\r | |
| 248 | // Handling OpenSSL / RFC Cipher name mapping.\r | |
| 249 | //\r | |
| 250 | MappingName = TlsGetCipherString (*(CipherId + Index));\r | |
| 251 | if (MappingName == NULL) {\r | |
| 252 | return EFI_UNSUPPORTED;\r | |
| 253 | }\r | |
| 254 | \r | |
| 255 | if (Index != 0) {\r | |
| 256 | //\r | |
| 257 | // The ciphers were separated by a colon.\r | |
| 258 | //\r | |
| 259 | AsciiStrCatS (CipherString, sizeof (CipherString), ":");\r | |
| 260 | }\r | |
| 261 | \r | |
| 262 | AsciiStrCatS (CipherString, sizeof (CipherString), MappingName);\r | |
| 263 | }\r | |
| 264 | \r | |
| 265 | AsciiStrCatS (CipherString, sizeof (CipherString), ":@STRENGTH");\r | |
| 266 | \r | |
| 267 | //\r | |
| 268 | // Sets the ciphers for use by the Tls object.\r | |
| 269 | //\r | |
| 270 | if (SSL_set_cipher_list (TlsConn->Ssl, CipherString) <= 0) {\r | |
| 271 | return EFI_UNSUPPORTED;\r | |
| 272 | }\r | |
| 273 | \r | |
| 274 | return EFI_SUCCESS;\r | |
| 275 | }\r | |
| 276 | \r | |
| 277 | /**\r | |
| 278 | Set the compression method for TLS/SSL operations.\r | |
| 279 | \r | |
| 280 | This function handles TLS/SSL integrated compression methods.\r | |
| 281 | \r | |
| 282 | @param[in] CompMethod The compression method ID.\r | |
| 283 | \r | |
| 284 | @retval EFI_SUCCESS The compression method for the communication was\r | |
| 285 | set successfully.\r | |
| 286 | @retval EFI_UNSUPPORTED Unsupported compression method.\r | |
| 287 | \r | |
| 288 | **/\r | |
| 289 | EFI_STATUS\r | |
| 290 | EFIAPI\r | |
| 291 | TlsSetCompressionMethod (\r | |
| 292 | IN UINT8 CompMethod\r | |
| 293 | )\r | |
| 294 | {\r | |
| 295 | COMP_METHOD *Cm;\r | |
| 296 | INTN Ret;\r | |
| 297 | \r | |
| 298 | Cm = NULL;\r | |
| 299 | Ret = 0;\r | |
| 300 | \r | |
| 301 | if (CompMethod == 0) {\r | |
| 302 | //\r | |
| 303 | // TLS defines one standard compression method, CompressionMethod.null (0),\r | |
| 304 | // which specifies that data exchanged via the record protocol will not be compressed.\r | |
| 305 | // So, return EFI_SUCCESS directly (RFC 3749).\r | |
| 306 | //\r | |
| 307 | return EFI_SUCCESS;\r | |
| 308 | } else if (CompMethod == 1) {\r | |
| 309 | Cm = COMP_zlib();\r | |
| 310 | } else {\r | |
| 311 | return EFI_UNSUPPORTED;\r | |
| 312 | }\r | |
| 313 | \r | |
| 314 | //\r | |
| 315 | // Adds the compression method to the list of available\r | |
| 316 | // compression methods.\r | |
| 317 | //\r | |
| 318 | Ret = SSL_COMP_add_compression_method (CompMethod, Cm);\r | |
| 319 | if (Ret != 0) {\r | |
| 320 | return EFI_UNSUPPORTED;\r | |
| 321 | }\r | |
| 322 | \r | |
| 323 | return EFI_SUCCESS;\r | |
| 324 | }\r | |
| 325 | \r | |
| 326 | /**\r | |
| 327 | Set peer certificate verification mode for the TLS connection.\r | |
| 328 | \r | |
| 329 | This function sets the verification mode flags for the TLS connection.\r | |
| 330 | \r | |
| 331 | @param[in] Tls Pointer to the TLS object.\r | |
| 332 | @param[in] VerifyMode A set of logically or'ed verification mode flags.\r | |
| 333 | \r | |
| 334 | **/\r | |
| 335 | VOID\r | |
| 336 | EFIAPI\r | |
| 337 | TlsSetVerify (\r | |
| 338 | IN VOID *Tls,\r | |
| 339 | IN UINT32 VerifyMode\r | |
| 340 | )\r | |
| 341 | {\r | |
| 342 | TLS_CONNECTION *TlsConn;\r | |
| 343 | \r | |
| 344 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 345 | if (TlsConn == NULL || TlsConn->Ssl == NULL) {\r | |
| 346 | return;\r | |
| 347 | }\r | |
| 348 | \r | |
| 349 | //\r | |
| 350 | // Set peer certificate verification parameters with NULL callback.\r | |
| 351 | //\r | |
| 352 | SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);\r | |
