]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/TlsDxe/TlsProtocol.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NetworkPkg/TlsDxe: clean up byte order conversion for EfiTlsCipherList
[mirror_edk2.git] / NetworkPkg / TlsDxe / TlsProtocol.c
1 /** @file
2 Implementation of EFI TLS Protocol Interfaces.
3
4 Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "TlsImpl.h"
17
18 EFI_TLS_PROTOCOL mTlsProtocol = {
19 TlsSetSessionData,
20 TlsGetSessionData,
21 TlsBuildResponsePacket,
22 TlsProcessPacket
23 };
24
25 /**
26 Set TLS session data.
27
28 The SetSessionData() function set data for a new TLS session. All session data should
29 be set before BuildResponsePacket() invoked.
30
31 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
32 @param[in] DataType TLS session data type.
33 @param[in] Data Pointer to session data.
34 @param[in] DataSize Total size of session data.
35
36 @retval EFI_SUCCESS The TLS session data is set successfully.
37 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
38 This is NULL.
39 Data is NULL.
40 DataSize is 0.
41 DataSize is invalid for DataType.
42 @retval EFI_UNSUPPORTED The DataType is unsupported.
43 @retval EFI_ACCESS_DENIED If the DataType is one of below:
44 EfiTlsClientRandom
45 EfiTlsServerRandom
46 EfiTlsKeyMaterial
47 @retval EFI_NOT_READY Current TLS session state is NOT
48 EfiTlsSessionStateNotStarted.
49 @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
50 **/
51 EFI_STATUS
52 EFIAPI
53 TlsSetSessionData (
54 IN EFI_TLS_PROTOCOL *This,
55 IN EFI_TLS_SESSION_DATA_TYPE DataType,
56 IN VOID *Data,
57 IN UINTN DataSize
58 )
59 {
60 EFI_STATUS Status;
61 TLS_INSTANCE *Instance;
62 UINT16 *CipherId;
63 CONST EFI_TLS_CIPHER *TlsCipherList;
64 UINTN CipherCount;
65 UINTN Index;
66
67 EFI_TPL OldTpl;
68
69 Status = EFI_SUCCESS;
70 CipherId = NULL;
71
72 if (This == NULL || Data == NULL || DataSize == 0) {
73 return EFI_INVALID_PARAMETER;
74 }
75
76 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
77
78 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
79
80 if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){
81 Status = EFI_NOT_READY;
82 goto ON_EXIT;
83 }
84
85 switch (DataType) {
86 //
87 // Session Configuration
88 //
89 case EfiTlsVersion:
90 if (DataSize != sizeof (EFI_TLS_VERSION)) {
91 Status = EFI_INVALID_PARAMETER;
92 goto ON_EXIT;
93 }
94
95 Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);
96 break;
97 case EfiTlsConnectionEnd:
98 if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
99 Status = EFI_INVALID_PARAMETER;
100 goto ON_EXIT;
101 }
102
103 Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));
104 break;
105 case EfiTlsCipherList:
106 if (DataSize % sizeof (EFI_TLS_CIPHER) != 0) {
107 Status = EFI_INVALID_PARAMETER;
108 goto ON_EXIT;
109 }
110
111 CipherId = AllocatePool (DataSize);
112 if (CipherId == NULL) {
113 Status = EFI_OUT_OF_RESOURCES;
114 goto ON_EXIT;
115 }
116
117 TlsCipherList = (CONST EFI_TLS_CIPHER *) Data;
118 CipherCount = DataSize / sizeof (EFI_TLS_CIPHER);
119 for (Index = 0; Index < CipherCount; Index++) {
120 CipherId[Index] = ((TlsCipherList[Index].Data1 << 8) |
121 TlsCipherList[Index].Data2);
122 }
123
124 Status = TlsSetCipherList (Instance->TlsConn, CipherId, CipherCount);
125
126 FreePool (CipherId);
127 break;
128 case EfiTlsCompressionMethod:
129 //
130 // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the
131 // record protocol will not be compressed.
