-/** @file
- Miscellaneous routines specific to Https for HttpDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "HttpDriver.h"
-
-/**
- Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-terminated
- ASCII string and ignore case during the search process.
-
- This function scans the contents of the ASCII string specified by String
- and returns the first occurrence of SearchString and ignore case during the search process.
- If SearchString is not found in String, then NULL is returned. If the length of SearchString
- is zero, then String is returned.
-
- If String is NULL, then ASSERT().
- If SearchString is NULL, then ASSERT().
-
- @param[in] String A pointer to a Null-terminated ASCII string.
- @param[in] SearchString A pointer to a Null-terminated ASCII string to search for.
-
- @retval NULL If the SearchString does not appear in String.
- @retval others If there is a match return the first occurrence of SearchingString.
- If the length of SearchString is zero,return String.
-
-**/
-CHAR8 *
-AsciiStrCaseStr (
- IN CONST CHAR8 *String,
- IN CONST CHAR8 *SearchString
- )
-{
- CONST CHAR8 *FirstMatch;
- CONST CHAR8 *SearchStringTmp;
-
- CHAR8 Src;
- CHAR8 Dst;
-
- //
- // ASSERT both strings are less long than PcdMaximumAsciiStringLength
- //
- ASSERT (AsciiStrSize (String) != 0);
- ASSERT (AsciiStrSize (SearchString) != 0);
-
- if (*SearchString == '\0') {
- return (CHAR8 *) String;
- }
-
- while (*String != '\0') {
- SearchStringTmp = SearchString;
- FirstMatch = String;
-
- while ((*SearchStringTmp != '\0')
- && (*String != '\0')) {
- Src = *String;
- Dst = *SearchStringTmp;
-
- if ((Src >= 'A') && (Src <= 'Z')) {
- Src -= ('A' - 'a');
- }
-
- if ((Dst >= 'A') && (Dst <= 'Z')) {
- Dst -= ('A' - 'a');
- }
-
- if (Src != Dst) {
- break;
- }
-
- String++;
- SearchStringTmp++;
- }
-
- if (*SearchStringTmp == '\0') {
- return (CHAR8 *) FirstMatch;
- }
-
- String = FirstMatch + 1;
- }
-
- return NULL;
-}
-
-/**
- The callback function to free the net buffer list.
-
- @param[in] Arg The opaque parameter.
-
-**/
-VOID
-EFIAPI
-FreeNbufList (
- IN VOID *Arg
- )
-{
- ASSERT (Arg != NULL);
-
- NetbufFreeList ((LIST_ENTRY *) Arg);
- FreePool (Arg);
-}
-
-/**
- Check whether the Url is from Https.
-
- @param[in] Url The pointer to a HTTP or HTTPS URL string.
-
- @retval TRUE The Url is from HTTPS.
- @retval FALSE The Url is from HTTP.
-
-**/
-BOOLEAN
-IsHttpsUrl (
- IN CHAR8 *Url
- )
-{
- CHAR8 *Tmp;
-
- Tmp = NULL;
-
- Tmp = AsciiStrCaseStr (Url, HTTPS_FLAG);
- if (Tmp != NULL && Tmp == Url) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
-
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
-**/
-EFI_HANDLE
-EFIAPI
-TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
- )
-{
- EFI_STATUS Status;
- EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
- EFI_HANDLE TlsChildHandle;
-
- TlsSb = NULL;
- TlsChildHandle = 0;
-
- //
- // Locate TlsServiceBinding protocol.
- //
- gBS->LocateProtocol (
- &gEfiTlsServiceBindingProtocolGuid,
- NULL,
- (VOID **) &TlsSb
- );
- if (TlsSb == NULL) {
- return NULL;
- }
-
- Status = TlsSb->CreateChild (TlsSb, &TlsChildHandle);
- if (EFI_ERROR (Status)) {
- return NULL;
- }
-
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **) TlsProto,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- TlsSb->DestroyChild (TlsSb, TlsChildHandle);
- return NULL;
- }
-
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsConfigurationProtocolGuid,
- (VOID **) TlsConfiguration,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- TlsSb->DestroyChild (TlsSb, TlsChildHandle);
- return NULL;
- }
-
- return TlsChildHandle;
-}
-
-/**
- Create event for the TLS receive and transmit tokens which are used to receive and
- transmit TLS related messages.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
- @retval EFI_SUCCESS The events are created successfully.
- @retval others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCreateTxRxEvent (
- IN OUT HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- //
- // For Tcp4TlsTxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsTxDone,
- &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp4TlsTxData.Push = TRUE;
- HttpInstance->Tcp4TlsTxData.Urgent = FALSE;
- HttpInstance->Tcp4TlsTxData.DataLength = 0;
- HttpInstance->Tcp4TlsTxData.FragmentCount = 1;
- HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsTxData.DataLength;
- HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp4TlsTxToken.Packet.TxData = &HttpInstance->Tcp4TlsTxData;
- HttpInstance->Tcp4TlsTxToken.CompletionToken.Status = EFI_NOT_READY;
-
- //
- // For Tcp4TlsRxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsRxDone,
- &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp4TlsRxData.DataLength = 0;
- HttpInstance->Tcp4TlsRxData.FragmentCount = 1;
- HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsRxData.DataLength ;
- HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp4TlsRxToken.Packet.RxData = &HttpInstance->Tcp4TlsRxData;
- HttpInstance->Tcp4TlsRxToken.CompletionToken.Status = EFI_NOT_READY;
- } else {
- //
- // For Tcp6TlsTxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsTxDone,
- &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp6TlsTxData.Push = TRUE;
- HttpInstance->Tcp6TlsTxData.Urgent = FALSE;
- HttpInstance->Tcp6TlsTxData.DataLength = 0;
- HttpInstance->Tcp6TlsTxData.FragmentCount = 1;
- HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsTxData.DataLength;
- HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp6TlsTxToken.Packet.TxData = &HttpInstance->Tcp6TlsTxData;
- HttpInstance->Tcp6TlsTxToken.CompletionToken.Status = EFI_NOT_READY;
-
- //
- // For Tcp6TlsRxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsRxDone,
- &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp6TlsRxData.DataLength = 0;
- HttpInstance->Tcp6TlsRxData.FragmentCount = 1;
- HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsRxData.DataLength ;
- HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp6TlsRxToken.Packet.RxData = &HttpInstance->Tcp6TlsRxData;
- HttpInstance->Tcp6TlsRxToken.CompletionToken.Status = EFI_NOT_READY;
- }
-
- return Status;
-
-ERROR:
- //
- // Error handling
- //
- TlsCloseTxRxEvent (HttpInstance);
-
- return Status;
-}
-
-/**
- Close events in the TlsTxToken and TlsRxToken.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
-**/
-VOID
-EFIAPI
-TlsCloseTxRxEvent (
- IN HTTP_PROTOCOL *HttpInstance
- )
-{
- ASSERT (HttpInstance != NULL);
- if (!HttpInstance->LocalAddressIsIPv6) {
- if (NULL != HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) {
- gBS->CloseEvent(HttpInstance->Tcp4TlsTxToken.CompletionToken.Event);
- HttpInstance->Tcp4TlsTxToken.CompletionToken.Event = NULL;
- }
-
- if (NULL != HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) {
- gBS->CloseEvent (HttpInstance->Tcp4TlsRxToken.CompletionToken.Event);
- HttpInstance->Tcp4TlsRxToken.CompletionToken.Event = NULL;
- }
- } else {
- if (NULL != HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) {
- gBS->CloseEvent(HttpInstance->Tcp6TlsTxToken.CompletionToken.Event);
- HttpInstance->Tcp6TlsTxToken.CompletionToken.Event = NULL;
- }
-
- if (NULL != HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) {
- gBS->CloseEvent (HttpInstance->Tcp6TlsRxToken.CompletionToken.Event);
- HttpInstance->Tcp6TlsRxToken.CompletionToken.Event = NULL;
- }
- }
-}
-
-/**
- Read the TlsCaCertificate variable and configure it.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TlsCaCertificate is configured.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-TlsConfigCertificate (
- IN OUT HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
- UINT8 *CACert;
- UINTN CACertSize;
- UINT32 Index;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- UINT32 ItemDataSize;
-
- CACert = NULL;
- CACertSize = 0;
-
- //
- // Try to read the TlsCaCertificate variable.
- //
- Status = gRT->GetVariable (
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- NULL,
- &CACertSize,
- NULL
- );
-
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
- return Status;
- }
-
- //
- // Allocate buffer and read the config variable.
- //
- CACert = AllocatePool (CACertSize);
- if (CACert == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- Status = gRT->GetVariable (
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- NULL,
- &CACertSize,
- CACert
- );
- if (EFI_ERROR (Status)) {
- //
- // GetVariable still error or the variable is corrupted.
- // Fall back to the default value.
- //
- FreePool (CACert);
-
- return EFI_NOT_FOUND;
- }
-
- ASSERT (CACert != NULL);
-
- //
- // Enumerate all data and erasing the target item.
- //
- ItemDataSize = (UINT32) CACertSize;
- CertList = (EFI_SIGNATURE_LIST *) CACert;
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- for (Index = 0; Index < CertCount; Index++) {
- //
- // EfiTlsConfigDataTypeCACertificate
- //
- Status = HttpInstance->TlsConfiguration->SetData (
- HttpInstance->TlsConfiguration,
- EfiTlsConfigDataTypeCACertificate,
- Cert->SignatureData,
- CertList->SignatureSize - sizeof (Cert->SignatureOwner)
- );
- if (EFI_ERROR (Status)) {
- FreePool (CACert);
- return Status;
- }
-
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
- }
-
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
- FreePool (CACert);
- return Status;
-}
-
-/**
- Configure TLS session data.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TLS session data is configured.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigureSession (
- IN OUT HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
-
- //
- // TlsConfigData initialization
- //
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
-
- //
- // EfiTlsConnectionEnd,
- // EfiTlsVerifyMethod
- // EfiTlsSessionState
- //
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsConnectionEnd,
- &(HttpInstance->TlsConfigData.ConnectionEnd),
- sizeof (EFI_TLS_CONNECTION_END)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsVerifyMethod,
- &HttpInstance->TlsConfigData.VerifyMethod,
- sizeof (EFI_TLS_VERIFY)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- &(HttpInstance->TlsConfigData.SessionState),
- sizeof (EFI_TLS_SESSION_STATE)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Tls Config Certificate
- //
- Status = TlsConfigCertificate (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n"));
- return Status;
- }
-
- //
- // TlsCreateTxRxEvent
- //
- Status = TlsCreateTxRxEvent (HttpInstance);
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- return Status;
-
-ERROR:
- TlsCloseTxRxEvent (HttpInstance);
-
- return Status;
-}
-
-/**
- Transmit the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
-
- @retval EFI_SUCCESS The packet is transmitted.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonTransmit (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet
- )
-{
- EFI_STATUS Status;
- VOID *Data;
- UINTN Size;
-
- if ((HttpInstance == NULL) || (Packet == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- Size = sizeof (EFI_TCP4_TRANSMIT_DATA) +
- (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA);
- } else {
- Size = sizeof (EFI_TCP6_TRANSMIT_DATA) +
- (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA);
- }
-
- Data = AllocatePool (Size);
- if (Data == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push = TRUE;
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent = FALSE;
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
-
- //
- // Build the fragment table.
- //
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;
-
- NetbufBuildExt (
- Packet,
- (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentTable[0],
- &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount
- );
-
- HttpInstance->Tcp4TlsTxToken.Packet.TxData = (EFI_TCP4_TRANSMIT_DATA *) Data;
-
- Status = EFI_DEVICE_ERROR;
-
- //
- // Transmit the packet.
- //
- Status = HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsTxToken);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- while (!HttpInstance->TlsIsTxDone) {
- HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
- }
-
- HttpInstance->TlsIsTxDone = FALSE;
- Status = HttpInstance->Tcp4TlsTxToken.CompletionToken.Status;
- } else {
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push = TRUE;
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent = FALSE;
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
-
- //
- // Build the fragment table.
- //
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;
-
- NetbufBuildExt (
- Packet,
- (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentTable[0],
- &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount
- );
-
- HttpInstance->Tcp6TlsTxToken.Packet.TxData = (EFI_TCP6_TRANSMIT_DATA *) Data;
-
- Status = EFI_DEVICE_ERROR;
-
- //
- // Transmit the packet.
- //
- Status = HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsTxToken);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- while (!HttpInstance->TlsIsTxDone) {
- HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
- }
-
- HttpInstance->TlsIsTxDone = FALSE;
- Status = HttpInstance->Tcp6TlsTxToken.CompletionToken.Status;
- }
-
-ON_EXIT:
- FreePool (Data);
-
- return Status;
-}
-
-/**
- Receive the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The Packet is received.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_TIMEOUT The operation is time out.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonReceive (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet,
- IN EFI_EVENT Timeout
- )
-{
- EFI_TCP4_RECEIVE_DATA *Tcp4RxData;
- EFI_TCP6_RECEIVE_DATA *Tcp6RxData;
- EFI_STATUS Status;
- NET_FRAGMENT *Fragment;
- UINT32 FragmentCount;
- UINT32 CurrentFragment;
-
- Tcp4RxData = NULL;
- Tcp6RxData = NULL;
-
- if ((HttpInstance == NULL) || (Packet == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- FragmentCount = Packet->BlockOpNum;
- Fragment = AllocatePool (FragmentCount * sizeof (NET_FRAGMENT));
- if (Fragment == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Build the fragment table.
- //
- NetbufBuildExt (Packet, Fragment, &FragmentCount);
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- Tcp4RxData = HttpInstance->Tcp4TlsRxToken.Packet.RxData;
- if (Tcp4RxData == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- Tcp4RxData->FragmentCount = 1;
- } else {
- Tcp6RxData = HttpInstance->Tcp6TlsRxToken.Packet.RxData;
- if (Tcp6RxData == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- Tcp6RxData->FragmentCount = 1;
- }
-
- CurrentFragment = 0;
- Status = EFI_SUCCESS;
-
- while (CurrentFragment < FragmentCount) {
- if (!HttpInstance->LocalAddressIsIPv6) {
- Tcp4RxData->DataLength = Fragment[CurrentFragment].Len;
- Tcp4RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;
- Tcp4RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;
- Status = HttpInstance->Tcp4->Receive (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken);
- } else {
- Tcp6RxData->DataLength = Fragment[CurrentFragment].Len;
- Tcp6RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;
- Tcp6RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;
- Status = HttpInstance->Tcp6->Receive (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken);
- }
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- while (!HttpInstance->TlsIsRxDone && ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
- //
- // Poll until some data is received or an error occurs.
- //
- if (!HttpInstance->LocalAddressIsIPv6) {
- HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
- } else {
- HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
- }
- }
-
- if (!HttpInstance->TlsIsRxDone) {
- //
- // Timeout occurs, cancel the receive request.
- //
- if (!HttpInstance->LocalAddressIsIPv6) {
- HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken.CompletionToken);
- } else {
- HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken.CompletionToken);
- }
-
- Status = EFI_TIMEOUT;
- goto ON_EXIT;
- } else {
- HttpInstance->TlsIsRxDone = FALSE;
- }
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- Status = HttpInstance->Tcp4TlsRxToken.CompletionToken.Status;
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Fragment[CurrentFragment].Len -= Tcp4RxData->FragmentTable[0].FragmentLength;
- if (Fragment[CurrentFragment].Len == 0) {
- CurrentFragment++;
- } else {
- Fragment[CurrentFragment].Bulk += Tcp4RxData->FragmentTable[0].FragmentLength;
- }
- } else {
- Status = HttpInstance->Tcp6TlsRxToken.CompletionToken.Status;
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Fragment[CurrentFragment].Len -= Tcp6RxData->FragmentTable[0].FragmentLength;
- if (Fragment[CurrentFragment].Len == 0) {
- CurrentFragment++;
- } else {
- Fragment[CurrentFragment].Bulk += Tcp6RxData->FragmentTable[0].FragmentLength;
- }
- }
- }
-
-ON_EXIT:
-
- if (Fragment != NULL) {
- FreePool (Fragment);
- }
-
- return Status;
-}
-
-/**
- Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
- corresponding record data. These two parts will be put into two blocks of buffers in the
- net buffer.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[out] Pdu The received TLS PDU.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS An TLS PDU is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsReceiveOnePdu (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- OUT NET_BUF **Pdu,
- IN EFI_EVENT Timeout
- )
-{
- EFI_STATUS Status;
-
- LIST_ENTRY *NbufList;
-
- UINT32 Len;
-
- NET_BUF *PduHdr;
- UINT8 *Header;
- TLS_RECORD_HEADER RecordHeader;
-
- NET_BUF *DataSeg;
-
- NbufList = NULL;
- PduHdr = NULL;
- Header = NULL;
- DataSeg = NULL;
-
- NbufList = AllocatePool (sizeof (LIST_ENTRY));
- if (NbufList == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- InitializeListHead (NbufList);
-
- //
- // Allocate buffer to receive one TLS header.
- //
- Len = sizeof (TLS_RECORD_HEADER);
- PduHdr = NetbufAlloc (Len);
- if (PduHdr == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- Header = NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL);
- if (Header == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // First step, receive one TLS header.
- //
- Status = TlsCommonReceive (HttpInstance, PduHdr, Timeout);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- RecordHeader = *(TLS_RECORD_HEADER *) Header;
- if ((RecordHeader.ContentType == TlsContentTypeHandshake ||
- RecordHeader.ContentType == TlsContentTypeAlert ||
- RecordHeader.ContentType == TlsContentTypeChangeCipherSpec ||
- RecordHeader.ContentType == TlsContentTypeApplicationData) &&
- (RecordHeader.Version.Major == 0x03) && /// Major versions are same.
- (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
- ) {
- InsertTailList (NbufList, &PduHdr->List);
- } else {
- Status = EFI_PROTOCOL_ERROR;
- goto ON_EXIT;
- }
-
- Len = SwapBytes16(RecordHeader.Length);
- if (Len == 0) {
- //
- // No TLS payload.
- //
- goto FORM_PDU;
- }
-
- //
- // Allocate buffer to receive one TLS payload.
- //
- DataSeg = NetbufAlloc (Len);
- if (DataSeg == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL);
-
- //
- // Second step, receive one TLS payload.
- //
- Status = TlsCommonReceive (HttpInstance, DataSeg, Timeout);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- InsertTailList (NbufList, &DataSeg->List);
-
-FORM_PDU:
- //
- // Form the PDU from a list of PDU.
- //
- *Pdu = NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList);
- if (*Pdu == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- }
-
-ON_EXIT:
-
- if (EFI_ERROR (Status)) {
- //
- // Free the Nbufs in this NbufList and the NbufList itself.
- //
- FreeNbufList (NbufList);
- }
-
- return Status;
-}
-
-/**
- Connect one TLS session by finishing the TLS handshake process.
-
- @param[in] HttpInstance The HTTP instance private data.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The TLS session is established.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConnectSession (
- IN HTTP_PROTOCOL *HttpInstance,
- IN EFI_EVENT Timeout
- )
-{
- EFI_STATUS Status;
- UINT8 *BufferOut;
- UINTN BufferOutSize;
- NET_BUF *PacketOut;
- UINT8 *DataOut;
- NET_BUF *Pdu;
- UINT8 *BufferIn;
- UINTN BufferInSize;
- UINT8 *GetSessionDataBuffer;
- UINTN GetSessionDataBufferSize;
-
- BufferOut = NULL;
- PacketOut = NULL;
- DataOut = NULL;
- Pdu = NULL;
- BufferIn = NULL;
-
- //
- // Initialize TLS state.
- //
- HttpInstance->TlsSessionState = EfiTlsSessionNotStarted;
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- &(HttpInstance->TlsSessionState),
- sizeof (EFI_TLS_SESSION_STATE)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Create ClientHello
- //
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- //
- // Transmit ClientHello
- //
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- FreePool (BufferOut);
- NetbufFree (PacketOut);
-
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- while(HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring && \
- ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
- //
- // Receive one TLS record.
- //
- Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- BufferInSize = Pdu->TotalSize;
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- NetbufFree (Pdu);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn);
-
- NetbufFree (Pdu);
-
- //
- // Handle Receive data.
- //
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- FreePool (BufferIn);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- }
-
- FreePool (BufferIn);
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- if (BufferOutSize != 0) {
- //
- // Transmit the response packet.
- //
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- NetbufFree (PacketOut);
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
- }
-
- FreePool (BufferOut);
-
- //
- // Get the session state, then decide whether need to continue handle received packet.
- //
- GetSessionDataBufferSize = DEF_BUF_LEN;
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (GetSessionDataBuffer);
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool(GetSessionDataBuffer);
- return Status;
- }
-
- ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
- HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;
-
- FreePool (GetSessionDataBuffer);
-
- if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
- return EFI_ABORTED;
- }
- }
-
- if (HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring) {
- Status = EFI_ABORTED;
- }
-
- return Status;
-}
-
-/**
- Close the TLS session and send out the close notification message.
-
- @param[in] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS The TLS session is closed.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseSession (
- IN HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
-
- UINT8 *BufferOut;
- UINTN BufferOutSize;
-
- NET_BUF *PacketOut;
- UINT8 *DataOut;
-
- Status = EFI_SUCCESS;
- BufferOut = NULL;
- PacketOut = NULL;
- DataOut = NULL;
-
- if (HttpInstance == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- HttpInstance->TlsSessionState = EfiTlsSessionClosing;
-
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- &(HttpInstance->TlsSessionState),
- sizeof (EFI_TLS_SESSION_STATE)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- }
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- FreePool (BufferOut);
- NetbufFree (PacketOut);
-
- return Status;
-}
-
-/**
- Process one message according to the CryptMode.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Message Pointer to the message buffer needed to processed.
- @param[in] MessageSize Pointer to the message buffer size.
- @param[in] ProcessMode Process mode.
- @param[in, out] Fragment Only one Fragment returned after the Message is
- processed successfully.
-
- @retval EFI_SUCCESS Message is processed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessMessage (
- IN HTTP_PROTOCOL *HttpInstance,
- IN UINT8 *Message,
- IN UINTN MessageSize,
- IN EFI_TLS_CRYPT_MODE ProcessMode,
- IN OUT NET_FRAGMENT *Fragment
- )
-{
- EFI_STATUS Status;
- UINT8 *Buffer;
- UINT32 BufferSize;
- UINT32 BytesCopied;
- EFI_TLS_FRAGMENT_DATA *FragmentTable;
- UINT32 FragmentCount;
- EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable;
- UINTN Index;
-
- Status = EFI_SUCCESS;
- Buffer = NULL;
- BufferSize = 0;
- BytesCopied = 0;
- FragmentTable = NULL;
- OriginalFragmentTable = NULL;
-
- //
- // Rebuild fragment table from BufferIn.
- //
- FragmentCount = 1;
- FragmentTable = AllocateZeroPool (FragmentCount * sizeof (EFI_TLS_FRAGMENT_DATA));
- if (FragmentTable == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- FragmentTable->FragmentLength = (UINT32) MessageSize;
- FragmentTable->FragmentBuffer = Message;
-
- //
- // Record the original FragmentTable.
- //
- OriginalFragmentTable = FragmentTable;
-
- //
- // Process the Message.
- //
- Status = HttpInstance->Tls->ProcessPacket (
- HttpInstance->Tls,
- &FragmentTable,
- &FragmentCount,
- ProcessMode
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- //
- // Calculate the size according to FragmentTable.
- //
- for (Index = 0; Index < FragmentCount; Index++) {
- BufferSize += FragmentTable[Index].FragmentLength;
- }
-
- //
- // Allocate buffer for processed data.
- //
- Buffer = AllocateZeroPool (BufferSize);
- if (Buffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Copy the new FragmentTable buffer into Buffer.
- //
- for (Index = 0; Index < FragmentCount; Index++) {
- CopyMem (
- (Buffer + BytesCopied),
- FragmentTable[Index].FragmentBuffer,
- FragmentTable[Index].FragmentLength
- );
- BytesCopied += FragmentTable[Index].FragmentLength;
-
- //
- // Free the FragmentBuffer since it has been copied.
- //
- FreePool (FragmentTable[Index].FragmentBuffer);
- }
-
- Fragment->Len = BufferSize;
- Fragment->Bulk = Buffer;
-
-ON_EXIT:
-
- if (OriginalFragmentTable != NULL) {
- FreePool (OriginalFragmentTable);
- OriginalFragmentTable = NULL;
- }
-
- //
- // Caller has the responsibility to free the FragmentTable.
- //
- if (FragmentTable != NULL) {
- FreePool (FragmentTable);
- FragmentTable = NULL;
- }
-
- return Status;
-}
-
-/**
- Receive one fragment decrypted from one TLS record.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in, out] Fragment The received Fragment.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS One fragment is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED Something wrong decryption the message.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-HttpsReceive (
- IN HTTP_PROTOCOL *HttpInstance,
- IN OUT NET_FRAGMENT *Fragment,
- IN EFI_EVENT Timeout
- )
-{
- EFI_STATUS Status;
- NET_BUF *Pdu;
- TLS_RECORD_HEADER RecordHeader;
- UINT8 *BufferIn;
- UINTN BufferInSize;
- NET_FRAGMENT TempFragment;
- UINT8 *BufferOut;
- UINTN BufferOutSize;
- NET_BUF *PacketOut;
- UINT8 *DataOut;
- UINT8 *GetSessionDataBuffer;
- UINTN GetSessionDataBufferSize;
-
- Status = EFI_SUCCESS;
- Pdu = NULL;
- BufferIn = NULL;
- BufferInSize = 0;
- BufferOut = NULL;
- BufferOutSize = 0;
- PacketOut = NULL;
- DataOut = NULL;
- GetSessionDataBuffer = NULL;
- GetSessionDataBufferSize = 0;
-
- //
- // Receive only one TLS record
- //
- Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- BufferInSize = Pdu->TotalSize;
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- NetbufFree (Pdu);
- return Status;
- }
-
- NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn);
-
- NetbufFree (Pdu);
-
- //
- // Handle Receive data.
- //
- RecordHeader = *(TLS_RECORD_HEADER *) BufferIn;
-
- if ((RecordHeader.ContentType == TlsContentTypeApplicationData) &&
- (RecordHeader.Version.Major == 0x03) &&
- (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
- ) {
- //
- // Decrypt Packet.
- //
- Status = TlsProcessMessage (
- HttpInstance,
- BufferIn,
- BufferInSize,
- EfiTlsDecrypt,
- &TempFragment
- );
-
- FreePool (BufferIn);
-
- if (EFI_ERROR (Status)) {
- if (Status == EFI_ABORTED) {
- //
- // Something wrong decryption the message.
- // BuildResponsePacket() will be called to generate Error Alert message and send it out.
- //
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool(BufferOut);
- return Status;
- }
-
- if (BufferOutSize != 0) {
- PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- NetbufFree (PacketOut);
- }
-
- FreePool(BufferOut);
-
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- return EFI_ABORTED;
- }
-
- return Status;
- }
-
- //
- // Parsing buffer.
- //
- ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType == TlsContentTypeApplicationData);
-
- BufferInSize = ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length;
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);
-
- //
- // Free the buffer in TempFragment.
- //
- FreePool (TempFragment.Bulk);
-
- } else if ((RecordHeader.ContentType == TlsContentTypeAlert) &&
- (RecordHeader.Version.Major == 0x03) &&
- (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
- ) {
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- FreePool (BufferIn);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- FreePool (BufferIn);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- }
-
- FreePool (BufferIn);
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- if (BufferOutSize != 0) {
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- NetbufFree (PacketOut);
- }
-
- FreePool (BufferOut);
-
- //
- // Get the session state.