| 353 | }\r | |
| 354 | \r | |
| 355 | /**\r | |
| 356 | Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r | |
| 357 | \r | |
| 358 | This function sets a session ID to be used when the TLS/SSL connection is\r | |
| 359 | to be established.\r | |
| 360 | \r | |
| 361 | @param[in] Tls Pointer to the TLS object.\r | |
| 362 | @param[in] SessionId Session ID data used for session resumption.\r | |
| 363 | @param[in] SessionIdLen Length of Session ID in bytes.\r | |
| 364 | \r | |
| 365 | @retval EFI_SUCCESS Session ID was set successfully.\r | |
| 366 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 367 | @retval EFI_UNSUPPORTED No available session for ID setting.\r | |
| 368 | \r | |
| 369 | **/\r | |
| 370 | EFI_STATUS\r | |
| 371 | EFIAPI\r | |
| 372 | TlsSetSessionId (\r | |
| 373 | IN VOID *Tls,\r | |
| 374 | IN UINT8 *SessionId,\r | |
| 375 | IN UINT16 SessionIdLen\r | |
| 376 | )\r | |
| 377 | {\r | |
| 378 | TLS_CONNECTION *TlsConn;\r | |
| 379 | SSL_SESSION *Session;\r | |
| 380 | \r | |
| 381 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 382 | Session = NULL;\r | |
| 383 | \r | |
| 384 | if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {\r | |
| 385 | return EFI_INVALID_PARAMETER;\r | |
| 386 | }\r | |
| 387 | \r | |
| 388 | Session = SSL_get_session (TlsConn->Ssl);\r | |
| 389 | if (Session == NULL) {\r | |
| 390 | return EFI_UNSUPPORTED;\r | |
| 391 | }\r | |
| 392 | \r | |
| 393 | SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId, SessionIdLen);\r | |
| 394 | \r | |
| 395 | return EFI_SUCCESS;\r | |
| 396 | }\r | |
| 397 | \r | |
| 398 | /**\r | |
| 399 | Adds the CA to the cert store when requesting Server or Client authentication.\r | |
| 400 | \r | |
| 401 | This function adds the CA certificate to the list of CAs when requesting\r | |
| 402 | Server or Client authentication for the chosen TLS connection.\r | |
| 403 | \r | |
| 404 | @param[in] Tls Pointer to the TLS object.\r | |
| 405 | @param[in] Data Pointer to the data buffer of a DER-encoded binary\r | |
| 406 | X.509 certificate or PEM-encoded X.509 certificate.\r | |
| 407 | @param[in] DataSize The size of data buffer in bytes.\r | |
| 408 | \r | |
| 409 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 410 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 411 | @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r | |
| 412 | @retval EFI_ABORTED Invalid X.509 certificate.\r | |
| 413 | \r | |
| 414 | **/\r | |
| 415 | EFI_STATUS\r | |
| 416 | EFIAPI\r | |
| 417 | TlsSetCaCertificate (\r | |
| 418 | IN VOID *Tls,\r | |
| 419 | IN VOID *Data,\r | |
| 420 | IN UINTN DataSize\r | |
| 421 | )\r | |
| 422 | {\r | |
| 423 | BIO *BioCert;\r | |
| 424 | X509 *Cert;\r | |
| 425 | X509_STORE *X509Store;\r | |
| 426 | EFI_STATUS Status;\r | |
| 427 | TLS_CONNECTION *TlsConn;\r | |
| 428 | SSL_CTX *SslCtx;\r | |
| 429 | INTN Ret;\r | |
| 430 | UINTN ErrorCode;\r | |
| 431 | \r | |
| 432 | BioCert = NULL;\r | |
| 433 | Cert = NULL;\r | |
| 434 | X509Store = NULL;\r | |
| 435 | Status = EFI_SUCCESS;\r | |
| 436 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 437 | Ret = 0;\r | |
| 438 | \r | |
| 439 | if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {\r | |
| 440 | return EFI_INVALID_PARAMETER;\r | |
| 441 | }\r | |
| 442 | \r | |
| 443 | //\r | |
| 444 | // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.\r | |
| 445 | // Determine whether certificate is from DER encoding, if so, translate it to X509 structure.\r | |
| 446 | //\r | |
| 447 | Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);\r | |
