From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web09.299.1665194991354672730 for ; Fri, 07 Oct 2022 19:09:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=hZ6NQDhC; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665194996; x=1696730996; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=YBt5TiRKmUEYS1KG35xILBimRMcgfBeCWB0+aSuTO50=; b=hZ6NQDhCWLo+oKQPS7IP5RW7TdIfhRyFzktDQyU32CDiNX4mvwr58QeF AvdK/wnX0SvnLex1PuG2vzXPzeDp5VNsKcf4J7SMnIZgtrXW3+LzqjZFx jRBzZ7CgDFOMKFyMLR0eTuQhYVY7UD02EPUhPgRrGKPMKtYTz7lRaCi4e dHtcFM1YCZlMKW+XW3XB7PXqbN3lcIxeXe5CAElF13csUfDnUlnS1Btq/ BV6+GyxcWh3AWwqHlHOJlUfIJgp8RX4L8/A712ITSpZDwManhfmC6ZjLx 5W5IOhzrM89kpbemdg5bSKbqs7PaJWkk4yRfHUGHbg/s9W5Xx0n/bWboG Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10493"; a="365829022" X-IronPort-AV: E=Sophos;i="5.95,168,1661842800"; d="scan'208";a="365829022" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Oct 2022 19:09:55 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10493"; a="954275919" X-IronPort-AV: E=Sophos;i="5.95,168,1661842800"; d="scan'208";a="954275919" Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Oct 2022 19:09:53 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH V2 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol Date: Sat, 8 Oct 2022 10:09:39 +0800 Message-Id: <17b100a3176cb7685d659e25e32e7648fcff032b.1665194514.git.yi1.li@intel.com> X-Mailer: git-send-email 2.31.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li --- CryptoPkg/Driver/Crypto.c | 155 +++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 5 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 146 ++++++++++++++++- CryptoPkg/Private/Protocol/Crypto.h | 136 ++++++++++++++- 4 files changed, 435 insertions(+), 7 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 7a8266aaba..f1ff77855c 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -4238,6 +4238,28 @@ CryptoServiceTlsWrite ( return CALL_BASECRYPTLIB (Tls.Services.Write, TlsWrite, (Tls, Buffer, BufferSize), 0); } +/** + Shutdown a TLS connection. + + Shutdown the TLS connection without releasing the resources, meaning a new + connection can be started without calling TlsNew() and without setting + certificates etc. + + @param[in] Tls Pointer to the TLS object to shutdown. + + @retval EFI_SUCCESS The TLS is shutdown successfully. + @retval EFI_INVALID_PARAMETER Tls is NULL. + @retval EFI_PROTOCOL_ERROR Some other error occurred. +**/ +EFI_STATUS +EFIAPI +CryptoServiceTlsShutdown ( + IN VOID *Tls + ) +{ + return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, (Tls), EFI_UNSUPPORTED); +} + /** Set a new TLS/SSL method for a particular TLS object. @@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert ( /** Adds the local private key to the specified TLS object. - This function adds the local private key (PEM-encoded RSA or PKCS#8 private + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private + key) into the specified TLS object for TLS negotiation. + + @param[in] Tls Pointer to the TLS object. + @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded + or PKCS#8 private key. + @param[in] DataSize The size of data buffer in bytes. + @param[in] Password Pointer to NULL-terminated private key password, set it to NULL + if private key not encrypted. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_ABORTED Invalid private key data. + +**/ +EFI_STATUS +EFIAPI +CryptoServiceTlsSetHostPrivateKeyEx ( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize, + IN VOID *Password OPTIONAL + ) +{ + return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED); +} + +/** + Adds the local private key to the specified TLS object. + + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private key) into the specified TLS object for TLS negotiation. @param[in] Tls Pointer to the TLS object. - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA + @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded or PKCS#8 private key. @param[in] DataSize The size of data buffer in bytes. @@ -4511,6 +4563,59 @@ CryptoServiceTlsSetCertRevocationList ( return CALL_BASECRYPTLIB (TlsSet.Services.CertRevocationList, TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } +/** + Set the signature algorithm list to used by the TLS object. + + This function sets the signature algorithms for use by a specified TLS object. + + @param[in] Tls Pointer to a TLS object. + @param[in] Data Array of UINT8 of signature algorithms. The array consists of + pairs of the hash algorithm and the signature algorithm as