NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList
[mirror_edk2.git] / NetworkPkg / TlsDxe / TlsProtocol.c
CommitLineData
7618784b
HW
1/** @file\r
2 Implementation of EFI TLS Protocol Interfaces.\r
3\r
4 Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include "TlsImpl.h"\r
17\r
18EFI_TLS_PROTOCOL mTlsProtocol = {\r
19 TlsSetSessionData,\r
20 TlsGetSessionData,\r
21 TlsBuildResponsePacket,\r
22 TlsProcessPacket\r
23};\r
24\r
25/**\r
26 Set TLS session data.\r
27\r
28 The SetSessionData() function set data for a new TLS session. All session data should\r
29 be set before BuildResponsePacket() invoked.\r
30\r
31 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
32 @param[in] DataType TLS session data type.\r
33 @param[in] Data Pointer to session data.\r
34 @param[in] DataSize Total size of session data.\r
35\r
36 @retval EFI_SUCCESS The TLS session data is set successfully.\r
37 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
38 This is NULL.\r
39 Data is NULL.\r
40 DataSize is 0.\r
44eb9740 41 DataSize is invalid for DataType.\r
7618784b
HW
42 @retval EFI_UNSUPPORTED The DataType is unsupported.\r
43 @retval EFI_ACCESS_DENIED If the DataType is one of below:\r
44 EfiTlsClientRandom\r
45 EfiTlsServerRandom\r
46 EfiTlsKeyMaterial\r
47 @retval EFI_NOT_READY Current TLS session state is NOT\r
48 EfiTlsSessionStateNotStarted.\r
49 @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.\r
50**/\r
51EFI_STATUS\r
52EFIAPI\r
53TlsSetSessionData (\r
54 IN EFI_TLS_PROTOCOL *This,\r
55 IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
56 IN VOID *Data,\r
57 IN UINTN DataSize\r
58 )\r
59{\r
60 EFI_STATUS Status;\r
61 TLS_INSTANCE *Instance;\r
62 UINT16 *CipherId;\r
44eb9740 63 UINTN CipherCount;\r
7618784b
HW
64 UINTN Index;\r
65\r
66 EFI_TPL OldTpl;\r
67\r
68 Status = EFI_SUCCESS;\r
69 CipherId = NULL;\r
70\r
71 if (This == NULL || Data == NULL || DataSize == 0) {\r
72 return EFI_INVALID_PARAMETER;\r
73 }\r
74\r
75 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
76\r
77 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
78\r
79 if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){\r
80 Status = EFI_NOT_READY;\r
81 goto ON_EXIT;\r
82 }\r
83\r
84 switch (DataType) {\r
85 //\r
86 // Session Configuration\r
87 //\r
88 case EfiTlsVersion:\r
89 if (DataSize != sizeof (EFI_TLS_VERSION)) {\r
90 Status = EFI_INVALID_PARAMETER;\r
91 goto ON_EXIT;\r
92 }\r
93\r
94 Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);\r
95 break;\r
96 case EfiTlsConnectionEnd:\r
97 if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {\r
98 Status = EFI_INVALID_PARAMETER;\r
99 goto ON_EXIT;\r
100 }\r
101\r
102 Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));\r
103 break;\r
104 case EfiTlsCipherList:\r
44eb9740
LE
105 if (DataSize % sizeof (EFI_TLS_CIPHER) != 0) {\r
106 Status = EFI_INVALID_PARAMETER;\r
107 goto ON_EXIT;\r
108 }\r
109\r
7618784b
HW
110 CipherId = AllocatePool (DataSize);\r
111 if (CipherId == NULL) {\r
112 Status = EFI_OUT_OF_RESOURCES;\r
113 goto ON_EXIT;\r
114 }\r
115\r
44eb9740
LE
116 CipherCount = DataSize / sizeof (EFI_TLS_CIPHER);\r
117 for (Index = 0; Index < CipherCount; Index++) {\r
7618784b
HW
118 *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));\r
119 }\r
120\r
44eb9740 121 Status = TlsSetCipherList (Instance->TlsConn, CipherId, CipherCount);\r
7618784b
HW
122\r
123 FreePool (CipherId);\r
124 break;\r
125 case EfiTlsCompressionMethod:\r
126 //\r
127 // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the\r
128 // record protocol will not be compressed.\r
129 // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html\r
130 // The TLS RFC does however not specify compression methods or their corresponding identifiers,\r
131 // so there is currently no compatible way to integrate compression with unknown peers.\r
132 // It is therefore currently not recommended to integrate compression into applications.\r
133 // Applications for non-public use may agree on certain compression methods.\r