| 448 | if (Cert == NULL) {\r | |
| 449 | //\r | |
| 450 | // Certificate is from PEM encoding.\r | |
| 451 | //\r | |
| 452 | BioCert = BIO_new (BIO_s_mem ());\r | |
| 453 | if (BioCert == NULL) {\r | |
| 454 | Status = EFI_OUT_OF_RESOURCES;\r | |
| 455 | goto ON_EXIT;\r | |
| 456 | }\r | |
| 457 | \r | |
| 458 | if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {\r | |
| 459 | Status = EFI_ABORTED;\r | |
| 460 | goto ON_EXIT;\r | |
| 461 | }\r | |
| 462 | \r | |
| 463 | Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);\r | |
| 464 | if (Cert == NULL) {\r | |
| 465 | Status = EFI_ABORTED;\r | |
| 466 | goto ON_EXIT;\r | |
| 467 | }\r | |
| 468 | }\r | |
| 469 | \r | |
| 470 | SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);\r | |
| 471 | X509Store = SSL_CTX_get_cert_store (SslCtx);\r | |
| 472 | if (X509Store == NULL) {\r | |
| 473 | Status = EFI_ABORTED;\r | |
| 474 | goto ON_EXIT;\r | |
| 475 | }\r | |
| 476 | \r | |
| 477 | //\r | |
| 478 | // Add certificate to X509 store\r | |
| 479 | //\r | |
| 480 | Ret = X509_STORE_add_cert (X509Store, Cert);\r | |
| 481 | if (Ret != 1) {\r | |
| 482 | ErrorCode = ERR_peek_last_error ();\r | |
| 483 | //\r | |
| 484 | // Ignore "already in table" errors\r | |
| 485 | //\r | |
| 486 | if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&\r | |
| 487 | ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {\r | |
| 488 | Status = EFI_ABORTED;\r | |
| 489 | goto ON_EXIT;\r | |
| 490 | }\r | |
| 491 | }\r | |
| 492 | \r | |
| 493 | ON_EXIT:\r | |
| 494 | if (BioCert != NULL) {\r | |
| 495 | BIO_free (BioCert);\r | |
| 496 | }\r | |
| 497 | \r | |
| 498 | if (Cert != NULL) {\r | |
| 499 | X509_free (Cert);\r | |
| 500 | }\r | |
| 501 | \r | |
| 502 | return Status;\r | |
| 503 | }\r | |
| 504 | \r | |
| 505 | /**\r | |
| 506 | Loads the local public certificate into the specified TLS object.\r | |
| 507 | \r | |
| 508 | This function loads the X.509 certificate into the specified TLS object\r | |
| 509 | for TLS negotiation.\r | |
| 510 | \r | |
| 511 | @param[in] Tls Pointer to the TLS object.\r | |
| 512 | @param[in] Data Pointer to the data buffer of a DER-encoded binary\r | |
| 513 | X.509 certificate or PEM-encoded X.509 certificate.\r | |
| 514 | @param[in] DataSize The size of data buffer in bytes.\r | |
| 515 | \r | |
| 516 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 517 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 518 | @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r | |
| 519 | @retval EFI_ABORTED Invalid X.509 certificate.\r | |
| 520 | \r | |
| 521 | **/\r | |
| 522 | EFI_STATUS\r | |
| 523 | EFIAPI\r | |
| 524 | TlsSetHostPublicCert (\r | |
| 525 | IN VOID *Tls,\r | |
| 526 | IN VOID *Data,\r | |
| 527 | IN UINTN DataSize\r | |
| 528 | )\r | |
| 529 | {\r | |
| 530 | BIO *BioCert;\r | |
| 531 | X509 *Cert;\r | |
| 532 | EFI_STATUS Status;\r | |
| 533 | TLS_CONNECTION *TlsConn;\r | |
| 534 | \r | |
| 535 | BioCert = NULL;\r | |
| 536 | Cert = NULL;\r | |
| 537 | Status = EFI_SUCCESS;\r | |
| 538 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 539 | \r | |
| 540 | if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {\r | |
| 541 | return EFI_INVALID_PARAMETER;\r | |
| 542 | }\r | |
| 543 | \r | |
| 544 | //\r | |
| 545 | // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.\r | |
| 546 | // Determine whether certificate is from DER encoding, if so, translate it to X509 structure.\r | |
| 547 | //\r | |
| 548 | Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);\r | |
| 549 | if (Cert == NULL) {\r | |
| 550 | //\r | |