- //
- GetSessionDataBufferSize = DEF_BUF_LEN;
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (GetSessionDataBuffer);
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool (GetSessionDataBuffer);
- return Status;
- }
-
- ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
- HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;
-
- FreePool (GetSessionDataBuffer);
-
- if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
- DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n"));
- return EFI_ABORTED;
- }
-
- BufferIn = NULL;
- BufferInSize = 0;
- }
-
- Fragment->Bulk = BufferIn;
- Fragment->Len = (UINT32) BufferInSize;
-
- return Status;
-}
+/** @file\r
+ Miscellaneous routines specific to Https for HttpDxe driver.\r
+\r
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "HttpDriver.h"\r
+\r
+/**\r
+ Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-terminated\r
+ ASCII string and ignore case during the search process.\r
+\r
+ This function scans the contents of the ASCII string specified by String\r
+ and returns the first occurrence of SearchString and ignore case during the search process.\r
+ If SearchString is not found in String, then NULL is returned. If the length of SearchString\r
+ is zero, then String is returned.\r
+\r
+ If String is NULL, then ASSERT().\r
+ If SearchString is NULL, then ASSERT().\r
+\r
+ @param[in] String A pointer to a Null-terminated ASCII string.\r
+ @param[in] SearchString A pointer to a Null-terminated ASCII string to search for.\r
+\r
+ @retval NULL If the SearchString does not appear in String.\r
+ @retval others If there is a match return the first occurrence of SearchingString.\r
+ If the length of SearchString is zero,return String.\r
+\r
+**/\r
+CHAR8 *\r
+AsciiStrCaseStr (\r
+ IN CONST CHAR8 *String,\r
+ IN CONST CHAR8 *SearchString\r
+ )\r
+{\r
+ CONST CHAR8 *FirstMatch;\r
+ CONST CHAR8 *SearchStringTmp;\r
+\r
+ CHAR8 Src;\r
+ CHAR8 Dst;\r
+\r
+ //\r
+ // ASSERT both strings are less long than PcdMaximumAsciiStringLength\r
+ //\r
+ ASSERT (AsciiStrSize (String) != 0);\r
+ ASSERT (AsciiStrSize (SearchString) != 0);\r
+\r
+ if (*SearchString == '\0') {\r
+ return (CHAR8 *) String;\r
+ }\r
+\r
+ while (*String != '\0') {\r
+ SearchStringTmp = SearchString;\r
+ FirstMatch = String;\r
+\r
+ while ((*SearchStringTmp != '\0')\r
+ && (*String != '\0')) {\r
+ Src = *String;\r
+ Dst = *SearchStringTmp;\r
+\r
+ if ((Src >= 'A') && (Src <= 'Z')) {\r
+ Src -= ('A' - 'a');\r
+ }\r
+\r
+ if ((Dst >= 'A') && (Dst <= 'Z')) {\r
+ Dst -= ('A' - 'a');\r
+ }\r
+\r
+ if (Src != Dst) {\r
+ break;\r
+ }\r
+\r
+ String++;\r
+ SearchStringTmp++;\r
+ }\r
+\r
+ if (*SearchStringTmp == '\0') {\r
+ return (CHAR8 *) FirstMatch;\r
+ }\r
+\r
+ String = FirstMatch + 1;\r
+ }\r
+\r
+ return NULL;\r
+}\r
+\r
+/**\r
+ The callback function to free the net buffer list.\r
+\r
+ @param[in] Arg The opaque parameter.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+FreeNbufList (\r
+ IN VOID *Arg\r
+ )\r
+{\r
+ ASSERT (Arg != NULL);\r
+\r
+ NetbufFreeList ((LIST_ENTRY *) Arg);\r
+ FreePool (Arg);\r
+}\r
+\r
+/**\r
+ Check whether the Url is from Https.\r
+\r
+ @param[in] Url The pointer to a HTTP or HTTPS URL string.\r
+\r
+ @retval TRUE The Url is from HTTPS.\r
+ @retval FALSE The Url is from HTTP.\r
+\r
+**/\r
+BOOLEAN\r
+IsHttpsUrl (\r
+ IN CHAR8 *Url\r
+ )\r
+{\r
+ CHAR8 *Tmp;\r
+\r
+ Tmp = NULL;\r
+\r
+ Tmp = AsciiStrCaseStr (Url, HTTPS_FLAG);\r
+ if (Tmp != NULL && Tmp == Url) {\r
+ return TRUE;\r
+ }\r
+\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.\r
+\r
+ @param[in] ImageHandle The firmware allocated handle for the UEFI image.\r
+ @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.\r
+\r
+ @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.\r
+\r
+**/\r
+EFI_HANDLE\r
+EFIAPI\r
+TlsCreateChild (\r
+ IN EFI_HANDLE ImageHandle,\r
+ OUT EFI_TLS_PROTOCOL **TlsProto,\r
+ OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SERVICE_BINDING_PROTOCOL *TlsSb;\r
+ EFI_HANDLE TlsChildHandle;\r
+\r
+ TlsSb = NULL;\r
+ TlsChildHandle = 0;\r
+\r
+ //\r
+ // Locate TlsServiceBinding protocol.\r
+ //\r
+ gBS->LocateProtocol (\r
+ &gEfiTlsServiceBindingProtocolGuid,\r
+ NULL,\r
+ (VOID **) &TlsSb\r
+ );\r
+ if (TlsSb == NULL) {\r
+ return NULL;\r
+ }\r
+\r
+ Status = TlsSb->CreateChild (TlsSb, &TlsChildHandle);\r
+ if (EFI_ERROR (Status)) {\r
+ return NULL;\r
+ }\r
+\r
+ Status = gBS->OpenProtocol (\r
+ TlsChildHandle,\r
+ &gEfiTlsProtocolGuid,\r
+ (VOID **) TlsProto,\r
+ ImageHandle,\r
+ TlsChildHandle,\r
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ TlsSb->DestroyChild (TlsSb, TlsChildHandle);\r
+ return NULL;\r
+ }\r
+\r
+ Status = gBS->OpenProtocol (\r
+ TlsChildHandle,\r
+ &gEfiTlsConfigurationProtocolGuid,\r
+ (VOID **) TlsConfiguration,\r
+ ImageHandle,\r
+ TlsChildHandle,\r
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ TlsSb->DestroyChild (TlsSb, TlsChildHandle);\r
+ return NULL;\r
+ }\r
+\r
+ return TlsChildHandle;\r
+}\r
+\r
+/**\r
+ Create event for the TLS receive and transmit tokens which are used to receive and\r
+ transmit TLS related messages.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+\r
+ @retval EFI_SUCCESS The events are created successfully.\r
+ @retval others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCreateTxRxEvent (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ //\r
+ // For Tcp4TlsTxToken.\r
+ //\r
+ Status = gBS->CreateEvent (\r
+ EVT_NOTIFY_SIGNAL,\r
+ TPL_NOTIFY,\r
+ HttpCommonNotify,\r
+ &HttpInstance->TlsIsTxDone,\r
+ &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ERROR;\r
+ }\r
+\r
+ HttpInstance->Tcp4TlsTxData.Push = TRUE;\r
+ HttpInstance->Tcp4TlsTxData.Urgent = FALSE;\r
+ HttpInstance->Tcp4TlsTxData.DataLength = 0;\r
+ HttpInstance->Tcp4TlsTxData.FragmentCount = 1;\r
+ HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsTxData.DataLength;\r
+ HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer = NULL;\r
+ HttpInstance->Tcp4TlsTxToken.Packet.TxData = &HttpInstance->Tcp4TlsTxData;\r
+ HttpInstance->Tcp4TlsTxToken.CompletionToken.Status = EFI_NOT_READY;\r
+\r
+ //\r
+ // For Tcp4TlsRxToken.\r
+ //\r
+ Status = gBS->CreateEvent (\r
+ EVT_NOTIFY_SIGNAL,\r
+ TPL_NOTIFY,\r
+ HttpCommonNotify,\r
+ &HttpInstance->TlsIsRxDone,\r
+ &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ERROR;\r
+ }\r
+\r
+ HttpInstance->Tcp4TlsRxData.DataLength = 0;\r
+ HttpInstance->Tcp4TlsRxData.FragmentCount = 1;\r
+ HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsRxData.DataLength ;\r
+ HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer = NULL;\r
+ HttpInstance->Tcp4TlsRxToken.Packet.RxData = &HttpInstance->Tcp4TlsRxData;\r
+ HttpInstance->Tcp4TlsRxToken.CompletionToken.Status = EFI_NOT_READY;\r
+ } else {\r
+ //\r
+ // For Tcp6TlsTxToken.\r
+ //\r
+ Status = gBS->CreateEvent (\r
+ EVT_NOTIFY_SIGNAL,\r
+ TPL_NOTIFY,\r
+ HttpCommonNotify,\r
+ &HttpInstance->TlsIsTxDone,\r
+ &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ERROR;\r
+ }\r
+\r
+ HttpInstance->Tcp6TlsTxData.Push = TRUE;\r
+ HttpInstance->Tcp6TlsTxData.Urgent = FALSE;\r
+ HttpInstance->Tcp6TlsTxData.DataLength = 0;\r
+ HttpInstance->Tcp6TlsTxData.FragmentCount = 1;\r
+ HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsTxData.DataLength;\r
+ HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer = NULL;\r
+ HttpInstance->Tcp6TlsTxToken.Packet.TxData = &HttpInstance->Tcp6TlsTxData;\r
+ HttpInstance->Tcp6TlsTxToken.CompletionToken.Status = EFI_NOT_READY;\r
+\r
+ //\r
+ // For Tcp6TlsRxToken.\r
+ //\r
+ Status = gBS->CreateEvent (\r
+ EVT_NOTIFY_SIGNAL,\r
+ TPL_NOTIFY,\r
+ HttpCommonNotify,\r
+ &HttpInstance->TlsIsRxDone,\r
+ &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ERROR;\r
+ }\r
+\r
+ HttpInstance->Tcp6TlsRxData.DataLength = 0;\r
+ HttpInstance->Tcp6TlsRxData.FragmentCount = 1;\r
+ HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsRxData.DataLength ;\r
+ HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer = NULL;\r
+ HttpInstance->Tcp6TlsRxToken.Packet.RxData = &HttpInstance->Tcp6TlsRxData;\r
+ HttpInstance->Tcp6TlsRxToken.CompletionToken.Status = EFI_NOT_READY;\r
+ }\r
+\r
+ return Status;\r
+\r
+ERROR:\r
+ //\r
+ // Error handling\r
+ //\r
+ TlsCloseTxRxEvent (HttpInstance);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Close events in the TlsTxToken and TlsRxToken.\r
+\r
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsCloseTxRxEvent (\r
+ IN HTTP_PROTOCOL *HttpInstance\r
+ )\r
+{\r
+ ASSERT (HttpInstance != NULL);\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ if (NULL != HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) {\r
+ gBS->CloseEvent(HttpInstance->Tcp4TlsTxToken.CompletionToken.Event);\r
+ HttpInstance->Tcp4TlsTxToken.CompletionToken.Event = NULL;\r
+ }\r
+\r
+ if (NULL != HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) {\r
+ gBS->CloseEvent (HttpInstance->Tcp4TlsRxToken.CompletionToken.Event);\r
+ HttpInstance->Tcp4TlsRxToken.CompletionToken.Event = NULL;\r
+ }\r
+ } else {\r
+ if (NULL != HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) {\r
+ gBS->CloseEvent(HttpInstance->Tcp6TlsTxToken.CompletionToken.Event);\r
+ HttpInstance->Tcp6TlsTxToken.CompletionToken.Event = NULL;\r
+ }\r
+\r
+ if (NULL != HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) {\r
+ gBS->CloseEvent (HttpInstance->Tcp6TlsRxToken.CompletionToken.Event);\r
+ HttpInstance->Tcp6TlsRxToken.CompletionToken.Event = NULL;\r
+ }\r
+ }\r
+}\r
+\r
+/**\r
+ Read the TlsCaCertificate variable and configure it.\r
+\r
+ @param[in, out] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS TlsCaCertificate is configured.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsConfigCertificate (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 *CACert;\r
+ UINTN CACertSize;\r
+ UINT32 Index;\r
+ EFI_SIGNATURE_LIST *CertList;\r
+ EFI_SIGNATURE_DATA *Cert;\r
+ UINTN CertCount;\r
+ UINT32 ItemDataSize;\r
+\r
+ CACert = NULL;\r
+ CACertSize = 0;\r
+\r
+ //\r
+ // Try to read the TlsCaCertificate variable.\r
+ //\r
+ Status = gRT->GetVariable (\r
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,\r
+ &gEfiTlsCaCertificateGuid,\r
+ NULL,\r
+ &CACertSize,\r
+ NULL\r
+ );\r
+\r
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Allocate buffer and read the config variable.\r
+ //\r
+ CACert = AllocatePool (CACertSize);\r
+ if (CACert == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ Status = gRT->GetVariable (\r
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,\r
+ &gEfiTlsCaCertificateGuid,\r
+ NULL,\r
+ &CACertSize,\r
+ CACert\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // GetVariable still error or the variable is corrupted.\r
+ // Fall back to the default value.\r
+ //\r
+ FreePool (CACert);\r
+\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ ASSERT (CACert != NULL);\r
+\r
+ //\r
+ // Enumerate all data and erasing the target item.\r
+ //\r
+ ItemDataSize = (UINT32) CACertSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) CACert;\r
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+ for (Index = 0; Index < CertCount; Index++) {\r
+ //\r
+ // EfiTlsConfigDataTypeCACertificate\r
+ //\r
+ Status = HttpInstance->TlsConfiguration->SetData (\r
+ HttpInstance->TlsConfiguration,\r
+ EfiTlsConfigDataTypeCACertificate,\r
+ Cert->SignatureData,\r
+ CertList->SignatureSize - sizeof (Cert->SignatureOwner)\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (CACert);\r
+ return Status;\r
+ }\r
+\r
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
+ }\r
+\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+ }\r
+\r
+ FreePool (CACert);\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Configure TLS session data.\r
+\r
+ @param[in, out] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS TLS session data is configured.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConfigureSession (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ //\r
+ // TlsConfigData initialization\r
+ //\r
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;\r
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;\r
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;\r
+\r
+ //\r
+ // EfiTlsConnectionEnd,\r
+ // EfiTlsVerifyMethod\r
+ // EfiTlsSessionState\r
+ //\r
+ Status = HttpInstance->Tls->SetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsConnectionEnd,\r
+ &(HttpInstance->TlsConfigData.ConnectionEnd),\r
+ sizeof (EFI_TLS_CONNECTION_END)\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->SetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsVerifyMethod,\r
+ &HttpInstance->TlsConfigData.VerifyMethod,\r
+ sizeof (EFI_TLS_VERIFY)\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->SetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ &(HttpInstance->TlsConfigData.SessionState),\r
+ sizeof (EFI_TLS_SESSION_STATE)\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Tls Config Certificate\r
+ //\r
+ Status = TlsConfigCertificate (HttpInstance);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n"));\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // TlsCreateTxRxEvent\r
+ //\r
+ Status = TlsCreateTxRxEvent (HttpInstance);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ERROR;\r
+ }\r
+\r
+ return Status;\r
+\r
+ERROR:\r
+ TlsCloseTxRxEvent (HttpInstance);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Transmit the Packet by processing the associated HTTPS token.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in] Packet The packet to transmit.\r
+\r
+ @retval EFI_SUCCESS The packet is transmitted.\r
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCommonTransmit (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance,\r
+ IN NET_BUF *Packet\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ VOID *Data;\r
+ UINTN Size;\r
+\r
+ if ((HttpInstance == NULL) || (Packet == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ Size = sizeof (EFI_TCP4_TRANSMIT_DATA) +\r
+ (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA);\r
+ } else {\r
+ Size = sizeof (EFI_TCP6_TRANSMIT_DATA) +\r
+ (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA);\r
+ }\r
+\r
+ Data = AllocatePool (Size);\r
+ if (Data == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push = TRUE;\r
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent = FALSE;\r
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;\r
+\r
+ //\r
+ // Build the fragment table.\r
+ //\r
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;\r
+\r
+ NetbufBuildExt (\r
+ Packet,\r
+ (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentTable[0],\r
+ &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount\r
+ );\r
+\r
+ HttpInstance->Tcp4TlsTxToken.Packet.TxData = (EFI_TCP4_TRANSMIT_DATA *) Data;\r
+\r
+ Status = EFI_DEVICE_ERROR;\r
+\r
+ //\r
+ // Transmit the packet.\r
+ //\r
+ Status = HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsTxToken);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ while (!HttpInstance->TlsIsTxDone) {\r
+ HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);\r
+ }\r
+\r
+ HttpInstance->TlsIsTxDone = FALSE;\r
+ Status = HttpInstance->Tcp4TlsTxToken.CompletionToken.Status;\r
+ } else {\r
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push = TRUE;\r
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent = FALSE;\r
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;\r
+\r
+ //\r
+ // Build the fragment table.\r
+ //\r
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;\r
+\r
+ NetbufBuildExt (\r
+ Packet,\r
+ (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentTable[0],\r
+ &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount\r
+ );\r
+\r
+ HttpInstance->Tcp6TlsTxToken.Packet.TxData = (EFI_TCP6_TRANSMIT_DATA *) Data;\r
+\r
+ Status = EFI_DEVICE_ERROR;\r
+\r
+ //\r
+ // Transmit the packet.\r
+ //\r
+ Status = HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsTxToken);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ while (!HttpInstance->TlsIsTxDone) {\r
+ HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);\r
+ }\r
+\r
+ HttpInstance->TlsIsTxDone = FALSE;\r
+ Status = HttpInstance->Tcp6TlsTxToken.CompletionToken.Status;\r
+ }\r
+\r
+ON_EXIT:\r
+ FreePool (Data);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Receive the Packet by processing the associated HTTPS token.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in] Packet The packet to transmit.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS The Packet is received.\r
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_TIMEOUT The operation is time out.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCommonReceive (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance,\r
+ IN NET_BUF *Packet,\r
+ IN EFI_EVENT Timeout\r
+ )\r
+{\r
+ EFI_TCP4_RECEIVE_DATA *Tcp4RxData;\r
+ EFI_TCP6_RECEIVE_DATA *Tcp6RxData;\r
+ EFI_STATUS Status;\r
+ NET_FRAGMENT *Fragment;\r
+ UINT32 FragmentCount;\r
+ UINT32 CurrentFragment;\r
+\r
+ Tcp4RxData = NULL;\r
+ Tcp6RxData = NULL;\r
+\r
+ if ((HttpInstance == NULL) || (Packet == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ FragmentCount = Packet->BlockOpNum;\r
+ Fragment = AllocatePool (FragmentCount * sizeof (NET_FRAGMENT));\r
+ if (Fragment == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Build the fragment table.\r
+ //\r
+ NetbufBuildExt (Packet, Fragment, &FragmentCount);\r
+\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ Tcp4RxData = HttpInstance->Tcp4TlsRxToken.Packet.RxData;\r
+ if (Tcp4RxData == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ Tcp4RxData->FragmentCount = 1;\r
+ } else {\r
+ Tcp6RxData = HttpInstance->Tcp6TlsRxToken.Packet.RxData;\r
+ if (Tcp6RxData == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ Tcp6RxData->FragmentCount = 1;\r
+ }\r
+\r
+ CurrentFragment = 0;\r
+ Status = EFI_SUCCESS;\r
+\r
+ while (CurrentFragment < FragmentCount) {\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ Tcp4RxData->DataLength = Fragment[CurrentFragment].Len;\r
+ Tcp4RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;\r
+ Tcp4RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;\r
+ Status = HttpInstance->Tcp4->Receive (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken);\r
+ } else {\r
+ Tcp6RxData->DataLength = Fragment[CurrentFragment].Len;\r
+ Tcp6RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;\r
+ Tcp6RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;\r
+ Status = HttpInstance->Tcp6->Receive (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken);\r
+ }\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ while (!HttpInstance->TlsIsRxDone && ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {\r
+ //\r
+ // Poll until some data is received or an error occurs.\r
+ //\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);\r
+ } else {\r
+ HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);\r
+ }\r
+ }\r
+\r
+ if (!HttpInstance->TlsIsRxDone) {\r
+ //\r
+ // Timeout occurs, cancel the receive request.\r
+ //\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken.CompletionToken);\r
+ } else {\r
+ HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken.CompletionToken);\r
+ }\r
+\r
+ Status = EFI_TIMEOUT;\r
+ goto ON_EXIT;\r
+ } else {\r
+ HttpInstance->TlsIsRxDone = FALSE;\r
+ }\r
+\r
+ if (!HttpInstance->LocalAddressIsIPv6) {\r
+ Status = HttpInstance->Tcp4TlsRxToken.CompletionToken.Status;\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Fragment[CurrentFragment].Len -= Tcp4RxData->FragmentTable[0].FragmentLength;\r
+ if (Fragment[CurrentFragment].Len == 0) {\r
+ CurrentFragment++;\r
+ } else {\r
+ Fragment[CurrentFragment].Bulk += Tcp4RxData->FragmentTable[0].FragmentLength;\r
+ }\r
+ } else {\r
+ Status = HttpInstance->Tcp6TlsRxToken.CompletionToken.Status;\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Fragment[CurrentFragment].Len -= Tcp6RxData->FragmentTable[0].FragmentLength;\r
+ if (Fragment[CurrentFragment].Len == 0) {\r
+ CurrentFragment++;\r
+ } else {\r
+ Fragment[CurrentFragment].Bulk += Tcp6RxData->FragmentTable[0].FragmentLength;\r
+ }\r
+ }\r
+ }\r
+\r
+ON_EXIT:\r
+\r
+ if (Fragment != NULL) {\r
+ FreePool (Fragment);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Receive one TLS PDU. An TLS PDU contains an TLS record header and it's\r
+ corresponding record data. These two parts will be put into two blocks of buffers in the\r
+ net buffer.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[out] Pdu The received TLS PDU.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS An TLS PDU is received.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsReceiveOnePdu (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance,\r
+ OUT NET_BUF **Pdu,\r
+ IN EFI_EVENT Timeout\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ LIST_ENTRY *NbufList;\r
+\r
+ UINT32 Len;\r
+\r
+ NET_BUF *PduHdr;\r
+ UINT8 *Header;\r
+ TLS_RECORD_HEADER RecordHeader;\r
+\r
+ NET_BUF *DataSeg;\r
+\r
+ NbufList = NULL;\r
+ PduHdr = NULL;\r
+ Header = NULL;\r
+ DataSeg = NULL;\r
+\r
+ NbufList = AllocatePool (sizeof (LIST_ENTRY));\r
+ if (NbufList == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ InitializeListHead (NbufList);\r
+\r
+ //\r
+ // Allocate buffer to receive one TLS header.\r
+ //\r
+ Len = sizeof (TLS_RECORD_HEADER);\r
+ PduHdr = NetbufAlloc (Len);\r
+ if (PduHdr == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Header = NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL);\r
+ if (Header == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // First step, receive one TLS header.\r
+ //\r
+ Status = TlsCommonReceive (HttpInstance, PduHdr, Timeout);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ RecordHeader = *(TLS_RECORD_HEADER *) Header;\r
+ if ((RecordHeader.ContentType == TlsContentTypeHandshake ||\r
+ RecordHeader.ContentType == TlsContentTypeAlert ||\r
+ RecordHeader.ContentType == TlsContentTypeChangeCipherSpec ||\r
+ RecordHeader.ContentType == TlsContentTypeApplicationData) &&\r
+ (RecordHeader.Version.Major == 0x03) && /// Major versions are same.\r
+ (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||\r
+ RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||\r
+ RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)\r
+ ) {\r
+ InsertTailList (NbufList, &PduHdr->List);\r
+ } else {\r
+ Status = EFI_PROTOCOL_ERROR;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Len = SwapBytes16(RecordHeader.Length);\r
+ if (Len == 0) {\r
+ //\r
+ // No TLS payload.\r
+ //\r
+ goto FORM_PDU;\r
+ }\r
+\r
+ //\r
+ // Allocate buffer to receive one TLS payload.\r
+ //\r
+ DataSeg = NetbufAlloc (Len);\r
+ if (DataSeg == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL);\r
+\r
+ //\r
+ // Second step, receive one TLS payload.\r
+ //\r
+ Status = TlsCommonReceive (HttpInstance, DataSeg, Timeout);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ InsertTailList (NbufList, &DataSeg->List);\r
+\r
+FORM_PDU:\r
+ //\r
+ // Form the PDU from a list of PDU.\r
+ //\r
+ *Pdu = NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList);\r
+ if (*Pdu == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ON_EXIT:\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // Free the Nbufs in this NbufList and the NbufList itself.\r
+ //\r
+ FreeNbufList (NbufList);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Connect one TLS session by finishing the TLS handshake process.\r
+\r
+ @param[in] HttpInstance The HTTP instance private data.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS The TLS session is established.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED TLS session state is incorrect.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConnectSession (\r
+ IN HTTP_PROTOCOL *HttpInstance,\r
+ IN EFI_EVENT Timeout\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 *BufferOut;\r
+ UINTN BufferOutSize;\r
+ NET_BUF *PacketOut;\r
+ UINT8 *DataOut;\r
+ NET_BUF *Pdu;\r
+ UINT8 *BufferIn;\r
+ UINTN BufferInSize;\r
+ UINT8 *GetSessionDataBuffer;\r
+ UINTN GetSessionDataBufferSize;\r
+\r
+ BufferOut = NULL;\r
+ PacketOut = NULL;\r
+ DataOut = NULL;\r
+ Pdu = NULL;\r
+ BufferIn = NULL;\r
+\r
+ //\r
+ // Initialize TLS state.\r
+ //\r
+ HttpInstance->TlsSessionState = EfiTlsSessionNotStarted;\r
+ Status = HttpInstance->Tls->SetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ &(HttpInstance->TlsSessionState),\r
+ sizeof (EFI_TLS_SESSION_STATE)\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Create ClientHello\r
+ //\r
+ BufferOutSize = DEF_BUF_LEN;\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ NULL,\r
+ 0,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ NULL,\r
+ 0,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ }\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (BufferOut);\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Transmit ClientHello\r
+ //\r
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);\r
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);\r
+ if (DataOut == NULL) {\r
+ FreePool (BufferOut);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ CopyMem (DataOut, BufferOut, BufferOutSize);\r
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);\r
+\r
+ FreePool (BufferOut);\r
+ NetbufFree (PacketOut);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ while(HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring && \\r
+ ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {\r
+ //\r
+ // Receive one TLS record.\r
+ //\r
+ Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ BufferInSize = Pdu->TotalSize;\r
+ BufferIn = AllocateZeroPool (BufferInSize);\r
+ if (BufferIn == NULL) {\r
+ NetbufFree (Pdu);\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn);\r
+\r
+ NetbufFree (Pdu);\r
+\r
+ //\r
+ // Handle Receive data.\r
+ //\r
+ BufferOutSize = DEF_BUF_LEN;\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ BufferIn,\r
+ BufferInSize,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ FreePool (BufferIn);\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ BufferIn,\r
+ BufferInSize,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ }\r
+\r
+ FreePool (BufferIn);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (BufferOut);\r
+ return Status;\r
+ }\r
+\r
+ if (BufferOutSize != 0) {\r
+ //\r
+ // Transmit the response packet.\r
+ //\r
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);\r
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);\r
+ if (DataOut == NULL) {\r
+ FreePool (BufferOut);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ CopyMem (DataOut, BufferOut, BufferOutSize);\r
+\r
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);\r
+\r
+ NetbufFree (PacketOut);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (BufferOut);\r
+ return Status;\r
+ }\r
+ }\r
+\r
+ FreePool (BufferOut);\r
+\r
+ //\r
+ // Get the session state, then decide whether need to continue handle received packet.\r
+ //\r
+ GetSessionDataBufferSize = DEF_BUF_LEN;\r
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);\r
+ if (GetSessionDataBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->GetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ GetSessionDataBuffer,\r
+ &GetSessionDataBufferSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (GetSessionDataBuffer);\r
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);\r
+ if (GetSessionDataBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->GetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ GetSessionDataBuffer,\r
+ &GetSessionDataBufferSize\r
+ );\r
+ }\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool(GetSessionDataBuffer);\r
+ return Status;\r
+ }\r
+\r
+ ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));\r
+ HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;\r
+\r
+ FreePool (GetSessionDataBuffer);\r
+\r
+ if(HttpInstance->TlsSessionState == EfiTlsSessionError) {\r
+ return EFI_ABORTED;\r
+ }\r
+ }\r
+\r
+ if (HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring) {\r
+ Status = EFI_ABORTED;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Close the TLS session and send out the close notification message.\r
+\r
+ @param[in] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS The TLS session is closed.\r
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCloseSession (\r
+ IN HTTP_PROTOCOL *HttpInstance\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ UINT8 *BufferOut;\r
+ UINTN BufferOutSize;\r
+\r
+ NET_BUF *PacketOut;\r
+ UINT8 *DataOut;\r
+\r
+ Status = EFI_SUCCESS;\r
+ BufferOut = NULL;\r
+ PacketOut = NULL;\r
+ DataOut = NULL;\r
+\r
+ if (HttpInstance == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ HttpInstance->TlsSessionState = EfiTlsSessionClosing;\r
+\r
+ Status = HttpInstance->Tls->SetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ &(HttpInstance->TlsSessionState),\r
+ sizeof (EFI_TLS_SESSION_STATE)\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ BufferOutSize = DEF_BUF_LEN;\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ NULL,\r
+ 0,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ NULL,\r
+ 0,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ }\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (BufferOut);\r
+ return Status;\r
+ }\r
+\r
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);\r
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);\r
+ if (DataOut == NULL) {\r
+ FreePool (BufferOut);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ CopyMem (DataOut, BufferOut, BufferOutSize);\r
+\r
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);\r
+\r
+ FreePool (BufferOut);\r
+ NetbufFree (PacketOut);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Process one message according to the CryptMode.\r
+\r
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in] Message Pointer to the message buffer needed to processed.\r
+ @param[in] MessageSize Pointer to the message buffer size.\r
+ @param[in] ProcessMode Process mode.\r
+ @param[in, out] Fragment Only one Fragment returned after the Message is\r
+ processed successfully.\r
+\r
+ @retval EFI_SUCCESS Message is processed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsProcessMessage (\r
+ IN HTTP_PROTOCOL *HttpInstance,\r
+ IN UINT8 *Message,\r
+ IN UINTN MessageSize,\r
+ IN EFI_TLS_CRYPT_MODE ProcessMode,\r
+ IN OUT NET_FRAGMENT *Fragment\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 *Buffer;\r
+ UINT32 BufferSize;\r
+ UINT32 BytesCopied;\r
+ EFI_TLS_FRAGMENT_DATA *FragmentTable;\r
+ UINT32 FragmentCount;\r
+ EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable;\r
+ UINTN Index;\r
+\r
+ Status = EFI_SUCCESS;\r
+ Buffer = NULL;\r
+ BufferSize = 0;\r
+ BytesCopied = 0;\r
+ FragmentTable = NULL;\r
+ OriginalFragmentTable = NULL;\r
+\r
+ //\r
+ // Rebuild fragment table from BufferIn.\r
+ //\r
+ FragmentCount = 1;\r
+ FragmentTable = AllocateZeroPool (FragmentCount * sizeof (EFI_TLS_FRAGMENT_DATA));\r
+ if (FragmentTable == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ FragmentTable->FragmentLength = (UINT32) MessageSize;\r
+ FragmentTable->FragmentBuffer = Message;\r
+\r
+ //\r
+ // Record the original FragmentTable.\r
+ //\r
+ OriginalFragmentTable = FragmentTable;\r
+\r
+ //\r
+ // Process the Message.\r
+ //\r
+ Status = HttpInstance->Tls->ProcessPacket (\r
+ HttpInstance->Tls,\r
+ &FragmentTable,\r
+ &FragmentCount,\r
+ ProcessMode\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Calculate the size according to FragmentTable.\r
+ //\r
+ for (Index = 0; Index < FragmentCount; Index++) {\r
+ BufferSize += FragmentTable[Index].FragmentLength;\r
+ }\r
+\r
+ //\r
+ // Allocate buffer for processed data.\r
+ //\r
+ Buffer = AllocateZeroPool (BufferSize);\r
+ if (Buffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Copy the new FragmentTable buffer into Buffer.\r
+ //\r
+ for (Index = 0; Index < FragmentCount; Index++) {\r
+ CopyMem (\r
+ (Buffer + BytesCopied),\r
+ FragmentTable[Index].FragmentBuffer,\r
+ FragmentTable[Index].FragmentLength\r
+ );\r
+ BytesCopied += FragmentTable[Index].FragmentLength;\r
+\r
+ //\r
+ // Free the FragmentBuffer since it has been copied.\r
+ //\r
+ FreePool (FragmentTable[Index].FragmentBuffer);\r
+ }\r
+\r
+ Fragment->Len = BufferSize;\r
+ Fragment->Bulk = Buffer;\r
+\r
+ON_EXIT:\r
+\r
+ if (OriginalFragmentTable != NULL) {\r
+ FreePool (OriginalFragmentTable);\r
+ OriginalFragmentTable = NULL;\r
+ }\r
+\r
+ //\r
+ // Caller has the responsibility to free the FragmentTable.\r
+ //\r
+ if (FragmentTable != NULL) {\r
+ FreePool (FragmentTable);\r
+ FragmentTable = NULL;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Receive one fragment decrypted from one TLS record.\r
+\r
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in, out] Fragment The received Fragment.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS One fragment is received.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED Something wrong decryption the message.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+HttpsReceive (\r
+ IN HTTP_PROTOCOL *HttpInstance,\r
+ IN OUT NET_FRAGMENT *Fragment,\r
+ IN EFI_EVENT Timeout\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ NET_BUF *Pdu;\r
+ TLS_RECORD_HEADER RecordHeader;\r
+ UINT8 *BufferIn;\r
+ UINTN BufferInSize;\r
+ NET_FRAGMENT TempFragment;\r
+ UINT8 *BufferOut;\r
+ UINTN BufferOutSize;\r
+ NET_BUF *PacketOut;\r
+ UINT8 *DataOut;\r
+ UINT8 *GetSessionDataBuffer;\r
+ UINTN GetSessionDataBufferSize;\r
+\r
+ Status = EFI_SUCCESS;\r
+ Pdu = NULL;\r
+ BufferIn = NULL;\r
+ BufferInSize = 0;\r
+ BufferOut = NULL;\r
+ BufferOutSize = 0;\r
+ PacketOut = NULL;\r
+ DataOut = NULL;\r
+ GetSessionDataBuffer = NULL;\r
+ GetSessionDataBufferSize = 0;\r
+\r
+ //\r
+ // Receive only one TLS record\r
+ //\r
+ Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ BufferInSize = Pdu->TotalSize;\r
+ BufferIn = AllocateZeroPool (BufferInSize);\r
+ if (BufferIn == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ NetbufFree (Pdu);\r
+ return Status;\r
+ }\r
+\r
+ NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn);\r
+\r
+ NetbufFree (Pdu);\r
+\r
+ //\r
+ // Handle Receive data.\r
+ //\r
+ RecordHeader = *(TLS_RECORD_HEADER *) BufferIn;\r
+\r
+ if ((RecordHeader.ContentType == TlsContentTypeApplicationData) &&\r
+ (RecordHeader.Version.Major == 0x03) &&\r
+ (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||\r
+ RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||\r
+ RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)\r
+ ) {\r
+ //\r
+ // Decrypt Packet.\r
+ //\r
+ Status = TlsProcessMessage (\r
+ HttpInstance,\r
+ BufferIn,\r
+ BufferInSize,\r
+ EfiTlsDecrypt,\r
+ &TempFragment\r
+ );\r
+\r
+ FreePool (BufferIn);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ if (Status == EFI_ABORTED) {\r
+ //\r
+ // Something wrong decryption the message.\r
+ // BuildResponsePacket() will be called to generate Error Alert message and send it out.\r
+ //\r
+ BufferOutSize = DEF_BUF_LEN;\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ NULL,\r
+ 0,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ NULL,\r
+ 0,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ }\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool(BufferOut);\r
+ return Status;\r
+ }\r
+\r
+ if (BufferOutSize != 0) {\r
+ PacketOut = NetbufAlloc ((UINT32)BufferOutSize);\r
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);\r
+ if (DataOut == NULL) {\r
+ FreePool (BufferOut);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ CopyMem (DataOut, BufferOut, BufferOutSize);\r
+\r
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);\r
+\r
+ NetbufFree (PacketOut);\r
+ }\r
+\r
+ FreePool(BufferOut);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Parsing buffer.\r
+ //\r
+ ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType == TlsContentTypeApplicationData);\r
+\r
+ BufferInSize = ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length;\r
+ BufferIn = AllocateZeroPool (BufferInSize);\r
+ if (BufferIn == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);\r
+\r
+ //\r
+ // Free the buffer in TempFragment.\r
+ //\r
+ FreePool (TempFragment.Bulk);\r
+\r
+ } else if ((RecordHeader.ContentType == TlsContentTypeAlert) &&\r
+ (RecordHeader.Version.Major == 0x03) &&\r
+ (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||\r
+ RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||\r
+ RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)\r
+ ) {\r
+ BufferOutSize = DEF_BUF_LEN;\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ FreePool (BufferIn);\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ BufferIn,\r
+ BufferInSize,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = AllocateZeroPool (BufferOutSize);\r
+ if (BufferOut == NULL) {\r
+ FreePool (BufferIn);\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->BuildResponsePacket (\r
+ HttpInstance->Tls,\r
+ BufferIn,\r
+ BufferInSize,\r
+ BufferOut,\r
+ &BufferOutSize\r
+ );\r
+ }\r
+\r
+ FreePool (BufferIn);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (BufferOut);\r
+ return Status;\r
+ }\r
+\r
+ if (BufferOutSize != 0) {\r
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);\r
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);\r
+ if (DataOut == NULL) {\r
+ FreePool (BufferOut);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ CopyMem (DataOut, BufferOut, BufferOutSize);\r
+\r
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);\r
+\r
+ NetbufFree (PacketOut);\r
+ }\r
+\r
+ FreePool (BufferOut);\r
+\r
+ //\r
+ // Get the session state.\r
+ //\r
+ GetSessionDataBufferSize = DEF_BUF_LEN;\r
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);\r
+ if (GetSessionDataBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->GetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ GetSessionDataBuffer,\r
+ &GetSessionDataBufferSize\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ FreePool (GetSessionDataBuffer);\r
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);\r
+ if (GetSessionDataBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
+\r
+ Status = HttpInstance->Tls->GetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsSessionState,\r
+ GetSessionDataBuffer,\r
+ &GetSessionDataBufferSize\r
+ );\r
+ }\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (GetSessionDataBuffer);\r
+ return Status;\r
+ }\r
+\r
+ ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));\r
+ HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;\r
+\r
+ FreePool (GetSessionDataBuffer);\r
+\r
+ if(HttpInstance->TlsSessionState == EfiTlsSessionError) {\r
+ DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n"));\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ BufferIn = NULL;\r
+ BufferInSize = 0;\r
+ }\r
+\r
+ Fragment->Bulk = BufferIn;\r
+ Fragment->Len = (UINT32) BufferInSize;\r
+\r
+ return Status;\r
+}\r
+\r
-/** @file
- The header files of miscellaneous routines specific to Https for HttpDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __EFI_HTTPS_SUPPORT_H__
-#define __EFI_HTTPS_SUPPORT_H__
-
-#define HTTPS_DEFAULT_PORT 443
-
-#define HTTPS_FLAG "https://"
-
-/**
- Check whether the Url is from Https.
-
- @param[in] Url The pointer to a HTTP or HTTPS URL string.
-
- @retval TRUE The Url is from HTTPS.
- @retval FALSE The Url is from HTTP.
-
-**/
-BOOLEAN
-IsHttpsUrl (
- IN CHAR8 *Url
- );
-
-/**
- Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
-
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
-**/
-EFI_HANDLE
-EFIAPI
-TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
- );
-
-/**
- Create event for the TLS receive and transmit tokens which are used to receive and
- transmit TLS related messages.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
- @retval EFI_SUCCESS The events are created successfully.