134 // Using different compression methods with the same identifier will lead to connection failure.\r
135 //\r
136 for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {\r
137 Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));\r
138 if (EFI_ERROR (Status)) {\r
139 break;\r
140 }\r
141 }\r
142\r
143 break;\r
144 case EfiTlsExtensionData:\r
145 Status = EFI_UNSUPPORTED;\r
146 goto ON_EXIT;\r
147 case EfiTlsVerifyMethod:\r
148 if (DataSize != sizeof (EFI_TLS_VERIFY)) {\r
149 Status = EFI_INVALID_PARAMETER;\r
150 goto ON_EXIT;\r
151 }\r
152\r
153 TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));\r
154 break;\r
155 case EfiTlsSessionID:\r
156 if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {\r
157 Status = EFI_INVALID_PARAMETER;\r
158 goto ON_EXIT;\r
159 }\r
160\r
161 Status = TlsSetSessionId (\r
162 Instance->TlsConn,\r
163 ((EFI_TLS_SESSION_ID *) Data)->Data,\r
164 ((EFI_TLS_SESSION_ID *) Data)->Length\r
165 );\r
166 break;\r
167 case EfiTlsSessionState:\r
168 if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {\r
169 Status = EFI_INVALID_PARAMETER;\r
170 goto ON_EXIT;\r
171 }\r
172\r
173 Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;\r
174 break;\r
175 //\r
176 // Session information\r
177 //\r
178 case EfiTlsClientRandom:\r
179 Status = EFI_ACCESS_DENIED;\r
180 break;\r
181 case EfiTlsServerRandom:\r
182 Status = EFI_ACCESS_DENIED;\r
183 break;\r
184 case EfiTlsKeyMaterial:\r
185 Status = EFI_ACCESS_DENIED;\r
186 break;\r
187 //\r
188 // Unsupported type.\r
189 //\r
190 default:\r
191 Status = EFI_UNSUPPORTED;\r
192 }\r
193\r
194ON_EXIT:\r
195 gBS->RestoreTPL (OldTpl);\r
196 return Status;\r
197}\r
198\r
199/**\r
200 Get TLS session data.\r
201\r
202 The GetSessionData() function return the TLS session information.\r
203\r
204 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
205 @param[in] DataType TLS session data type.\r
206 @param[in, out] Data Pointer to session data.\r
207 @param[in, out] DataSize Total size of session data. On input, it means\r
208 the size of Data buffer. On output, it means the size\r
209 of copied Data buffer if EFI_SUCCESS, and means the\r
210 size of desired Data buffer if EFI_BUFFER_TOO_SMALL.\r
211\r
212 @retval EFI_SUCCESS The TLS session data is got successfully.\r
213 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
214 This is NULL.\r
215 DataSize is NULL.\r
216 Data is NULL if *DataSize is not zero.\r
217 @retval EFI_UNSUPPORTED The DataType is unsupported.\r
218 @retval EFI_NOT_FOUND The TLS session data is not found.\r
219 @retval EFI_NOT_READY The DataType is not ready in current session state.\r
220 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.\r
221**/\r
222EFI_STATUS\r
223EFIAPI\r
224TlsGetSessionData (\r
225 IN EFI_TLS_PROTOCOL *This,\r
226 IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
227 IN OUT VOID *Data, OPTIONAL\r
228 IN OUT UINTN *DataSize\r
229 )\r
230{\r
231 EFI_STATUS Status;\r
232 TLS_INSTANCE *Instance;\r
233\r
234 EFI_TPL OldTpl;\r
235\r
236 Status = EFI_SUCCESS;\r
237\r
238 if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {\r
239 return EFI_INVALID_PARAMETER;\r
240 }\r
241\r
242 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
243\r
244 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
245\r
246 if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&\r
247 (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||\r
248 DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {\r
249 Status = EFI_NOT_READY;\r
250 goto ON_EXIT;\r
251 }\r
252\r
253 switch (DataType) {\r
254 case EfiTlsVersion:\r
255 if (*DataSize < sizeof (EFI_TLS_VERSION)) {\r
256 *DataSize = sizeof (EFI_TLS_VERSION);\r
257 Status = EFI_BUFFER_TOO_SMALL;\r
258 goto ON_EXIT;\r
259 }\r
260 *DataSize = sizeof (EFI_TLS_VERSION);\r
261 *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));\r
262 break;\r
263 case EfiTlsConnectionEnd:\r
264 if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {\r