| 551 | // Certificate is from PEM encoding.\r | |
| 552 | //\r | |
| 553 | BioCert = BIO_new (BIO_s_mem ());\r | |
| 554 | if (BioCert == NULL) {\r | |
| 555 | Status = EFI_OUT_OF_RESOURCES;\r | |
| 556 | goto ON_EXIT;\r | |
| 557 | }\r | |
| 558 | \r | |
| 559 | if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {\r | |
| 560 | Status = EFI_ABORTED;\r | |
| 561 | goto ON_EXIT;\r | |
| 562 | }\r | |
| 563 | \r | |
| 564 | Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);\r | |
| 565 | if (Cert == NULL) {\r | |
| 566 | Status = EFI_ABORTED;\r | |
| 567 | goto ON_EXIT;\r | |
| 568 | }\r | |
| 569 | }\r | |
| 570 | \r | |
| 571 | if (SSL_use_certificate (TlsConn->Ssl, Cert) != 1) {\r | |
| 572 | Status = EFI_ABORTED;\r | |
| 573 | goto ON_EXIT;\r | |
| 574 | }\r | |
| 575 | \r | |
| 576 | ON_EXIT:\r | |
| 577 | if (BioCert != NULL) {\r | |
| 578 | BIO_free (BioCert);\r | |
| 579 | }\r | |
| 580 | \r | |
| 581 | if (Cert != NULL) {\r | |
| 582 | X509_free (Cert);\r | |
| 583 | }\r | |
| 584 | \r | |
| 585 | return Status;\r | |
| 586 | }\r | |
| 587 | \r | |
| 588 | /**\r | |
| 589 | Adds the local private key to the specified TLS object.\r | |
| 590 | \r | |
| 591 | This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r | |
| 592 | key) into the specified TLS object for TLS negotiation.\r | |
| 593 | \r | |
| 594 | @param[in] Tls Pointer to the TLS object.\r | |
| 595 | @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r | |
| 596 | or PKCS#8 private key.\r | |
| 597 | @param[in] DataSize The size of data buffer in bytes.\r | |
| 598 | \r | |
| 599 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 600 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
| 601 | @retval EFI_ABORTED Invalid private key data.\r | |
| 602 | \r | |
| 603 | **/\r | |
| 604 | EFI_STATUS\r | |
| 605 | EFIAPI\r | |
| 606 | TlsSetHostPrivateKey (\r | |
| 607 | IN VOID *Tls,\r | |
| 608 | IN VOID *Data,\r | |
| 609 | IN UINTN DataSize\r | |
| 610 | )\r | |
| 611 | {\r | |
| 612 | return EFI_UNSUPPORTED;\r | |
| 613 | }\r | |
| 614 | \r | |
| 615 | /**\r | |
| 616 | Adds the CA-supplied certificate revocation list for certificate validation.\r | |
| 617 | \r | |
| 618 | This function adds the CA-supplied certificate revocation list data for\r | |
| 619 | certificate validity checking.\r | |
| 620 | \r | |
| 621 | @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r | |
| 622 | @param[in] DataSize The size of data buffer in bytes.\r | |
| 623 | \r | |
| 624 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 625 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
| 626 | @retval EFI_ABORTED Invalid CRL data.\r | |
| 627 | \r | |
| 628 | **/\r | |
| 629 | EFI_STATUS\r | |
| 630 | EFIAPI\r | |
| 631 | TlsSetCertRevocationList (\r | |
| 632 | IN VOID *Data,\r | |
| 633 | IN UINTN DataSize\r | |
| 634 | )\r | |
| 635 | {\r | |
| 636 | return EFI_UNSUPPORTED;\r | |
| 637 | }\r | |
| 638 | \r | |
| 639 | /**\r | |
| 640 | Gets the protocol version used by the specified TLS connection.\r | |
| 641 | \r | |
| 642 | This function returns the protocol version used by the specified TLS\r | |
| 643 | connection.\r | |
| 644 | \r | |
| 645 | @param[in] Tls Pointer to the TLS object.\r | |
| 646 | \r | |
| 647 | @return The protocol version of the specified TLS connection.\r | |
| 648 | \r | |
| 649 | **/\r | |
| 650 | UINT16\r | |
| 651 | EFIAPI\r | |
| 652 | TlsGetVersion (\r | |
| 653 | IN VOID *Tls\r | |
| 654 | )\r | |
| 655 | {\r | |
| 656 | TLS_CONNECTION *TlsConn;\r | |
| 657 | \r | |
| 658 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 659 | \r | |