- @retval others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCreateTxRxEvent (
- IN OUT HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Close events in the TlsTxToken and TlsRxToken.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
-**/
-VOID
-EFIAPI
-TlsCloseTxRxEvent (
- IN HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Read the TlsCaCertificate variable and configure it.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TlsCaCertificate is configured.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-TlsConfigCertificate (
- IN OUT HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Configure TLS session data.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TLS session data is configured.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigureSession (
- IN OUT HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Transmit the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
-
- @retval EFI_SUCCESS The packet is transmitted.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonTransmit (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet
- );
-
-/**
- Receive the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The Packet is received.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_TIMEOUT The operation is time out.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonReceive (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet,
- IN EFI_EVENT Timeout
- );
-
-/**
- Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
- corresponding record data. These two parts will be put into two blocks of buffers in the
- net buffer.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[out] Pdu The received TLS PDU.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS An TLS PDU is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsReceiveOnePdu (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- OUT NET_BUF **Pdu,
- IN EFI_EVENT Timeout
- );
-
-/**
- Connect one TLS session by finishing the TLS handshake process.
-
- @param[in] HttpInstance The HTTP instance private data.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The TLS session is established.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConnectSession (
- IN HTTP_PROTOCOL *HttpInstance,
- IN EFI_EVENT Timeout
- );
-
-/**
- Close the TLS session and send out the close notification message.
-
- @param[in] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS The TLS session is closed.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseSession (
- IN HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Process one message according to the CryptMode.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Message Pointer to the message buffer needed to processed.
- @param[in] MessageSize Pointer to the message buffer size.
- @param[in] ProcessMode Process mode.
- @param[in, out] Fragment Only one Fragment returned after the Message is
- processed successfully.
-
- @retval EFI_SUCCESS Message is processed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessMessage (
- IN HTTP_PROTOCOL *HttpInstance,
- IN UINT8 *Message,
- IN UINTN MessageSize,
- IN EFI_TLS_CRYPT_MODE ProcessMode,
- IN OUT NET_FRAGMENT *Fragment
- );
-
-/**
- Receive one fragment decrypted from one TLS record.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in, out] Fragment The received Fragment.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS One fragment is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED Something wrong decryption the message.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-HttpsReceive (
- IN HTTP_PROTOCOL *HttpInstance,
- IN OUT NET_FRAGMENT *Fragment,
- IN EFI_EVENT Timeout
- );
-
-#endif
+/** @file\r
+ The header files of miscellaneous routines specific to Https for HttpDxe driver.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __EFI_HTTPS_SUPPORT_H__\r
+#define __EFI_HTTPS_SUPPORT_H__\r
+\r
+#define HTTPS_DEFAULT_PORT 443\r
+\r
+#define HTTPS_FLAG "https://"\r
+\r
+/**\r
+ Check whether the Url is from Https.\r
+\r
+ @param[in] Url The pointer to a HTTP or HTTPS URL string.\r
+\r
+ @retval TRUE The Url is from HTTPS.\r
+ @retval FALSE The Url is from HTTP.\r
+\r
+**/\r
+BOOLEAN\r
+IsHttpsUrl (\r
+ IN CHAR8 *Url\r
+ );\r
+\r
+/**\r
+ Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.\r
+\r
+ @param[in] ImageHandle The firmware allocated handle for the UEFI image.\r
+ @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.\r
+\r
+ @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.\r
+\r
+**/\r
+EFI_HANDLE\r
+EFIAPI\r
+TlsCreateChild (\r
+ IN EFI_HANDLE ImageHandle,\r
+ OUT EFI_TLS_PROTOCOL **TlsProto,\r
+ OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration\r
+ );\r
+\r
+/**\r
+ Create event for the TLS receive and transmit tokens which are used to receive and\r
+ transmit TLS related messages.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+\r
+ @retval EFI_SUCCESS The events are created successfully.\r
+ @retval others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCreateTxRxEvent (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ );\r
+\r
+/**\r
+ Close events in the TlsTxToken and TlsRxToken.\r
+\r
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsCloseTxRxEvent (\r
+ IN HTTP_PROTOCOL *HttpInstance\r
+ );\r
+\r
+/**\r
+ Read the TlsCaCertificate variable and configure it.\r
+\r
+ @param[in, out] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS TlsCaCertificate is configured.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsConfigCertificate (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ );\r
+\r
+/**\r
+ Configure TLS session data.\r
+\r
+ @param[in, out] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS TLS session data is configured.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConfigureSession (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ );\r
+\r
+/**\r
+ Transmit the Packet by processing the associated HTTPS token.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in] Packet The packet to transmit.\r
+\r
+ @retval EFI_SUCCESS The packet is transmitted.\r
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCommonTransmit (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance,\r
+ IN NET_BUF *Packet\r
+ );\r
+\r
+/**\r
+ Receive the Packet by processing the associated HTTPS token.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in] Packet The packet to transmit.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS The Packet is received.\r
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_TIMEOUT The operation is time out.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCommonReceive (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance,\r
+ IN NET_BUF *Packet,\r
+ IN EFI_EVENT Timeout\r
+ );\r
+\r
+/**\r
+ Receive one TLS PDU. An TLS PDU contains an TLS record header and it's\r
+ corresponding record data. These two parts will be put into two blocks of buffers in the\r
+ net buffer.\r
+\r
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[out] Pdu The received TLS PDU.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS An TLS PDU is received.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsReceiveOnePdu (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance,\r
+ OUT NET_BUF **Pdu,\r
+ IN EFI_EVENT Timeout\r
+ );\r
+\r
+/**\r
+ Connect one TLS session by finishing the TLS handshake process.\r
+\r
+ @param[in] HttpInstance The HTTP instance private data.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS The TLS session is established.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED TLS session state is incorrect.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConnectSession (\r
+ IN HTTP_PROTOCOL *HttpInstance,\r
+ IN EFI_EVENT Timeout\r
+ );\r
+\r
+/**\r
+ Close the TLS session and send out the close notification message.\r
+\r
+ @param[in] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS The TLS session is closed.\r
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCloseSession (\r
+ IN HTTP_PROTOCOL *HttpInstance\r
+ );\r
+\r
+/**\r
+ Process one message according to the CryptMode.\r
+\r
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in] Message Pointer to the message buffer needed to processed.\r
+ @param[in] MessageSize Pointer to the message buffer size.\r
+ @param[in] ProcessMode Process mode.\r
+ @param[in, out] Fragment Only one Fragment returned after the Message is\r
+ processed successfully.\r
+\r
+ @retval EFI_SUCCESS Message is processed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsProcessMessage (\r
+ IN HTTP_PROTOCOL *HttpInstance,\r
+ IN UINT8 *Message,\r
+ IN UINTN MessageSize,\r
+ IN EFI_TLS_CRYPT_MODE ProcessMode,\r
+ IN OUT NET_FRAGMENT *Fragment\r
+ );\r
+\r
+/**\r
+ Receive one fragment decrypted from one TLS record.\r
+\r
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
+ @param[in, out] Fragment The received Fragment.\r
+ @param[in] Timeout The time to wait for connection done.\r
+\r
+ @retval EFI_SUCCESS One fragment is received.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED Something wrong decryption the message.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+HttpsReceive (\r
+ IN HTTP_PROTOCOL *HttpInstance,\r
+ IN OUT NET_FRAGMENT *Fragment,\r
+ IN EFI_EVENT Timeout\r
+ );\r
+\r
+#endif\r
+\r
-/** @file
- GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials are licensed and made available under
-the terms and conditions of the BSD License that accompanies this distribution.
-The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php.
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
-#define __TLS_AUTH_CONFIG_HII_GUID_H__
-
-#define TLS_AUTH_CONFIG_GUID \
- { \
- 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \
- }
-
-extern EFI_GUID gTlsAuthConfigGuid;
-
-#endif
+/** @file\r
+ GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials are licensed and made available under\r
+the terms and conditions of the BSD License that accompanies this distribution.\r
+The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php.\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__\r
+#define __TLS_AUTH_CONFIG_HII_GUID_H__\r
+\r
+#define TLS_AUTH_CONFIG_GUID \\r
+ { \\r
+ 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \\r
+ }\r
+\r
+extern EFI_GUID gTlsAuthConfigGuid;\r
+\r
+#endif\r
+\r
-/** @file
- This file defines TlsCaCertificate variable.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials are licensed and made available under
-the terms and conditions of the BSD License that accompanies this distribution.
-The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php.
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTHENTICATION_H__
-#define __TLS_AUTHENTICATION_H__
-
-// Private variable for CA Certificate configuration
-//
-#define EFI_TLS_CA_CERTIFICATE_GUID \
- { \
- 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
- }
-
-#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
-
-extern EFI_GUID gEfiTlsCaCertificateGuid;
-
-#endif
+/** @file\r
+ This file defines TlsCaCertificate variable.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials are licensed and made available under\r
+the terms and conditions of the BSD License that accompanies this distribution.\r
+The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php.\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __TLS_AUTHENTICATION_H__\r
+#define __TLS_AUTHENTICATION_H__\r
+\r
+// Private variable for CA Certificate configuration\r
+//\r
+#define EFI_TLS_CA_CERTIFICATE_GUID \\r
+ { \\r
+ 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \\r
+ }\r
+\r
+#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"\r
+\r
+extern EFI_GUID gEfiTlsCaCertificateGuid;\r
+\r
+#endif\r
+\r
-/** @file
- The DriverEntryPoint for TlsAuthConfigDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigImpl.h"
-
-/**
- Unloads an image.
-
- @param ImageHandle Handle that identifies the image to be unloaded.
-
- @retval EFI_SUCCESS The image has been unloaded.
- @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigDxeUnload (
- IN EFI_HANDLE ImageHandle
- )
-{
- EFI_STATUS Status;
- TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
-
- Status = gBS->HandleProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- (VOID **) &PrivateData
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
-
- gBS->UninstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
-
- TlsAuthConfigFormUnload (PrivateData);
-
- return EFI_SUCCESS;
-}
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
- both device drivers and bus drivers.
-
- @param ImageHandle The firmware allocated handle for the UEFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval Others An unexpected error occurred.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigDxeDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
-
- TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
-
- PrivateData = NULL;
-
- //
- // If already started, return.
- //
- Status = gBS->OpenProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- NULL,
- ImageHandle,
- ImageHandle,
- EFI_OPEN_PROTOCOL_TEST_PROTOCOL
- );
- if (!EFI_ERROR (Status)) {
- return EFI_ALREADY_STARTED;
- }
-
- //
- // Initialize the private data structure.
- //
- PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));
- if (PrivateData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Initialize the HII configuration form.
- //
- Status = TlsAuthConfigFormInit (PrivateData);
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- //
- // Install private GUID.
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- return EFI_SUCCESS;
-
-ON_ERROR:
- TlsAuthConfigFormUnload (PrivateData);
- FreePool (PrivateData);
-
- return Status;
-}
-
+/** @file\r
+ The DriverEntryPoint for TlsAuthConfigDxe driver.\r
+\r
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsAuthConfigImpl.h"\r
+\r
+/**\r
+ Unloads an image.\r
+\r
+ @param ImageHandle Handle that identifies the image to be unloaded.\r
+\r
+ @retval EFI_SUCCESS The image has been unloaded.\r
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigDxeUnload (\r
+ IN EFI_HANDLE ImageHandle\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;\r
+\r
+ Status = gBS->HandleProtocol (\r
+ ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ (VOID **) &PrivateData\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);\r
+\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ &ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ PrivateData,\r
+ NULL\r
+ );\r
+\r
+ TlsAuthConfigFormUnload (PrivateData);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This is the declaration of an EFI image entry point. This entry point is\r
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including\r
+ both device drivers and bus drivers.\r
+\r
+ @param ImageHandle The firmware allocated handle for the UEFI image.\r
+ @param SystemTable A pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval Others An unexpected error occurred.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigDxeDriverEntryPoint (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;\r
+\r
+ PrivateData = NULL;\r
+\r
+ //\r
+ // If already started, return.\r
+ //\r
+ Status = gBS->OpenProtocol (\r
+ ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ NULL,\r
+ ImageHandle,\r
+ ImageHandle,\r
+ EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r
+ );\r
+ if (!EFI_ERROR (Status)) {\r
+ return EFI_ALREADY_STARTED;\r
+ }\r
+\r
+ //\r
+ // Initialize the private data structure.\r
+ //\r
+ PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));\r
+ if (PrivateData == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ //\r
+ // Initialize the HII configuration form.\r
+ //\r
+ Status = TlsAuthConfigFormInit (PrivateData);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_ERROR;\r
+ }\r
+\r
+ //\r
+ // Install private GUID.\r
+ //\r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ &ImageHandle,\r
+ &gEfiCallerIdGuid,\r
+ PrivateData,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_ERROR;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+\r
+ON_ERROR:\r
+ TlsAuthConfigFormUnload (PrivateData);\r
+ FreePool (PrivateData);\r
+\r
+ return Status;\r
+}\r
+\r
-## @file
-# Provides the capability to configure Tls Authentication in a setup browser
-# By this module, user may change the content of TlsCaCertificate.
-#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TlsAuthConfigDxe
- MODULE_UNI_FILE = TlsAuthConfigDxe.uni
- FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
- UNLOAD_IMAGE = TlsAuthConfigDxeUnload
-
-#
-# VALID_ARCHITECTURES = IA32 X64
-#
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- NetworkPkg/NetworkPkg.dec
-
-[Sources]
- TlsAuthConfigImpl.c
- TlsAuthConfigImpl.h
- TlsAuthConfigNvData.h
- TlsAuthConfigDxe.c
- TlsAuthConfigDxeStrings.uni
- TlsAuthConfigVfr.vfr
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- MemoryAllocationLib
- UefiLib
- UefiBootServicesTableLib
- UefiRuntimeServicesTableLib
- UefiDriverEntryPoint
- DebugLib
- HiiLib
- DevicePathLib
- UefiHiiServicesLib
- FileExplorerLib
- PrintLib
-
-[Protocols]
- gEfiDevicePathProtocolGuid ## PRODUCES
- gEfiHiiConfigAccessProtocolGuid ## PRODUCES
- gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
-
-[Guids]
- gTlsAuthConfigGuid ## PRODUCES ## GUID
- gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
- gEfiIfrTianoGuid ## CONSUMES ## HII
- gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
-
-[Depex]
- gEfiHiiConfigRoutingProtocolGuid AND
- gEfiHiiDatabaseProtocolGuid
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TlsAuthConfigDxeExtra.uni
+## @file\r
+# Provides the capability to configure Tls Authentication in a setup browser\r
+# By this module, user may change the content of TlsCaCertificate.\r
+#\r
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = TlsAuthConfigDxe\r
+ MODULE_UNI_FILE = TlsAuthConfigDxe.uni\r
+ FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829\r
+ MODULE_TYPE = DXE_DRIVER\r
+ VERSION_STRING = 1.0\r
+ ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint\r
+ UNLOAD_IMAGE = TlsAuthConfigDxeUnload\r
+\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64\r
+#\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+ NetworkPkg/NetworkPkg.dec\r
+\r
+[Sources]\r
+ TlsAuthConfigImpl.c\r
+ TlsAuthConfigImpl.h\r
+ TlsAuthConfigNvData.h\r
+ TlsAuthConfigDxe.c\r
+ TlsAuthConfigDxeStrings.uni\r
+ TlsAuthConfigVfr.vfr\r
+\r
+[LibraryClasses]\r
+ BaseLib\r
+ BaseMemoryLib\r
+ MemoryAllocationLib\r
+ UefiLib\r
+ UefiBootServicesTableLib\r
+ UefiRuntimeServicesTableLib\r
+ UefiDriverEntryPoint\r
+ DebugLib\r
+ HiiLib\r
+ DevicePathLib\r
+ UefiHiiServicesLib\r
+ FileExplorerLib\r
+ PrintLib\r
+\r
+[Protocols]\r
+ gEfiDevicePathProtocolGuid ## PRODUCES\r
+ gEfiHiiConfigAccessProtocolGuid ## PRODUCES\r
+ gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES\r
+\r
+[Guids]\r
+ gTlsAuthConfigGuid ## PRODUCES ## GUID\r
+ gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type\r
+ gEfiIfrTianoGuid ## CONSUMES ## HII\r
+ gEfiTlsCaCertificateGuid ## PRODUCES ## GUID\r
+\r
+[Depex]\r
+ gEfiHiiConfigRoutingProtocolGuid AND\r
+ gEfiHiiDatabaseProtocolGuid\r
+\r
+[UserExtensions.TianoCore."ExtraFiles"]\r
+ TlsAuthConfigDxeExtra.uni\r
+\r
-// /** @file
-// Provides the capability to configure Tls Authentication in a setup browser
-//
-// By this module, user may change the content of TlsCaCertificate.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"
-
-#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."
-
+// /** @file\r
+// Provides the capability to configure Tls Authentication in a setup browser\r
+//\r
+// By this module, user may change the content of TlsCaCertificate.\r
+//\r
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// This program and the accompanying materials\r
+// are licensed and made available under the terms and conditions of the BSD License\r
+// which accompanies this distribution. The full text of the license may be found at\r
+// http://opensource.org/licenses/bsd-license.php\r
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+//\r
+// **/\r
+\r
+\r
+#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"\r
+\r
+#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."\r
+\r
-// /** @file
-// TlsAuthConfigDxe Localized Strings and Content
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TLS Auth Config DXE"
-
-
+// /** @file\r
+// TlsAuthConfigDxe Localized Strings and Content\r
+//\r
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// This program and the accompanying materials\r
+// are licensed and made available under the terms and conditions of the BSD License\r
+// which accompanies this distribution. The full text of the license may be found at\r
+// http://opensource.org/licenses/bsd-license.php\r
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+//\r
+// **/\r
+\r
+#string STR_PROPERTIES_MODULE_NAME\r
+#language en-US\r
+"TLS Auth Config DXE"\r
+\r
+\r
-/** @file
- String definitions for Tls Authentication Configuration form.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#langdef en-US "English"
-
-#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"
-#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."
-
-#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"
-#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."
-#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"
-#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."
-
-#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"
-#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."
-#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"
-#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."
-
-#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"
-
-#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"
-#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
-#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
-#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
-
-#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"
-
-#string STR_NULL #language en-US ""
\ No newline at end of file
+/** @file\r
+ String definitions for Tls Authentication Configuration form.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#langdef en-US "English"\r
+\r
+#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"\r
+#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."\r
+\r
+#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"\r
+#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."\r
+#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"\r
+#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."\r
+\r
+#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"\r
+#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."\r
+#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"\r
+#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."\r
+\r
+#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"\r
+\r
+#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"\r
+#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."\r
+#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"\r
+#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"\r
+\r
+#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"\r
+\r
+#string STR_NULL #language en-US ""\r
-/** @file
- The Miscellaneous Routines for TlsAuthConfigDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigImpl.h"
-
-VOID *mStartOpCodeHandle = NULL;
-VOID *mEndOpCodeHandle = NULL;
-EFI_IFR_GUID_LABEL *mStartLabel = NULL;
-EFI_IFR_GUID_LABEL *mEndLabel = NULL;
-
-
-CHAR16 mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";
-
-TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;
-
-HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath = {
- {
- {
- HARDWARE_DEVICE_PATH,
- HW_VENDOR_DP,
- {
- (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
- }
- },
- TLS_AUTH_CONFIG_GUID
- },
- {
- END_DEVICE_PATH_TYPE,
- END_ENTIRE_DEVICE_PATH_SUBTYPE,
- {
- (UINT8) (END_DEVICE_PATH_LENGTH),
- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
- }
- }
-};
-
-//
-// Possible DER-encoded certificate file suffixes, end with NULL pointer.
-//
-CHAR16* mDerPemEncodedSuffix[] = {
- L".cer",
- L".der",
- L".crt",
- L".pem",
- NULL
-};
-
-/**
- This code checks if the FileSuffix is one of the possible DER/PEM-encoded certificate suffix.
-
- @param[in] FileSuffix The suffix of the input certificate file
-
- @retval TRUE It's a DER/PEM-encoded certificate.
- @retval FALSE It's NOT a DER/PEM-encoded certificate.
-
-**/
-BOOLEAN
-IsDerPemEncodeCertificate (
- IN CONST CHAR16 *FileSuffix
-)
-{
- UINTN Index;
- for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {
- if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- Worker function that prints an EFI_GUID into specified Buffer.
-
- @param[in] Guid Pointer to GUID to print.
- @param[in] Buffer Buffer to print Guid into.
- @param[in] BufferSize Size of Buffer.
-
- @retval Number of characters printed.
-
-**/
-UINTN
-GuidToString (
- IN EFI_GUID *Guid,
- IN CHAR16 *Buffer,
- IN UINTN BufferSize
- )
-{
- return UnicodeSPrint (
- Buffer,
- BufferSize,
- L"%g",
- Guid
- );
-}
-
-/**
- List all cert in specified database by GUID in the page
- for user to select and delete as needed.
-
- @param[in] PrivateData Module's private data.
- @param[in] VariableName The variable name of the vendor's signature database.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[in] LabelNumber Label number to insert opcodes.
- @param[in] FormId Form ID of current page.
- @param[in] QuestionIdBase Base question id of the signature list.
-
- @retval EFI_SUCCESS Success to update the signature list page
- @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.
-
-**/
-EFI_STATUS
-UpdateDeletePage (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT16 LabelNumber,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase
- )
-{
- EFI_STATUS Status;
- UINT32 Index;
- UINTN CertCount;
- UINTN GuidIndex;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
- UINTN DataSize;
- UINT8 *Data;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINT32 ItemDataSize;
- CHAR16 *GuidStr;
- EFI_STRING_ID GuidID;
- EFI_STRING_ID Help;
-
- Data = NULL;
- CertList = NULL;
- Cert = NULL;
- GuidStr = NULL;
- StartOpCodeHandle = NULL;
- EndOpCodeHandle = NULL;
-
- //
- // Initialize the container for dynamic opcodes.
- //
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (StartOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (EndOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Create Hii Extend Label OpCode.
- //
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- StartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LabelNumber;
-
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- EndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
-
- //
- // Read Variable.
- //
- DataSize = 0;
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
- goto ON_EXIT;
- }
-
- Data = (UINT8 *) AllocateZeroPool (DataSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- GuidStr = AllocateZeroPool (100);
- if (GuidStr == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Enumerate all data.
- //
- ItemDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) Data;
- GuidIndex = 0;
-
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
-
- if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);
- } else {
- //
- // The signature type is not supported in current implementation.
- //
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- continue;
- }
-
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- for (Index = 0; Index < CertCount; Index++) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
- + sizeof (EFI_SIGNATURE_LIST)
- + CertList->SignatureHeaderSize
- + Index * CertList->SignatureSize);
- //
- // Display GUID and help
- //
- GuidToString (&Cert->SignatureOwner, GuidStr, 100);
- GuidID = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);
- HiiCreateCheckBoxOpCode (
- StartOpCodeHandle,
- (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
- 0,
- 0,
- GuidID,
- Help,
- EFI_IFR_FLAG_CALLBACK,
- 0,
- NULL
- );
- }
-
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
-ON_EXIT:
- HiiUpdateForm (
- Private->RegisteredHandle,
- &gTlsAuthConfigGuid,
- FormId,
- StartOpCodeHandle,
- EndOpCodeHandle
- );
-
- if (StartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (StartOpCodeHandle);
- }
-
- if (EndOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (EndOpCodeHandle);
- }
-
- if (Data != NULL) {
- FreePool (Data);
- }
-
- if (GuidStr != NULL) {
- FreePool (GuidStr);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Delete one entry from cert database.
-
- @param[in] PrivateData Module's private data.
- @param[in] VariableName The variable name of the database.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[in] LabelNumber Label number to insert opcodes.
- @param[in] FormId Form ID of current page.
- @param[in] QuestionIdBase Base question id of the cert list.
- @param[in] DeleteIndex Cert index to delete.
-
- @retval EFI_SUCCESS Delete siganture successfully.
- @retval EFI_NOT_FOUND Can't find the signature item,
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-**/
-EFI_STATUS
-DeleteCert (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT16 LabelNumber,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase,
- IN UINTN DeleteIndex
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- UINT8 *Data;
- UINT8 *OldData;
- UINT32 Attr;
- UINT32 Index;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_LIST *NewCertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- UINT32 Offset;
- BOOLEAN IsItemFound;
- UINT32 ItemDataSize;
- UINTN GuidIndex;
-
- Data = NULL;
- OldData = NULL;
- CertList = NULL;
- Cert = NULL;
- Attr = 0;
-
- //
- // Get original signature list data.
- //
- DataSize = 0;
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
- goto ON_EXIT;
- }
-
- OldData = (UINT8 *) AllocateZeroPool (DataSize);
- if (OldData == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);
- if (EFI_ERROR(Status)) {
- goto ON_EXIT;
- }
-
- //
- // Allocate space for new variable.
- //
- Data = (UINT8*) AllocateZeroPool (DataSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Enumerate all data and erasing the target item.
- //
- IsItemFound = FALSE;
- ItemDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) OldData;
- Offset = 0;
- GuidIndex = 0;
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- //
- // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.
- //
- CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
- NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
- Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- for (Index = 0; Index < CertCount; Index++) {
- if (GuidIndex == DeleteIndex) {
- //
- // Find it! Skip it!
- //
- NewCertList->SignatureListSize -= CertList->SignatureSize;
- IsItemFound = TRUE;
- } else {
- //
- // This item doesn't match. Copy it to the Data buffer.
- //
- CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
- Offset += CertList->SignatureSize;
- }
- GuidIndex++;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
- }
- } else {
- //
- // This List doesn't match. Just copy it to the Data buffer.
- //
- CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
- Offset += CertList->SignatureListSize;
- }
-
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
- if (!IsItemFound) {
- //
- // Doesn't find the signature Item!
- //
- Status = EFI_NOT_FOUND;
- goto ON_EXIT;
- }
-
- //
- // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
- //
- ItemDataSize = Offset;
- CertList = (EFI_SIGNATURE_LIST *) Data;
- Offset = 0;
- ZeroMem (OldData, ItemDataSize);
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
- if (CertCount != 0) {
- CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
- Offset += CertList->SignatureListSize;
- }
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
- DataSize = Offset;
-
- Status = gRT->SetVariable(
- VariableName,
- VendorGuid,
- Attr,
- DataSize,
- OldData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
- goto ON_EXIT;
- }
-
-ON_EXIT:
- if (Data != NULL) {
- FreePool(Data);
- }
-
- if (OldData != NULL) {
- FreePool(OldData);
- }
-
- return UpdateDeletePage (
- Private,
- VariableName,
- VendorGuid,
- LabelNumber,
- FormId,
- QuestionIdBase
- );
-}
-
-
-/**
- Close an open file handle.
-
- @param[in] FileHandle The file handle to close.
-
-**/
-VOID
-CloseFile (
- IN EFI_FILE_HANDLE FileHandle
- )
-{
- if (FileHandle != NULL) {
- FileHandle->Close (FileHandle);
- }
-}
-
-/**
- Read file content into BufferPtr, the size of the allocate buffer
- is *FileSize plus AddtionAllocateSize.
-
- @param[in] FileHandle The file to be read.
- @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
- @param[out] FileSize Size of input file
- @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
- In case the buffer need to contain others besides the file content.
-
- @retval EFI_SUCCESS The file was read into the buffer.
- @retval EFI_INVALID_PARAMETER A parameter was invalid.
- @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
- @retval others Unexpected error.
-
-**/
-EFI_STATUS
-ReadFileContent (
- IN EFI_FILE_HANDLE FileHandle,
- IN OUT VOID **BufferPtr,
- OUT UINTN *FileSize,
- IN UINTN AddtionAllocateSize
- )
-
-{
- UINTN BufferSize;
- UINT64 SourceFileSize;
- VOID *Buffer;
- EFI_STATUS Status;
-
- if ((FileHandle == NULL) || (FileSize == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Buffer = NULL;
-
- //
- // Get the file size
- //
- Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Status = FileHandle->SetPosition (FileHandle, 0);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
- Buffer = AllocateZeroPool(BufferSize);
- if (Buffer == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- BufferSize = (UINTN) SourceFileSize;
- *FileSize = BufferSize;
-
- Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
- if (EFI_ERROR (Status) || BufferSize != *FileSize) {
- FreePool (Buffer);
- Buffer = NULL;
- Status = EFI_BAD_BUFFER_SIZE;
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- *BufferPtr = Buffer;
- return Status;
-}
-
-/**
- This function will open a file or directory referenced by DevicePath.
-
- This function opens a file with the open mode according to the file path. The
- Attributes is valid only for EFI_FILE_MODE_CREATE.
-
- @param[in, out] FilePath On input, the device path to the file.
- On output, the remaining device path.
- @param[out] FileHandle Pointer to the file handle.
- @param[in] OpenMode The mode to open the file with.
- @param[in] Attributes The file's file attributes.
-
- @retval EFI_SUCCESS The information was set.
- @retval EFI_INVALID_PARAMETER One of the parameters has an invalid value.
- @retval EFI_UNSUPPORTED Could not open the file path.
- @retval EFI_NOT_FOUND The specified file could not be found on the
- device or the file system could not be found on
- the device.
- @retval EFI_NO_MEDIA The device has no medium.
- @retval EFI_MEDIA_CHANGED The device has a different medium in it or the
- medium is no longer supported.
- @retval EFI_DEVICE_ERROR The device reported an error.
- @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.
- @retval EFI_WRITE_PROTECTED The file or medium is write protected.
- @retval EFI_ACCESS_DENIED The file was opened read only.
- @retval EFI_OUT_OF_RESOURCES Not enough resources were available to open the
- file.
- @retval EFI_VOLUME_FULL The volume is full.
-**/
-EFI_STATUS
-EFIAPI
-OpenFileByDevicePath (
- IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,
- OUT EFI_FILE_HANDLE *FileHandle,
- IN UINT64 OpenMode,
- IN UINT64 Attributes
- )
-{
- EFI_STATUS Status;
- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
- EFI_FILE_PROTOCOL *Handle1;
- EFI_FILE_PROTOCOL *Handle2;
- EFI_HANDLE DeviceHandle;
-
- if ((FilePath == NULL || FileHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = gBS->LocateDevicePath (
- &gEfiSimpleFileSystemProtocolGuid,
- FilePath,
- &DeviceHandle
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = gBS->OpenProtocol(
- DeviceHandle,
- &gEfiSimpleFileSystemProtocolGuid,
- (VOID**)&EfiSimpleFileSystemProtocol,
- gImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
- if (EFI_ERROR (Status)) {
- FileHandle = NULL;
- return Status;
- }
-
- //
- // go down directories one node at a time.
- //
- while (!IsDevicePathEnd (*FilePath)) {
- //
- // For file system access each node should be a file path component
- //
- if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||
- DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
- ) {
- FileHandle = NULL;
- return (EFI_INVALID_PARAMETER);
- }
- //
- // Open this file path node
- //
- Handle2 = Handle1;
- Handle1 = NULL;
-
- //
- // Try to test opening an existing file
- //
- Status = Handle2->Open (
- Handle2,
- &Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
- OpenMode &~EFI_FILE_MODE_CREATE,
- 0
- );
-
- //
- // see if the error was that it needs to be created
- //
- if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode &~EFI_FILE_MODE_CREATE))) {
- Status = Handle2->Open (
- Handle2,
- &Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
- OpenMode,
- Attributes
- );
- }
- //
- // Close the last node
- //
- Handle2->Close (Handle2);
-
- if (EFI_ERROR(Status)) {
- return (Status);
- }
-
- //
- // Get the next node
- //
- *FilePath = NextDevicePathNode (*FilePath);
- }
-
- //
- // This is a weak spot since if the undefined SHELL_FILE_HANDLE format changes this must change also!
- //
- *FileHandle = (VOID*)Handle1;
- return EFI_SUCCESS;
-}
-
-/**
- This function converts an input device structure to a Unicode string.
-
- @param[in] DevPath A pointer to the device path structure.
-
- @return A new allocated Unicode string that represents the device path.
-
-**/
-CHAR16 *
-EFIAPI
-DevicePathToStr (
- IN EFI_DEVICE_PATH_PROTOCOL *DevPath
- )
-{
- return ConvertDevicePathToText (
- DevPath,
- FALSE,
- TRUE
- );
-}
-
-
-/**
- Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.
- The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL
- means not enough memory resource.
-
- @param DevicePath Device path.
-
- @retval NULL Not enough memory resourece for AllocateCopyPool.
- @retval Other A new allocated string that represents the file name.
-
-**/
-CHAR16 *
-ExtractFileNameFromDevicePath (
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- )
-{
- CHAR16 *String;
- CHAR16 *MatchString;
- CHAR16 *LastMatch;
- CHAR16 *FileName;
- UINTN Length;
-
- ASSERT(DevicePath != NULL);
-
- String = DevicePathToStr(DevicePath);
- MatchString = String;
- LastMatch = String;
- FileName = NULL;
-
- while(MatchString != NULL){
- LastMatch = MatchString + 1;
- MatchString = StrStr(LastMatch,L"\\");
- }
-
- Length = StrLen(LastMatch);
- FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
- if (FileName != NULL) {
- *(FileName + Length) = 0;
- }
-
- FreePool(String);
-
- return FileName;
-}
-
-/**
- Enroll a new X509 certificate into Variable.
-
- @param[in] PrivateData The module's private data.
- @param[in] VariableName Variable name of CA database.
-
- @retval EFI_SUCCESS New X509 is enrolled successfully.
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollX509toVariable (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
- )
-{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- EFI_SIGNATURE_LIST *CACert;
- EFI_SIGNATURE_DATA *CACertData;
- VOID *Data;
- UINTN DataSize;
- UINTN SigDataSize;
- UINT32 Attr;
-
- X509DataSize = 0;
- SigDataSize = 0;
- DataSize = 0;
- X509Data = NULL;
- CACert = NULL;
- CACertData = NULL;
- Data = NULL;
-
- Status = ReadFileContent (
- Private->FileContext->FHandle,
- &X509Data,
- &X509DataSize,
- 0
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (X509Data != NULL);
-
- SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
-
- Data = AllocateZeroPool (SigDataSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Fill Certificate Database parameters.