265 *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
266 Status = EFI_BUFFER_TOO_SMALL;\r
267 goto ON_EXIT;\r
268 }\r
269 *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
270 *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);\r
271 break;\r
272 case EfiTlsCipherList:\r
273 //\r
274 // Get the current session cipher suite.\r
275 //\r
276 if (*DataSize < sizeof (EFI_TLS_CIPHER)) {\r
277 *DataSize = sizeof (EFI_TLS_CIPHER);\r
278 Status = EFI_BUFFER_TOO_SMALL;\r
279 goto ON_EXIT;\r
280 }\r
281 *DataSize = sizeof(EFI_TLS_CIPHER);\r
282 Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);\r
283 *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));\r
284 break;\r
285 case EfiTlsCompressionMethod:\r
286 //\r
287 // Get the current session compression method.\r
288 //\r
289 if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {\r
290 *DataSize = sizeof (EFI_TLS_COMPRESSION);\r
291 Status = EFI_BUFFER_TOO_SMALL;\r
292 goto ON_EXIT;\r
293 }\r
294 *DataSize = sizeof (EFI_TLS_COMPRESSION);\r
295 Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);\r
296 break;\r
297 case EfiTlsExtensionData:\r
298 Status = EFI_UNSUPPORTED;\r
299 goto ON_EXIT;\r
300 case EfiTlsVerifyMethod:\r
301 if (*DataSize < sizeof (EFI_TLS_VERIFY)) {\r
302 *DataSize = sizeof (EFI_TLS_VERIFY);\r
303 Status = EFI_BUFFER_TOO_SMALL;\r
304 goto ON_EXIT;\r
305 }\r
306 *DataSize = sizeof (EFI_TLS_VERIFY);\r
307 *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);\r
308 break;\r
309 case EfiTlsSessionID:\r
310 if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {\r
311 *DataSize = sizeof (EFI_TLS_SESSION_ID);\r
312 Status = EFI_BUFFER_TOO_SMALL;\r
313 goto ON_EXIT;\r
314 }\r
315 *DataSize = sizeof (EFI_TLS_SESSION_ID);\r
316 Status = TlsGetSessionId (\r
317 Instance->TlsConn,\r
318 ((EFI_TLS_SESSION_ID *) Data)->Data,\r
319 &(((EFI_TLS_SESSION_ID *) Data)->Length)\r
320 );\r
321 break;\r
322 case EfiTlsSessionState:\r
323 if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {\r
324 *DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
325 Status = EFI_BUFFER_TOO_SMALL;\r
326 goto ON_EXIT;\r
327 }\r
328 *DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
329 CopyMem (Data, &Instance->TlsSessionState, *DataSize);\r
330 break;\r
331 case EfiTlsClientRandom:\r
332 if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
333 *DataSize = sizeof (EFI_TLS_RANDOM);\r
334 Status = EFI_BUFFER_TOO_SMALL;\r
335 goto ON_EXIT;\r
336 }\r
337 *DataSize = sizeof (EFI_TLS_RANDOM);\r
338 TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);\r
339 break;\r
340 case EfiTlsServerRandom:\r
341 if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
342 *DataSize = sizeof (EFI_TLS_RANDOM);\r
343 Status = EFI_BUFFER_TOO_SMALL;\r
344 goto ON_EXIT;\r
345 }\r
346 *DataSize = sizeof (EFI_TLS_RANDOM);\r
347 TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);\r
348 break;\r
349 case EfiTlsKeyMaterial:\r
350 if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {\r
351 *DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
352 Status = EFI_BUFFER_TOO_SMALL;\r
353 goto ON_EXIT;\r
354 }\r
355 *DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
356 Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);\r
357 break;\r
358 //\r
359 // Unsupported type.\r
360 //\r
361 default:\r
362 Status = EFI_UNSUPPORTED;\r
363 }\r
364\r
365ON_EXIT:\r
366 gBS->RestoreTPL (OldTpl);\r
367 return Status;\r
368}\r
369\r
370/**\r
371 Build response packet according to TLS state machine. This function is only valid for\r
372 alert, handshake and change_cipher_spec content type.\r
373\r
374 The BuildResponsePacket() function builds TLS response packet in response to the TLS\r
375 request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and\r
376 RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session\r
377 will be initiated and the response packet needs to be ClientHello. If RequestBuffer is\r
378 NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS\r