| 660 | ASSERT (TlsConn != NULL);\r | |
| 661 | \r | |
| 662 | return (UINT16)(SSL_version (TlsConn->Ssl));\r | |
| 663 | }\r | |
| 664 | \r | |
| 665 | /**\r | |
| 666 | Gets the connection end of the specified TLS connection.\r | |
| 667 | \r | |
| 668 | This function returns the connection end (as client or as server) used by\r | |
| 669 | the specified TLS connection.\r | |
| 670 | \r | |
| 671 | @param[in] Tls Pointer to the TLS object.\r | |
| 672 | \r | |
| 673 | @return The connection end used by the specified TLS connection.\r | |
| 674 | \r | |
| 675 | **/\r | |
| 676 | UINT8\r | |
| 677 | EFIAPI\r | |
| 678 | TlsGetConnectionEnd (\r | |
| 679 | IN VOID *Tls\r | |
| 680 | )\r | |
| 681 | {\r | |
| 682 | TLS_CONNECTION *TlsConn;\r | |
| 683 | \r | |
| 684 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 685 | \r | |
| 686 | ASSERT (TlsConn != NULL);\r | |
| 687 | \r | |
| 688 | return (UINT8)SSL_is_server (TlsConn->Ssl);\r | |
| 689 | }\r | |
| 690 | \r | |
| 691 | /**\r | |
| 692 | Gets the cipher suite used by the specified TLS connection.\r | |
| 693 | \r | |
| 694 | This function returns current cipher suite used by the specified\r | |
| 695 | TLS connection.\r | |
| 696 | \r | |
| 697 | @param[in] Tls Pointer to the TLS object.\r | |
| 698 | @param[in,out] CipherId The cipher suite used by the TLS object.\r | |
| 699 | \r | |
| 700 | @retval EFI_SUCCESS The cipher suite was returned successfully.\r | |
| 701 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 702 | @retval EFI_UNSUPPORTED Unsupported cipher suite.\r | |
| 703 | \r | |
| 704 | **/\r | |
| 705 | EFI_STATUS\r | |
| 706 | EFIAPI\r | |
| 707 | TlsGetCurrentCipher (\r | |
| 708 | IN VOID *Tls,\r | |
| 709 | IN OUT UINT16 *CipherId\r | |
| 710 | )\r | |
| 711 | {\r | |
| 712 | TLS_CONNECTION *TlsConn;\r | |
| 713 | CONST SSL_CIPHER *Cipher;\r | |
| 714 | \r | |
| 715 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 716 | Cipher = NULL;\r | |
| 717 | \r | |
| 718 | if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {\r | |
| 719 | return EFI_INVALID_PARAMETER;\r | |
| 720 | }\r | |
| 721 | \r | |
| 722 | Cipher = SSL_get_current_cipher (TlsConn->Ssl);\r | |
| 723 | if (Cipher == NULL) {\r | |
| 724 | return EFI_UNSUPPORTED;\r | |
| 725 | }\r | |
| 726 | \r | |
| 727 | *CipherId = (SSL_CIPHER_get_id (Cipher)) & 0xFFFF;\r | |
| 728 | \r | |
| 729 | return EFI_SUCCESS;\r | |
| 730 | }\r | |
| 731 | \r | |
| 732 | /**\r | |
| 733 | Gets the compression methods used by the specified TLS connection.\r | |
| 734 | \r | |
| 735 | This function returns current integrated compression methods used by\r | |
| 736 | the specified TLS connection.\r | |
| 737 | \r | |
| 738 | @param[in] Tls Pointer to the TLS object.\r | |
| 739 | @param[in,out] CompressionId The current compression method used by\r | |
| 740 | the TLS object.\r | |
| 741 | \r | |
| 742 | @retval EFI_SUCCESS The compression method was returned successfully.\r | |
| 743 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 744 | @retval EFI_ABORTED Invalid Compression method.\r | |
| 745 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
| 746 | \r | |
| 747 | **/\r | |
| 748 | EFI_STATUS\r | |
| 749 | EFIAPI\r | |
| 750 | TlsGetCurrentCompressionId (\r | |
| 751 | IN VOID *Tls,\r | |
| 752 | IN OUT UINT8 *CompressionId\r | |
| 753 | )\r | |
| 754 | {\r | |
| 755 | return EFI_UNSUPPORTED;\r | |
| 756 | }\r | |
| 757 | \r | |
| 758 | /**\r | |
| 759 | Gets the verification mode currently set in the TLS connection.\r | |
| 760 | \r | |
| 761 | This function returns the peer verification mode currently set in the\r | |