- //
- CACert = (EFI_SIGNATURE_LIST*) Data;
- CACert->SignatureListSize = (UINT32) SigDataSize;
- CACert->SignatureHeaderSize = 0;
- CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
- CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);
-
- CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIGNATURE_LIST));
- CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);
- CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
-
- //
- // Check if signature database entry has been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new signature data to original variable
- //
- Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
-
- Status = gRT->GetVariable(
- VariableName,
- &gEfiTlsCaCertificateGuid,
- NULL,
- &DataSize,
- NULL
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
- goto ON_EXIT;
- }
-
- Status = gRT->SetVariable(
- VariableName,
- &gEfiTlsCaCertificateGuid,
- Attr,
- SigDataSize,
- Data
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- CloseFile (Private->FileContext->FHandle);
- if (Private->FileContext->FileName != NULL) {
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
-
- Private->FileContext->FHandle = NULL;
-
- if (Private->CertGuid != NULL) {
- FreePool (Private->CertGuid);
- Private->CertGuid = NULL;
- }
-
- if (Data != NULL) {
- FreePool (Data);
- }
-
- if (X509Data != NULL) {
- FreePool (X509Data);
- }
-
- return Status;
-}
-
-/**
- Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.
-
- @param[in] PrivateData The module's private data.
- @param[in] VariableName Variable name of signature database.
-
- @retval EFI_SUCCESS New Cert enrolled successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED The Cert file is unsupported type.
- @retval others Fail to enroll Cert data.
-
-**/
-EFI_STATUS
-EnrollCertDatabase (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
- )
-{
- UINT16* FilePostFix;
- UINTN NameLength;
-
- if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->CertGuid == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Parse the file's postfix.
- //
- NameLength = StrLen (Private->FileContext->FileName);
- if (NameLength <= 4) {
- return EFI_INVALID_PARAMETER;
- }
- FilePostFix = Private->FileContext->FileName + NameLength - 4;
-
- if (IsDerPemEncodeCertificate (FilePostFix)) {
- //
- // Supports DER-encoded X509 certificate.
- //
- return EnrollX509toVariable (Private, VariableName);
- }
-
- return EFI_UNSUPPORTED;
-}
-
-/**
- Refresh the global UpdateData structure.
-
-**/
-VOID
-RefreshUpdateData (
- VOID
- )
-{
- //
- // Free current updated date
- //
- if (mStartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mStartOpCodeHandle);
- }
-
- //
- // Create new OpCode Handle
- //
- mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
-
- //
- // Create Hii Extend Label OpCode as the start opcode
- //
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-}
-
-/**
- Clean up the dynamic opcode at label and form specified by both LabelId.
-
- @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
- @param[in] PrivateData Module private data.
-
-**/
-VOID
-CleanUpPage (
- IN UINT16 LabelId,
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData
- )
-{
- RefreshUpdateData ();
-
- //
- // Remove all op-codes from dynamic page
- //
- mStartLabel->Number = LabelId;
- HiiUpdateForm (
- PrivateData->RegisteredHandle,
- &gTlsAuthConfigGuid,
- LabelId,
- mStartOpCodeHandle, // Label LabelId
- mEndOpCodeHandle // LABEL_END
- );
-}
-
-/**
- Update the form base on the selected file.
-
- @param FilePath Point to the file path.
- @param FormId The form need to display.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-
-**/
-BOOLEAN
-UpdatePage(
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
- IN EFI_FORM_ID FormId
- )
-{
- CHAR16 *FileName;
- EFI_STRING_ID StringToken;
-
- FileName = NULL;
-
- if (FilePath != NULL) {
- FileName = ExtractFileNameFromDevicePath(FilePath);
- }
- if (FileName == NULL) {
- //
- // FileName = NULL has two case:
- // 1. FilePath == NULL, not select file.
- // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.
- // In these two case, no need to update the form, and exit the caller function.
- //
- return TRUE;
- }
- StringToken = HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0, FileName, NULL);
-
- mTlsAuthPrivateData->FileContext->FileName = FileName;
-
- OpenFileByDevicePath (
- &FilePath,
- &mTlsAuthPrivateData->FileContext->FHandle,
- EFI_FILE_MODE_READ,
- 0
- );
- //
- // Create Subtitle op-code for the display string of the option.
- //
- RefreshUpdateData ();
- mStartLabel->Number = FormId;
-
- HiiCreateSubTitleOpCode (
- mStartOpCodeHandle,
- StringToken,
- 0,
- 0,
- 0
- );
-
- HiiUpdateForm (
- mTlsAuthPrivateData->RegisteredHandle,
- &gTlsAuthConfigGuid,
- FormId,
- mStartOpCodeHandle, /// Label FormId
- mEndOpCodeHandle /// LABEL_END
- );
-
- return TRUE;
-}
-
-/**
- Update the form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-EFIAPI
-UpdateCAFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- )
-{
- return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);
-}
-
-/**
- Unload the configuration form, this includes: delete all the configuration
- entries, uninstall the form callback protocol, and free the resources used.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is unloaded.
- @retval Others Failed to unload the form.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormUnload (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- )
-{
- if (Private->DriverHandle != NULL) {
- //
- // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
- //
- gBS->UninstallMultipleProtocolInterfaces (
- Private->DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTlsAuthConfigHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- &Private->ConfigAccess,
- NULL
- );
- Private->DriverHandle = NULL;
- }
-
- if (Private->RegisteredHandle != NULL) {
- //
- // Remove HII package list
- //
- HiiRemovePackages (Private->RegisteredHandle);
- Private->RegisteredHandle = NULL;
- }
-
- if (Private->CertGuid != NULL) {
- FreePool (Private->CertGuid);
- }
-
- if (Private->FileContext != NULL) {
- FreePool (Private->FileContext);
- }
-
- FreePool (Private);
-
- if (mStartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mStartOpCodeHandle);
- }
-
- if (mEndOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mEndOpCodeHandle);
- }
-
- return EFI_SUCCESS;
-}
-
-
-/**
- Initialize the configuration form.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is initialized.
- @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormInit (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- )
-{
- EFI_STATUS Status;
-
- Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;
-
- Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;
- Private->ConfigAccess.RouteConfig = TlsAuthConfigAccessRouteConfig;
- Private->ConfigAccess.Callback = TlsAuthConfigAccessCallback;
-
- //
- // Install Device Path Protocol and Config Access protocol to driver handle.
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &Private->DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTlsAuthConfigHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- &Private->ConfigAccess,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Publish our HII data.
- //
- Private->RegisteredHandle = HiiAddPackages (
- &gTlsAuthConfigGuid,
- Private->DriverHandle,
- TlsAuthConfigDxeStrings,
- TlsAuthConfigVfrBin,
- NULL
- );
- if (Private->RegisteredHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- Private->FileContext = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_CONTEXT));
- if (Private->FileContext == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- //
- // Init OpCode Handle and Allocate space for creation of Buffer
- //
- mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (mStartOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (mEndOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- //
- // Create Hii Extend Label OpCode as the start opcode
- //
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-
- //
- // Create Hii Extend Label OpCode as the end opcode
- //
- mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mEndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- mEndLabel->Number = LABEL_END;
-
- return EFI_SUCCESS;
-
-Error:
- TlsAuthConfigFormUnload (Private);
- return Status;
-}
-
-/**
-
- This function allows the caller to request the current
- configuration for one or more named elements. The resulting
- string is in <ConfigAltResp> format. Any and all alternative
- configuration strings shall also be appended to the end of the
- current configuration string. If they are, they must appear
- after the current configuration. They must contain the same
- routing (GUID, NAME, PATH) as the current configuration string.
- They must have an additional description indicating the type of
- alternative configuration the string represents,
- "ALTCFG=<StringToken>". That <StringToken> (when
- converted from Hex UNICODE to binary) is a reference to a
- string in the associated string pack.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Request A null-terminated Unicode string in
- <ConfigRequest> format. Note that this
- includes the routing information as well as
- the configurable name / value pairs. It is
- invalid for this string to be in
- <MultiConfigRequest> format.
- If a NULL is passed in for the Request field,
- all of the settings being abstracted by this function
- will be returned in the Results field. In addition,
- if a ConfigHdr is passed in with no request elements,
- all of the settings being abstracted for that particular
- ConfigHdr reference will be returned in the Results Field.
-
- @param Progress On return, points to a character in the
- Request string. Points to the string's null
- terminator if request was successful. Points
- to the most recent "&" before the first
- failing name / value pair (or the beginning
- of the string if the failure is in the first
- name / value pair) if the request was not
- successful.
-
- @param Results A null-terminated Unicode string in
- <MultiConfigAltResp> format which has all values
- filled in for the names in the Request string.
- String to be allocated by the called function.
-
- @retval EFI_SUCCESS The Results string is filled with the
- values corresponding to all requested
- names.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_NOT_FOUND Routing data doesn't match any
- known driver. Progress set to the
- first character in the routing header.
- Note: There is no requirement that the
- driver validate the routing data. It
- must skip the <ConfigHdr> in order to
- process the names.
-
- @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
- to most recent "&" before the
- error or the beginning of the
- string.
-
- @retval EFI_INVALID_PARAMETER Unknown name. Progress points
- to the & before the name in
- question.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
- )
-{
- EFI_STATUS Status;
- UINTN BufferSize;
- UINTN Size;
- EFI_STRING ConfigRequest;
- EFI_STRING ConfigRequestHdr;
- TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
- BOOLEAN AllocatedRequest;
-
- if (Progress == NULL || Results == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- AllocatedRequest = FALSE;
- ConfigRequestHdr = NULL;
- ConfigRequest = NULL;
- Size = 0;
-
- Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
-
- *Progress = Request;
-
- if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
- return EFI_NOT_FOUND;
- }
-
- ConfigRequest = Request;
- if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
- //
- // Request is set to NULL or OFFSET is NULL, construct full request string.
- //
- // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
- // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
- //
- ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Private->DriverHandle);
- Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
- ConfigRequest = AllocateZeroPool (Size);
- ASSERT (ConfigRequest != NULL);
- AllocatedRequest = TRUE;
- UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
- FreePool (ConfigRequestHdr);
- ConfigRequestHdr = NULL;
- }
-
- Status = gHiiConfigRouting->BlockToConfig (
- gHiiConfigRouting,
- ConfigRequest,
- (UINT8 *) &Private->TlsAuthConfigNvData,
- BufferSize,
- Results,
- Progress
- );
-
- //
- // Free the allocated config request string.
- //
- if (AllocatedRequest) {
- FreePool (ConfigRequest);
- }
-
- //
- // Set Progress string to the original request string.
- //
- if (Request == NULL) {
- *Progress = NULL;
- } else if (StrStr (Request, L"OFFSET") == NULL) {
- *Progress = Request + StrLen (Request);
- }
-
- return Status;
-}
-
-/**
-
- This function applies changes in a driver's configuration.
- Input is a Configuration, which has the routing data for this
- driver followed by name / value configuration pairs. The driver
- must apply those pairs to its configurable storage. If the
- driver's configuration is stored in a linear block of data
- and the driver's name / value pairs are in <BlockConfig>
- format, it may use the ConfigToBlock helper function (above) to
- simplify the job.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Configuration A null-terminated Unicode string in
- <ConfigString> format.
-
- @param Progress A pointer to a string filled in with the
- offset of the most recent '&' before the
- first failing name / value pair (or the
- beginn ing of the string if the failure
- is in the first name / value pair) or
- the terminating NULL if all was
- successful.
-
- @retval EFI_SUCCESS The results have been distributed or are
- awaiting distribution.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
- Results parameter would result
- in this type of error.
-
- @retval EFI_NOT_FOUND Target for the specified routing data
- was not found
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessRouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
- )
-{
- EFI_STATUS Status;
- UINTN BufferSize;
- TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
-
- if (Progress == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- *Progress = Configuration;
-
- if (Configuration == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Check routing data in <ConfigHdr>.
- // Note: there is no name for Name/Value storage, only GUID will be checked
- //
- if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
- return EFI_NOT_FOUND;
- }
-
- Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
-
- Status = gHiiConfigRouting->ConfigToBlock (
- gHiiConfigRouting,
- Configuration,
- (UINT8 *) &Private->TlsAuthConfigNvData,
- &BufferSize,
- Progress
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- return Status;
-}
-
-/**
-
- This function is called to provide results data to the driver.
- This data consists of a unique key that is used to identify
- which data is either being passed back or being asked for.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param Action Specifies the type of action taken by the browser.
- @param QuestionId A unique value which is sent to the original
- exporting driver so that it can identify the type
- of data to expect. The format of the data tends to
- vary based on the opcode that generated the callback.
- @param Type The type of value for the question.
- @param Value A pointer to the data being sent to the original
- exporting driver.
- @param ActionRequest On return, points to the action requested by the
- callback function.
-
- @retval EFI_SUCCESS The callback successfully handled the action.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
- variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved.
- @retval EFI_UNSUPPORTED The specified Action is not supported by the
- callback.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessCallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN OUT EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
- )
-{
- EFI_INPUT_KEY Key;
- EFI_STATUS Status;
- RETURN_STATUS RStatus;
- TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
- UINTN BufferSize;
- TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData;
- UINT16 LabelId;
- EFI_DEVICE_PATH_PROTOCOL *File;
-
- Status = EFI_SUCCESS;
- File = NULL;
-
- if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
- mTlsAuthPrivateData = Private;
-
- //
- // Retrieve uncommitted data from Browser
- //
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- IfrNvData = AllocateZeroPool (BufferSize);
- if (IfrNvData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8 *) IfrNvData);
-
- if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
- (Action != EFI_BROWSER_ACTION_CHANGING)) {
- Status = EFI_UNSUPPORTED;
- goto EXIT;
- }
-
- if (Action == EFI_BROWSER_ACTION_CHANGING) {
- switch (QuestionId) {
- case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:
- case KEY_TLS_AUTH_CONFIG_SERVER_CA:
- //
- // Clear Cert GUID.
- //
- ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));
- if (Private->CertGuid == NULL) {
- Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
- if (Private->CertGuid == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- }
- if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {
- LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;
- } else {
- LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;
- }
-
- //
- // Refresh selected file.
- //
- CleanUpPage (LabelId, Private);
- break;
- case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:
- ChooseFile( NULL, NULL, UpdateCAFromFile, &File);
- break;
-
- case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:
- Status = EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIABLE);
- if (EFI_ERROR (Status)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"ERROR: Enroll Cert Failure!",
- NULL
- );
- }
- break;
-
- case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:
- if (Private->FileContext->FHandle != NULL) {
- CloseFile (Private->FileContext->FHandle);
- Private->FileContext->FHandle = NULL;
- if (Private->FileContext->FileName!= NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
- }
-
- if (Private->CertGuid!= NULL) {
- FreePool (Private->CertGuid);
- Private->CertGuid = NULL;
- }
- break;
-
- case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
- UpdateDeletePage (
- Private,
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- LABEL_CA_DELETE,
- TLS_AUTH_CONFIG_FORMID5_FORM,
- OPTION_DEL_CA_ESTION_ID
- );
- break;
-
- default:
- if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
- (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE))) {
- DeleteCert (
- Private,
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- LABEL_CA_DELETE,
- TLS_AUTH_CONFIG_FORMID5_FORM,
- OPTION_DEL_CA_ESTION_ID,
- QuestionId - OPTION_DEL_CA_ESTION_ID
- );
- }
- break;
- }
- } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
- switch (QuestionId) {
- case KEY_TLS_AUTH_CONFIG_CERT_GUID:
- ASSERT (Private->CertGuid != NULL);
- RStatus = StrToGuid (
- IfrNvData->CertGuid,
- Private->CertGuid
- );
- if (RETURN_ERROR (RStatus) || (IfrNvData->CertGuid[GUID_STRING_LENGTH] != L'\0')) {
- Status = EFI_INVALID_PARAMETER;
- break;
- }
-
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- break;
- default:
- break;
- }
- }
-
-EXIT:
-
- if (!EFI_ERROR (Status)) {
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
- }
-
- FreePool (IfrNvData);
-
- if (File != NULL){
- FreePool(File);
- File = NULL;
- }
-
- return EFI_SUCCESS;
-
-}
+/** @file\r
+ The Miscellaneous Routines for TlsAuthConfigDxe driver.\r
+\r
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsAuthConfigImpl.h"\r
+\r
+VOID *mStartOpCodeHandle = NULL;\r
+VOID *mEndOpCodeHandle = NULL;\r
+EFI_IFR_GUID_LABEL *mStartLabel = NULL;\r
+EFI_IFR_GUID_LABEL *mEndLabel = NULL;\r
+\r
+\r
+CHAR16 mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";\r
+\r
+TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;\r
+\r
+HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath = {\r
+ {\r
+ {\r
+ HARDWARE_DEVICE_PATH,\r
+ HW_VENDOR_DP,\r
+ {\r
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),\r
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)\r
+ }\r
+ },\r
+ TLS_AUTH_CONFIG_GUID\r
+ },\r
+ {\r
+ END_DEVICE_PATH_TYPE,\r
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,\r
+ {\r
+ (UINT8) (END_DEVICE_PATH_LENGTH),\r
+ (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)\r
+ }\r
+ }\r
+};\r
+\r
+//\r
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.\r
+//\r
+CHAR16* mDerPemEncodedSuffix[] = {\r
+ L".cer",\r
+ L".der",\r
+ L".crt",\r
+ L".pem",\r
+ NULL\r
+};\r
+\r
+/**\r
+ This code checks if the FileSuffix is one of the possible DER/PEM-encoded certificate suffix.\r
+\r
+ @param[in] FileSuffix The suffix of the input certificate file\r
+\r
+ @retval TRUE It's a DER/PEM-encoded certificate.\r
+ @retval FALSE It's NOT a DER/PEM-encoded certificate.\r
+\r
+**/\r
+BOOLEAN\r
+IsDerPemEncodeCertificate (\r
+ IN CONST CHAR16 *FileSuffix\r
+)\r
+{\r
+ UINTN Index;\r
+ for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {\r
+ if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {\r
+ return TRUE;\r
+ }\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Worker function that prints an EFI_GUID into specified Buffer.\r
+\r
+ @param[in] Guid Pointer to GUID to print.\r
+ @param[in] Buffer Buffer to print Guid into.\r
+ @param[in] BufferSize Size of Buffer.\r
+\r
+ @retval Number of characters printed.\r
+\r
+**/\r
+UINTN\r
+GuidToString (\r
+ IN EFI_GUID *Guid,\r
+ IN CHAR16 *Buffer,\r
+ IN UINTN BufferSize\r
+ )\r
+{\r
+ return UnicodeSPrint (\r
+ Buffer,\r
+ BufferSize,\r
+ L"%g",\r
+ Guid\r
+ );\r
+}\r
+\r
+/**\r
+ List all cert in specified database by GUID in the page\r
+ for user to select and delete as needed.\r
+\r
+ @param[in] PrivateData Module's private data.\r
+ @param[in] VariableName The variable name of the vendor's signature database.\r
+ @param[in] VendorGuid A unique identifier for the vendor.\r
+ @param[in] LabelNumber Label number to insert opcodes.\r
+ @param[in] FormId Form ID of current page.\r
+ @param[in] QuestionIdBase Base question id of the signature list.\r
+\r
+ @retval EFI_SUCCESS Success to update the signature list page\r
+ @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.\r
+\r
+**/\r
+EFI_STATUS\r
+UpdateDeletePage (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT16 LabelNumber,\r
+ IN EFI_FORM_ID FormId,\r
+ IN EFI_QUESTION_ID QuestionIdBase\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT32 Index;\r
+ UINTN CertCount;\r
+ UINTN GuidIndex;\r
+ VOID *StartOpCodeHandle;\r
+ VOID *EndOpCodeHandle;\r
+ EFI_IFR_GUID_LABEL *StartLabel;\r
+ EFI_IFR_GUID_LABEL *EndLabel;\r
+ UINTN DataSize;\r
+ UINT8 *Data;\r
+ EFI_SIGNATURE_LIST *CertList;\r
+ EFI_SIGNATURE_DATA *Cert;\r
+ UINT32 ItemDataSize;\r
+ CHAR16 *GuidStr;\r
+ EFI_STRING_ID GuidID;\r
+ EFI_STRING_ID Help;\r
+\r
+ Data = NULL;\r
+ CertList = NULL;\r
+ Cert = NULL;\r
+ GuidStr = NULL;\r
+ StartOpCodeHandle = NULL;\r
+ EndOpCodeHandle = NULL;\r
+\r
+ //\r
+ // Initialize the container for dynamic opcodes.\r
+ //\r
+ StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (StartOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (EndOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Create Hii Extend Label OpCode.\r
+ //\r
+ StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+ StartOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ StartLabel->Number = LabelNumber;\r
+\r
+ EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+ EndOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ EndLabel->Number = LABEL_END;\r
+\r
+ //\r
+ // Read Variable.\r
+ //\r
+ DataSize = 0;\r
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);\r
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Data = (UINT8 *) AllocateZeroPool (DataSize);\r
+ if (Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ GuidStr = AllocateZeroPool (100);\r
+ if (GuidStr == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Enumerate all data.\r
+ //\r
+ ItemDataSize = (UINT32) DataSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) Data;\r
+ GuidIndex = 0;\r
+\r
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+\r
+ if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
+ Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);\r
+ } else {\r
+ //\r
+ // The signature type is not supported in current implementation.\r
+ //\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+ continue;\r
+ }\r
+\r
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+ for (Index = 0; Index < CertCount; Index++) {\r
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList\r
+ + sizeof (EFI_SIGNATURE_LIST)\r
+ + CertList->SignatureHeaderSize\r
+ + Index * CertList->SignatureSize);\r
+ //\r
+ // Display GUID and help\r
+ //\r
+ GuidToString (&Cert->SignatureOwner, GuidStr, 100);\r
+ GuidID = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);\r
+ HiiCreateCheckBoxOpCode (\r
+ StartOpCodeHandle,\r
+ (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),\r
+ 0,\r
+ 0,\r
+ GuidID,\r
+ Help,\r
+ EFI_IFR_FLAG_CALLBACK,\r
+ 0,\r
+ NULL\r
+ );\r
+ }\r
+\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+ }\r
+\r
+ON_EXIT:\r
+ HiiUpdateForm (\r
+ Private->RegisteredHandle,\r
+ &gTlsAuthConfigGuid,\r
+ FormId,\r
+ StartOpCodeHandle,\r
+ EndOpCodeHandle\r
+ );\r
+\r
+ if (StartOpCodeHandle != NULL) {\r
+ HiiFreeOpCodeHandle (StartOpCodeHandle);\r
+ }\r
+\r
+ if (EndOpCodeHandle != NULL) {\r
+ HiiFreeOpCodeHandle (EndOpCodeHandle);\r
+ }\r
+\r
+ if (Data != NULL) {\r
+ FreePool (Data);\r
+ }\r
+\r
+ if (GuidStr != NULL) {\r
+ FreePool (GuidStr);\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Delete one entry from cert database.\r
+\r
+ @param[in] PrivateData Module's private data.\r
+ @param[in] VariableName The variable name of the database.\r
+ @param[in] VendorGuid A unique identifier for the vendor.\r
+ @param[in] LabelNumber Label number to insert opcodes.\r
+ @param[in] FormId Form ID of current page.\r
+ @param[in] QuestionIdBase Base question id of the cert list.\r
+ @param[in] DeleteIndex Cert index to delete.\r
+\r
+ @retval EFI_SUCCESS Delete siganture successfully.\r
+ @retval EFI_NOT_FOUND Can't find the signature item,\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.\r
+**/\r
+EFI_STATUS\r
+DeleteCert (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT16 LabelNumber,\r
+ IN EFI_FORM_ID FormId,\r
+ IN EFI_QUESTION_ID QuestionIdBase,\r
+ IN UINTN DeleteIndex\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN DataSize;\r
+ UINT8 *Data;\r
+ UINT8 *OldData;\r
+ UINT32 Attr;\r
+ UINT32 Index;\r
+ EFI_SIGNATURE_LIST *CertList;\r
+ EFI_SIGNATURE_LIST *NewCertList;\r
+ EFI_SIGNATURE_DATA *Cert;\r
+ UINTN CertCount;\r
+ UINT32 Offset;\r
+ BOOLEAN IsItemFound;\r
+ UINT32 ItemDataSize;\r
+ UINTN GuidIndex;\r
+\r
+ Data = NULL;\r
+ OldData = NULL;\r
+ CertList = NULL;\r
+ Cert = NULL;\r
+ Attr = 0;\r
+\r
+ //\r
+ // Get original signature list data.\r
+ //\r
+ DataSize = 0;\r
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);\r
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ OldData = (UINT8 *) AllocateZeroPool (DataSize);\r
+ if (OldData == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);\r
+ if (EFI_ERROR(Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Allocate space for new variable.\r
+ //\r
+ Data = (UINT8*) AllocateZeroPool (DataSize);\r
+ if (Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Enumerate all data and erasing the target item.\r
+ //\r
+ IsItemFound = FALSE;\r
+ ItemDataSize = (UINT32) DataSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) OldData;\r
+ Offset = 0;\r
+ GuidIndex = 0;\r
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+ if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
+ //\r
+ // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.\r
+ //\r
+ CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));\r
+ NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);\r
+ Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+ for (Index = 0; Index < CertCount; Index++) {\r
+ if (GuidIndex == DeleteIndex) {\r
+ //\r
+ // Find it! Skip it!\r
+ //\r
+ NewCertList->SignatureListSize -= CertList->SignatureSize;\r
+ IsItemFound = TRUE;\r
+ } else {\r
+ //\r
+ // This item doesn't match. Copy it to the Data buffer.\r
+ //\r
+ CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);\r
+ Offset += CertList->SignatureSize;\r
+ }\r
+ GuidIndex++;\r
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
+ }\r
+ } else {\r
+ //\r
+ // This List doesn't match. Just copy it to the Data buffer.\r
+ //\r
+ CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);\r
+ Offset += CertList->SignatureListSize;\r
+ }\r
+\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+ }\r
+\r
+ if (!IsItemFound) {\r
+ //\r
+ // Doesn't find the signature Item!\r
+ //\r
+ Status = EFI_NOT_FOUND;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.\r
+ //\r
+ ItemDataSize = Offset;\r
+ CertList = (EFI_SIGNATURE_LIST *) Data;\r
+ Offset = 0;\r
+ ZeroMem (OldData, ItemDataSize);\r
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {\r
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+ DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));\r
+ if (CertCount != 0) {\r
+ CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);\r
+ Offset += CertList->SignatureListSize;\r
+ }\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+ }\r
+\r
+ DataSize = Offset;\r
+\r
+ Status = gRT->SetVariable(\r
+ VariableName,\r
+ VendorGuid,\r
+ Attr,\r
+ DataSize,\r
+ OldData\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ON_EXIT:\r
+ if (Data != NULL) {\r
+ FreePool(Data);\r
+ }\r
+\r
+ if (OldData != NULL) {\r
+ FreePool(OldData);\r
+ }\r
+\r
+ return UpdateDeletePage (\r
+ Private,\r
+ VariableName,\r
+ VendorGuid,\r
+ LabelNumber,\r
+ FormId,\r
+ QuestionIdBase\r
+ );\r
+}\r
+\r
+\r
+/**\r
+ Close an open file handle.\r
+\r
+ @param[in] FileHandle The file handle to close.\r
+\r
+**/\r
+VOID\r
+CloseFile (\r
+ IN EFI_FILE_HANDLE FileHandle\r
+ )\r
+{\r
+ if (FileHandle != NULL) {\r
+ FileHandle->Close (FileHandle);\r
+ }\r
+}\r
+\r
+/**\r
+ Read file content into BufferPtr, the size of the allocate buffer\r
+ is *FileSize plus AddtionAllocateSize.\r
+\r
+ @param[in] FileHandle The file to be read.\r
+ @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.\r
+ @param[out] FileSize Size of input file\r
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.\r
+ In case the buffer need to contain others besides the file content.\r
+\r
+ @retval EFI_SUCCESS The file was read into the buffer.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval others Unexpected error.\r
+\r
+**/\r
+EFI_STATUS\r
+ReadFileContent (\r
+ IN EFI_FILE_HANDLE FileHandle,\r
+ IN OUT VOID **BufferPtr,\r
+ OUT UINTN *FileSize,\r
+ IN UINTN AddtionAllocateSize\r
+ )\r
+\r
+{\r
+ UINTN BufferSize;\r
+ UINT64 SourceFileSize;\r
+ VOID *Buffer;\r
+ EFI_STATUS Status;\r
+\r
+ if ((FileHandle == NULL) || (FileSize == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ Buffer = NULL;\r
+\r
+ //\r
+ // Get the file size\r
+ //\r
+ Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = FileHandle->SetPosition (FileHandle, 0);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;\r
+ Buffer = AllocateZeroPool(BufferSize);\r
+ if (Buffer == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ BufferSize = (UINTN) SourceFileSize;\r
+ *FileSize = BufferSize;\r
+\r
+ Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);\r
+ if (EFI_ERROR (Status) || BufferSize != *FileSize) {\r
+ FreePool (Buffer);\r
+ Buffer = NULL;\r
+ Status = EFI_BAD_BUFFER_SIZE;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ON_EXIT:\r
+\r
+ *BufferPtr = Buffer;\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function will open a file or directory referenced by DevicePath.\r
+\r
+ This function opens a file with the open mode according to the file path. The\r
+ Attributes is valid only for EFI_FILE_MODE_CREATE.\r
+\r
+ @param[in, out] FilePath On input, the device path to the file.\r
+ On output, the remaining device path.\r
+ @param[out] FileHandle Pointer to the file handle.\r
+ @param[in] OpenMode The mode to open the file with.\r
+ @param[in] Attributes The file's file attributes.\r
+\r
+ @retval EFI_SUCCESS The information was set.\r
+ @retval EFI_INVALID_PARAMETER One of the parameters has an invalid value.\r
+ @retval EFI_UNSUPPORTED Could not open the file path.\r
+ @retval EFI_NOT_FOUND The specified file could not be found on the\r
+ device or the file system could not be found on\r
+ the device.\r
+ @retval EFI_NO_MEDIA The device has no medium.\r
+ @retval EFI_MEDIA_CHANGED The device has a different medium in it or the\r
+ medium is no longer supported.\r
+ @retval EFI_DEVICE_ERROR The device reported an error.\r
+ @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.\r
+ @retval EFI_WRITE_PROTECTED The file or medium is write protected.\r
+ @retval EFI_ACCESS_DENIED The file was opened read only.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough resources were available to open the\r
+ file.\r
+ @retval EFI_VOLUME_FULL The volume is full.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+OpenFileByDevicePath (\r
+ IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,\r
+ OUT EFI_FILE_HANDLE *FileHandle,\r
+ IN UINT64 OpenMode,\r
+ IN UINT64 Attributes\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;\r
+ EFI_FILE_PROTOCOL *Handle1;\r
+ EFI_FILE_PROTOCOL *Handle2;\r
+ EFI_HANDLE DeviceHandle;\r
+\r
+ if ((FilePath == NULL || FileHandle == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ Status = gBS->LocateDevicePath (\r
+ &gEfiSimpleFileSystemProtocolGuid,\r
+ FilePath,\r
+ &DeviceHandle\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ Status = gBS->OpenProtocol(\r
+ DeviceHandle,\r
+ &gEfiSimpleFileSystemProtocolGuid,\r