379 session will be closed and response packet needs to be CloseNotify. If RequestBuffer is\r
380 NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS\r
381 session has errors and the response packet needs to be Alert message based on error\r
382 type.\r
383\r
384 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
385 @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL\r
386 means TLS need initiate the TLS session and response\r
387 packet need to be ClientHello.\r
388 @param[in] RequestSize Packet size in bytes for the most recently received TLS\r
389 packet. 0 is only valid when RequestBuffer is NULL.\r
390 @param[out] Buffer Pointer to the buffer to hold the built packet.\r
391 @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
392 the buffer size provided by the caller. On output, it\r
393 is the buffer size in fact needed to contain the\r
394 packet.\r
395\r
396 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
397 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
398 This is NULL.\r
399 RequestBuffer is NULL but RequestSize is NOT 0.\r
400 RequestSize is 0 but RequestBuffer is NOT NULL.\r
401 BufferSize is NULL.\r
402 Buffer is NULL if *BufferSize is not zero.\r
403 @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
404 @retval EFI_NOT_READY Current TLS session state is NOT ready to build\r
405 ResponsePacket.\r
406 @retval EFI_ABORTED Something wrong build response packet.\r
407**/\r
408EFI_STATUS\r
409EFIAPI\r
410TlsBuildResponsePacket (\r
411 IN EFI_TLS_PROTOCOL *This,\r
412 IN UINT8 *RequestBuffer, OPTIONAL\r
413 IN UINTN RequestSize, OPTIONAL\r
414 OUT UINT8 *Buffer, OPTIONAL\r
415 IN OUT UINTN *BufferSize\r
416 )\r
417{\r
418 EFI_STATUS Status;\r
419 TLS_INSTANCE *Instance;\r
420 EFI_TPL OldTpl;\r
421\r
422 Status = EFI_SUCCESS;\r
423\r
424 if ((This == NULL) || (BufferSize == NULL) ||\r
425 (RequestBuffer == NULL && RequestSize != 0) ||\r
426 (RequestBuffer != NULL && RequestSize == 0) ||\r
427 (Buffer == NULL && *BufferSize !=0)) {\r
428 return EFI_INVALID_PARAMETER;\r
429 }\r
430\r
431 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
432\r
433 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
434\r
435 if(RequestBuffer == NULL && RequestSize == 0) {\r
436 switch (Instance->TlsSessionState) {\r
437 case EfiTlsSessionNotStarted:\r
438 //\r
439 // ClientHello.\r
440 //\r
441 Status = TlsDoHandshake (\r
442 Instance->TlsConn,\r
443 NULL,\r
444 0,\r
445 Buffer,\r
446 BufferSize\r
447 );\r
448 if (EFI_ERROR (Status)) {\r
449 goto ON_EXIT;\r
450 }\r
451\r
452 //\r
453 // *BufferSize should not be zero when ClientHello.\r
454 //\r
455 if (*BufferSize == 0) {\r
456 Status = EFI_ABORTED;\r
457 goto ON_EXIT;\r
458 }\r
459\r
460 Instance->TlsSessionState = EfiTlsSessionHandShaking;\r
461\r
462 break;\r
463 case EfiTlsSessionClosing:\r
464 //\r
465 // TLS session will be closed and response packet needs to be CloseNotify.\r
466 //\r
467 Status = TlsCloseNotify (\r
468 Instance->TlsConn,\r
469 Buffer,\r
470 BufferSize\r
471 );\r
472 if (EFI_ERROR (Status)) {\r
473 goto ON_EXIT;\r
474 }\r
475\r
476 //\r
477 // *BufferSize should not be zero when build CloseNotify message.\r
478 //\r
479 if (*BufferSize == 0) {\r
480 Status = EFI_ABORTED;\r
481 goto ON_EXIT;\r
482 }\r
483\r
484 break;\r
485 case EfiTlsSessionError:\r
486 //\r
487 // TLS session has errors and the response packet needs to be Alert\r
488 // message based on error type.\r
489 //\r
490 Status = TlsHandleAlert (\r
491 Instance->TlsConn,\r
492 NULL,\r
493 0,\r
494 Buffer,\r
495 BufferSize\r
496 );\r
497 if (EFI_ERROR (Status)) {\r
498 goto ON_EXIT;\r
499 }\r
500\r
501 break;\r
502 default:\r
503 //\r
504 // Current TLS session state is NOT ready to build ResponsePacket.\r
505 //\r
506 Status = EFI_NOT_READY;\r
507 }\r
508 } else {\r
509 //\r
510 // 1. Received packet may have multiple TLS record messages.\r
511 // 2. One TLS record message may have multiple handshake protocol.\r
512 // 3. Some errors may be happened in handshake.\r
513 // TlsDoHandshake() can handle all of those cases.\r