| 762 | specified TLS connection.\r | |
| 763 | \r | |
| 764 | @param[in] Tls Pointer to the TLS object.\r | |
| 765 | \r | |
| 766 | @return The verification mode set in the specified TLS connection.\r | |
| 767 | \r | |
| 768 | **/\r | |
| 769 | UINT32\r | |
| 770 | EFIAPI\r | |
| 771 | TlsGetVerify (\r | |
| 772 | IN VOID *Tls\r | |
| 773 | )\r | |
| 774 | {\r | |
| 775 | TLS_CONNECTION *TlsConn;\r | |
| 776 | \r | |
| 777 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 778 | \r | |
| 779 | ASSERT (TlsConn != NULL);\r | |
| 780 | \r | |
| 781 | return SSL_get_verify_mode (TlsConn->Ssl);\r | |
| 782 | }\r | |
| 783 | \r | |
| 784 | /**\r | |
| 785 | Gets the session ID used by the specified TLS connection.\r | |
| 786 | \r | |
| 787 | This function returns the TLS/SSL session ID currently used by the\r | |
| 788 | specified TLS connection.\r | |
| 789 | \r | |
| 790 | @param[in] Tls Pointer to the TLS object.\r | |
| 791 | @param[in,out] SessionId Buffer to contain the returned session ID.\r | |
| 792 | @param[in,out] SessionIdLen The length of Session ID in bytes.\r | |
| 793 | \r | |
| 794 | @retval EFI_SUCCESS The Session ID was returned successfully.\r | |
| 795 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 796 | @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r | |
| 797 | \r | |
| 798 | **/\r | |
| 799 | EFI_STATUS\r | |
| 800 | EFIAPI\r | |
| 801 | TlsGetSessionId (\r | |
| 802 | IN VOID *Tls,\r | |
| 803 | IN OUT UINT8 *SessionId,\r | |
| 804 | IN OUT UINT16 *SessionIdLen\r | |
| 805 | )\r | |
| 806 | {\r | |
| 807 | TLS_CONNECTION *TlsConn;\r | |
| 808 | SSL_SESSION *Session;\r | |
| 809 | CONST UINT8 *SslSessionId;\r | |
| 810 | \r | |
| 811 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 812 | Session = NULL;\r | |
| 813 | \r | |
| 814 | if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL || SessionIdLen == NULL) {\r | |
| 815 | return EFI_INVALID_PARAMETER;\r | |
| 816 | }\r | |
| 817 | \r | |
| 818 | Session = SSL_get_session (TlsConn->Ssl);\r | |
| 819 | if (Session == NULL) {\r | |
| 820 | return EFI_UNSUPPORTED;\r | |
| 821 | }\r | |
| 822 | \r | |
| 823 | SslSessionId = SSL_SESSION_get_id (Session, (unsigned int *)SessionIdLen);\r | |
| 824 | CopyMem (SessionId, SslSessionId, *SessionIdLen);\r | |
| 825 | \r | |
| 826 | return EFI_SUCCESS;\r | |
| 827 | }\r | |
| 828 | \r | |
| 829 | /**\r | |
| 830 | Gets the client random data used in the specified TLS connection.\r | |
| 831 | \r | |
| 832 | This function returns the TLS/SSL client random data currently used in\r | |
| 833 | the specified TLS connection.\r | |
| 834 | \r | |
| 835 | @param[in] Tls Pointer to the TLS object.\r | |
| 836 | @param[in,out] ClientRandom Buffer to contain the returned client\r | |
| 837 | random data (32 bytes).\r | |
| 838 | \r | |
| 839 | **/\r | |
| 840 | VOID\r | |
| 841 | EFIAPI\r | |
| 842 | TlsGetClientRandom (\r | |
| 843 | IN VOID *Tls,\r | |
| 844 | IN OUT UINT8 *ClientRandom\r | |
| 845 | )\r | |
| 846 | {\r | |
| 847 | TLS_CONNECTION *TlsConn;\r | |
| 848 | \r | |
| 849 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 850 | \r | |
| 851 | if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {\r | |
| 852 | return;\r | |
| 853 | }\r | |
| 854 | \r | |
| 855 | SSL_get_client_random (TlsConn->Ssl, ClientRandom, SSL3_RANDOM_SIZE);\r | |
| 856 | }\r | |
| 857 | \r | |
| 858 | /**\r | |
| 859 | Gets the server random data used in the specified TLS connection.\r | |
| 860 | \r | |
| 861 | This function returns the TLS/SSL server random data currently used in\r | |