+ (VOID**)&EfiSimpleFileSystemProtocol,\r
+ gImageHandle,\r
+ NULL,\r
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ Status = EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);\r
+ if (EFI_ERROR (Status)) {\r
+ FileHandle = NULL;\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // go down directories one node at a time.\r
+ //\r
+ while (!IsDevicePathEnd (*FilePath)) {\r
+ //\r
+ // For file system access each node should be a file path component\r
+ //\r
+ if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||\r
+ DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP\r
+ ) {\r
+ FileHandle = NULL;\r
+ return (EFI_INVALID_PARAMETER);\r
+ }\r
+ //\r
+ // Open this file path node\r
+ //\r
+ Handle2 = Handle1;\r
+ Handle1 = NULL;\r
+\r
+ //\r
+ // Try to test opening an existing file\r
+ //\r
+ Status = Handle2->Open (\r
+ Handle2,\r
+ &Handle1,\r
+ ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,\r
+ OpenMode &~EFI_FILE_MODE_CREATE,\r
+ 0\r
+ );\r
+\r
+ //\r
+ // see if the error was that it needs to be created\r
+ //\r
+ if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode &~EFI_FILE_MODE_CREATE))) {\r
+ Status = Handle2->Open (\r
+ Handle2,\r
+ &Handle1,\r
+ ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,\r
+ OpenMode,\r
+ Attributes\r
+ );\r
+ }\r
+ //\r
+ // Close the last node\r
+ //\r
+ Handle2->Close (Handle2);\r
+\r
+ if (EFI_ERROR(Status)) {\r
+ return (Status);\r
+ }\r
+\r
+ //\r
+ // Get the next node\r
+ //\r
+ *FilePath = NextDevicePathNode (*FilePath);\r
+ }\r
+\r
+ //\r
+ // This is a weak spot since if the undefined SHELL_FILE_HANDLE format changes this must change also!\r
+ //\r
+ *FileHandle = (VOID*)Handle1;\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function converts an input device structure to a Unicode string.\r
+\r
+ @param[in] DevPath A pointer to the device path structure.\r
+\r
+ @return A new allocated Unicode string that represents the device path.\r
+\r
+**/\r
+CHAR16 *\r
+EFIAPI\r
+DevicePathToStr (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath\r
+ )\r
+{\r
+ return ConvertDevicePathToText (\r
+ DevPath,\r
+ FALSE,\r
+ TRUE\r
+ );\r
+}\r
+\r
+\r
+/**\r
+ Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.\r
+ The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL\r
+ means not enough memory resource.\r
+\r
+ @param DevicePath Device path.\r
+\r
+ @retval NULL Not enough memory resourece for AllocateCopyPool.\r
+ @retval Other A new allocated string that represents the file name.\r
+\r
+**/\r
+CHAR16 *\r
+ExtractFileNameFromDevicePath (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r
+ )\r
+{\r
+ CHAR16 *String;\r
+ CHAR16 *MatchString;\r
+ CHAR16 *LastMatch;\r
+ CHAR16 *FileName;\r
+ UINTN Length;\r
+\r
+ ASSERT(DevicePath != NULL);\r
+\r
+ String = DevicePathToStr(DevicePath);\r
+ MatchString = String;\r
+ LastMatch = String;\r
+ FileName = NULL;\r
+\r
+ while(MatchString != NULL){\r
+ LastMatch = MatchString + 1;\r
+ MatchString = StrStr(LastMatch,L"\\");\r
+ }\r
+\r
+ Length = StrLen(LastMatch);\r
+ FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);\r
+ if (FileName != NULL) {\r
+ *(FileName + Length) = 0;\r
+ }\r
+\r
+ FreePool(String);\r
+\r
+ return FileName;\r
+}\r
+\r
+/**\r
+ Enroll a new X509 certificate into Variable.\r
+\r
+ @param[in] PrivateData The module's private data.\r
+ @param[in] VariableName Variable name of CA database.\r
+\r
+ @retval EFI_SUCCESS New X509 is enrolled successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.\r
+\r
+**/\r
+EFI_STATUS\r
+EnrollX509toVariable (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,\r
+ IN CHAR16 *VariableName\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN X509DataSize;\r
+ VOID *X509Data;\r
+ EFI_SIGNATURE_LIST *CACert;\r
+ EFI_SIGNATURE_DATA *CACertData;\r
+ VOID *Data;\r
+ UINTN DataSize;\r
+ UINTN SigDataSize;\r
+ UINT32 Attr;\r
+\r
+ X509DataSize = 0;\r
+ SigDataSize = 0;\r
+ DataSize = 0;\r
+ X509Data = NULL;\r
+ CACert = NULL;\r
+ CACertData = NULL;\r
+ Data = NULL;\r
+\r
+ Status = ReadFileContent (\r
+ Private->FileContext->FHandle,\r
+ &X509Data,\r
+ &X509DataSize,\r
+ 0\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+ ASSERT (X509Data != NULL);\r
+\r
+ SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;\r
+\r
+ Data = AllocateZeroPool (SigDataSize);\r
+ if (Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Fill Certificate Database parameters.\r
+ //\r
+ CACert = (EFI_SIGNATURE_LIST*) Data;\r
+ CACert->SignatureListSize = (UINT32) SigDataSize;\r
+ CACert->SignatureHeaderSize = 0;\r
+ CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);\r
+ CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);\r
+\r
+ CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIGNATURE_LIST));\r
+ CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);\r
+ CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);\r
+\r
+ //\r
+ // Check if signature database entry has been already existed.\r
+ // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the\r
+ // new signature data to original variable\r
+ //\r
+ Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;\r
+\r
+ Status = gRT->GetVariable(\r
+ VariableName,\r
+ &gEfiTlsCaCertificateGuid,\r
+ NULL,\r
+ &DataSize,\r
+ NULL\r
+ );\r
+ if (Status == EFI_BUFFER_TOO_SMALL) {\r
+ Attr |= EFI_VARIABLE_APPEND_WRITE;\r
+ } else if (Status != EFI_NOT_FOUND) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = gRT->SetVariable(\r
+ VariableName,\r
+ &gEfiTlsCaCertificateGuid,\r
+ Attr,\r
+ SigDataSize,\r
+ Data\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ON_EXIT:\r
+\r
+ CloseFile (Private->FileContext->FHandle);\r
+ if (Private->FileContext->FileName != NULL) {\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
+\r
+ Private->FileContext->FHandle = NULL;\r
+\r
+ if (Private->CertGuid != NULL) {\r
+ FreePool (Private->CertGuid);\r
+ Private->CertGuid = NULL;\r
+ }\r
+\r
+ if (Data != NULL) {\r
+ FreePool (Data);\r
+ }\r
+\r
+ if (X509Data != NULL) {\r
+ FreePool (X509Data);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.\r
+\r
+ @param[in] PrivateData The module's private data.\r
+ @param[in] VariableName Variable name of signature database.\r
+\r
+ @retval EFI_SUCCESS New Cert enrolled successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED The Cert file is unsupported type.\r
+ @retval others Fail to enroll Cert data.\r
+\r
+**/\r
+EFI_STATUS\r
+EnrollCertDatabase (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,\r
+ IN CHAR16 *VariableName\r
+ )\r
+{\r
+ UINT16* FilePostFix;\r
+ UINTN NameLength;\r
+\r
+ if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->CertGuid == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Parse the file's postfix.\r
+ //\r
+ NameLength = StrLen (Private->FileContext->FileName);\r
+ if (NameLength <= 4) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;\r
+\r
+ if (IsDerPemEncodeCertificate (FilePostFix)) {\r
+ //\r
+ // Supports DER-encoded X509 certificate.\r
+ //\r
+ return EnrollX509toVariable (Private, VariableName);\r
+ }\r
+\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Refresh the global UpdateData structure.\r
+\r
+**/\r
+VOID\r
+RefreshUpdateData (\r
+ VOID\r
+ )\r
+{\r
+ //\r
+ // Free current updated date\r
+ //\r
+ if (mStartOpCodeHandle != NULL) {\r
+ HiiFreeOpCodeHandle (mStartOpCodeHandle);\r
+ }\r
+\r
+ //\r
+ // Create new OpCode Handle\r
+ //\r
+ mStartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+\r
+ //\r
+ // Create Hii Extend Label OpCode as the start opcode\r
+ //\r
+ mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+ mStartOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+}\r
+\r
+/**\r
+ Clean up the dynamic opcode at label and form specified by both LabelId.\r
+\r
+ @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.\r
+ @param[in] PrivateData Module private data.\r
+\r
+**/\r
+VOID\r
+CleanUpPage (\r
+ IN UINT16 LabelId,\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData\r
+ )\r
+{\r
+ RefreshUpdateData ();\r
+\r
+ //\r
+ // Remove all op-codes from dynamic page\r
+ //\r
+ mStartLabel->Number = LabelId;\r
+ HiiUpdateForm (\r
+ PrivateData->RegisteredHandle,\r
+ &gTlsAuthConfigGuid,\r
+ LabelId,\r
+ mStartOpCodeHandle, // Label LabelId\r
+ mEndOpCodeHandle // LABEL_END\r
+ );\r
+}\r
+\r
+/**\r
+ Update the form base on the selected file.\r
+\r
+ @param FilePath Point to the file path.\r
+ @param FormId The form need to display.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+\r
+**/\r
+BOOLEAN\r
+UpdatePage(\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath,\r
+ IN EFI_FORM_ID FormId\r
+ )\r
+{\r
+ CHAR16 *FileName;\r
+ EFI_STRING_ID StringToken;\r
+\r
+ FileName = NULL;\r
+\r
+ if (FilePath != NULL) {\r
+ FileName = ExtractFileNameFromDevicePath(FilePath);\r
+ }\r
+ if (FileName == NULL) {\r
+ //\r
+ // FileName = NULL has two case:\r
+ // 1. FilePath == NULL, not select file.\r
+ // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.\r
+ // In these two case, no need to update the form, and exit the caller function.\r
+ //\r
+ return TRUE;\r
+ }\r
+ StringToken = HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0, FileName, NULL);\r
+\r
+ mTlsAuthPrivateData->FileContext->FileName = FileName;\r
+\r
+ OpenFileByDevicePath (\r
+ &FilePath,\r
+ &mTlsAuthPrivateData->FileContext->FHandle,\r
+ EFI_FILE_MODE_READ,\r
+ 0\r
+ );\r
+ //\r
+ // Create Subtitle op-code for the display string of the option.\r
+ //\r
+ RefreshUpdateData ();\r
+ mStartLabel->Number = FormId;\r
+\r
+ HiiCreateSubTitleOpCode (\r
+ mStartOpCodeHandle,\r
+ StringToken,\r
+ 0,\r
+ 0,\r
+ 0\r
+ );\r
+\r
+ HiiUpdateForm (\r
+ mTlsAuthPrivateData->RegisteredHandle,\r
+ &gTlsAuthConfigGuid,\r
+ FormId,\r
+ mStartOpCodeHandle, /// Label FormId\r
+ mEndOpCodeHandle /// LABEL_END\r
+ );\r
+\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ Update the form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateCAFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ )\r
+{\r
+ return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);\r
+}\r
+\r
+/**\r
+ Unload the configuration form, this includes: delete all the configuration\r
+ entries, uninstall the form callback protocol, and free the resources used.\r
+\r
+ @param[in] Private Pointer to the driver private data.\r
+\r
+ @retval EFI_SUCCESS The configuration form is unloaded.\r
+ @retval Others Failed to unload the form.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsAuthConfigFormUnload (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private\r
+ )\r
+{\r
+ if (Private->DriverHandle != NULL) {\r
+ //\r
+ // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL\r
+ //\r
+ gBS->UninstallMultipleProtocolInterfaces (\r
+ Private->DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mTlsAuthConfigHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ &Private->ConfigAccess,\r
+ NULL\r
+ );\r
+ Private->DriverHandle = NULL;\r
+ }\r
+\r
+ if (Private->RegisteredHandle != NULL) {\r
+ //\r
+ // Remove HII package list\r
+ //\r
+ HiiRemovePackages (Private->RegisteredHandle);\r
+ Private->RegisteredHandle = NULL;\r
+ }\r
+\r
+ if (Private->CertGuid != NULL) {\r
+ FreePool (Private->CertGuid);\r
+ }\r
+\r
+ if (Private->FileContext != NULL) {\r
+ FreePool (Private->FileContext);\r
+ }\r
+\r
+ FreePool (Private);\r
+\r
+ if (mStartOpCodeHandle != NULL) {\r
+ HiiFreeOpCodeHandle (mStartOpCodeHandle);\r
+ }\r
+\r
+ if (mEndOpCodeHandle != NULL) {\r
+ HiiFreeOpCodeHandle (mEndOpCodeHandle);\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+\r
+/**\r
+ Initialize the configuration form.\r
+\r
+ @param[in] Private Pointer to the driver private data.\r
+\r
+ @retval EFI_SUCCESS The configuration form is initialized.\r
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsAuthConfigFormInit (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;\r
+\r
+ Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;\r
+ Private->ConfigAccess.RouteConfig = TlsAuthConfigAccessRouteConfig;\r
+ Private->ConfigAccess.Callback = TlsAuthConfigAccessCallback;\r
+\r
+ //\r
+ // Install Device Path Protocol and Config Access protocol to driver handle.\r
+ //\r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ &Private->DriverHandle,\r
+ &gEfiDevicePathProtocolGuid,\r
+ &mTlsAuthConfigHiiVendorDevicePath,\r
+ &gEfiHiiConfigAccessProtocolGuid,\r
+ &Private->ConfigAccess,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Publish our HII data.\r
+ //\r
+ Private->RegisteredHandle = HiiAddPackages (\r
+ &gTlsAuthConfigGuid,\r
+ Private->DriverHandle,\r
+ TlsAuthConfigDxeStrings,\r
+ TlsAuthConfigVfrBin,\r
+ NULL\r
+ );\r
+ if (Private->RegisteredHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Error;\r
+ }\r
+\r
+ Private->FileContext = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_CONTEXT));\r
+ if (Private->FileContext == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Error;\r
+ }\r
+\r
+ //\r
+ // Init OpCode Handle and Allocate space for creation of Buffer\r
+ //\r
+ mStartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (mStartOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Error;\r
+ }\r
+\r
+ mEndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
+ if (mEndOpCodeHandle == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Error;\r
+ }\r
+\r
+ //\r
+ // Create Hii Extend Label OpCode as the start opcode\r
+ //\r
+ mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+ mStartOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+\r
+ //\r
+ // Create Hii Extend Label OpCode as the end opcode\r
+ //\r
+ mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
+ mEndOpCodeHandle,\r
+ &gEfiIfrTianoGuid,\r
+ NULL,\r
+ sizeof (EFI_IFR_GUID_LABEL)\r
+ );\r
+ mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
+ mEndLabel->Number = LABEL_END;\r
+\r
+ return EFI_SUCCESS;\r
+\r
+Error:\r
+ TlsAuthConfigFormUnload (Private);\r
+ return Status;\r
+}\r
+\r
+/**\r
+\r
+ This function allows the caller to request the current\r
+ configuration for one or more named elements. The resulting\r
+ string is in <ConfigAltResp> format. Any and all alternative\r
+ configuration strings shall also be appended to the end of the\r
+ current configuration string. If they are, they must appear\r
+ after the current configuration. They must contain the same\r
+ routing (GUID, NAME, PATH) as the current configuration string.\r
+ They must have an additional description indicating the type of\r
+ alternative configuration the string represents,\r
+ "ALTCFG=<StringToken>". That <StringToken> (when\r
+ converted from Hex UNICODE to binary) is a reference to a\r
+ string in the associated string pack.\r
+\r
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+\r
+ @param Request A null-terminated Unicode string in\r
+ <ConfigRequest> format. Note that this\r
+ includes the routing information as well as\r
+ the configurable name / value pairs. It is\r
+ invalid for this string to be in\r
+ <MultiConfigRequest> format.\r
+ If a NULL is passed in for the Request field,\r
+ all of the settings being abstracted by this function\r
+ will be returned in the Results field. In addition,\r
+ if a ConfigHdr is passed in with no request elements,\r
+ all of the settings being abstracted for that particular\r
+ ConfigHdr reference will be returned in the Results Field.\r
+\r
+ @param Progress On return, points to a character in the\r
+ Request string. Points to the string's null\r
+ terminator if request was successful. Points\r
+ to the most recent "&" before the first\r
+ failing name / value pair (or the beginning\r
+ of the string if the failure is in the first\r
+ name / value pair) if the request was not\r
+ successful.\r
+\r
+ @param Results A null-terminated Unicode string in\r
+ <MultiConfigAltResp> format which has all values\r
+ filled in for the names in the Request string.\r
+ String to be allocated by the called function.\r
+\r
+ @retval EFI_SUCCESS The Results string is filled with the\r
+ values corresponding to all requested\r
+ names.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the\r
+ parts of the results that must be\r
+ stored awaiting possible future\r
+ protocols.\r
+\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any\r
+ known driver. Progress set to the\r
+ first character in the routing header.\r
+ Note: There is no requirement that the\r
+ driver validate the routing data. It\r
+ must skip the <ConfigHdr> in order to\r
+ process the names.\r
+\r
+ @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set\r
+ to most recent "&" before the\r
+ error or the beginning of the\r
+ string.\r
+\r
+ @retval EFI_INVALID_PARAMETER Unknown name. Progress points\r
+ to the & before the name in\r
+ question.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessExtractConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Request,\r
+ OUT EFI_STRING *Progress,\r
+ OUT EFI_STRING *Results\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BufferSize;\r
+ UINTN Size;\r
+ EFI_STRING ConfigRequest;\r
+ EFI_STRING ConfigRequestHdr;\r
+ TLS_AUTH_CONFIG_PRIVATE_DATA *Private;\r
+ BOOLEAN AllocatedRequest;\r
+\r
+ if (Progress == NULL || Results == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ AllocatedRequest = FALSE;\r
+ ConfigRequestHdr = NULL;\r
+ ConfigRequest = NULL;\r
+ Size = 0;\r
+\r
+ Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);\r
+\r
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+ ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);\r
+\r
+ *Progress = Request;\r
+\r
+ if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ ConfigRequest = Request;\r
+ if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {\r
+ //\r
+ // Request is set to NULL or OFFSET is NULL, construct full request string.\r
+ //\r
+ // Allocate and fill a buffer large enough to hold the <ConfigHdr> template\r
+ // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator\r
+ //\r
+ ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Private->DriverHandle);\r
+ Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);\r
+ ConfigRequest = AllocateZeroPool (Size);\r
+ ASSERT (ConfigRequest != NULL);\r
+ AllocatedRequest = TRUE;\r
+ UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);\r
+ FreePool (ConfigRequestHdr);\r
+ ConfigRequestHdr = NULL;\r
+ }\r
+\r
+ Status = gHiiConfigRouting->BlockToConfig (\r
+ gHiiConfigRouting,\r
+ ConfigRequest,\r
+ (UINT8 *) &Private->TlsAuthConfigNvData,\r
+ BufferSize,\r
+ Results,\r
+ Progress\r
+ );\r
+\r
+ //\r
+ // Free the allocated config request string.\r
+ //\r
+ if (AllocatedRequest) {\r
+ FreePool (ConfigRequest);\r
+ }\r
+\r
+ //\r
+ // Set Progress string to the original request string.\r
+ //\r
+ if (Request == NULL) {\r
+ *Progress = NULL;\r
+ } else if (StrStr (Request, L"OFFSET") == NULL) {\r
+ *Progress = Request + StrLen (Request);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+\r
+ This function applies changes in a driver's configuration.\r
+ Input is a Configuration, which has the routing data for this\r
+ driver followed by name / value configuration pairs. The driver\r
+ must apply those pairs to its configurable storage. If the\r
+ driver's configuration is stored in a linear block of data\r
+ and the driver's name / value pairs are in <BlockConfig>\r
+ format, it may use the ConfigToBlock helper function (above) to\r
+ simplify the job.\r
+\r
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+\r
+ @param Configuration A null-terminated Unicode string in\r
+ <ConfigString> format.\r
+\r
+ @param Progress A pointer to a string filled in with the\r
+ offset of the most recent '&' before the\r
+ first failing name / value pair (or the\r
+ beginn ing of the string if the failure\r
+ is in the first name / value pair) or\r
+ the terminating NULL if all was\r
+ successful.\r
+\r
+ @retval EFI_SUCCESS The results have been distributed or are\r
+ awaiting distribution.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the\r
+ parts of the results that must be\r
+ stored awaiting possible future\r
+ protocols.\r
+\r
+ @retval EFI_INVALID_PARAMETERS Passing in a NULL for the\r
+ Results parameter would result\r
+ in this type of error.\r
+\r
+ @retval EFI_NOT_FOUND Target for the specified routing data\r
+ was not found\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessRouteConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Configuration,\r
+ OUT EFI_STRING *Progress\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN BufferSize;\r
+ TLS_AUTH_CONFIG_PRIVATE_DATA *Private;\r
+\r
+ if (Progress == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ *Progress = Configuration;\r
+\r
+ if (Configuration == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Check routing data in <ConfigHdr>.\r
+ // Note: there is no name for Name/Value storage, only GUID will be checked\r
+ //\r
+ if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);\r
+\r
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+ ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);\r
+\r
+ Status = gHiiConfigRouting->ConfigToBlock (\r
+ gHiiConfigRouting,\r
+ Configuration,\r
+ (UINT8 *) &Private->TlsAuthConfigNvData,\r
+ &BufferSize,\r
+ Progress\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+\r
+ This function is called to provide results data to the driver.\r
+ This data consists of a unique key that is used to identify\r
+ which data is either being passed back or being asked for.\r
+\r
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param Action Specifies the type of action taken by the browser.\r
+ @param QuestionId A unique value which is sent to the original\r
+ exporting driver so that it can identify the type\r
+ of data to expect. The format of the data tends to\r
+ vary based on the opcode that generated the callback.\r
+ @param Type The type of value for the question.\r
+ @param Value A pointer to the data being sent to the original\r
+ exporting driver.\r
+ @param ActionRequest On return, points to the action requested by the\r
+ callback function.\r
+\r
+ @retval EFI_SUCCESS The callback successfully handled the action.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
+ variable and its data.\r
+ @retval EFI_DEVICE_ERROR The variable could not be saved.\r
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the\r
+ callback.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessCallback (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN EFI_BROWSER_ACTION Action,\r
+ IN EFI_QUESTION_ID QuestionId,\r
+ IN UINT8 Type,\r
+ IN OUT EFI_IFR_TYPE_VALUE *Value,\r
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
+ )\r
+{\r
+ EFI_INPUT_KEY Key;\r
+ EFI_STATUS Status;\r
+ RETURN_STATUS RStatus;\r
+ TLS_AUTH_CONFIG_PRIVATE_DATA *Private;\r
+ UINTN BufferSize;\r
+ TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData;\r
+ UINT16 LabelId;\r
+ EFI_DEVICE_PATH_PROTOCOL *File;\r
+\r
+ Status = EFI_SUCCESS;\r
+ File = NULL;\r
+\r
+ if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);\r
+\r
+ mTlsAuthPrivateData = Private;\r
+\r
+ //\r
+ // Retrieve uncommitted data from Browser\r
+ //\r
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+ IfrNvData = AllocateZeroPool (BufferSize);\r
+ if (IfrNvData == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8 *) IfrNvData);\r
+\r
+ if ((Action != EFI_BROWSER_ACTION_CHANGED) &&\r
+ (Action != EFI_BROWSER_ACTION_CHANGING)) {\r
+ Status = EFI_UNSUPPORTED;\r
+ goto EXIT;\r
+ }\r
+\r
+ if (Action == EFI_BROWSER_ACTION_CHANGING) {\r
+ switch (QuestionId) {\r
+ case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:\r
+ case KEY_TLS_AUTH_CONFIG_SERVER_CA:\r
+ //\r
+ // Clear Cert GUID.\r
+ //\r
+ ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));\r
+ if (Private->CertGuid == NULL) {\r
+ Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));\r
+ if (Private->CertGuid == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ }\r
+ if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {\r
+ LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;\r
+ } else {\r
+ LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;\r
+ }\r
+\r
+ //\r
+ // Refresh selected file.\r
+ //\r
+ CleanUpPage (LabelId, Private);\r
+ break;\r
+ case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:\r
+ ChooseFile( NULL, NULL, UpdateCAFromFile, &File);\r
+ break;\r
+\r
+ case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:\r
+ Status = EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIABLE);\r
+ if (EFI_ERROR (Status)) {\r
+ CreatePopUp (\r
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
+ &Key,\r
+ L"ERROR: Enroll Cert Failure!",\r
+ NULL\r
+ );\r
+ }\r
+ break;\r
+\r
+ case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:\r
+ if (Private->FileContext->FHandle != NULL) {\r
+ CloseFile (Private->FileContext->FHandle);\r
+ Private->FileContext->FHandle = NULL;\r
+ if (Private->FileContext->FileName!= NULL){\r
+ FreePool(Private->FileContext->FileName);\r
+ Private->FileContext->FileName = NULL;\r
+ }\r
+ }\r
+\r
+ if (Private->CertGuid!= NULL) {\r
+ FreePool (Private->CertGuid);\r
+ Private->CertGuid = NULL;\r
+ }\r
+ break;\r
+\r
+ case KEY_TLS_AUTH_CONFIG_DELETE_CERT:\r
+ UpdateDeletePage (\r
+ Private,\r
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,\r
+ &gEfiTlsCaCertificateGuid,\r
+ LABEL_CA_DELETE,\r
+ TLS_AUTH_CONFIG_FORMID5_FORM,\r
+ OPTION_DEL_CA_ESTION_ID\r
+ );\r
+ break;\r
+\r
+ default:\r
+ if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&\r
+ (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE))) {\r
+ DeleteCert (\r
+ Private,\r
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,\r
+ &gEfiTlsCaCertificateGuid,\r
+ LABEL_CA_DELETE,\r
+ TLS_AUTH_CONFIG_FORMID5_FORM,\r
+ OPTION_DEL_CA_ESTION_ID,\r
+ QuestionId - OPTION_DEL_CA_ESTION_ID\r
+ );\r
+ }\r
+ break;\r
+ }\r
+ } else if (Action == EFI_BROWSER_ACTION_CHANGED) {\r
+ switch (QuestionId) {\r
+ case KEY_TLS_AUTH_CONFIG_CERT_GUID:\r
+ ASSERT (Private->CertGuid != NULL);\r
+ RStatus = StrToGuid (\r
+ IfrNvData->CertGuid,\r
+ Private->CertGuid\r
+ );\r
+ if (RETURN_ERROR (RStatus) || (IfrNvData->CertGuid[GUID_STRING_LENGTH] != L'\0')) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ break;\r
+ }\r
+\r
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;\r
+ break;\r
+ default:\r
+ break;\r
+ }\r
+ }\r
+\r
+EXIT:\r
+\r
+ if (!EFI_ERROR (Status)) {\r
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);\r
+ HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8*) IfrNvData, NULL);\r
+ }\r
+\r
+ FreePool (IfrNvData);\r
+\r
+ if (File != NULL){\r
+ FreePool(File);\r
+ File = NULL;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+\r
+}\r
+\r
-/** @file
- Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTH_CONFIG_IMPL_H__
-#define __TLS_AUTH_CONFIG_IMPL_H__
-
-#include <Uefi.h>
-
-#include <Protocol/HiiConfigAccess.h>
-#include <Protocol/SimpleFileSystem.h>
-
-//
-// Libraries
-//
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/BaseLib.h>
-#include <Library/UefiLib.h>
-#include <Library/DebugLib.h>
-#include <Library/DevicePathLib.h>
-#include <Library/HiiLib.h>
-#include <Library/UefiHiiServicesLib.h>
-#include <Library/FileExplorerLib.h>
-#include <Library/PrintLib.h>
-
-#include <Guid/MdeModuleHii.h>
-#include <Guid/ImageAuthentication.h>
-#include <Guid/TlsAuthentication.h>
-
-
-//
-// Include files with function prototypes
-//
-#include "TlsAuthConfigNvData.h"
-
-extern UINT8 TlsAuthConfigDxeStrings[];
-extern UINT8 TlsAuthConfigVfrBin[];
-
-#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')
-#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
-
-#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
-
-typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;
-typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;
-
-///
-/// HII specific Vendor Device Path definition.
-///
-typedef struct {
- VENDOR_DEVICE_PATH VendorDevicePath;
- EFI_DEVICE_PATH_PROTOCOL End;
-} HII_VENDOR_DEVICE_PATH;
-
-struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
- EFI_FILE_HANDLE FHandle;
- UINT16 *FileName;
-};
-
-struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
- UINTN Signature;
-
- EFI_HANDLE DriverHandle;
- EFI_HII_HANDLE RegisteredHandle;
- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
- TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
-
- TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
-
- EFI_GUID *CertGuid;
-};
-
-/**
- Unload the configuration form, this includes: delete all the configuration
- entries, uninstall the form callback protocol, and free the resources used.
- The form will only be unload completely when both IP4 and IP6 stack are stopped.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is unloaded.
- @retval Others Failed to unload the form.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormUnload (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- );
-
-/**
- Initialize the configuration form.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is initialized.
- @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormInit (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- );
-
-/**
-
- This function allows the caller to request the current
- configuration for one or more named elements. The resulting
- string is in <ConfigAltResp> format. Any and all alternative
- configuration strings shall also be appended to the end of the
- current configuration string. If they are, they must appear
- after the current configuration. They must contain the same
- routing (GUID, NAME, PATH) as the current configuration string.
- They must have an additional description indicating the type of
- alternative configuration the string represents,
- "ALTCFG=<StringToken>". That <StringToken> (when
- converted from Hex UNICODE to binary) is a reference to a
- string in the associated string pack.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Request A null-terminated Unicode string in
- <ConfigRequest> format. Note that this
- includes the routing information as well as
- the configurable name / value pairs. It is
- invalid for this string to be in
- <MultiConfigRequest> format.
- If a NULL is passed in for the Request field,
- all of the settings being abstracted by this function
- will be returned in the Results field. In addition,
- if a ConfigHdr is passed in with no request elements,
- all of the settings being abstracted for that particular
- ConfigHdr reference will be returned in the Results Field.
-
- @param Progress On return, points to a character in the
- Request string. Points to the string's null
- terminator if request was successful. Points
- to the most recent "&" before the first
- failing name / value pair (or the beginning
- of the string if the failure is in the first
- name / value pair) if the request was not
- successful.
-
- @param Results A null-terminated Unicode string in
- <MultiConfigAltResp> format which has all values
- filled in for the names in the Request string.
- String to be allocated by the called function.
-
- @retval EFI_SUCCESS The Results string is filled with the
- values corresponding to all requested
- names.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_NOT_FOUND Routing data doesn't match any
- known driver. Progress set to the
- first character in the routing header.
- Note: There is no requirement that the
- driver validate the routing data. It
- must skip the <ConfigHdr> in order to
- process the names.
-
- @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
- to most recent "&" before the
- error or the beginning of the
- string.
-
- @retval EFI_INVALID_PARAMETER Unknown name. Progress points
- to the & before the name in
- question.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
- );
-
-/**
-
- This function applies changes in a driver's configuration.
- Input is a Configuration, which has the routing data for this
- driver followed by name / value configuration pairs. The driver
- must apply those pairs to its configurable storage. If the
- driver's configuration is stored in a linear block of data
- and the driver's name / value pairs are in <BlockConfig>
- format, it may use the ConfigToBlock helper function (above) to
- simplify the job.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Configuration A null-terminated Unicode string in
- <ConfigString> format.
-
- @param Progress A pointer to a string filled in with the
- offset of the most recent '&' before the
- first failing name / value pair (or the
- beginn ing of the string if the failure
- is in the first name / value pair) or
- the terminating NULL if all was
- successful.
-
- @retval EFI_SUCCESS The results have been distributed or are
- awaiting distribution.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
- Results parameter would result
- in this type of error.
-
- @retval EFI_NOT_FOUND Target for the specified routing data
- was not found
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessRouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
- );
-
-/**
-
- This function is called to provide results data to the driver.
- This data consists of a unique key that is used to identify
- which data is either being passed back or being asked for.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param Action Specifies the type of action taken by the browser.
- @param QuestionId A unique value which is sent to the original
- exporting driver so that it can identify the type
- of data to expect. The format of the data tends to
- vary based on the opcode that generated the callback.
- @param Type The type of value for the question.
- @param Value A pointer to the data being sent to the original
- exporting driver.
- @param ActionRequest On return, points to the action requested by the
- callback function.
-
- @retval EFI_SUCCESS The callback successfully handled the action.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
- variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved.