132 // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html
133 // The TLS RFC does however not specify compression methods or their corresponding identifiers,
134 // so there is currently no compatible way to integrate compression with unknown peers.
135 // It is therefore currently not recommended to integrate compression into applications.
136 // Applications for non-public use may agree on certain compression methods.
137 // Using different compression methods with the same identifier will lead to connection failure.
138 //
139 for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {
140 Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
141 if (EFI_ERROR (Status)) {
142 break;
143 }
144 }
145
146 break;
147 case EfiTlsExtensionData:
148 Status = EFI_UNSUPPORTED;
149 goto ON_EXIT;
150 case EfiTlsVerifyMethod:
151 if (DataSize != sizeof (EFI_TLS_VERIFY)) {
152 Status = EFI_INVALID_PARAMETER;
153 goto ON_EXIT;
154 }
155
156 TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
157 break;
158 case EfiTlsSessionID:
159 if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
160 Status = EFI_INVALID_PARAMETER;
161 goto ON_EXIT;
162 }
163
164 Status = TlsSetSessionId (
165 Instance->TlsConn,
166 ((EFI_TLS_SESSION_ID *) Data)->Data,
167 ((EFI_TLS_SESSION_ID *) Data)->Length
168 );
169 break;
170 case EfiTlsSessionState:
171 if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
172 Status = EFI_INVALID_PARAMETER;
173 goto ON_EXIT;
174 }
175
176 Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
177 break;
178 //
179 // Session information
180 //
181 case EfiTlsClientRandom:
182 Status = EFI_ACCESS_DENIED;
183 break;
184 case EfiTlsServerRandom:
185 Status = EFI_ACCESS_DENIED;
186 break;
187 case EfiTlsKeyMaterial:
188 Status = EFI_ACCESS_DENIED;
189 break;
190 //
191 // Unsupported type.
192 //
193 default:
194 Status = EFI_UNSUPPORTED;
195 }
196
197 ON_EXIT:
198 gBS->RestoreTPL (OldTpl);
199 return Status;
200 }
201
202 /**
203 Get TLS session data.
204
205 The GetSessionData() function return the TLS session information.
206
207 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
208 @param[in] DataType TLS session data type.
209 @param[in, out] Data Pointer to session data.
210 @param[in, out] DataSize Total size of session data. On input, it means
211 the size of Data buffer. On output, it means the size
212 of copied Data buffer if EFI_SUCCESS, and means the
213 size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
214
215 @retval EFI_SUCCESS The TLS session data is got successfully.
216 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
217 This is NULL.
218 DataSize is NULL.
219 Data is NULL if *DataSize is not zero.
220 @retval EFI_UNSUPPORTED The DataType is unsupported.
221 @retval EFI_NOT_FOUND The TLS session data is not found.
222 @retval EFI_NOT_READY The DataType is not ready in current session state.
223 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
224 **/
225 EFI_STATUS
226 EFIAPI
227 TlsGetSessionData (
228 IN EFI_TLS_PROTOCOL *This,
229 IN EFI_TLS_SESSION_DATA_TYPE DataType,
230 IN OUT VOID *Data, OPTIONAL
231 IN OUT UINTN *DataSize
232 )
233 {
234 EFI_STATUS Status;
235 TLS_INSTANCE *Instance;
236
237 EFI_TPL OldTpl;
238
239 Status = EFI_SUCCESS;
240
241 if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
242 return EFI_INVALID_PARAMETER;
243 }
244
245 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
246
247 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
248
249 if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
250 (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
251 DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
252 Status = EFI_NOT_READY;
253 goto ON_EXIT;
254 }
255
256 switch (DataType) {
257 case EfiTlsVersion:
258 if (*DataSize < sizeof (EFI_TLS_VERSION)) {
259 *DataSize = sizeof (EFI_TLS_VERSION);
260 Status = EFI_BUFFER_TOO_SMALL;
261 goto ON_EXIT;
262 }
263 *DataSize = sizeof (EFI_TLS_VERSION);
264 *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
265 break;
266 case EfiTlsConnectionEnd:
267 if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
268 *DataSize = sizeof (EFI_TLS_CONNECTION_END);
269 Status = EFI_BUFFER_TOO_SMALL;
270 goto ON_EXIT;
271 }
272 *DataSize = sizeof (EFI_TLS_CONNECTION_END);
273 *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
274 break;
275 case EfiTlsCipherList:
276 //
277 // Get the current session cipher suite.