514 //\r
515 if (TlsInHandshake (Instance->TlsConn)) {\r
516 Status = TlsDoHandshake (\r
517 Instance->TlsConn,\r
518 RequestBuffer,\r
519 RequestSize,\r
520 Buffer,\r
521 BufferSize\r
522 );\r
523 if (EFI_ERROR (Status)) {\r
524 goto ON_EXIT;\r
525 }\r
526\r
527 if (!TlsInHandshake (Instance->TlsConn)) {\r
528 Instance->TlsSessionState = EfiTlsSessionDataTransferring;\r
529 }\r
530 } else {\r
531 //\r
532 // Must be alert message, Decrypt it and build the ResponsePacket.\r
533 //\r
534 ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);\r
535\r
536 Status = TlsHandleAlert (\r
537 Instance->TlsConn,\r
538 RequestBuffer,\r
539 RequestSize,\r
540 Buffer,\r
541 BufferSize\r
542 );\r
543 if (EFI_ERROR (Status)) {\r
544 if (Status != EFI_BUFFER_TOO_SMALL) {\r
545 Instance->TlsSessionState = EfiTlsSessionError;\r
546 }\r
547\r
548 goto ON_EXIT;\r
549 }\r
550 }\r
551 }\r
552\r
553ON_EXIT:\r
554 gBS->RestoreTPL (OldTpl);\r
555 return Status;\r
556}\r
557\r
558/**\r
559 Decrypt or encrypt TLS packet during session. This function is only valid after\r
560 session connected and for application_data content type.\r
561\r
562 The ProcessPacket () function process each inbound or outbound TLS APP packet.\r
563\r
564 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
565 @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take\r
566 responsible to handle the original FragmentTable while\r
567 it may be reallocated in TLS driver. If CryptMode is\r
568 EfiTlsEncrypt, on input these fragments contain the TLS\r
569 header and plain text TLS APP payload; on output these\r
570 fragments contain the TLS header and cipher text TLS\r
571 APP payload. If CryptMode is EfiTlsDecrypt, on input\r
572 these fragments contain the TLS header and cipher text\r
573 TLS APP payload; on output these fragments contain the\r
574 TLS header and plain text TLS APP payload.\r
575 @param[in] FragmentCount Number of fragment.\r
576 @param[in] CryptMode Crypt mode.\r
577\r
578 @retval EFI_SUCCESS The operation completed successfully.\r
579 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
580 This is NULL.\r
581 FragmentTable is NULL.\r
582 FragmentCount is NULL.\r
583 CryptoMode is invalid.\r
584 @retval EFI_NOT_READY Current TLS session state is NOT\r
585 EfiTlsSessionDataTransferring.\r
586 @retval EFI_ABORTED Something wrong decryption the message. TLS session\r
587 status will become EfiTlsSessionError. The caller need\r
588 call BuildResponsePacket() to generate Error Alert\r
589 message and send it out.\r
590 @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.\r
591**/\r
592EFI_STATUS\r
593EFIAPI\r
594TlsProcessPacket (\r
595 IN EFI_TLS_PROTOCOL *This,\r
596 IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
597 IN UINT32 *FragmentCount,\r
598 IN EFI_TLS_CRYPT_MODE CryptMode\r
599 )\r
600{\r
601 EFI_STATUS Status;\r
602 TLS_INSTANCE *Instance;\r
603\r
604 EFI_TPL OldTpl;\r
605\r
606 Status = EFI_SUCCESS;\r
607\r
608 if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {\r
609 return EFI_INVALID_PARAMETER;\r
610 }\r
611\r
612 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
613\r
614 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
615\r
616 if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {\r
617 Status = EFI_NOT_READY;\r
618 goto ON_EXIT;\r
619 }\r
620\r
621 //\r
622 // Packet sent or received may have multiple TLS record messages (Application data type).\r
623 // So,on input these fragments contain the TLS header and TLS APP payload;\r
624 // on output these fragments also contain the TLS header and TLS APP payload.\r
625 //\r
626 switch (CryptMode) {\r
627 case EfiTlsEncrypt:\r
628 Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);\r
629 break;\r
630 case EfiTlsDecrypt:\r
631 Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);\r
632 break;\r
633 default:\r
634 return EFI_INVALID_PARAMETER;\r
635 }\r
636\r
637ON_EXIT:\r
638 gBS->RestoreTPL (OldTpl);\r
639 return Status;\r
640}\r
641\r