- @retval EFI_UNSUPPORTED The specified Action is not supported by the
- callback.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessCallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN OUT EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
- );
-
-#endif
-
+/** @file\r
+ Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __TLS_AUTH_CONFIG_IMPL_H__\r
+#define __TLS_AUTH_CONFIG_IMPL_H__\r
+\r
+#include <Uefi.h>\r
+\r
+#include <Protocol/HiiConfigAccess.h>\r
+#include <Protocol/SimpleFileSystem.h>\r
+\r
+//\r
+// Libraries\r
+//\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/DevicePathLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Library/UefiHiiServicesLib.h>\r
+#include <Library/FileExplorerLib.h>\r
+#include <Library/PrintLib.h>\r
+\r
+#include <Guid/MdeModuleHii.h>\r
+#include <Guid/ImageAuthentication.h>\r
+#include <Guid/TlsAuthentication.h>\r
+\r
+\r
+//\r
+// Include files with function prototypes\r
+//\r
+#include "TlsAuthConfigNvData.h"\r
+\r
+extern UINT8 TlsAuthConfigDxeStrings[];\r
+extern UINT8 TlsAuthConfigVfrBin[];\r
+\r
+#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')\r
+#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+\r
+#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)\r
+\r
+typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;\r
+typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;\r
+\r
+///\r
+/// HII specific Vendor Device Path definition.\r
+///\r
+typedef struct {\r
+ VENDOR_DEVICE_PATH VendorDevicePath;\r
+ EFI_DEVICE_PATH_PROTOCOL End;\r
+} HII_VENDOR_DEVICE_PATH;\r
+\r
+struct _TLS_AUTH_CONFIG_FILE_CONTEXT {\r
+ EFI_FILE_HANDLE FHandle;\r
+ UINT16 *FileName;\r
+};\r
+\r
+struct _TLS_AUTH_CONFIG_PRIVATE_DATA {\r
+ UINTN Signature;\r
+\r
+ EFI_HANDLE DriverHandle;\r
+ EFI_HII_HANDLE RegisteredHandle;\r
+ EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;\r
+ TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;\r
+\r
+ TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;\r
+\r
+ EFI_GUID *CertGuid;\r
+};\r
+\r
+/**\r
+ Unload the configuration form, this includes: delete all the configuration\r
+ entries, uninstall the form callback protocol, and free the resources used.\r
+ The form will only be unload completely when both IP4 and IP6 stack are stopped.\r
+\r
+ @param[in] Private Pointer to the driver private data.\r
+\r
+ @retval EFI_SUCCESS The configuration form is unloaded.\r
+ @retval Others Failed to unload the form.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsAuthConfigFormUnload (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private\r
+ );\r
+\r
+/**\r
+ Initialize the configuration form.\r
+\r
+ @param[in] Private Pointer to the driver private data.\r
+\r
+ @retval EFI_SUCCESS The configuration form is initialized.\r
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsAuthConfigFormInit (\r
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private\r
+ );\r
+\r
+/**\r
+\r
+ This function allows the caller to request the current\r
+ configuration for one or more named elements. The resulting\r
+ string is in <ConfigAltResp> format. Any and all alternative\r
+ configuration strings shall also be appended to the end of the\r
+ current configuration string. If they are, they must appear\r
+ after the current configuration. They must contain the same\r
+ routing (GUID, NAME, PATH) as the current configuration string.\r
+ They must have an additional description indicating the type of\r
+ alternative configuration the string represents,\r
+ "ALTCFG=<StringToken>". That <StringToken> (when\r
+ converted from Hex UNICODE to binary) is a reference to a\r
+ string in the associated string pack.\r
+\r
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+\r
+ @param Request A null-terminated Unicode string in\r
+ <ConfigRequest> format. Note that this\r
+ includes the routing information as well as\r
+ the configurable name / value pairs. It is\r
+ invalid for this string to be in\r
+ <MultiConfigRequest> format.\r
+ If a NULL is passed in for the Request field,\r
+ all of the settings being abstracted by this function\r
+ will be returned in the Results field. In addition,\r
+ if a ConfigHdr is passed in with no request elements,\r
+ all of the settings being abstracted for that particular\r
+ ConfigHdr reference will be returned in the Results Field.\r
+\r
+ @param Progress On return, points to a character in the\r
+ Request string. Points to the string's null\r
+ terminator if request was successful. Points\r
+ to the most recent "&" before the first\r
+ failing name / value pair (or the beginning\r
+ of the string if the failure is in the first\r
+ name / value pair) if the request was not\r
+ successful.\r
+\r
+ @param Results A null-terminated Unicode string in\r
+ <MultiConfigAltResp> format which has all values\r
+ filled in for the names in the Request string.\r
+ String to be allocated by the called function.\r
+\r
+ @retval EFI_SUCCESS The Results string is filled with the\r
+ values corresponding to all requested\r
+ names.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the\r
+ parts of the results that must be\r
+ stored awaiting possible future\r
+ protocols.\r
+\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any\r
+ known driver. Progress set to the\r
+ first character in the routing header.\r
+ Note: There is no requirement that the\r
+ driver validate the routing data. It\r
+ must skip the <ConfigHdr> in order to\r
+ process the names.\r
+\r
+ @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set\r
+ to most recent "&" before the\r
+ error or the beginning of the\r
+ string.\r
+\r
+ @retval EFI_INVALID_PARAMETER Unknown name. Progress points\r
+ to the & before the name in\r
+ question.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessExtractConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Request,\r
+ OUT EFI_STRING *Progress,\r
+ OUT EFI_STRING *Results\r
+ );\r
+\r
+/**\r
+\r
+ This function applies changes in a driver's configuration.\r
+ Input is a Configuration, which has the routing data for this\r
+ driver followed by name / value configuration pairs. The driver\r
+ must apply those pairs to its configurable storage. If the\r
+ driver's configuration is stored in a linear block of data\r
+ and the driver's name / value pairs are in <BlockConfig>\r
+ format, it may use the ConfigToBlock helper function (above) to\r
+ simplify the job.\r
+\r
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+\r
+ @param Configuration A null-terminated Unicode string in\r
+ <ConfigString> format.\r
+\r
+ @param Progress A pointer to a string filled in with the\r
+ offset of the most recent '&' before the\r
+ first failing name / value pair (or the\r
+ beginn ing of the string if the failure\r
+ is in the first name / value pair) or\r
+ the terminating NULL if all was\r
+ successful.\r
+\r
+ @retval EFI_SUCCESS The results have been distributed or are\r
+ awaiting distribution.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the\r
+ parts of the results that must be\r
+ stored awaiting possible future\r
+ protocols.\r
+\r
+ @retval EFI_INVALID_PARAMETERS Passing in a NULL for the\r
+ Results parameter would result\r
+ in this type of error.\r
+\r
+ @retval EFI_NOT_FOUND Target for the specified routing data\r
+ was not found\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessRouteConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Configuration,\r
+ OUT EFI_STRING *Progress\r
+ );\r
+\r
+/**\r
+\r
+ This function is called to provide results data to the driver.\r
+ This data consists of a unique key that is used to identify\r
+ which data is either being passed back or being asked for.\r
+\r
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param Action Specifies the type of action taken by the browser.\r
+ @param QuestionId A unique value which is sent to the original\r
+ exporting driver so that it can identify the type\r
+ of data to expect. The format of the data tends to\r
+ vary based on the opcode that generated the callback.\r
+ @param Type The type of value for the question.\r
+ @param Value A pointer to the data being sent to the original\r
+ exporting driver.\r
+ @param ActionRequest On return, points to the action requested by the\r
+ callback function.\r
+\r
+ @retval EFI_SUCCESS The callback successfully handled the action.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
+ variable and its data.\r
+ @retval EFI_DEVICE_ERROR The variable could not be saved.\r
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the\r
+ callback.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsAuthConfigAccessCallback (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN EFI_BROWSER_ACTION Action,\r
+ IN EFI_QUESTION_ID QuestionId,\r
+ IN UINT8 Type,\r
+ IN OUT EFI_IFR_TYPE_VALUE *Value,\r
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
+ );\r
+\r
+#endif\r
+\r
-/** @file
- Header file for NV data structure definition.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
-#define __TLS_AUTH_CONFIG_NV_DATA_H__
-
-#include <Guid/TlsAuthConfigHii.h>
-
-#define TLS_AUTH_CONFIG_GUID_SIZE 36
-#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
-
-#define TLS_AUTH_CONFIG_FORMID1_FORM 1
-#define TLS_AUTH_CONFIG_FORMID2_FORM 2
-#define TLS_AUTH_CONFIG_FORMID3_FORM 3
-#define TLS_AUTH_CONFIG_FORMID4_FORM 4
-#define TLS_AUTH_CONFIG_FORMID5_FORM 5
-
-
-#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
-#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
-#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
-#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
-#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
-#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
-#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
-#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
-
-#define OPTION_DEL_CA_ESTION_ID 0x2000
-#define OPTION_CONFIG_RANGE 0x1000
-
-#define LABEL_CA_DELETE 0x1101
-#define LABEL_END 0xffff
-
-typedef struct {
- CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
-} TLS_AUTH_CONFIG_IFR_NVDATA;
-
-#endif
+/** @file\r
+ Header file for NV data structure definition.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__\r
+#define __TLS_AUTH_CONFIG_NV_DATA_H__\r
+\r
+#include <Guid/TlsAuthConfigHii.h>\r
+\r
+#define TLS_AUTH_CONFIG_GUID_SIZE 36\r
+#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37\r
+\r
+#define TLS_AUTH_CONFIG_FORMID1_FORM 1\r
+#define TLS_AUTH_CONFIG_FORMID2_FORM 2\r
+#define TLS_AUTH_CONFIG_FORMID3_FORM 3\r
+#define TLS_AUTH_CONFIG_FORMID4_FORM 4\r
+#define TLS_AUTH_CONFIG_FORMID5_FORM 5\r
+\r
+\r
+#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000\r
+#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001\r
+#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002\r
+#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003\r
+#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004\r
+#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005\r
+#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006\r
+#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007\r
+\r
+#define OPTION_DEL_CA_ESTION_ID 0x2000\r
+#define OPTION_CONFIG_RANGE 0x1000\r
+\r
+#define LABEL_CA_DELETE 0x1101\r
+#define LABEL_END 0xffff\r
+\r
+typedef struct {\r
+ CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];\r
+} TLS_AUTH_CONFIG_IFR_NVDATA;\r
+\r
+#endif\r
+\r
-/** @file
- VFR file used by TlsAuthConfigDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigNvData.h"
-
-formset
- guid = TLS_AUTH_CONFIG_GUID,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
-
- varstore TLS_AUTH_CONFIG_IFR_NVDATA,
- name = TLS_AUTH_CONFIG_IFR_NVDATA,
- guid = TLS_AUTH_CONFIG_GUID;
-
- //
- // ##1 Form1: Main form for Tls Auth configration
- //
- form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Display Server CA configration
- //
- goto TLS_AUTH_CONFIG_FORMID2_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Display Client cert configration
- //
- grayoutif TRUE; /// Current unsupported.
- goto TLS_AUTH_CONFIG_FORMID3_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
- endif;
- endform;
-
- //
- // ##2 Form2: CA configuration
- //
- form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID4_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID5_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
- endform;
-
- //
- // ##3 Form3 : Client cert configuration
- //
- form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // TODO...
- //
- endform;
-
- //
- // ##4 Form4: Enroll cert for CA
- //
- form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID4_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- label TLS_AUTH_CONFIG_FORMID4_FORM;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
- minsize = TLS_AUTH_CONFIG_GUID_SIZE,
- maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
- endstring;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID1_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
-
- goto TLS_AUTH_CONFIG_FORMID1_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
-
- endform;
-
- //
- // ##5 Form5: Delete cert for CA
- //
- form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
-
- label LABEL_CA_DELETE;
- label LABEL_END;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- endform;
-
-endformset;
+/** @file\r
+ VFR file used by TlsAuthConfigDxe driver.\r
+\r
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsAuthConfigNvData.h"\r
+\r
+formset\r
+ guid = TLS_AUTH_CONFIG_GUID,\r
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),\r
+\r
+ varstore TLS_AUTH_CONFIG_IFR_NVDATA,\r
+ name = TLS_AUTH_CONFIG_IFR_NVDATA,\r
+ guid = TLS_AUTH_CONFIG_GUID;\r
+\r
+ //\r
+ // ##1 Form1: Main form for Tls Auth configration\r
+ //\r
+ form formid = TLS_AUTH_CONFIG_FORMID1_FORM,\r
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ //\r
+ // Display Server CA configration\r
+ //\r
+ goto TLS_AUTH_CONFIG_FORMID2_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_SERVER_CA;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ //\r
+ // Display Client cert configration\r
+ //\r
+ grayoutif TRUE; /// Current unsupported.\r
+ goto TLS_AUTH_CONFIG_FORMID3_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;\r
+ endif;\r
+ endform;\r
+\r
+ //\r
+ // ##2 Form2: CA configuration\r
+ //\r
+ form formid = TLS_AUTH_CONFIG_FORMID2_FORM,\r
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto TLS_AUTH_CONFIG_FORMID4_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto TLS_AUTH_CONFIG_FORMID5_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;\r
+ endform;\r
+\r
+ //\r
+ // ##3 Form3 : Client cert configuration\r
+ //\r
+ form formid = TLS_AUTH_CONFIG_FORMID3_FORM,\r
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ //\r
+ // TODO...\r
+ //\r
+ endform;\r
+\r
+ //\r
+ // ##4 Form4: Enroll cert for CA\r
+ //\r
+ form formid = TLS_AUTH_CONFIG_FORMID4_FORM,\r
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto TLS_AUTH_CONFIG_FORMID4_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+ label TLS_AUTH_CONFIG_FORMID4_FORM;\r
+ label LABEL_END;\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_CERT_GUID,\r
+ minsize = TLS_AUTH_CONFIG_GUID_SIZE,\r
+ maxsize = TLS_AUTH_CONFIG_GUID_SIZE,\r
+ endstring;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ goto TLS_AUTH_CONFIG_FORMID1_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;\r
+\r
+ goto TLS_AUTH_CONFIG_FORMID1_FORM,\r
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),\r
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),\r
+ flags = INTERACTIVE,\r
+ key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;\r
+\r
+ endform;\r
+\r
+ //\r
+ // ##5 Form5: Delete cert for CA\r
+ //\r
+ form formid = TLS_AUTH_CONFIG_FORMID5_FORM,\r
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);\r
+\r
+ label LABEL_CA_DELETE;\r
+ label LABEL_END;\r
+\r
+ subtitle text = STRING_TOKEN(STR_NULL);\r
+\r
+ endform;\r
+\r
+endformset;\r
+\r
-/** @file
- Implementation of EFI TLS Configuration Protocol Interfaces.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
- TlsConfigurationSetData,
- TlsConfigurationGetData
-};
-
-/**
- Set TLS configuration data.
-
- The SetData() function sets TLS configuration to non-volatile storage or volatile
- storage.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in] Data Pointer to configuration data.
- @param[in] DataSize Total size of configuration data.
-
- @retval EFI_SUCCESS The TLS configuration data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationSetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || Data == NULL || DataSize == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
-
- switch (DataType) {
- case EfiTlsConfigDataTypeCACertificate:
- Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPublicCert:
- Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPrivateKey:
- Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeCertRevocationList:
- Status = TlsSetCertRevocationList (Data, DataSize);
- break;
- default:
- Status = EFI_UNSUPPORTED;
- }
-
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Get TLS configuration data.
-
- The GetData() function gets TLS configuration.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in, out] Data Pointer to configuration data.
- @param[in, out] DataSize Total size of configuration data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS configuration data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS configuration data is not found.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationGetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
-
- switch (DataType) {
- case EfiTlsConfigDataTypeCACertificate:
- Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPublicCert:
- Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPrivateKey:
- Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeCertRevocationList:
- Status = TlsGetCertRevocationList (Data, DataSize);
- break;
- default:
- Status = EFI_UNSUPPORTED;
- }
-
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
+/** @file\r
+ Implementation of EFI TLS Configuration Protocol Interfaces.\r
+\r
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsImpl.h"\r
+\r
+EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {\r
+ TlsConfigurationSetData,\r
+ TlsConfigurationGetData\r
+};\r
+\r
+/**\r
+ Set TLS configuration data.\r
+\r
+ The SetData() function sets TLS configuration to non-volatile storage or volatile\r
+ storage.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.\r
+ @param[in] DataType Configuration data type.\r
+ @param[in] Data Pointer to configuration data.\r
+ @param[in] DataSize Total size of configuration data.\r
+\r
+ @retval EFI_SUCCESS The TLS configuration data is set successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ Data is NULL.\r
+ DataSize is 0.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConfigurationSetData (\r
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,\r
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ if (This == NULL || Data == NULL || DataSize == 0) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);\r
+\r
+ switch (DataType) {\r
+ case EfiTlsConfigDataTypeCACertificate:\r
+ Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);\r
+ break;\r
+ case EfiTlsConfigDataTypeHostPublicCert:\r
+ Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);\r
+ break;\r
+ case EfiTlsConfigDataTypeHostPrivateKey:\r
+ Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);\r
+ break;\r
+ case EfiTlsConfigDataTypeCertRevocationList:\r
+ Status = TlsSetCertRevocationList (Data, DataSize);\r
+ break;\r
+ default:\r
+ Status = EFI_UNSUPPORTED;\r
+ }\r
+\r
+ gBS->RestoreTPL (OldTpl);\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Get TLS configuration data.\r
+\r
+ The GetData() function gets TLS configuration.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.\r
+ @param[in] DataType Configuration data type.\r
+ @param[in, out] Data Pointer to configuration data.\r
+ @param[in, out] DataSize Total size of configuration data. On input, it means\r
+ the size of Data buffer. On output, it means the size\r
+ of copied Data buffer if EFI_SUCCESS, and means the\r
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.\r
+\r
+ @retval EFI_SUCCESS The TLS configuration data is got successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ DataSize is NULL.\r
+ Data is NULL if *DataSize is not zero.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_NOT_FOUND The TLS configuration data is not found.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConfigurationGetData (\r
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,\r
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,\r
+ IN OUT VOID *Data, OPTIONAL\r
+ IN OUT UINTN *DataSize\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);\r
+\r
+ switch (DataType) {\r
+ case EfiTlsConfigDataTypeCACertificate:\r
+ Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);\r
+ break;\r
+ case EfiTlsConfigDataTypeHostPublicCert:\r
+ Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);\r
+ break;\r
+ case EfiTlsConfigDataTypeHostPrivateKey:\r
+ Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);\r
+ break;\r
+ case EfiTlsConfigDataTypeCertRevocationList:\r
+ Status = TlsGetCertRevocationList (Data, DataSize);\r
+ break;\r
+ default:\r
+ Status = EFI_UNSUPPORTED;\r
+ }\r
+\r
+ gBS->RestoreTPL (OldTpl);\r
+ return Status;\r
+}\r
+\r
-/** @file
- The Driver Binding and Service Binding Protocol for TlsDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
- TlsServiceBindingCreateChild,
- TlsServiceBindingDestroyChild
-};
-
-/**
- Release all the resources used by the TLS instance.
-
- @param[in] Instance The TLS instance data.
-
-**/
-VOID
-TlsCleanInstance (
- IN TLS_INSTANCE *Instance
- )
-{
- if (Instance != NULL) {
- if (Instance->TlsConn != NULL) {
- TlsFree (Instance->TlsConn);
- }
-
- FreePool (Instance);
- }
-}
-
-/**
- Create the TLS instance and initialize it.
-
- @param[in] Service The pointer to the TLS service.
- @param[out] Instance The pointer to the TLS instance.
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
- @retval EFI_SUCCESS The TLS instance is created.
-
-**/
-EFI_STATUS
-TlsCreateInstance (
- IN TLS_SERVICE *Service,
- OUT TLS_INSTANCE **Instance
- )
-{
- TLS_INSTANCE *TlsInstance;
-
- *Instance = NULL;
-
- TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
- if (TlsInstance == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
- InitializeListHead (&TlsInstance->Link);
- TlsInstance->InDestroy = FALSE;
- TlsInstance->Service = Service;
-
- CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
- CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof (TlsInstance->TlsConfig));
-
- TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
-
- *Instance = TlsInstance;
-
- return EFI_SUCCESS;
-}
-
-/**
- Release all the resources used by the TLS service binding instance.
-
- @param[in] Service The TLS service data.
-
-**/
-VOID
-TlsCleanService (
- IN TLS_SERVICE *Service
- )
-{
- if (Service != NULL) {
- if (Service->TlsCtx != NULL) {
- TlsCtxFree (Service->TlsCtx);
- }
-
- FreePool (Service);
- }
-}
-
-/**
- Create then initialize a TLS service.
-
- @param[in] Image ImageHandle of the TLS driver
- @param[out] Service The service for TLS driver
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
- @retval EFI_SUCCESS The service is created for the driver.
-
-**/
-EFI_STATUS
-TlsCreateService (
- IN EFI_HANDLE Image,
- OUT TLS_SERVICE **Service
- )
-{
- TLS_SERVICE *TlsService;
-
- ASSERT (Service != NULL);
-
- *Service = NULL;
-
- //
- // Allocate a TLS Service Data
- //
- TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
- if (TlsService == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Initialize TLS Service Data
- //
- TlsService->Signature = TLS_SERVICE_SIGNATURE;
- CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof (TlsService->ServiceBinding));
- TlsService->TlsChildrenNum = 0;
- InitializeListHead (&TlsService->TlsChildrenList);
- TlsService->ImageHandle = Image;
-
- *Service = TlsService;
-
- return EFI_SUCCESS;
-}
-
-/**
- Unloads an image.
-
- @param[in] ImageHandle Handle that identifies the image to be unloaded.
-
- @retval EFI_SUCCESS The image has been unloaded.
- @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsUnload (
- IN EFI_HANDLE ImageHandle
- )
-{
- EFI_STATUS Status;
- UINTN HandleNum;
- EFI_HANDLE *HandleBuffer;
- UINT32 Index;
- EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
- TLS_SERVICE *TlsService;
-
- HandleBuffer = NULL;
- ServiceBinding = NULL;
- TlsService = NULL;
-
- //
- // Locate all the handles with Tls service binding protocol.
- //
- Status = gBS->LocateHandleBuffer (
- ByProtocol,
- &gEfiTlsServiceBindingProtocolGuid,
- NULL,
- &HandleNum,
- &HandleBuffer
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- for (Index = 0; Index < HandleNum; Index++) {
- //
- // Firstly, find ServiceBinding interface
- //
- Status = gBS->OpenProtocol (
- HandleBuffer[Index],
- &gEfiTlsServiceBindingProtocolGuid,
- (VOID **) &ServiceBinding,
- ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
-
- //
- // Then, uninstall ServiceBinding interface
- //
- Status = gBS->UninstallMultipleProtocolInterfaces (
- HandleBuffer[Index],
- &gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- TlsCleanService (TlsService);
- }
-
- if (HandleBuffer != NULL) {
- FreePool (HandleBuffer);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
- both device drivers and bus drivers.
-
- @param ImageHandle The firmware allocated handle for the UEFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval Others An unexpected error occurred.
-**/
-EFI_STATUS
-EFIAPI
-TlsDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
-
- TLS_SERVICE *TlsService;
-
- //
- // Create TLS Service
- //
- Status = TlsCreateService (ImageHandle, &TlsService);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (TlsService != NULL);
-
- //
- // Initializes the OpenSSL library.
- //
- TlsInitialize ();
-
- //
- // Create a new SSL_CTX object as framework to establish TLS/SSL enabled
- // connections. TLS 1.0 is used as the default version.
- //
- TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, TLS10_PROTOCOL_VERSION_MINOR);
- if (TlsService->TlsCtx == NULL) {
- FreePool (TlsService);
- return EFI_ABORTED;
- }
-
- //
- // Install the TlsServiceBinding Protocol onto Handle
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &TlsService->Handle,
- &gEfiTlsServiceBindingProtocolGuid,
- &TlsService->ServiceBinding,
- NULL
- );
- if (EFI_ERROR (Status)) {
- goto ON_CLEAN_SERVICE;
- }
-
- return Status;
-
-ON_CLEAN_SERVICE:
- TlsCleanService (TlsService);
-
- return Status;
-}
-
-/**
- Creates a child handle and installs a protocol.
-
- The CreateChild() function installs a protocol on ChildHandle.
- If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
- If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
-
- @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
- then a new handle is created. If it is a pointer to an existing UEFI handle,
- then the protocol is added to the existing UEFI handle.
-
- @retval EFI_SUCCES The protocol was added to ChildHandle.
- @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
- @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
- the child.
- @retval other The child handle was not created.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingCreateChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE *ChildHandle
- )
-{
- TLS_SERVICE *TlsService;
- TLS_INSTANCE *TlsInstance;
- EFI_STATUS Status;
- EFI_TPL OldTpl;
-
- if ((This == NULL) || (ChildHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- TlsService = TLS_SERVICE_FROM_THIS (This);
-
- Status = TlsCreateInstance (TlsService, &TlsInstance);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (TlsInstance != NULL);
-
- //
- // Create a new TLS connection object.
- //
- TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
- if (TlsInstance->TlsConn == NULL) {
- Status = EFI_ABORTED;
- goto ON_ERROR;
- }
-
- //
- // Set default ConnectionEnd to EfiTlsClient
- //
- Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- //
- // Install TLS protocol and configuration protocol onto ChildHandle
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- ChildHandle,
- &gEfiTlsProtocolGuid,
- &TlsInstance->Tls,
- &gEfiTlsConfigurationProtocolGuid,
- &TlsInstance->TlsConfig,
- NULL
- );
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- TlsInstance->ChildHandle = *ChildHandle;
-
- //
- // Add it to the TLS service's child list.
- //
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
- TlsService->TlsChildrenNum++;
-
- gBS->RestoreTPL (OldTpl);
-
- return EFI_SUCCESS;
-
-ON_ERROR:
- TlsCleanInstance (TlsInstance);
- return Status;
-}
-
-/**
- Destroys a child handle with a protocol installed on it.
-
- The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
- that was installed by CreateChild() from ChildHandle. If the removed protocol is the
- last protocol on ChildHandle, then ChildHandle is destroyed.
-
- @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param ChildHandle Handle of the child to destroy.
-
- @retval EFI_SUCCES The protocol was removed from ChildHandle.
- @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
- @retval EFI_INVALID_PARAMETER Child handle is NULL.
- @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
- because its services are being used.
- @retval other The child handle was not destroyed.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingDestroyChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE ChildHandle
- )
-{
- TLS_SERVICE *TlsService;
- TLS_INSTANCE *TlsInstance;
-
- EFI_TLS_PROTOCOL *Tls;
- EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
- EFI_STATUS Status;
- EFI_TPL OldTpl;
-
- if ((This == NULL) || (ChildHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- TlsService = TLS_SERVICE_FROM_THIS (This);
-
- //
- // Find TLS protocol interface installed in ChildHandle
- //
- Status = gBS->OpenProtocol (
- ChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **) &Tls,
- TlsService->ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Find TLS configuration protocol interface installed in ChildHandle
- //
- Status = gBS->OpenProtocol (
- ChildHandle,
- &gEfiTlsConfigurationProtocolGuid,
- (VOID **) &TlsConfig,
- TlsService->ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
-
- if (TlsInstance->Service != TlsService) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (TlsInstance->InDestroy) {
- return EFI_SUCCESS;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- TlsInstance->InDestroy = TRUE;
-
- //
- // Uninstall the TLS protocol and TLS Configuration Protocol interface installed in ChildHandle.
- //
- Status = gBS->UninstallMultipleProtocolInterfaces (
- ChildHandle,
- &gEfiTlsProtocolGuid,
- Tls,
- &gEfiTlsConfigurationProtocolGuid,
- TlsConfig,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- RemoveEntryList (&TlsInstance->Link);
- TlsService->TlsChildrenNum--;
-
- gBS->RestoreTPL (OldTpl);
-
- TlsCleanInstance (TlsInstance);
-
- return EFI_SUCCESS;
-}
+/** @file\r
+ The Driver Binding and Service Binding Protocol for TlsDxe driver.\r
+\r
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsImpl.h"\r
+\r
+EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {\r
+ TlsServiceBindingCreateChild,\r
+ TlsServiceBindingDestroyChild\r
+};\r
+\r
+/**\r
+ Release all the resources used by the TLS instance.\r
+\r
+ @param[in] Instance The TLS instance data.\r
+\r
+**/\r
+VOID\r
+TlsCleanInstance (\r
+ IN TLS_INSTANCE *Instance\r
+ )\r
+{\r
+ if (Instance != NULL) {\r
+ if (Instance->TlsConn != NULL) {\r
+ TlsFree (Instance->TlsConn);\r
+ }\r
+\r
+ FreePool (Instance);\r
+ }\r
+}\r
+\r
+/**\r
+ Create the TLS instance and initialize it.\r
+\r
+ @param[in] Service The pointer to the TLS service.\r
+ @param[out] Instance The pointer to the TLS instance.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.\r
+ @retval EFI_SUCCESS The TLS instance is created.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsCreateInstance (\r
+ IN TLS_SERVICE *Service,\r
+ OUT TLS_INSTANCE **Instance\r
+ )\r
+{\r
+ TLS_INSTANCE *TlsInstance;\r
+\r
+ *Instance = NULL;\r
+\r
+ TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));\r
+ if (TlsInstance == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;\r
+ InitializeListHead (&TlsInstance->Link);\r
+ TlsInstance->InDestroy = FALSE;\r
+ TlsInstance->Service = Service;\r
+\r
+ CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));\r
+ CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof (TlsInstance->TlsConfig));\r
+\r
+ TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;\r
+\r
+ *Instance = TlsInstance;\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Release all the resources used by the TLS service binding instance.\r
+\r
+ @param[in] Service The TLS service data.\r
+\r
+**/\r
+VOID\r
+TlsCleanService (\r
+ IN TLS_SERVICE *Service\r
+ )\r
+{\r
+ if (Service != NULL) {\r
+ if (Service->TlsCtx != NULL) {\r
+ TlsCtxFree (Service->TlsCtx);\r
+ }\r
+\r
+ FreePool (Service);\r
+ }\r
+}\r
+\r
+/**\r
+ Create then initialize a TLS service.\r
+\r
+ @param[in] Image ImageHandle of the TLS driver\r
+ @param[out] Service The service for TLS driver\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.\r
+ @retval EFI_SUCCESS The service is created for the driver.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsCreateService (\r
+ IN EFI_HANDLE Image,\r
+ OUT TLS_SERVICE **Service\r
+ )\r
+{\r
+ TLS_SERVICE *TlsService;\r
+\r
+ ASSERT (Service != NULL);\r
+\r
+ *Service = NULL;\r
+\r
+ //\r
+ // Allocate a TLS Service Data\r
+ //\r
+ TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));\r
+ if (TlsService == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ //\r
+ // Initialize TLS Service Data\r
+ //\r
+ TlsService->Signature = TLS_SERVICE_SIGNATURE;\r
+ CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof (TlsService->ServiceBinding));\r
+ TlsService->TlsChildrenNum = 0;\r
+ InitializeListHead (&TlsService->TlsChildrenList);\r
+ TlsService->ImageHandle = Image;\r
+\r
+ *Service = TlsService;\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Unloads an image.\r
+\r
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.\r
+\r
+ @retval EFI_SUCCESS The image has been unloaded.\r
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsUnload (\r
+ IN EFI_HANDLE ImageHandle\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN HandleNum;\r
+ EFI_HANDLE *HandleBuffer;\r
+ UINT32 Index;\r
+ EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;\r
+ TLS_SERVICE *TlsService;\r
+\r
+ HandleBuffer = NULL;\r
+ ServiceBinding = NULL;\r
+ TlsService = NULL;\r
+\r
+ //\r
+ // Locate all the handles with Tls service binding protocol.\r
+ //\r
+ Status = gBS->LocateHandleBuffer (\r
+ ByProtocol,\r
+ &gEfiTlsServiceBindingProtocolGuid,\r
+ NULL,\r
+ &HandleNum,\r
+ &HandleBuffer\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ for (Index = 0; Index < HandleNum; Index++) {\r
+ //\r
+ // Firstly, find ServiceBinding interface\r
+ //\r
+ Status = gBS->OpenProtocol (\r
+ HandleBuffer[Index],\r
+ &gEfiTlsServiceBindingProtocolGuid,\r
+ (VOID **) &ServiceBinding,\r
+ ImageHandle,\r
+ NULL,\r
+ EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);\r
+\r
+ //\r
+ // Then, uninstall ServiceBinding interface\r
+ //\r
+ Status = gBS->UninstallMultipleProtocolInterfaces (\r
+ HandleBuffer[Index],\r
+ &gEfiTlsServiceBindingProtocolGuid, ServiceBinding,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ TlsCleanService (TlsService);\r
+ }\r
+\r
+ if (HandleBuffer != NULL) {\r
+ FreePool (HandleBuffer);\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This is the declaration of an EFI image entry point. This entry point is\r
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including\r
+ both device drivers and bus drivers.\r
+\r
+ @param ImageHandle The firmware allocated handle for the UEFI image.\r
+ @param SystemTable A pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval Others An unexpected error occurred.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsDriverEntryPoint (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ TLS_SERVICE *TlsService;\r
+\r
+ //\r
+ // Create TLS Service\r
+ //\r
+ Status = TlsCreateService (ImageHandle, &TlsService);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ ASSERT (TlsService != NULL);\r
+\r
+ //\r
+ // Initializes the OpenSSL library.\r
+ //\r
+ TlsInitialize ();\r
+\r
+ //\r
+ // Create a new SSL_CTX object as framework to establish TLS/SSL enabled\r
+ // connections. TLS 1.0 is used as the default version.\r
+ //\r
+ TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, TLS10_PROTOCOL_VERSION_MINOR);\r
+ if (TlsService->TlsCtx == NULL) {\r
+ FreePool (TlsService);\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ //\r
+ // Install the TlsServiceBinding Protocol onto Handle\r
+ //\r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ &TlsService->Handle,\r
+ &gEfiTlsServiceBindingProtocolGuid,\r
+ &TlsService->ServiceBinding,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_CLEAN_SERVICE;\r
+ }\r
+\r
+ return Status;\r
+\r
+ON_CLEAN_SERVICE:\r
+ TlsCleanService (TlsService);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Creates a child handle and installs a protocol.\r
+\r
+ The CreateChild() function installs a protocol on ChildHandle.\r
+ If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.\r
+ If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.\r
+\r
+ @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.\r
+ @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,\r
+ then a new handle is created. If it is a pointer to an existing UEFI handle,\r
+ then the protocol is added to the existing UEFI handle.\r
+\r
+ @retval EFI_SUCCES The protocol was added to ChildHandle.\r
+ @retval EFI_INVALID_PARAMETER ChildHandle is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create\r
+ the child.\r
+ @retval other The child handle was not created.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsServiceBindingCreateChild (\r
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,\r
+ IN EFI_HANDLE *ChildHandle\r
+ )\r
+{\r
+ TLS_SERVICE *TlsService;\r
+ TLS_INSTANCE *TlsInstance;\r
+ EFI_STATUS Status;\r
+ EFI_TPL OldTpl;\r
+\r
+ if ((This == NULL) || (ChildHandle == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ TlsService = TLS_SERVICE_FROM_THIS (This);\r
+\r
+ Status = TlsCreateInstance (TlsService, &TlsInstance);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ ASSERT (TlsInstance != NULL);\r
+\r
+ //\r
+ // Create a new TLS connection object.\r
+ //\r
+ TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);\r
+ if (TlsInstance->TlsConn == NULL) {\r
+ Status = EFI_ABORTED;\r
+ goto ON_ERROR;\r
+ }\r
+\r
+ //\r
+ // Set default ConnectionEnd to EfiTlsClient\r
+ //\r
+ Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_ERROR;\r
+ }\r
+\r
+ //\r
+ // Install TLS protocol and configuration protocol onto ChildHandle\r
+ //\r
+ Status = gBS->InstallMultipleProtocolInterfaces (\r
+ ChildHandle,\r
+ &gEfiTlsProtocolGuid,\r
+ &TlsInstance->Tls,\r
+ &gEfiTlsConfigurationProtocolGuid,\r
+ &TlsInstance->TlsConfig,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_ERROR;\r
+ }\r
+\r
+ TlsInstance->ChildHandle = *ChildHandle;\r
+\r
+ //\r
+ // Add it to the TLS service's child list.\r
+ //\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);\r
+ TlsService->TlsChildrenNum++;\r
+\r
+ gBS->RestoreTPL (OldTpl);\r
+\r
+ return EFI_SUCCESS;\r
+\r
+ON_ERROR:\r
+ TlsCleanInstance (TlsInstance);\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Destroys a child handle with a protocol installed on it.\r
+\r
+ The DestroyChild() function does the opposite of CreateChild(). It removes a protocol\r
+ that was installed by CreateChild() from ChildHandle. If the removed protocol is the\r
+ last protocol on ChildHandle, then ChildHandle is destroyed.\r
+\r
+ @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.\r
+ @param ChildHandle Handle of the child to destroy.\r
+\r
+ @retval EFI_SUCCES The protocol was removed from ChildHandle.\r
+ @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.\r
+ @retval EFI_INVALID_PARAMETER Child handle is NULL.\r
+ @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle\r
+ because its services are being used.\r
+ @retval other The child handle was not destroyed.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsServiceBindingDestroyChild (\r
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,\r
+ IN EFI_HANDLE ChildHandle\r
+ )\r
+{\r
+ TLS_SERVICE *TlsService;\r
+ TLS_INSTANCE *TlsInstance;\r
+\r
+ EFI_TLS_PROTOCOL *Tls;\r
+ EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;\r
+ EFI_STATUS Status;\r
+ EFI_TPL OldTpl;\r
+\r
+ if ((This == NULL) || (ChildHandle == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ TlsService = TLS_SERVICE_FROM_THIS (This);\r
+\r
+ //\r
+ // Find TLS protocol interface installed in ChildHandle\r
+ //\r
+ Status = gBS->OpenProtocol (\r
+ ChildHandle,\r
+ &gEfiTlsProtocolGuid,\r
+ (VOID **) &Tls,\r
+ TlsService->ImageHandle,\r
+ NULL,\r
+ EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Find TLS configuration protocol interface installed in ChildHandle\r
+ //\r
+ Status = gBS->OpenProtocol (\r
+ ChildHandle,\r
+ &gEfiTlsConfigurationProtocolGuid,\r
+ (VOID **) &TlsConfig,\r
+ TlsService->ImageHandle,\r
+ NULL,\r
+ EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);\r
+\r
+ if (TlsInstance->Service != TlsService) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if (TlsInstance->InDestroy) {\r
+ return EFI_SUCCESS;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ TlsInstance->InDestroy = TRUE;\r
+\r
+ //\r
+ // Uninstall the TLS protocol and TLS Configuration Protocol interface installed in ChildHandle.\r
+ //\r
+ Status = gBS->UninstallMultipleProtocolInterfaces (\r
+ ChildHandle,\r
+ &gEfiTlsProtocolGuid,\r
+ Tls,\r
+ &gEfiTlsConfigurationProtocolGuid,\r
+ TlsConfig,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ RemoveEntryList (&TlsInstance->Link);\r
+ TlsService->TlsChildrenNum--;\r
+\r
+ gBS->RestoreTPL (OldTpl);\r
+\r
+ TlsCleanInstance (TlsInstance);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
-/** @file
- Header file of the Driver Binding and Service Binding Protocol for TlsDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __EFI_TLS_DRIVER_H__
-#define __EFI_TLS_DRIVER_H__
-
-#include <Uefi.h>
-
-//
-// Driver Protocols
-//
-#include <Protocol/ServiceBinding.h>
-
-//
-// Driver Version
-//
-#define TLS_VERSION 0x00000000
-
-#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
-
-#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
-
-///
-/// TLS Service Data
-///
-typedef struct _TLS_SERVICE TLS_SERVICE;
-
-///
-/// TLS Instance Data
-///
-typedef struct _TLS_INSTANCE TLS_INSTANCE;
-
-
-struct _TLS_SERVICE {
- UINT32 Signature;
- EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
-
- UINT16 TlsChildrenNum;
- LIST_ENTRY TlsChildrenList;
-
- //
- // Handle to install TlsServiceBinding protocol.