| 862 | the specified TLS connection.\r | |
| 863 | \r | |
| 864 | @param[in] Tls Pointer to the TLS object.\r | |
| 865 | @param[in,out] ServerRandom Buffer to contain the returned server\r | |
| 866 | random data (32 bytes).\r | |
| 867 | \r | |
| 868 | **/\r | |
| 869 | VOID\r | |
| 870 | EFIAPI\r | |
| 871 | TlsGetServerRandom (\r | |
| 872 | IN VOID *Tls,\r | |
| 873 | IN OUT UINT8 *ServerRandom\r | |
| 874 | )\r | |
| 875 | {\r | |
| 876 | TLS_CONNECTION *TlsConn;\r | |
| 877 | \r | |
| 878 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 879 | \r | |
| 880 | if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {\r | |
| 881 | return;\r | |
| 882 | }\r | |
| 883 | \r | |
| 884 | SSL_get_server_random (TlsConn->Ssl, ServerRandom, SSL3_RANDOM_SIZE);\r | |
| 885 | }\r | |
| 886 | \r | |
| 887 | /**\r | |
| 888 | Gets the master key data used in the specified TLS connection.\r | |
| 889 | \r | |
| 890 | This function returns the TLS/SSL master key material currently used in\r | |
| 891 | the specified TLS connection.\r | |
| 892 | \r | |
| 893 | @param[in] Tls Pointer to the TLS object.\r | |
| 894 | @param[in,out] KeyMaterial Buffer to contain the returned key material.\r | |
| 895 | \r | |
| 896 | @retval EFI_SUCCESS Key material was returned successfully.\r | |
| 897 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 898 | @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r | |
| 899 | \r | |
| 900 | **/\r | |
| 901 | EFI_STATUS\r | |
| 902 | EFIAPI\r | |
| 903 | TlsGetKeyMaterial (\r | |
| 904 | IN VOID *Tls,\r | |
| 905 | IN OUT UINT8 *KeyMaterial\r | |
| 906 | )\r | |
| 907 | {\r | |
| 908 | TLS_CONNECTION *TlsConn;\r | |
| 909 | SSL_SESSION *Session;\r | |
| 910 | \r | |
| 911 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 912 | Session = NULL;\r | |
| 913 | \r | |
| 914 | if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {\r | |
| 915 | return EFI_INVALID_PARAMETER;\r | |
| 916 | }\r | |
| 917 | \r | |
| 918 | Session = SSL_get_session (TlsConn->Ssl);\r | |
| 919 | \r | |
| 920 | if (Session == NULL) {\r | |
| 921 | return EFI_UNSUPPORTED;\r | |
| 922 | }\r | |
| 923 | \r | |
| 924 | SSL_SESSION_get_master_key (Session, KeyMaterial, SSL3_MASTER_SECRET_SIZE);\r | |
| 925 | \r | |
| 926 | return EFI_SUCCESS;\r | |
| 927 | }\r | |
| 928 | \r | |
| 929 | /**\r | |
| 930 | Gets the CA Certificate from the cert store.\r | |
| 931 | \r | |
| 932 | This function returns the CA certificate for the chosen\r | |
| 933 | TLS connection.\r | |
| 934 | \r | |
| 935 | @param[in] Tls Pointer to the TLS object.\r | |
| 936 | @param[out] Data Pointer to the data buffer to receive the CA\r | |
| 937 | certificate data sent to the client.\r | |
| 938 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
| 939 | \r | |
| 940 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 941 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
| 942 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
| 943 | \r | |
| 944 | **/\r | |
| 945 | EFI_STATUS\r | |
| 946 | EFIAPI\r | |
| 947 | TlsGetCaCertificate (\r | |
| 948 | IN VOID *Tls,\r | |
| 949 | OUT VOID *Data,\r | |
| 950 | IN OUT UINTN *DataSize\r | |
| 951 | )\r | |
| 952 | {\r | |
| 953 | return EFI_UNSUPPORTED;\r | |
| 954 | }\r | |
| 955 | \r | |
| 956 | /**\r | |
| 957 | Gets the local public Certificate set in the specified TLS object.\r | |
| 958 | \r | |
| 959 | This function returns the local public certificate which was currently set\r | |
| 960 | in the specified TLS object.\r | |
| 961 | \r | |
| 962 | @param[in] Tls Pointer to the TLS object.\r | |