278 //
279 if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
280 *DataSize = sizeof (EFI_TLS_CIPHER);
281 Status = EFI_BUFFER_TOO_SMALL;
282 goto ON_EXIT;
283 }
284 *DataSize = sizeof(EFI_TLS_CIPHER);
285 Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
286 *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
287 break;
288 case EfiTlsCompressionMethod:
289 //
290 // Get the current session compression method.
291 //
292 if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
293 *DataSize = sizeof (EFI_TLS_COMPRESSION);
294 Status = EFI_BUFFER_TOO_SMALL;
295 goto ON_EXIT;
296 }
297 *DataSize = sizeof (EFI_TLS_COMPRESSION);
298 Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);
299 break;
300 case EfiTlsExtensionData:
301 Status = EFI_UNSUPPORTED;
302 goto ON_EXIT;
303 case EfiTlsVerifyMethod:
304 if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
305 *DataSize = sizeof (EFI_TLS_VERIFY);
306 Status = EFI_BUFFER_TOO_SMALL;
307 goto ON_EXIT;
308 }
309 *DataSize = sizeof (EFI_TLS_VERIFY);
310 *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
311 break;
312 case EfiTlsSessionID:
313 if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
314 *DataSize = sizeof (EFI_TLS_SESSION_ID);
315 Status = EFI_BUFFER_TOO_SMALL;
316 goto ON_EXIT;
317 }
318 *DataSize = sizeof (EFI_TLS_SESSION_ID);
319 Status = TlsGetSessionId (
320 Instance->TlsConn,
321 ((EFI_TLS_SESSION_ID *) Data)->Data,
322 &(((EFI_TLS_SESSION_ID *) Data)->Length)
323 );
324 break;
325 case EfiTlsSessionState:
326 if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
327 *DataSize = sizeof (EFI_TLS_SESSION_STATE);
328 Status = EFI_BUFFER_TOO_SMALL;
329 goto ON_EXIT;
330 }
331 *DataSize = sizeof (EFI_TLS_SESSION_STATE);
332 CopyMem (Data, &Instance->TlsSessionState, *DataSize);
333 break;
334 case EfiTlsClientRandom:
335 if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
336 *DataSize = sizeof (EFI_TLS_RANDOM);
337 Status = EFI_BUFFER_TOO_SMALL;
338 goto ON_EXIT;
339 }
340 *DataSize = sizeof (EFI_TLS_RANDOM);
341 TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
342 break;
343 case EfiTlsServerRandom:
344 if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
345 *DataSize = sizeof (EFI_TLS_RANDOM);
346 Status = EFI_BUFFER_TOO_SMALL;
347 goto ON_EXIT;
348 }
349 *DataSize = sizeof (EFI_TLS_RANDOM);
350 TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
351 break;
352 case EfiTlsKeyMaterial:
353 if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
354 *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
355 Status = EFI_BUFFER_TOO_SMALL;
356 goto ON_EXIT;
357 }
358 *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
359 Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
360 break;
361 //
362 // Unsupported type.
363 //
364 default:
365 Status = EFI_UNSUPPORTED;
366 }
367
368 ON_EXIT:
369 gBS->RestoreTPL (OldTpl);
370 return Status;
371 }
372
373 /**
374 Build response packet according to TLS state machine. This function is only valid for
375 alert, handshake and change_cipher_spec content type.
376
377 The BuildResponsePacket() function builds TLS response packet in response to the TLS
378 request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
379 RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
380 will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
381 NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
382 session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
383 NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
384 session has errors and the response packet needs to be Alert message based on error
385 type.