- //
- EFI_HANDLE Handle;
- EFI_HANDLE ImageHandle;
-
- //
- // Main SSL Context object which is created by a server or client once per program
- // life-time and which holds mainly default values for the SSL object which are later
- // created for the connections.
- //
- VOID *TlsCtx;
-};
-
-struct _TLS_INSTANCE {
- UINT32 Signature;
- LIST_ENTRY Link;
-
- BOOLEAN InDestroy;
-
- TLS_SERVICE *Service;
- EFI_HANDLE ChildHandle;
-
- EFI_TLS_PROTOCOL Tls;
- EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
-
- EFI_TLS_SESSION_STATE TlsSessionState;
-
- //
- // Main SSL Connection which is created by a server or a client
- // per established connection.
- //
- VOID *TlsConn;
-};
-
-
-#define TLS_SERVICE_FROM_THIS(a) \
- CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
-
-#define TLS_INSTANCE_FROM_PROTOCOL(a) \
- CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
-
-#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
- CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
-
-
-/**
- Release all the resources used by the TLS instance.
-
- @param[in] Instance The TLS instance data.
-
-**/
-VOID
-TlsCleanInstance (
- IN TLS_INSTANCE *Instance
- );
-
-/**
- Create the TLS instance and initialize it.
-
- @param[in] Service The pointer to the TLS service.
- @param[out] Instance The pointer to the TLS instance.
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
- @retval EFI_SUCCESS The TLS instance is created.
-
-**/
-EFI_STATUS
-TlsCreateInstance (
- IN TLS_SERVICE *Service,
- OUT TLS_INSTANCE **Instance
- );
-
-/**
- Release all the resources used by the TLS service binding instance.
-
- @param[in] Service The TLS service data.
-
-**/
-VOID
-TlsCleanService (
- IN TLS_SERVICE *Service
- );
-
-/**
- Create then initialize a TLS service.
-
- @param[in] Image ImageHandle of the TLS driver
- @param[out] Service The service for TLS driver
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
- @retval EFI_SUCCESS The service is created for the driver.
-
-**/
-EFI_STATUS
-TlsCreateService (
- IN EFI_HANDLE Image,
- OUT TLS_SERVICE **Service
- );
-
-/**
- Unloads an image.
-
- @param[in] ImageHandle Handle that identifies the image to be unloaded.
-
- @retval EFI_SUCCESS The image has been unloaded.
- @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsUnload (
- IN EFI_HANDLE ImageHandle
- );
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
- both device drivers and bus drivers.
-
- @param ImageHandle The firmware allocated handle for the UEFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval Others An unexpected error occurred.
-**/
-EFI_STATUS
-EFIAPI
-TlsDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- );
-
-/**
- Creates a child handle and installs a protocol.
-
- The CreateChild() function installs a protocol on ChildHandle.
- If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
- If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
-
- @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
- then a new handle is created. If it is a pointer to an existing UEFI handle,
- then the protocol is added to the existing UEFI handle.
-
- @retval EFI_SUCCES The protocol was added to ChildHandle.
- @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
- @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
- the child.
- @retval other The child handle was not created.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingCreateChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE *ChildHandle
- );
-
-/**
- Destroys a child handle with a protocol installed on it.
-
- The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
- that was installed by CreateChild() from ChildHandle. If the removed protocol is the
- last protocol on ChildHandle, then ChildHandle is destroyed.
-
- @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param ChildHandle Handle of the child to destroy.
-
- @retval EFI_SUCCES The protocol was removed from ChildHandle.
- @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
- @retval EFI_INVALID_PARAMETER Child handle is NULL.
- @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
- because its services are being used.
- @retval other The child handle was not destroyed.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingDestroyChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE ChildHandle
- );
-
-#endif
+/** @file\r
+ Header file of the Driver Binding and Service Binding Protocol for TlsDxe driver.\r
+\r
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __EFI_TLS_DRIVER_H__\r
+#define __EFI_TLS_DRIVER_H__\r
+\r
+#include <Uefi.h>\r
+\r
+//\r
+// Driver Protocols\r
+//\r
+#include <Protocol/ServiceBinding.h>\r
+\r
+//\r
+// Driver Version\r
+//\r
+#define TLS_VERSION 0x00000000\r
+\r
+#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')\r
+\r
+#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')\r
+\r
+///\r
+/// TLS Service Data\r
+///\r
+typedef struct _TLS_SERVICE TLS_SERVICE;\r
+\r
+///\r
+/// TLS Instance Data\r
+///\r
+typedef struct _TLS_INSTANCE TLS_INSTANCE;\r
+\r
+\r
+struct _TLS_SERVICE {\r
+ UINT32 Signature;\r
+ EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;\r
+\r
+ UINT16 TlsChildrenNum;\r
+ LIST_ENTRY TlsChildrenList;\r
+\r
+ //\r
+ // Handle to install TlsServiceBinding protocol.\r
+ //\r
+ EFI_HANDLE Handle;\r
+ EFI_HANDLE ImageHandle;\r
+\r
+ //\r
+ // Main SSL Context object which is created by a server or client once per program\r
+ // life-time and which holds mainly default values for the SSL object which are later\r
+ // created for the connections.\r
+ //\r
+ VOID *TlsCtx;\r
+};\r
+\r
+struct _TLS_INSTANCE {\r
+ UINT32 Signature;\r
+ LIST_ENTRY Link;\r
+\r
+ BOOLEAN InDestroy;\r
+\r
+ TLS_SERVICE *Service;\r
+ EFI_HANDLE ChildHandle;\r
+\r
+ EFI_TLS_PROTOCOL Tls;\r
+ EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;\r
+\r
+ EFI_TLS_SESSION_STATE TlsSessionState;\r
+\r
+ //\r
+ // Main SSL Connection which is created by a server or a client\r
+ // per established connection.\r
+ //\r
+ VOID *TlsConn;\r
+};\r
+\r
+\r
+#define TLS_SERVICE_FROM_THIS(a) \\r
+ CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)\r
+\r
+#define TLS_INSTANCE_FROM_PROTOCOL(a) \\r
+ CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)\r
+\r
+#define TLS_INSTANCE_FROM_CONFIGURATION(a) \\r
+ CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)\r
+\r
+\r
+/**\r
+ Release all the resources used by the TLS instance.\r
+\r
+ @param[in] Instance The TLS instance data.\r
+\r
+**/\r
+VOID\r
+TlsCleanInstance (\r
+ IN TLS_INSTANCE *Instance\r
+ );\r
+\r
+/**\r
+ Create the TLS instance and initialize it.\r
+\r
+ @param[in] Service The pointer to the TLS service.\r
+ @param[out] Instance The pointer to the TLS instance.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.\r
+ @retval EFI_SUCCESS The TLS instance is created.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsCreateInstance (\r
+ IN TLS_SERVICE *Service,\r
+ OUT TLS_INSTANCE **Instance\r
+ );\r
+\r
+/**\r
+ Release all the resources used by the TLS service binding instance.\r
+\r
+ @param[in] Service The TLS service data.\r
+\r
+**/\r
+VOID\r
+TlsCleanService (\r
+ IN TLS_SERVICE *Service\r
+ );\r
+\r
+/**\r
+ Create then initialize a TLS service.\r
+\r
+ @param[in] Image ImageHandle of the TLS driver\r
+ @param[out] Service The service for TLS driver\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.\r
+ @retval EFI_SUCCESS The service is created for the driver.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsCreateService (\r
+ IN EFI_HANDLE Image,\r
+ OUT TLS_SERVICE **Service\r
+ );\r
+\r
+/**\r
+ Unloads an image.\r
+\r
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.\r
+\r
+ @retval EFI_SUCCESS The image has been unloaded.\r
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsUnload (\r
+ IN EFI_HANDLE ImageHandle\r
+ );\r
+\r
+/**\r
+ This is the declaration of an EFI image entry point. This entry point is\r
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including\r
+ both device drivers and bus drivers.\r
+\r
+ @param ImageHandle The firmware allocated handle for the UEFI image.\r
+ @param SystemTable A pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval Others An unexpected error occurred.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsDriverEntryPoint (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ );\r
+\r
+/**\r
+ Creates a child handle and installs a protocol.\r
+\r
+ The CreateChild() function installs a protocol on ChildHandle.\r
+ If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.\r
+ If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.\r
+\r
+ @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.\r
+ @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,\r
+ then a new handle is created. If it is a pointer to an existing UEFI handle,\r
+ then the protocol is added to the existing UEFI handle.\r
+\r
+ @retval EFI_SUCCES The protocol was added to ChildHandle.\r
+ @retval EFI_INVALID_PARAMETER ChildHandle is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create\r
+ the child.\r
+ @retval other The child handle was not created.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsServiceBindingCreateChild (\r
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,\r
+ IN EFI_HANDLE *ChildHandle\r
+ );\r
+\r
+/**\r
+ Destroys a child handle with a protocol installed on it.\r
+\r
+ The DestroyChild() function does the opposite of CreateChild(). It removes a protocol\r
+ that was installed by CreateChild() from ChildHandle. If the removed protocol is the\r
+ last protocol on ChildHandle, then ChildHandle is destroyed.\r
+\r
+ @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.\r
+ @param ChildHandle Handle of the child to destroy.\r
+\r
+ @retval EFI_SUCCES The protocol was removed from ChildHandle.\r
+ @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.\r
+ @retval EFI_INVALID_PARAMETER Child handle is NULL.\r
+ @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle\r
+ because its services are being used.\r
+ @retval other The child handle was not destroyed.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsServiceBindingDestroyChild (\r
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,\r
+ IN EFI_HANDLE ChildHandle\r
+ );\r
+\r
+#endif\r
+\r
-## @file
-# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
-# EFI TLS Configuration Protocol.
-#
-# This module produces EFI TLS (Transport Layer Security) Protocol and EFI TLS
-# Service Binding Protocol, to provide TLS services.
-#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-#
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php.
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TlsDxe
- FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
- MODULE_TYPE = UEFI_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = TlsDriverEntryPoint
- UNLOAD_IMAGE = TlsUnload
- MODULE_UNI_FILE = TlsDxe.uni
-
-#
-# VALID_ARCHITECTURES = IA32 X64
-#
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[Sources]
- TlsDriver.h
- TlsDriver.c
- TlsProtocol.c
- TlsConfigProtocol.c
- TlsImpl.h
- TlsImpl.c
-
-[LibraryClasses]
- UefiDriverEntryPoint
- UefiBootServicesTableLib
- MemoryAllocationLib
- BaseMemoryLib
- BaseLib
- UefiLib
- DebugLib
- NetLib
- BaseCryptLib
- TlsLib
-
-[Protocols]
- gEfiTlsServiceBindingProtocolGuid ## PRODUCES
- gEfiTlsProtocolGuid ## PRODUCES
- gEfiTlsConfigurationProtocolGuid ## PRODUCES
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TlsDxeExtra.uni
+## @file\r
+# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and\r
+# EFI TLS Configuration Protocol.\r
+#\r
+# This module produces EFI TLS (Transport Layer Security) Protocol and EFI TLS\r
+# Service Binding Protocol, to provide TLS services.\r
+#\r
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+#\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php.\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = TlsDxe\r
+ FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646\r
+ MODULE_TYPE = UEFI_DRIVER\r
+ VERSION_STRING = 1.0\r
+ ENTRY_POINT = TlsDriverEntryPoint\r
+ UNLOAD_IMAGE = TlsUnload\r
+ MODULE_UNI_FILE = TlsDxe.uni\r
+\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64\r
+#\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+ CryptoPkg/CryptoPkg.dec\r
+\r
+[Sources]\r
+ TlsDriver.h\r
+ TlsDriver.c\r
+ TlsProtocol.c\r
+ TlsConfigProtocol.c\r
+ TlsImpl.h\r
+ TlsImpl.c\r
+\r
+[LibraryClasses]\r
+ UefiDriverEntryPoint\r
+ UefiBootServicesTableLib\r
+ MemoryAllocationLib\r
+ BaseMemoryLib\r
+ BaseLib\r
+ UefiLib\r
+ DebugLib\r
+ NetLib\r
+ BaseCryptLib\r
+ TlsLib\r
+\r
+[Protocols]\r
+ gEfiTlsServiceBindingProtocolGuid ## PRODUCES\r
+ gEfiTlsProtocolGuid ## PRODUCES\r
+ gEfiTlsConfigurationProtocolGuid ## PRODUCES\r
+\r
+[UserExtensions.TianoCore."ExtraFiles"]\r
+ TlsDxeExtra.uni\r
+\r
-// /** @file
-// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
-// EFI TLS Configuration Protocol.
-//
-// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
-// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS
-// services.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-//
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol to provide EFI TLS services."
-
+// /** @file\r
+// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and\r
+// EFI TLS Configuration Protocol.\r
+//\r
+// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS\r
+// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS\r
+// services.\r
+//\r
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// This program and the accompanying materials\r
+// are licensed and made available under the terms and conditions of the BSD License\r
+// which accompanies this distribution. The full text of the license may be found at\r
+// http://opensource.org/licenses/bsd-license.php\r
+//\r
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+//\r
+// **/\r
+\r
+\r
+#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"\r
+\r
+#string STR_MODULE_DESCRIPTION #language en-US "This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol to provide EFI TLS services."\r
+\r
-// /** @file
-// TlsDxe Localized Strings and Content
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php.
-//
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"EFI TLS DXE Driver"
+// /** @file\r
+// TlsDxe Localized Strings and Content\r
+//\r
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+//\r
+// This program and the accompanying materials\r
+// are licensed and made available under the terms and conditions of the BSD License\r
+// which accompanies this distribution. The full text of the license may be found at\r
+// http://opensource.org/licenses/bsd-license.php.\r
+//\r
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+//\r
+// **/\r
+\r
+#string STR_PROPERTIES_MODULE_NAME\r
+#language en-US\r
+"EFI TLS DXE Driver"\r
+\r
-/** @file
- The Miscellaneous Routines for TlsDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-/**
- Encrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- plain text TLS payload;
- On output these fragments contain the TLS header and
- cipher text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsEncryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- )
-{
- EFI_STATUS Status;
- UINTN Index;
- UINT32 BytesCopied;
- UINT32 BufferInSize;
- UINT8 *BufferIn;
- UINT8 *BufferInPtr;
- TLS_RECORD_HEADER *RecordHeaderIn;
- UINT16 ThisPlainMessageSize;
- TLS_RECORD_HEADER *TempRecordHeader;
- UINT16 ThisMessageSize;
- UINT32 BufferOutSize;
- UINT8 *BufferOut;
- INTN Ret;
-
- Status = EFI_SUCCESS;
- BytesCopied = 0;
- BufferInSize = 0;
- BufferIn = NULL;
- BufferInPtr = NULL;
- RecordHeaderIn = NULL;
- TempRecordHeader = NULL;
- BufferOutSize = 0;
- BufferOut = NULL;
- Ret = 0;
-
- //
- // Calculate the size according to the fragment table.
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- BufferInSize += (*FragmentTable)[Index].FragmentLength;
- }
-
- //
- // Allocate buffer for processing data.
- //
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Copy all TLS plain record header and payload into BufferIn.
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- CopyMem (
- (BufferIn + BytesCopied),
- (*FragmentTable)[Index].FragmentBuffer,
- (*FragmentTable)[Index].FragmentLength
- );
- BytesCopied += (*FragmentTable)[Index].FragmentLength;
- }
-
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Parsing buffer.
- //
- BufferInPtr = BufferIn;
- TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
- while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
- RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
-
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
- Status = EFI_INVALID_PARAMETER;
- goto ERROR;
- }
-
- ThisPlainMessageSize = RecordHeaderIn->Length;
-
- TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
-
- Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
-
- if (Ret > 0) {
- ThisMessageSize = (UINT16) Ret;
- } else {
- //
- // No data was successfully encrypted, continue to encrypt other messages.
- //
- DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));
-
- ThisMessageSize = 0;
- }
-
- BufferOutSize += ThisMessageSize;
-
- BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
- TempRecordHeader += ThisMessageSize;
- }
-
- FreePool (BufferIn);
- BufferIn = NULL;
-
- //
- // The caller will be responsible to handle the original fragment table.
- //
- *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
- if (*FragmentTable == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- (*FragmentTable)[0].FragmentBuffer = BufferOut;
- (*FragmentTable)[0].FragmentLength = BufferOutSize;
- *FragmentCount = 1;
-
- return Status;
-
-ERROR:
-
- if (BufferIn != NULL) {
- FreePool (BufferIn);
- BufferIn = NULL;
- }
-
- if (BufferOut != NULL) {
- FreePool (BufferOut);
- BufferOut = NULL;
- }
-
- return Status;
-}
-
-/**
- Decrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- cipher text TLS payload;
- On output these fragments contain the TLS header and
- plain text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsDecryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- )
-{
- EFI_STATUS Status;
- UINTN Index;
- UINT32 BytesCopied;
- UINT8 *BufferIn;
- UINT32 BufferInSize;
- UINT8 *BufferInPtr;
- TLS_RECORD_HEADER *RecordHeaderIn;
- UINT16 ThisCipherMessageSize;
- TLS_RECORD_HEADER *TempRecordHeader;
- UINT16 ThisPlainMessageSize;
- UINT8 *BufferOut;
- UINT32 BufferOutSize;
- INTN Ret;
-
- Status = EFI_SUCCESS;
- BytesCopied = 0;
- BufferIn = NULL;
- BufferInSize = 0;
- BufferInPtr = NULL;
- RecordHeaderIn = NULL;
- TempRecordHeader = NULL;
- BufferOut = NULL;
- BufferOutSize = 0;
- Ret = 0;
-
- //
- // Calculate the size according to the fragment table.
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- BufferInSize += (*FragmentTable)[Index].FragmentLength;
- }
-
- //
- // Allocate buffer for processing data
- //
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Copy all TLS plain record header and payload to BufferIn
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- CopyMem (
- (BufferIn + BytesCopied),
- (*FragmentTable)[Index].FragmentBuffer,
- (*FragmentTable)[Index].FragmentLength
- );
- BytesCopied += (*FragmentTable)[Index].FragmentLength;
- }
-
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Parsing buffer. Received packet may have multiple TLS record messages.
- //
- BufferInPtr = BufferIn;
- TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
- while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
- RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
-
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
- Status = EFI_INVALID_PARAMETER;
- goto ERROR;
- }
-
- ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
-
- Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
- if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
- TlsInstance->TlsSessionState = EfiTlsSessionError;
- Status = EFI_ABORTED;
- goto ERROR;
- }
-
- Ret = 0;
- Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
-
- if (Ret > 0) {
- ThisPlainMessageSize = (UINT16) Ret;
- } else {
- //
- // No data was successfully decrypted, continue to decrypt other messages.
- //
- DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
-
- ThisPlainMessageSize = 0;
- }
-
- CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
- TempRecordHeader->Length = ThisPlainMessageSize;
- BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
-
- BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
- TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
- }
-
- FreePool (BufferIn);
- BufferIn = NULL;
-
- //
- // The caller will be responsible to handle the original fragment table
- //
- *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
- if (*FragmentTable == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- (*FragmentTable)[0].FragmentBuffer = BufferOut;
- (*FragmentTable)[0].FragmentLength = BufferOutSize;
- *FragmentCount = 1;
-
- return Status;
-
-ERROR:
-
- if (BufferIn != NULL) {
- FreePool (BufferIn);
- BufferIn = NULL;
- }
-
- if (BufferOut != NULL) {
- FreePool (BufferOut);
- BufferOut = NULL;
- }
-
- return Status;
-}
+/** @file\r
+ The Miscellaneous Routines for TlsDxe driver.\r
+\r
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsImpl.h"\r
+\r
+/**\r
+ Encrypt the message listed in fragment.\r
+\r
+ @param[in] TlsInstance The pointer to the TLS instance.\r
+ @param[in, out] FragmentTable Pointer to a list of fragment.\r
+ On input these fragments contain the TLS header and\r
+ plain text TLS payload;\r
+ On output these fragments contain the TLS header and\r
+ cipher text TLS payload.\r
+ @param[in] FragmentCount Number of fragment.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED TLS session state is incorrect.\r
+ @retval Others Other errors as indicated.\r
+**/\r
+EFI_STATUS\r
+TlsEncryptPacket (\r
+ IN TLS_INSTANCE *TlsInstance,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+ UINT32 BytesCopied;\r
+ UINT32 BufferInSize;\r
+ UINT8 *BufferIn;\r
+ UINT8 *BufferInPtr;\r
+ TLS_RECORD_HEADER *RecordHeaderIn;\r
+ UINT16 ThisPlainMessageSize;\r
+ TLS_RECORD_HEADER *TempRecordHeader;\r
+ UINT16 ThisMessageSize;\r
+ UINT32 BufferOutSize;\r
+ UINT8 *BufferOut;\r
+ INTN Ret;\r
+\r
+ Status = EFI_SUCCESS;\r
+ BytesCopied = 0;\r
+ BufferInSize = 0;\r
+ BufferIn = NULL;\r
+ BufferInPtr = NULL;\r
+ RecordHeaderIn = NULL;\r
+ TempRecordHeader = NULL;\r
+ BufferOutSize = 0;\r
+ BufferOut = NULL;\r
+ Ret = 0;\r
+\r
+ //\r
+ // Calculate the size according to the fragment table.\r
+ //\r
+ for (Index = 0; Index < *FragmentCount; Index++) {\r
+ BufferInSize += (*FragmentTable)[Index].FragmentLength;\r
+ }\r
+\r
+ //\r
+ // Allocate buffer for processing data.\r
+ //\r
+ BufferIn = AllocateZeroPool (BufferInSize);\r
+ if (BufferIn == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ERROR;\r
+ }\r
+\r
+ //\r
+ // Copy all TLS plain record header and payload into BufferIn.\r
+ //\r
+ for (Index = 0; Index < *FragmentCount; Index++) {\r
+ CopyMem (\r
+ (BufferIn + BytesCopied),\r
+ (*FragmentTable)[Index].FragmentBuffer,\r
+ (*FragmentTable)[Index].FragmentLength\r
+ );\r
+ BytesCopied += (*FragmentTable)[Index].FragmentLength;\r
+ }\r
+\r
+ BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ERROR;\r
+ }\r
+\r
+ //\r
+ // Parsing buffer.\r
+ //\r
+ BufferInPtr = BufferIn;\r
+ TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;\r
+ while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {\r
+ RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;\r
+\r
+ if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ERROR;\r
+ }\r
+\r
+ ThisPlainMessageSize = RecordHeaderIn->Length;\r
+\r
+ TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);\r
+\r
+ Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);\r
+\r
+ if (Ret > 0) {\r
+ ThisMessageSize = (UINT16) Ret;\r
+ } else {\r
+ //\r
+ // No data was successfully encrypted, continue to encrypt other messages.\r
+ //\r
+ DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));\r
+\r
+ ThisMessageSize = 0;\r
+ }\r
+\r
+ BufferOutSize += ThisMessageSize;\r
+\r
+ BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;\r
+ TempRecordHeader += ThisMessageSize;\r
+ }\r
+\r
+ FreePool (BufferIn);\r
+ BufferIn = NULL;\r
+\r
+ //\r
+ // The caller will be responsible to handle the original fragment table.\r
+ //\r
+ *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));\r
+ if (*FragmentTable == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ERROR;\r
+ }\r
+\r
+ (*FragmentTable)[0].FragmentBuffer = BufferOut;\r
+ (*FragmentTable)[0].FragmentLength = BufferOutSize;\r
+ *FragmentCount = 1;\r
+\r
+ return Status;\r
+\r
+ERROR:\r
+\r
+ if (BufferIn != NULL) {\r
+ FreePool (BufferIn);\r
+ BufferIn = NULL;\r
+ }\r
+\r
+ if (BufferOut != NULL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = NULL;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Decrypt the message listed in fragment.\r
+\r
+ @param[in] TlsInstance The pointer to the TLS instance.\r
+ @param[in, out] FragmentTable Pointer to a list of fragment.\r
+ On input these fragments contain the TLS header and\r
+ cipher text TLS payload;\r
+ On output these fragments contain the TLS header and\r
+ plain text TLS payload.\r
+ @param[in] FragmentCount Number of fragment.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED TLS session state is incorrect.\r
+ @retval Others Other errors as indicated.\r
+**/\r
+EFI_STATUS\r
+TlsDecryptPacket (\r
+ IN TLS_INSTANCE *TlsInstance,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+ UINT32 BytesCopied;\r
+ UINT8 *BufferIn;\r
+ UINT32 BufferInSize;\r
+ UINT8 *BufferInPtr;\r
+ TLS_RECORD_HEADER *RecordHeaderIn;\r
+ UINT16 ThisCipherMessageSize;\r
+ TLS_RECORD_HEADER *TempRecordHeader;\r
+ UINT16 ThisPlainMessageSize;\r
+ UINT8 *BufferOut;\r
+ UINT32 BufferOutSize;\r
+ INTN Ret;\r
+\r
+ Status = EFI_SUCCESS;\r
+ BytesCopied = 0;\r
+ BufferIn = NULL;\r
+ BufferInSize = 0;\r
+ BufferInPtr = NULL;\r
+ RecordHeaderIn = NULL;\r
+ TempRecordHeader = NULL;\r
+ BufferOut = NULL;\r
+ BufferOutSize = 0;\r
+ Ret = 0;\r
+\r
+ //\r
+ // Calculate the size according to the fragment table.\r
+ //\r
+ for (Index = 0; Index < *FragmentCount; Index++) {\r
+ BufferInSize += (*FragmentTable)[Index].FragmentLength;\r
+ }\r
+\r
+ //\r
+ // Allocate buffer for processing data\r
+ //\r
+ BufferIn = AllocateZeroPool (BufferInSize);\r
+ if (BufferIn == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ERROR;\r
+ }\r
+\r
+ //\r
+ // Copy all TLS plain record header and payload to BufferIn\r
+ //\r
+ for (Index = 0; Index < *FragmentCount; Index++) {\r
+ CopyMem (\r
+ (BufferIn + BytesCopied),\r
+ (*FragmentTable)[Index].FragmentBuffer,\r
+ (*FragmentTable)[Index].FragmentLength\r
+ );\r
+ BytesCopied += (*FragmentTable)[Index].FragmentLength;\r
+ }\r
+\r
+ BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);\r
+ if (BufferOut == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ERROR;\r
+ }\r
+\r
+ //\r
+ // Parsing buffer. Received packet may have multiple TLS record messages.\r
+ //\r
+ BufferInPtr = BufferIn;\r
+ TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;\r
+ while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {\r
+ RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;\r
+\r
+ if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ERROR;\r
+ }\r
+\r
+ ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);\r
+\r
+ Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);\r
+ if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {\r
+ TlsInstance->TlsSessionState = EfiTlsSessionError;\r
+ Status = EFI_ABORTED;\r
+ goto ERROR;\r
+ }\r
+\r
+ Ret = 0;\r
+ Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);\r
+\r
+ if (Ret > 0) {\r
+ ThisPlainMessageSize = (UINT16) Ret;\r
+ } else {\r
+ //\r
+ // No data was successfully decrypted, continue to decrypt other messages.\r
+ //\r
+ DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));\r
+\r
+ ThisPlainMessageSize = 0;\r
+ }\r
+\r
+ CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);\r
+ TempRecordHeader->Length = ThisPlainMessageSize;\r
+ BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;\r
+\r
+ BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;\r
+ TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;\r
+ }\r
+\r
+ FreePool (BufferIn);\r
+ BufferIn = NULL;\r
+\r
+ //\r
+ // The caller will be responsible to handle the original fragment table\r
+ //\r
+ *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));\r
+ if (*FragmentTable == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ERROR;\r
+ }\r
+\r
+ (*FragmentTable)[0].FragmentBuffer = BufferOut;\r
+ (*FragmentTable)[0].FragmentLength = BufferOutSize;\r
+ *FragmentCount = 1;\r
+\r
+ return Status;\r
+\r
+ERROR:\r
+\r
+ if (BufferIn != NULL) {\r
+ FreePool (BufferIn);\r
+ BufferIn = NULL;\r
+ }\r
+\r
+ if (BufferOut != NULL) {\r
+ FreePool (BufferOut);\r
+ BufferOut = NULL;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
-/** @file
- Header file of Miscellaneous Routines for TlsDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __EFI_TLS_IMPL_H__
-#define __EFI_TLS_IMPL_H__
-
-//
-// Libraries
-//
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/BaseLib.h>
-#include <Library/UefiLib.h>
-#include <Library/DebugLib.h>
-#include <Library/NetLib.h>
-#include <Library/BaseCryptLib.h>
-#include <Library/TlsLib.h>
-
-//
-// Consumed Protocols
-//
-#include <Protocol/Tls.h>
-#include <Protocol/TlsConfig.h>
-
-#include <IndustryStandard/Tls1.h>
-
-#include "TlsDriver.h"
-
-//
-// Protocol instances
-//
-extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
-extern EFI_TLS_PROTOCOL mTlsProtocol;
-extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
-
-#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
-
-#define MAX_BUFFER_SIZE 32768
-
-/**
- Encrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- plain text TLS payload;
- On output these fragments contain the TLS header and
- cipher text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsEncryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- );
-
-/**
- Decrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- cipher text TLS payload;
- On output these fragments contain the TLS header and
- plain text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsDecryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- );
-
-/**
- Set TLS session data.
-
- The SetSessionData() function set data for a new TLS session. All session data should
- be set before BuildResponsePacket() invoked.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in] Data Pointer to session data.
- @param[in] DataSize Total size of session data.
-
- @retval EFI_SUCCESS The TLS session data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_ACCESS_DENIED If the DataType is one of below:
- EfiTlsClientRandom
- EfiTlsServerRandom
- EfiTlsKeyMaterial
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionStateNotStarted.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Get TLS session data.
-
- The GetSessionData() function return the TLS session information.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in, out] Data Pointer to session data.
- @param[in, out] DataSize Total size of session data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS session data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS session data is not found.
- @retval EFI_NOT_READY The DataType is not ready in current session state.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- );
-
-/**
- Build response packet according to TLS state machine. This function is only valid for
- alert, handshake and change_cipher_spec content type.
-
- The BuildResponsePacket() function builds TLS response packet in response to the TLS
- request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
- will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
- session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
- session has errors and the response packet needs to be Alert message based on error
- type.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
- means TLS need initiate the TLS session and response
- packet need to be ClientHello.
- @param[in] RequestSize Packet size in bytes for the most recently received TLS
- packet. 0 is only valid when RequestBuffer is NULL.
- @param[out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- RequestBuffer is NULL but RequestSize is NOT 0.
- RequestSize is 0 but RequestBuffer is NOT NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
- @retval EFI_NOT_READY Current TLS session state is NOT ready to build
- ResponsePacket.
- @retval EFI_ABORTED Something wrong build response packet.
-**/
-EFI_STATUS
-EFIAPI
-TlsBuildResponsePacket (
- IN EFI_TLS_PROTOCOL *This,
- IN UINT8 *RequestBuffer, OPTIONAL
- IN UINTN RequestSize, OPTIONAL
- OUT UINT8 *Buffer, OPTIONAL
- IN OUT UINTN *BufferSize
- );
-
-/**
- Decrypt or encrypt TLS packet during session. This function is only valid after
- session connected and for application_data content type.
-
- The ProcessPacket () function process each inbound or outbound TLS APP packet.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
- responsible to handle the original FragmentTable while
- it may be reallocated in TLS driver. If CryptMode is
- EfiTlsEncrypt, on input these fragments contain the TLS
- header and plain text TLS APP payload; on output these
- fragments contain the TLS header and cipher text TLS
- APP payload. If CryptMode is EfiTlsDecrypt, on input
- these fragments contain the TLS header and cipher text
- TLS APP payload; on output these fragments contain the
- TLS header and plain text TLS APP payload.
- @param[in] FragmentCount Number of fragment.
- @param[in] CryptMode Crypt mode.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- FragmentTable is NULL.
- FragmentCount is NULL.
- CryptoMode is invalid.
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionDataTransferring.