defined + in RFC 5246 + @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2. + + @retval EFI_SUCCESS The signature algorithm list was set successfully. + @retval EFI_INVALID_PARAMETER The parameters are invalid. + @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. + +**/ +EFI_STATUS +EFIAPI +CryptoServiceTlsSetSignatureAlgoList ( + IN VOID *Tls, + IN UINT8 *Data, + IN UINTN DataSize + ) +{ + return CALL_BASECRYPTLIB (TlsSet.Services.SignatureAlgoList, TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED); +} + +/** + Set the EC curve to be used for TLS flows + + This function sets the EC curve to be used for TLS flows. + + @param[in] Tls Pointer to a TLS object. + @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492. + @param[in] DataSize Size of Data, it should be sizeof (UINT32) + + @retval EFI_SUCCESS The EC curve was set successfully. + @retval EFI_INVALID_PARAMETER The parameters are invalid. + @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported + +**/ +EFI_STATUS +EFIAPI +CryptoServiceTlsSetEcCurve ( + IN VOID *Tls, + IN UINT8 *Data, + IN UINTN DataSize + ) +{ + return CALL_BASECRYPTLIB (TlsSet.Services.EcCurve, TlsSetEcCurve, (Tls, Data, DataSize), EFI_UNSUPPORTED); +} + /** Gets the protocol version used by the specified TLS connection. @@ -4826,6 +4931,44 @@ CryptoServiceTlsGetCertRevocationList ( return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } +/** + Derive keying material from a TLS connection. + + This function exports keying material using the mechanism described in RFC + 5705. + + @param[in] Tls Pointer to the TLS object + @param[in] Label Description of the key for the PRF function + @param[in] Context Optional context + @param[in] ContextLen The length of the context value in bytes + @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF + @param[in] KeyBufferLen The length of the KeyBuffer + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_INVALID_PARAMETER The TLS object is invalid. + @retval EFI_PROTOCOL_ERROR Some other error occurred. + +**/ +EFI_STATUS +EFIAPI +CryptoServiceTlsGetExportKey ( + IN VOID *Tls, + IN CONST VOID *Label, + IN CONST VOID *Context, + IN UINTN ContextLen, + OUT VOID *KeyBuffer, + IN UINTN KeyBufferLen + ) +{ + return CALL_BASECRYPTLIB ( + TlsGet.Services.ExportKey, + TlsGetExportKey, + (Tls, Label, Context, ContextLen, + KeyBuffer, KeyBufferLen), + EFI_UNSUPPORTED + ); +} + /** Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. @@ -6266,4 +6409,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { CryptoServiceEcGenerateKey, CryptoServiceEcGetPubKey, CryptoServiceEcDhComputeKey, + /// TLS (continued) + CryptoServiceTlsShutdown, + /// TLS Set (continued) + CryptoServiceTlsSetHostPrivateKeyEx, + CryptoServiceTlsSetSignatureAlgoList, + CryptoServiceTlsSetEcCurve, + /// TLS Get (continued) + CryptoServiceTlsGetExportKey }; diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 45bafc2161..4740589417 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -269,6 +269,7 @@ typedef struct { UINT8 CtrlTrafficIn : 1; UINT8 Read : 1; UINT8 Write : 1; + UINT8 Shutdown : 1; } Services; UINT32 Family; } Tls; @@ -285,6 +286,9 @@ typedef struct { UINT8 HostPublicCert : 1; UINT8 HostPrivateKey : 1; UINT8 CertRevocationList : 1; + UINT8 HostPrivateKeyEx : 1; + UINT8 SignatureAlgoList : 1; + UINT8 EcCurve : 1; } Services; UINT32 Family; } TlsSet; @@ -303,6 +307,7 @@ typedef struct { UINT8 HostPublicCert : 1; UINT8 HostPrivateKey : 1; UINT8 CertRevocationList : 1; + UINT8 ExportKey : 1; } Services; UINT32 Family; } TlsGet; diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 791e2ef599..52b934a545 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -3474,6 +3474,28 @@ TlsWrite ( CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0); } +/** + Shutdown a TLS connection. + + Shutdown the TLS connection without releasing the resources, meaning a new + connection can be started without calling TlsNew() and without setting + certificates etc. + + @param[in] Tls Pointer to the TLS object to shutdown. + + @retval EFI_SUCCESS The TLS is shutdown successfully. + @retval EFI_INVALID_PARAMETER Tls is NULL. + @retval EFI_PROTOCOL_ERROR Some other error occurred. +**/ +EFI_STATUS +EFIAPI +TlsShutdown ( + IN VOID *Tls + ) +{ + CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED); +} + /** Set a new TLS/SSL method for a particular TLS object. @@ -3699,11 +3721,41 @@ TlsSetHostPublicCert ( /** Adds the local private key to the specified TLS object. - This function adds the local private key (PEM-encoded RSA or PKCS#8 private + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private key) into the specified TLS object for TLS negotiation. @param[in] Tls Pointer to the TLS object. - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA + @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded + or PKCS#8 private key. + @param[in] DataSize The size of data buffer in bytes. + @param[in] Password Pointer to NULL-terminated private key password, set it to NULL + if private key not encrypted. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_ABORTED Invalid private key data. + +**/ +EFI_STATUS +EFIAPI +TlsSetHostPrivateKeyEx ( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize, + IN VOID *Password OPTIONAL + ) +{ + CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED); +} + +/** + Adds the local private key to the specified TLS object. + + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private + key) into the specified TLS object for TLS negotiation. + + @param[in] Tls Pointer to the TLS object. + @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded or PKCS#8 private key. @param[in] DataSize The size of data buffer in bytes. @@ -3747,6 +3799,59 @@ TlsSetCertRevocationList ( CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } +/** + Set the signature algorithm list to used by the TLS object. + + This function sets the signature algorithms for use by a specified TLS object. + + @param[in] Tls Pointer to a TLS object. + @param[in] Data Array of UINT8 of signature algorithms. The array consists of + pairs of the hash algorithm and the signature algorithm as defined + in RFC 5246 + @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2. + + @retval EFI_SUCCESS The signature algorithm list was set successfully. + @retval EFI_INVALID_PARAMETER The parameters are invalid. + @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. + +**/ +EFI_STATUS +EFIAPI +TlsSetSignatureAlgoList ( + IN VOID *Tls, + IN UINT8 *Data, + IN UINTN DataSize + ) +{ + CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED); +} + +/** + Set the EC curve to be used for TLS flows + + This function sets the EC curve to be used for TLS flows. + + @param[in] Tls Pointer to a TLS object. + @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492. + @param[in] DataSize Size of Data, it should be sizeof (UINT32) + + @retval EFI_SUCCESS The EC curve was set successfully. + @retval EFI_INVALID_PARAMETER The parameters are invalid. + @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported + +**/ +EFI_STATUS +EFIAPI +TlsSetEcCurve ( + IN VOID *Tls, + IN UINT8 *Data, + IN UINTN DataSize + ) +{ + CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED); +} + /** Gets the protocol version used by the specified TLS connection. @@ -4062,6 +4167,43 @@ TlsGetCertRevocationList ( CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } +/** + Derive keying material from a TLS connection. + + This function exports keying material using the mechanism described in RFC + 5705. + + @param[in] Tls Pointer to the TLS object + @param[in] Label Description of the key for the PRF function + @param[in] Context Optional context + @param[in] ContextLen The length of the context value in bytes + @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF + @param[in] KeyBufferLen The length of the KeyBuffer + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_INVALID_PARAMETER The TLS object is invalid. + @retval EFI_PROTOCOL_ERROR Some other error occurred. + +**/ +EFI_STATUS +EFIAPI +TlsGetExportKey ( + IN VOID *Tls, + IN CONST VOID *Label, + IN CONST VOID *Context, + IN UINTN ContextLen, + OUT VOID *KeyBuffer, + IN UINTN KeyBufferLen + ) +{ + CALL_CRYPTO_SERVICE ( + TlsGetExportKey, + (Tls, Label, Context, ContextLen, + KeyBuffer, KeyBufferLen), + EFI_UNSUPPORTED + ); +} + // ===================================================================================== // Big number primitive // ===================================================================================== diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index 2f267c7f55..6293efa36b 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be /// increased. /// -#define EDKII_CRYPTO_VERSION 13 +#define EDKII_CRYPTO_VERSION 14 /// /// EDK II Crypto Protocol forward declaration @@ -3186,6 +3186,25 @@ INTN IN UINTN BufferSize ); +/** + Shutdown a TLS connection. + + Shutdown the TLS connection without releasing the resources, meaning a new + connection can be started without calling TlsNew() and without setting + certificates etc. + + @param[in] Tls Pointer to the TLS object to shutdown. + + @retval EFI_SUCCESS The TLS is shutdown successfully. + @retval EFI_INVALID_PARAMETER Tls is NULL. + @retval EFI_PROTOCOL_ERROR Some other error occurred. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_CRYPTO_TLS_SHUTDOWN)( + IN VOID *Tls + ); + /** Set a new TLS/SSL method for a particular TLS object. @@ -3384,11 +3403,38 @@ EFI_STATUS /** Adds the local private key to the specified TLS object. - This function adds the local private key (PEM-encoded RSA or PKCS#8 private + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private + key) into the specified TLS object for TLS negotiation. + + @param[in] Tls Pointer to the TLS object. + @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded + or PKCS#8 private key. + @param[in] DataSize The size of data buffer in bytes. + @param[in] Password Pointer to NULL-terminated private key password, set it to NULL + if private key not encrypted. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_ABORTED Invalid private key data. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX)( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize, + IN VOID *Password OPTIONAL + ); + +/** + Adds the local private key to the specified TLS object. + + This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private key) into the specified TLS object for TLS negotiation. @param[in] Tls Pointer to the TLS object. - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA + @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded or PKCS#8 private key. @param[in] DataSize The size of data buffer in bytes. @@ -3680,6 +3726,82 @@ EFI_STATUS IN OUT UINTN *DataSize ); +/** + Set the signature algorithm list to used by the TLS object. + + This function sets the signature algorithms for use by a specified TLS object. + + @param[in] Tls Pointer to a TLS object. + @param[in] Data Array of UINT8 of signature algorithms. The array consists of + pairs of the hash algorithm and the signature algorithm as defined + in RFC 5246 + @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2. + + @retval EFI_SUCCESS The signature algorithm list was set successfully. + @retval EFI_INVALID_PARAMETER The parameters are invalid. + @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST)( + IN VOID *Tls, + IN UINT8 *Data, + IN UINTN DataSize + ); + +/** + Set the EC curve to be used for TLS flows + + This function sets the EC curve to be used for TLS flows. + + @param[in] Tls Pointer to a TLS object. + @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492. + @param[in] DataSize Size of Data, it should be sizeof (UINT32) + + @retval EFI_SUCCESS The EC curve was set successfully. + @retval EFI_INVALID_PARAMETER The parameters are invalid. + @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_CRYPTO_TLS_SET_EC_CURVE)( + IN VOID *Tls, + IN UINT8 *Data, + IN UINTN DataSize + ); + +/** + Derive keying material from a TLS connection. + + This function exports keying material using the mechanism described in RFC + 5705. + + @param[in] Tls Pointer to the TLS object + @param[in] Label Description of the key for the PRF function + @param[in] Context Optional context + @param[in] ContextLen The length of the context value in bytes + @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF + @param[in] KeyBufferLen The length of the KeyBuffer + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_INVALID_PARAMETER The TLS object is invalid. + @retval EFI_PROTOCOL_ERROR Some other error occurred. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_CRYPTO_TLS_GET_EXPORT_KEY)( + IN VOID *Tls, + IN CONST VOID *Label, + IN CONST VOID *Context, + IN UINTN ContextLen, + OUT VOID *KeyBuffer, + IN UINTN KeyBufferLen + ); + /** Gets the CA-supplied certificate revocation list data set in the specified TLS object. @@ -4954,6 +5076,14 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_EC_GENERATE_KEY EcGenerateKey; EDKII_CRYPTO_EC_GET_PUB_KEY EcGetPubKey; EDKII_CRYPTO_EC_DH_COMPUTE_KEY EcDhComputeKey; + /// TLS (continued) + EDKII_CRYPTO_TLS_SHUTDOWN TlsShutdown; + /// TLS Set (continued) + EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX TlsSetHostPrivateKeyEx; + EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST TlsSetSignatureAlgoList; + EDKII_CRYPTO_TLS_SET_EC_CURVE TlsSetEcCurve; + /// TLS Get (continued) + EDKII_CRYPTO_TLS_GET_EXPORT_KEY TlsGetExportKey; }; extern GUID gEdkiiCryptoProtocolGuid; -- 2.31.1.windows.1