386
387 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
388 @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
389 means TLS need initiate the TLS session and response
390 packet need to be ClientHello.
391 @param[in] RequestSize Packet size in bytes for the most recently received TLS
392 packet. 0 is only valid when RequestBuffer is NULL.
393 @param[out] Buffer Pointer to the buffer to hold the built packet.
394 @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
395 the buffer size provided by the caller. On output, it
396 is the buffer size in fact needed to contain the
397 packet.
398
399 @retval EFI_SUCCESS The required TLS packet is built successfully.
400 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
401 This is NULL.
402 RequestBuffer is NULL but RequestSize is NOT 0.
403 RequestSize is 0 but RequestBuffer is NOT NULL.
404 BufferSize is NULL.
405 Buffer is NULL if *BufferSize is not zero.
406 @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
407 @retval EFI_NOT_READY Current TLS session state is NOT ready to build
408 ResponsePacket.
409 @retval EFI_ABORTED Something wrong build response packet.
410 **/
411 EFI_STATUS
412 EFIAPI
413 TlsBuildResponsePacket (
414 IN EFI_TLS_PROTOCOL *This,
415 IN UINT8 *RequestBuffer, OPTIONAL
416 IN UINTN RequestSize, OPTIONAL
417 OUT UINT8 *Buffer, OPTIONAL
418 IN OUT UINTN *BufferSize
419 )
420 {
421 EFI_STATUS Status;
422 TLS_INSTANCE *Instance;
423 EFI_TPL OldTpl;
424
425 Status = EFI_SUCCESS;
426
427 if ((This == NULL) || (BufferSize == NULL) ||
428 (RequestBuffer == NULL && RequestSize != 0) ||
429 (RequestBuffer != NULL && RequestSize == 0) ||
430 (Buffer == NULL && *BufferSize !=0)) {
431 return EFI_INVALID_PARAMETER;
432 }
433
434 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
435
436 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
437
438 if(RequestBuffer == NULL && RequestSize == 0) {
439 switch (Instance->TlsSessionState) {
440 case EfiTlsSessionNotStarted:
441 //
442 // ClientHello.
443 //
444 Status = TlsDoHandshake (
445 Instance->TlsConn,
446 NULL,
447 0,
448 Buffer,
449 BufferSize
450 );
451 if (EFI_ERROR (Status)) {
452 goto ON_EXIT;
453 }
454
455 //
456 // *BufferSize should not be zero when ClientHello.
457 //
458 if (*BufferSize == 0) {
459 Status = EFI_ABORTED;
460 goto ON_EXIT;
461 }
462
463 Instance->TlsSessionState = EfiTlsSessionHandShaking;
464
465 break;
466 case EfiTlsSessionClosing:
467 //
468 // TLS session will be closed and response packet needs to be CloseNotify.
469 //
470 Status = TlsCloseNotify (
471 Instance->TlsConn,
472 Buffer,
473 BufferSize
474 );
475 if (EFI_ERROR (Status)) {
476 goto ON_EXIT;
477 }
478
479 //
480 // *BufferSize should not be zero when build CloseNotify message.
481 //
482 if (*BufferSize == 0) {
483 Status = EFI_ABORTED;
484 goto ON_EXIT;
485 }
486
487 break;
488 case EfiTlsSessionError:
489 //
490 // TLS session has errors and the response packet needs to be Alert
491 // message based on error type.
492 //
493 Status = TlsHandleAlert (
494 Instance->TlsConn,
495 NULL,
496 0,
497 Buffer,
498 BufferSize
499 );
500 if (EFI_ERROR (Status)) {
501 goto ON_EXIT;
502 }
503
504 break;
505 default:
506 //
507 // Current TLS session state is NOT ready to build ResponsePacket.
508 //
509 Status = EFI_NOT_READY;
510 }
511 } else {
512 //
513 // 1. Received packet may have multiple TLS record messages.
514 // 2. One TLS record message may have multiple handshake protocol.