- @retval EFI_ABORTED Something wrong decryption the message. TLS session
- status will become EfiTlsSessionError. The caller need
- call BuildResponsePacket() to generate Error Alert
- message and send it out.
- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessPacket (
- IN EFI_TLS_PROTOCOL *This,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
- IN EFI_TLS_CRYPT_MODE CryptMode
- );
-
-/**
- Set TLS configuration data.
-
- The SetData() function sets TLS configuration to non-volatile storage or volatile
- storage.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in] Data Pointer to configuration data.
- @param[in] DataSize Total size of configuration data.
-
- @retval EFI_SUCCESS The TLS configuration data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationSetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Get TLS configuration data.
-
- The GetData() function gets TLS configuration.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in, out] Data Pointer to configuration data.
- @param[in, out] DataSize Total size of configuration data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS configuration data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS configuration data is not found.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationGetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- );
-
-#endif
+/** @file\r
+ Header file of Miscellaneous Routines for TlsDxe driver.\r
+\r
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __EFI_TLS_IMPL_H__\r
+#define __EFI_TLS_IMPL_H__\r
+\r
+//\r
+// Libraries\r
+//\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/NetLib.h>\r
+#include <Library/BaseCryptLib.h>\r
+#include <Library/TlsLib.h>\r
+\r
+//\r
+// Consumed Protocols\r
+//\r
+#include <Protocol/Tls.h>\r
+#include <Protocol/TlsConfig.h>\r
+\r
+#include <IndustryStandard/Tls1.h>\r
+\r
+#include "TlsDriver.h"\r
+\r
+//\r
+// Protocol instances\r
+//\r
+extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;\r
+extern EFI_TLS_PROTOCOL mTlsProtocol;\r
+extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;\r
+\r
+#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)\r
+\r
+#define MAX_BUFFER_SIZE 32768\r
+\r
+/**\r
+ Encrypt the message listed in fragment.\r
+\r
+ @param[in] TlsInstance The pointer to the TLS instance.\r
+ @param[in, out] FragmentTable Pointer to a list of fragment.\r
+ On input these fragments contain the TLS header and\r
+ plain text TLS payload;\r
+ On output these fragments contain the TLS header and\r
+ cipher text TLS payload.\r
+ @param[in] FragmentCount Number of fragment.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED TLS session state is incorrect.\r
+ @retval Others Other errors as indicated.\r
+**/\r
+EFI_STATUS\r
+TlsEncryptPacket (\r
+ IN TLS_INSTANCE *TlsInstance,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount\r
+ );\r
+\r
+/**\r
+ Decrypt the message listed in fragment.\r
+\r
+ @param[in] TlsInstance The pointer to the TLS instance.\r
+ @param[in, out] FragmentTable Pointer to a list of fragment.\r
+ On input these fragments contain the TLS header and\r
+ cipher text TLS payload;\r
+ On output these fragments contain the TLS header and\r
+ plain text TLS payload.\r
+ @param[in] FragmentCount Number of fragment.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+ @retval EFI_ABORTED TLS session state is incorrect.\r
+ @retval Others Other errors as indicated.\r
+**/\r
+EFI_STATUS\r
+TlsDecryptPacket (\r
+ IN TLS_INSTANCE *TlsInstance,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount\r
+ );\r
+\r
+/**\r
+ Set TLS session data.\r
+\r
+ The SetSessionData() function set data for a new TLS session. All session data should\r
+ be set before BuildResponsePacket() invoked.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in] DataType TLS session data type.\r
+ @param[in] Data Pointer to session data.\r
+ @param[in] DataSize Total size of session data.\r
+\r
+ @retval EFI_SUCCESS The TLS session data is set successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ Data is NULL.\r
+ DataSize is 0.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_ACCESS_DENIED If the DataType is one of below:\r
+ EfiTlsClientRandom\r
+ EfiTlsServerRandom\r
+ EfiTlsKeyMaterial\r
+ @retval EFI_NOT_READY Current TLS session state is NOT\r
+ EfiTlsSessionStateNotStarted.\r
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetSessionData (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Get TLS session data.\r
+\r
+ The GetSessionData() function return the TLS session information.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in] DataType TLS session data type.\r
+ @param[in, out] Data Pointer to session data.\r
+ @param[in, out] DataSize Total size of session data. On input, it means\r
+ the size of Data buffer. On output, it means the size\r
+ of copied Data buffer if EFI_SUCCESS, and means the\r
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.\r
+\r
+ @retval EFI_SUCCESS The TLS session data is got successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ DataSize is NULL.\r
+ Data is NULL if *DataSize is not zero.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_NOT_FOUND The TLS session data is not found.\r
+ @retval EFI_NOT_READY The DataType is not ready in current session state.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetSessionData (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
+ IN OUT VOID *Data, OPTIONAL\r
+ IN OUT UINTN *DataSize\r
+ );\r
+\r
+/**\r
+ Build response packet according to TLS state machine. This function is only valid for\r
+ alert, handshake and change_cipher_spec content type.\r
+\r
+ The BuildResponsePacket() function builds TLS response packet in response to the TLS\r
+ request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and\r
+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session\r
+ will be initiated and the response packet needs to be ClientHello. If RequestBuffer is\r
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS\r
+ session will be closed and response packet needs to be CloseNotify. If RequestBuffer is\r
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS\r
+ session has errors and the response packet needs to be Alert message based on error\r
+ type.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL\r
+ means TLS need initiate the TLS session and response\r
+ packet need to be ClientHello.\r
+ @param[in] RequestSize Packet size in bytes for the most recently received TLS\r
+ packet. 0 is only valid when RequestBuffer is NULL.\r
+ @param[out] Buffer Pointer to the buffer to hold the built packet.\r
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
+ the buffer size provided by the caller. On output, it\r
+ is the buffer size in fact needed to contain the\r
+ packet.\r
+\r
+ @retval EFI_SUCCESS The required TLS packet is built successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ RequestBuffer is NULL but RequestSize is NOT 0.\r
+ RequestSize is 0 but RequestBuffer is NOT NULL.\r
+ BufferSize is NULL.\r
+ Buffer is NULL if *BufferSize is not zero.\r
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
+ @retval EFI_NOT_READY Current TLS session state is NOT ready to build\r
+ ResponsePacket.\r
+ @retval EFI_ABORTED Something wrong build response packet.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsBuildResponsePacket (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN UINT8 *RequestBuffer, OPTIONAL\r
+ IN UINTN RequestSize, OPTIONAL\r
+ OUT UINT8 *Buffer, OPTIONAL\r
+ IN OUT UINTN *BufferSize\r
+ );\r
+\r
+/**\r
+ Decrypt or encrypt TLS packet during session. This function is only valid after\r
+ session connected and for application_data content type.\r
+\r
+ The ProcessPacket () function process each inbound or outbound TLS APP packet.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take\r
+ responsible to handle the original FragmentTable while\r
+ it may be reallocated in TLS driver. If CryptMode is\r
+ EfiTlsEncrypt, on input these fragments contain the TLS\r
+ header and plain text TLS APP payload; on output these\r
+ fragments contain the TLS header and cipher text TLS\r
+ APP payload. If CryptMode is EfiTlsDecrypt, on input\r
+ these fragments contain the TLS header and cipher text\r
+ TLS APP payload; on output these fragments contain the\r
+ TLS header and plain text TLS APP payload.\r
+ @param[in] FragmentCount Number of fragment.\r
+ @param[in] CryptMode Crypt mode.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ FragmentTable is NULL.\r
+ FragmentCount is NULL.\r
+ CryptoMode is invalid.\r
+ @retval EFI_NOT_READY Current TLS session state is NOT\r
+ EfiTlsSessionDataTransferring.\r
+ @retval EFI_ABORTED Something wrong decryption the message. TLS session\r
+ status will become EfiTlsSessionError. The caller need\r
+ call BuildResponsePacket() to generate Error Alert\r
+ message and send it out.\r
+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsProcessPacket (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount,\r
+ IN EFI_TLS_CRYPT_MODE CryptMode\r
+ );\r
+\r
+/**\r
+ Set TLS configuration data.\r
+\r
+ The SetData() function sets TLS configuration to non-volatile storage or volatile\r
+ storage.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.\r
+ @param[in] DataType Configuration data type.\r
+ @param[in] Data Pointer to configuration data.\r
+ @param[in] DataSize Total size of configuration data.\r
+\r
+ @retval EFI_SUCCESS The TLS configuration data is set successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ Data is NULL.\r
+ DataSize is 0.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConfigurationSetData (\r
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,\r
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Get TLS configuration data.\r
+\r
+ The GetData() function gets TLS configuration.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.\r
+ @param[in] DataType Configuration data type.\r
+ @param[in, out] Data Pointer to configuration data.\r
+ @param[in, out] DataSize Total size of configuration data. On input, it means\r
+ the size of Data buffer. On output, it means the size\r
+ of copied Data buffer if EFI_SUCCESS, and means the\r
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.\r
+\r
+ @retval EFI_SUCCESS The TLS configuration data is got successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ DataSize is NULL.\r
+ Data is NULL if *DataSize is not zero.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_NOT_FOUND The TLS configuration data is not found.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsConfigurationGetData (\r
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,\r
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,\r
+ IN OUT VOID *Data, OPTIONAL\r
+ IN OUT UINTN *DataSize\r
+ );\r
+\r
+#endif\r
+\r
-/** @file
- Implementation of EFI TLS Protocol Interfaces.
-
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-EFI_TLS_PROTOCOL mTlsProtocol = {
- TlsSetSessionData,
- TlsGetSessionData,
- TlsBuildResponsePacket,
- TlsProcessPacket
-};
-
-/**
- Set TLS session data.
-
- The SetSessionData() function set data for a new TLS session. All session data should
- be set before BuildResponsePacket() invoked.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in] Data Pointer to session data.
- @param[in] DataSize Total size of session data.
-
- @retval EFI_SUCCESS The TLS session data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_ACCESS_DENIED If the DataType is one of below:
- EfiTlsClientRandom
- EfiTlsServerRandom
- EfiTlsKeyMaterial
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionStateNotStarted.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
- UINT16 *CipherId;
- UINTN Index;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
- CipherId = NULL;
-
- if (This == NULL || Data == NULL || DataSize == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){
- Status = EFI_NOT_READY;
- goto ON_EXIT;
- }
-
- switch (DataType) {
- //
- // Session Configuration
- //
- case EfiTlsVersion:
- if (DataSize != sizeof (EFI_TLS_VERSION)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);
- break;
- case EfiTlsConnectionEnd:
- if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));
- break;
- case EfiTlsCipherList:
- CipherId = AllocatePool (DataSize);
- if (CipherId == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {
- *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));
- }
-
- Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof (EFI_TLS_CIPHER));
-
- FreePool (CipherId);
- break;
- case EfiTlsCompressionMethod:
- //
- // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the
- // record protocol will not be compressed.
- // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html
- // The TLS RFC does however not specify compression methods or their corresponding identifiers,
- // so there is currently no compatible way to integrate compression with unknown peers.
- // It is therefore currently not recommended to integrate compression into applications.
- // Applications for non-public use may agree on certain compression methods.
- // Using different compression methods with the same identifier will lead to connection failure.
- //
- for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {
- Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
- if (EFI_ERROR (Status)) {
- break;
- }
- }
-
- break;
- case EfiTlsExtensionData:
- Status = EFI_UNSUPPORTED;
- goto ON_EXIT;
- case EfiTlsVerifyMethod:
- if (DataSize != sizeof (EFI_TLS_VERIFY)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
- break;
- case EfiTlsSessionID:
- if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Status = TlsSetSessionId (
- Instance->TlsConn,
- ((EFI_TLS_SESSION_ID *) Data)->Data,
- ((EFI_TLS_SESSION_ID *) Data)->Length
- );
- break;
- case EfiTlsSessionState:
- if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
- break;
- //
- // Session information
- //
- case EfiTlsClientRandom:
- Status = EFI_ACCESS_DENIED;
- break;
- case EfiTlsServerRandom:
- Status = EFI_ACCESS_DENIED;
- break;
- case EfiTlsKeyMaterial:
- Status = EFI_ACCESS_DENIED;
- break;
- //
- // Unsupported type.
- //
- default:
- Status = EFI_UNSUPPORTED;
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Get TLS session data.
-
- The GetSessionData() function return the TLS session information.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in, out] Data Pointer to session data.
- @param[in, out] DataSize Total size of session data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS session data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS session data is not found.
- @retval EFI_NOT_READY The DataType is not ready in current session state.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
- (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
- DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
- Status = EFI_NOT_READY;
- goto ON_EXIT;
- }
-
- switch (DataType) {
- case EfiTlsVersion:
- if (*DataSize < sizeof (EFI_TLS_VERSION)) {
- *DataSize = sizeof (EFI_TLS_VERSION);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_VERSION);
- *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
- break;
- case EfiTlsConnectionEnd:
- if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
- *DataSize = sizeof (EFI_TLS_CONNECTION_END);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_CONNECTION_END);
- *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
- break;
- case EfiTlsCipherList:
- //
- // Get the current session cipher suite.
- //
- if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
- *DataSize = sizeof (EFI_TLS_CIPHER);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof(EFI_TLS_CIPHER);
- Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
- *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
- break;
- case EfiTlsCompressionMethod:
- //
- // Get the current session compression method.
- //
- if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
- *DataSize = sizeof (EFI_TLS_COMPRESSION);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_COMPRESSION);
- Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);
- break;
- case EfiTlsExtensionData:
- Status = EFI_UNSUPPORTED;
- goto ON_EXIT;
- case EfiTlsVerifyMethod:
- if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
- *DataSize = sizeof (EFI_TLS_VERIFY);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_VERIFY);
- *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
- break;
- case EfiTlsSessionID:
- if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
- *DataSize = sizeof (EFI_TLS_SESSION_ID);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_SESSION_ID);
- Status = TlsGetSessionId (
- Instance->TlsConn,
- ((EFI_TLS_SESSION_ID *) Data)->Data,
- &(((EFI_TLS_SESSION_ID *) Data)->Length)
- );
- break;
- case EfiTlsSessionState:
- if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
- *DataSize = sizeof (EFI_TLS_SESSION_STATE);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_SESSION_STATE);
- CopyMem (Data, &Instance->TlsSessionState, *DataSize);
- break;
- case EfiTlsClientRandom:
- if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
- *DataSize = sizeof (EFI_TLS_RANDOM);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_RANDOM);
- TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
- break;
- case EfiTlsServerRandom:
- if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
- *DataSize = sizeof (EFI_TLS_RANDOM);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_RANDOM);
- TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
- break;
- case EfiTlsKeyMaterial:
- if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
- *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
- Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
- break;
- //
- // Unsupported type.
- //
- default:
- Status = EFI_UNSUPPORTED;
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Build response packet according to TLS state machine. This function is only valid for
- alert, handshake and change_cipher_spec content type.
-
- The BuildResponsePacket() function builds TLS response packet in response to the TLS
- request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
- will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
- session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
- session has errors and the response packet needs to be Alert message based on error
- type.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
- means TLS need initiate the TLS session and response
- packet need to be ClientHello.
- @param[in] RequestSize Packet size in bytes for the most recently received TLS
- packet. 0 is only valid when RequestBuffer is NULL.
- @param[out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- RequestBuffer is NULL but RequestSize is NOT 0.
- RequestSize is 0 but RequestBuffer is NOT NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
- @retval EFI_NOT_READY Current TLS session state is NOT ready to build
- ResponsePacket.
- @retval EFI_ABORTED Something wrong build response packet.
-**/
-EFI_STATUS
-EFIAPI
-TlsBuildResponsePacket (
- IN EFI_TLS_PROTOCOL *This,
- IN UINT8 *RequestBuffer, OPTIONAL
- IN UINTN RequestSize, OPTIONAL
- OUT UINT8 *Buffer, OPTIONAL
- IN OUT UINTN *BufferSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if ((This == NULL) || (BufferSize == NULL) ||
- (RequestBuffer == NULL && RequestSize != 0) ||
- (RequestBuffer != NULL && RequestSize == 0) ||
- (Buffer == NULL && *BufferSize !=0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if(RequestBuffer == NULL && RequestSize == 0) {
- switch (Instance->TlsSessionState) {
- case EfiTlsSessionNotStarted:
- //
- // ClientHello.
- //
- Status = TlsDoHandshake (
- Instance->TlsConn,
- NULL,
- 0,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- //
- // *BufferSize should not be zero when ClientHello.
- //
- if (*BufferSize == 0) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- Instance->TlsSessionState = EfiTlsSessionHandShaking;
-
- break;
- case EfiTlsSessionClosing:
- //
- // TLS session will be closed and response packet needs to be CloseNotify.
- //
- Status = TlsCloseNotify (
- Instance->TlsConn,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- //
- // *BufferSize should not be zero when build CloseNotify message.
- //
- if (*BufferSize == 0) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- break;
- case EfiTlsSessionError:
- //
- // TLS session has errors and the response packet needs to be Alert
- // message based on error type.
- //
- Status = TlsHandleAlert (
- Instance->TlsConn,
- NULL,
- 0,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- break;
- default:
- //
- // Current TLS session state is NOT ready to build ResponsePacket.
- //
- Status = EFI_NOT_READY;
- }
- } else {
- //
- // 1. Received packet may have multiple TLS record messages.
- // 2. One TLS record message may have multiple handshake protocol.
- // 3. Some errors may be happened in handshake.
- // TlsDoHandshake() can handle all of those cases.
- //
- if (TlsInHandshake (Instance->TlsConn)) {
- Status = TlsDoHandshake (
- Instance->TlsConn,
- RequestBuffer,
- RequestSize,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- if (!TlsInHandshake (Instance->TlsConn)) {
- Instance->TlsSessionState = EfiTlsSessionDataTransferring;
- }
- } else {
- //
- // Must be alert message, Decrypt it and build the ResponsePacket.
- //
- ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);
-
- Status = TlsHandleAlert (
- Instance->TlsConn,
- RequestBuffer,
- RequestSize,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- if (Status != EFI_BUFFER_TOO_SMALL) {
- Instance->TlsSessionState = EfiTlsSessionError;
- }
-
- goto ON_EXIT;
- }
- }
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Decrypt or encrypt TLS packet during session. This function is only valid after
- session connected and for application_data content type.
-
- The ProcessPacket () function process each inbound or outbound TLS APP packet.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
- responsible to handle the original FragmentTable while
- it may be reallocated in TLS driver. If CryptMode is
- EfiTlsEncrypt, on input these fragments contain the TLS
- header and plain text TLS APP payload; on output these
- fragments contain the TLS header and cipher text TLS
- APP payload. If CryptMode is EfiTlsDecrypt, on input
- these fragments contain the TLS header and cipher text
- TLS APP payload; on output these fragments contain the
- TLS header and plain text TLS APP payload.
- @param[in] FragmentCount Number of fragment.
- @param[in] CryptMode Crypt mode.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- FragmentTable is NULL.
- FragmentCount is NULL.
- CryptoMode is invalid.
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionDataTransferring.
- @retval EFI_ABORTED Something wrong decryption the message. TLS session
- status will become EfiTlsSessionError. The caller need
- call BuildResponsePacket() to generate Error Alert
- message and send it out.
- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessPacket (
- IN EFI_TLS_PROTOCOL *This,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
- IN EFI_TLS_CRYPT_MODE CryptMode
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
- Status = EFI_NOT_READY;
- goto ON_EXIT;
- }
-
- //
- // Packet sent or received may have multiple TLS record messages (Application data type).
- // So,on input these fragments contain the TLS header and TLS APP payload;
- // on output these fragments also contain the TLS header and TLS APP payload.
- //
- switch (CryptMode) {
- case EfiTlsEncrypt:
- Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
- break;
- case EfiTlsDecrypt:
- Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
- break;
- default:
- return EFI_INVALID_PARAMETER;
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
+/** @file\r
+ Implementation of EFI TLS Protocol Interfaces.\r
+\r
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php.\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "TlsImpl.h"\r
+\r
+EFI_TLS_PROTOCOL mTlsProtocol = {\r
+ TlsSetSessionData,\r
+ TlsGetSessionData,\r
+ TlsBuildResponsePacket,\r
+ TlsProcessPacket\r
+};\r
+\r
+/**\r
+ Set TLS session data.\r
+\r
+ The SetSessionData() function set data for a new TLS session. All session data should\r
+ be set before BuildResponsePacket() invoked.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in] DataType TLS session data type.\r
+ @param[in] Data Pointer to session data.\r
+ @param[in] DataSize Total size of session data.\r
+\r
+ @retval EFI_SUCCESS The TLS session data is set successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ Data is NULL.\r
+ DataSize is 0.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_ACCESS_DENIED If the DataType is one of below:\r
+ EfiTlsClientRandom\r
+ EfiTlsServerRandom\r
+ EfiTlsKeyMaterial\r
+ @retval EFI_NOT_READY Current TLS session state is NOT\r
+ EfiTlsSessionStateNotStarted.\r
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetSessionData (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+ UINT16 *CipherId;\r
+ UINTN Index;\r
+\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+ CipherId = NULL;\r
+\r
+ if (This == NULL || Data == NULL || DataSize == 0) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
+\r
+ if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){\r
+ Status = EFI_NOT_READY;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ switch (DataType) {\r
+ //\r
+ // Session Configuration\r
+ //\r
+ case EfiTlsVersion:\r
+ if (DataSize != sizeof (EFI_TLS_VERSION)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);\r
+ break;\r
+ case EfiTlsConnectionEnd:\r
+ if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));\r
+ break;\r
+ case EfiTlsCipherList:\r
+ CipherId = AllocatePool (DataSize);\r
+ if (CipherId == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {\r
+ *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));\r
+ }\r
+\r
+ Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof (EFI_TLS_CIPHER));\r
+\r
+ FreePool (CipherId);\r
+ break;\r
+ case EfiTlsCompressionMethod:\r
+ //\r
+ // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the\r
+ // record protocol will not be compressed.\r
+ // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html\r
+ // The TLS RFC does however not specify compression methods or their corresponding identifiers,\r
+ // so there is currently no compatible way to integrate compression with unknown peers.\r
+ // It is therefore currently not recommended to integrate compression into applications.\r
+ // Applications for non-public use may agree on certain compression methods.\r
+ // Using different compression methods with the same identifier will lead to connection failure.\r
+ //\r
+ for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {\r
+ Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));\r
+ if (EFI_ERROR (Status)) {\r
+ break;\r
+ }\r
+ }\r
+\r
+ break;\r
+ case EfiTlsExtensionData:\r
+ Status = EFI_UNSUPPORTED;\r
+ goto ON_EXIT;\r
+ case EfiTlsVerifyMethod:\r
+ if (DataSize != sizeof (EFI_TLS_VERIFY)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));\r
+ break;\r
+ case EfiTlsSessionID:\r
+ if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = TlsSetSessionId (\r
+ Instance->TlsConn,\r
+ ((EFI_TLS_SESSION_ID *) Data)->Data,\r
+ ((EFI_TLS_SESSION_ID *) Data)->Length\r
+ );\r
+ break;\r
+ case EfiTlsSessionState:\r
+ if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;\r
+ break;\r
+ //\r
+ // Session information\r
+ //\r
+ case EfiTlsClientRandom:\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ case EfiTlsServerRandom:\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ case EfiTlsKeyMaterial:\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ //\r
+ // Unsupported type.\r
+ //\r
+ default:\r
+ Status = EFI_UNSUPPORTED;\r
+ }\r
+\r
+ON_EXIT:\r
+ gBS->RestoreTPL (OldTpl);\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Get TLS session data.\r
+\r
+ The GetSessionData() function return the TLS session information.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in] DataType TLS session data type.\r
+ @param[in, out] Data Pointer to session data.\r
+ @param[in, out] DataSize Total size of session data. On input, it means\r
+ the size of Data buffer. On output, it means the size\r
+ of copied Data buffer if EFI_SUCCESS, and means the\r
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.\r
+\r
+ @retval EFI_SUCCESS The TLS session data is got successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ DataSize is NULL.\r
+ Data is NULL if *DataSize is not zero.\r
+ @retval EFI_UNSUPPORTED The DataType is unsupported.\r
+ @retval EFI_NOT_FOUND The TLS session data is not found.\r
+ @retval EFI_NOT_READY The DataType is not ready in current session state.\r
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetSessionData (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
+ IN OUT VOID *Data, OPTIONAL\r
+ IN OUT UINTN *DataSize\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
+\r
+ if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&\r
+ (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||\r
+ DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {\r
+ Status = EFI_NOT_READY;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ switch (DataType) {\r
+ case EfiTlsVersion:\r
+ if (*DataSize < sizeof (EFI_TLS_VERSION)) {\r
+ *DataSize = sizeof (EFI_TLS_VERSION);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_VERSION);\r
+ *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));\r
+ break;\r
+ case EfiTlsConnectionEnd:\r
+ if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {\r
+ *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
+ *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);\r
+ break;\r
+ case EfiTlsCipherList:\r
+ //\r
+ // Get the current session cipher suite.\r
+ //\r
+ if (*DataSize < sizeof (EFI_TLS_CIPHER)) {\r
+ *DataSize = sizeof (EFI_TLS_CIPHER);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof(EFI_TLS_CIPHER);\r
+ Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);\r
+ *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));\r
+ break;\r
+ case EfiTlsCompressionMethod:\r
+ //\r
+ // Get the current session compression method.\r
+ //\r
+ if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {\r
+ *DataSize = sizeof (EFI_TLS_COMPRESSION);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_COMPRESSION);\r
+ Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);\r
+ break;\r
+ case EfiTlsExtensionData:\r
+ Status = EFI_UNSUPPORTED;\r
+ goto ON_EXIT;\r
+ case EfiTlsVerifyMethod:\r
+ if (*DataSize < sizeof (EFI_TLS_VERIFY)) {\r
+ *DataSize = sizeof (EFI_TLS_VERIFY);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_VERIFY);\r
+ *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);\r
+ break;\r
+ case EfiTlsSessionID:\r
+ if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {\r
+ *DataSize = sizeof (EFI_TLS_SESSION_ID);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_SESSION_ID);\r
+ Status = TlsGetSessionId (\r
+ Instance->TlsConn,\r
+ ((EFI_TLS_SESSION_ID *) Data)->Data,\r
+ &(((EFI_TLS_SESSION_ID *) Data)->Length)\r
+ );\r
+ break;\r
+ case EfiTlsSessionState:\r
+ if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {\r
+ *DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
+ CopyMem (Data, &Instance->TlsSessionState, *DataSize);\r
+ break;\r
+ case EfiTlsClientRandom:\r
+ if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
+ *DataSize = sizeof (EFI_TLS_RANDOM);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_RANDOM);\r
+ TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);\r
+ break;\r
+ case EfiTlsServerRandom:\r
+ if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
+ *DataSize = sizeof (EFI_TLS_RANDOM);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_RANDOM);\r
+ TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);\r
+ break;\r
+ case EfiTlsKeyMaterial:\r
+ if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {\r
+ *DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+ *DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
+ Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);\r
+ break;\r
+ //\r
+ // Unsupported type.\r
+ //\r
+ default:\r
+ Status = EFI_UNSUPPORTED;\r
+ }\r
+\r
+ON_EXIT:\r
+ gBS->RestoreTPL (OldTpl);\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Build response packet according to TLS state machine. This function is only valid for\r
+ alert, handshake and change_cipher_spec content type.\r
+\r
+ The BuildResponsePacket() function builds TLS response packet in response to the TLS\r
+ request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and\r
+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session\r
+ will be initiated and the response packet needs to be ClientHello. If RequestBuffer is\r
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS\r
+ session will be closed and response packet needs to be CloseNotify. If RequestBuffer is\r
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS\r
+ session has errors and the response packet needs to be Alert message based on error\r
+ type.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL\r
+ means TLS need initiate the TLS session and response\r
+ packet need to be ClientHello.\r
+ @param[in] RequestSize Packet size in bytes for the most recently received TLS\r
+ packet. 0 is only valid when RequestBuffer is NULL.\r
+ @param[out] Buffer Pointer to the buffer to hold the built packet.\r
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
+ the buffer size provided by the caller. On output, it\r
+ is the buffer size in fact needed to contain the\r
+ packet.\r
+\r
+ @retval EFI_SUCCESS The required TLS packet is built successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ RequestBuffer is NULL but RequestSize is NOT 0.\r
+ RequestSize is 0 but RequestBuffer is NOT NULL.\r
+ BufferSize is NULL.\r
+ Buffer is NULL if *BufferSize is not zero.\r
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
+ @retval EFI_NOT_READY Current TLS session state is NOT ready to build\r
+ ResponsePacket.\r
+ @retval EFI_ABORTED Something wrong build response packet.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsBuildResponsePacket (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN UINT8 *RequestBuffer, OPTIONAL\r
+ IN UINTN RequestSize, OPTIONAL\r
+ OUT UINT8 *Buffer, OPTIONAL\r
+ IN OUT UINTN *BufferSize\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ if ((This == NULL) || (BufferSize == NULL) ||\r
+ (RequestBuffer == NULL && RequestSize != 0) ||\r
+ (RequestBuffer != NULL && RequestSize == 0) ||\r
+ (Buffer == NULL && *BufferSize !=0)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
+\r
+ if(RequestBuffer == NULL && RequestSize == 0) {\r
+ switch (Instance->TlsSessionState) {\r
+ case EfiTlsSessionNotStarted:\r
+ //\r
+ // ClientHello.\r
+ //\r
+ Status = TlsDoHandshake (\r
+ Instance->TlsConn,\r
+ NULL,\r
+ 0,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // *BufferSize should not be zero when ClientHello.\r
+ //\r
+ if (*BufferSize == 0) {\r
+ Status = EFI_ABORTED;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Instance->TlsSessionState = EfiTlsSessionHandShaking;\r
+\r
+ break;\r
+ case EfiTlsSessionClosing:\r
+ //\r
+ // TLS session will be closed and response packet needs to be CloseNotify.\r
+ //\r
+ Status = TlsCloseNotify (\r
+ Instance->TlsConn,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // *BufferSize should not be zero when build CloseNotify message.\r
+ //\r
+ if (*BufferSize == 0) {\r
+ Status = EFI_ABORTED;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ break;\r
+ case EfiTlsSessionError:\r
+ //\r
+ // TLS session has errors and the response packet needs to be Alert\r
+ // message based on error type.\r
+ //\r
+ Status = TlsHandleAlert (\r
+ Instance->TlsConn,\r
+ NULL,\r
+ 0,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ break;\r
+ default:\r
+ //\r
+ // Current TLS session state is NOT ready to build ResponsePacket.\r
+ //\r
+ Status = EFI_NOT_READY;\r
+ }\r
+ } else {\r
+ //\r
+ // 1. Received packet may have multiple TLS record messages.\r
+ // 2. One TLS record message may have multiple handshake protocol.\r
+ // 3. Some errors may be happened in handshake.\r
+ // TlsDoHandshake() can handle all of those cases.\r
+ //\r
+ if (TlsInHandshake (Instance->TlsConn)) {\r
+ Status = TlsDoHandshake (\r
+ Instance->TlsConn,\r
+ RequestBuffer,\r
+ RequestSize,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ if (!TlsInHandshake (Instance->TlsConn)) {\r
+ Instance->TlsSessionState = EfiTlsSessionDataTransferring;\r
+ }\r
+ } else {\r
+ //\r
+ // Must be alert message, Decrypt it and build the ResponsePacket.\r
+ //\r
+ ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);\r
+\r
+ Status = TlsHandleAlert (\r
+ Instance->TlsConn,\r
+ RequestBuffer,\r
+ RequestSize,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ if (Status != EFI_BUFFER_TOO_SMALL) {\r
+ Instance->TlsSessionState = EfiTlsSessionError;\r
+ }\r
+\r
+ goto ON_EXIT;\r
+ }\r
+ }\r
+ }\r
+\r
+ON_EXIT:\r
+ gBS->RestoreTPL (OldTpl);\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Decrypt or encrypt TLS packet during session. This function is only valid after\r
+ session connected and for application_data content type.\r
+\r
+ The ProcessPacket () function process each inbound or outbound TLS APP packet.\r
+\r
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.\r
+ @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take\r
+ responsible to handle the original FragmentTable while\r
+ it may be reallocated in TLS driver. If CryptMode is\r
+ EfiTlsEncrypt, on input these fragments contain the TLS\r
+ header and plain text TLS APP payload; on output these\r
+ fragments contain the TLS header and cipher text TLS\r
+ APP payload. If CryptMode is EfiTlsDecrypt, on input\r
+ these fragments contain the TLS header and cipher text\r
+ TLS APP payload; on output these fragments contain the\r
+ TLS header and plain text TLS APP payload.\r
+ @param[in] FragmentCount Number of fragment.\r
+ @param[in] CryptMode Crypt mode.\r
+\r
+ @retval EFI_SUCCESS The operation completed successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ This is NULL.\r
+ FragmentTable is NULL.\r
+ FragmentCount is NULL.\r
+ CryptoMode is invalid.\r
+ @retval EFI_NOT_READY Current TLS session state is NOT\r
+ EfiTlsSessionDataTransferring.\r
+ @retval EFI_ABORTED Something wrong decryption the message. TLS session\r
+ status will become EfiTlsSessionError. The caller need\r
+ call BuildResponsePacket() to generate Error Alert\r
+ message and send it out.\r
+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsProcessPacket (\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount,\r
+ IN EFI_TLS_CRYPT_MODE CryptMode\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);\r
+\r
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
+\r
+ if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {\r
+ Status = EFI_NOT_READY;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ //\r
+ // Packet sent or received may have multiple TLS record messages (Application data type).\r
+ // So,on input these fragments contain the TLS header and TLS APP payload;\r
+ // on output these fragments also contain the TLS header and TLS APP payload.\r
+ //\r
+ switch (CryptMode) {\r
+ case EfiTlsEncrypt:\r
+ Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);\r
+ break;\r
+ case EfiTlsDecrypt:\r
+ Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);\r
+ break;\r
+ default:\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ON_EXIT:\r
+ gBS->RestoreTPL (OldTpl);\r
+ return Status;\r
+}\r
+\r