| 963 | @param[out] Data Pointer to the data buffer to receive the local\r | |
| 964 | public certificate.\r | |
| 965 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
| 966 | \r | |
| 967 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 968 | @retval EFI_INVALID_PARAMETER The parameter is invalid.\r | |
| 969 | @retval EFI_NOT_FOUND The certificate is not found.\r | |
| 970 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
| 971 | \r | |
| 972 | **/\r | |
| 973 | EFI_STATUS\r | |
| 974 | EFIAPI\r | |
| 975 | TlsGetHostPublicCert (\r | |
| 976 | IN VOID *Tls,\r | |
| 977 | OUT VOID *Data,\r | |
| 978 | IN OUT UINTN *DataSize\r | |
| 979 | )\r | |
| 980 | {\r | |
| 981 | X509 *Cert;\r | |
| 982 | TLS_CONNECTION *TlsConn;\r | |
| 983 | \r | |
| 984 | Cert = NULL;\r | |
| 985 | TlsConn = (TLS_CONNECTION *) Tls;\r | |
| 986 | \r | |
| 987 | if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) {\r | |
| 988 | return EFI_INVALID_PARAMETER;\r | |
| 989 | }\r | |
| 990 | \r | |
| 991 | Cert = SSL_get_certificate(TlsConn->Ssl);\r | |
| 992 | if (Cert == NULL) {\r | |
| 993 | return EFI_NOT_FOUND;\r | |
| 994 | }\r | |
| 995 | \r | |
| 996 | //\r | |
| 997 | // Only DER encoding is supported currently.\r | |
| 998 | //\r | |
| 999 | if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {\r | |
| 1000 | *DataSize = (UINTN) i2d_X509 (Cert, NULL);\r | |
| 1001 | return EFI_BUFFER_TOO_SMALL;\r | |
| 1002 | }\r | |
| 1003 | \r | |
| 1004 | *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);\r | |
| 1005 | \r | |
| 1006 | return EFI_SUCCESS;\r | |
| 1007 | }\r | |
| 1008 | \r | |
| 1009 | /**\r | |
| 1010 | Gets the local private key set in the specified TLS object.\r | |
| 1011 | \r | |
| 1012 | This function returns the local private key data which was currently set\r | |
| 1013 | in the specified TLS object.\r | |
| 1014 | \r | |
| 1015 | @param[in] Tls Pointer to the TLS object.\r | |
| 1016 | @param[out] Data Pointer to the data buffer to receive the local\r | |
| 1017 | private key data.\r | |
| 1018 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
| 1019 | \r | |
| 1020 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 1021 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
| 1022 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
| 1023 | \r | |
| 1024 | **/\r | |
| 1025 | EFI_STATUS\r | |
| 1026 | EFIAPI\r | |
| 1027 | TlsGetHostPrivateKey (\r | |
| 1028 | IN VOID *Tls,\r | |
| 1029 | OUT VOID *Data,\r | |
| 1030 | IN OUT UINTN *DataSize\r | |
| 1031 | )\r | |
| 1032 | {\r | |
| 1033 | return EFI_UNSUPPORTED;\r | |
| 1034 | }\r | |
| 1035 | \r | |
| 1036 | /**\r | |
| 1037 | Gets the CA-supplied certificate revocation list data set in the specified\r | |
| 1038 | TLS object.\r | |
| 1039 | \r | |
| 1040 | This function returns the CA-supplied certificate revocation list data which\r | |
| 1041 | was currently set in the specified TLS object.\r | |
| 1042 | \r | |
| 1043 | @param[out] Data Pointer to the data buffer to receive the CRL data.\r | |
| 1044 | @param[in,out] DataSize The size of data buffer in bytes.\r | |
| 1045 | \r | |
| 1046 | @retval EFI_SUCCESS The operation succeeded.\r | |
| 1047 | @retval EFI_UNSUPPORTED This function is not supported.\r | |
| 1048 | @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r | |
| 1049 | \r | |
| 1050 | **/\r | |
| 1051 | EFI_STATUS\r | |
| 1052 | EFIAPI\r | |
| 1053 | TlsGetCertRevocationList (\r | |
| 1054 | OUT VOID *Data,\r | |
| 1055 | IN OUT UINTN *DataSize\r | |
| 1056 | )\r | |
| 1057 | {\r | |
| 1058 | return EFI_UNSUPPORTED;\r | |
| 1059 | }\r | |
| 1060 | \r |