515 // 3. Some errors may be happened in handshake.
516 // TlsDoHandshake() can handle all of those cases.
517 //
518 if (TlsInHandshake (Instance->TlsConn)) {
519 Status = TlsDoHandshake (
520 Instance->TlsConn,
521 RequestBuffer,
522 RequestSize,
523 Buffer,
524 BufferSize
525 );
526 if (EFI_ERROR (Status)) {
527 goto ON_EXIT;
528 }
529
530 if (!TlsInHandshake (Instance->TlsConn)) {
531 Instance->TlsSessionState = EfiTlsSessionDataTransferring;
532 }
533 } else {
534 //
535 // Must be alert message, Decrypt it and build the ResponsePacket.
536 //
537 ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);
538
539 Status = TlsHandleAlert (
540 Instance->TlsConn,
541 RequestBuffer,
542 RequestSize,
543 Buffer,
544 BufferSize
545 );
546 if (EFI_ERROR (Status)) {
547 if (Status != EFI_BUFFER_TOO_SMALL) {
548 Instance->TlsSessionState = EfiTlsSessionError;
549 }
550
551 goto ON_EXIT;
552 }
553 }
554 }
555
556 ON_EXIT:
557 gBS->RestoreTPL (OldTpl);
558 return Status;
559 }
560
561 /**
562 Decrypt or encrypt TLS packet during session. This function is only valid after
563 session connected and for application_data content type.
564
565 The ProcessPacket () function process each inbound or outbound TLS APP packet.
566
567 @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
568 @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
569 responsible to handle the original FragmentTable while
570 it may be reallocated in TLS driver. If CryptMode is
571 EfiTlsEncrypt, on input these fragments contain the TLS
572 header and plain text TLS APP payload; on output these
573 fragments contain the TLS header and cipher text TLS
574 APP payload. If CryptMode is EfiTlsDecrypt, on input
575 these fragments contain the TLS header and cipher text
576 TLS APP payload; on output these fragments contain the
577 TLS header and plain text TLS APP payload.
578 @param[in] FragmentCount Number of fragment.
579 @param[in] CryptMode Crypt mode.
580
581 @retval EFI_SUCCESS The operation completed successfully.
582 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
583 This is NULL.
584 FragmentTable is NULL.
585 FragmentCount is NULL.
586 CryptoMode is invalid.
587 @retval EFI_NOT_READY Current TLS session state is NOT
588 EfiTlsSessionDataTransferring.
589 @retval EFI_ABORTED Something wrong decryption the message. TLS session
590 status will become EfiTlsSessionError. The caller need
591 call BuildResponsePacket() to generate Error Alert
592 message and send it out.
593 @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
594 **/
595 EFI_STATUS
596 EFIAPI
597 TlsProcessPacket (
598 IN EFI_TLS_PROTOCOL *This,
599 IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
600 IN UINT32 *FragmentCount,
601 IN EFI_TLS_CRYPT_MODE CryptMode
602 )
603 {
604 EFI_STATUS Status;
605 TLS_INSTANCE *Instance;
606
607 EFI_TPL OldTpl;
608
609 Status = EFI_SUCCESS;
610
611 if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
612 return EFI_INVALID_PARAMETER;
613 }
614
615 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
616
617 Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
618
619 if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
620 Status = EFI_NOT_READY;
621 goto ON_EXIT;
622 }
623
624 //
625 // Packet sent or received may have multiple TLS record messages (Application data type).
626 // So,on input these fragments contain the TLS header and TLS APP payload;
627 // on output these fragments also contain the TLS header and TLS APP payload.
628 //
629 switch (CryptMode) {
630 case EfiTlsEncrypt:
631 Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
632 break;
633 case EfiTlsDecrypt:
634 Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
635 break;
636 default:
637 return EFI_INVALID_PARAMETER;
638 }
639
640 ON_EXIT:
641 gBS->RestoreTPL (OldTpl);
642 return Status;
643 }
644
EFI Development Kit II mirror for PVE