From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C53102194232A for ; Wed, 5 Apr 2017 21:45:27 -0700 (PDT) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP; 05 Apr 2017 21:45:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,282,1488873600"; d="scan'208";a="244861628" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga004.fm.intel.com with ESMTP; 05 Apr 2017 21:45:27 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 21:45:27 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 21:45:25 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.246]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.193]) with mapi id 14.03.0319.002; Thu, 6 Apr 2017 12:45:24 +0800 From: "Gao, Liming" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" Thread-Topic: [PATCH 5/6] MdePkg: Convert files to CRLF line ending Thread-Index: AQHSrn0bRpIIBuq77ku5so0+FaTJEaG3xCfQ Date: Thu, 6 Apr 2017 04:45:23 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14D719F40@shsmsx102.ccr.corp.intel.com> References: <20170406022515.42504-1-hao.a.wu@intel.com> <20170406022515.42504-6-hao.a.wu@intel.com> In-Reply-To: <20170406022515.42504-6-hao.a.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 5/6] MdePkg: Convert files to CRLF line ending X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 04:45:28 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao >-----Original Message----- >From: Wu, Hao A >Sent: Thursday, April 06, 2017 10:25 AM >To: edk2-devel@lists.01.org >Cc: Wu, Hao A ; Kinney, Michael D >; Gao, Liming >Subject: [PATCH 5/6] MdePkg: Convert files to CRLF line ending > >Cc: Michael Kinney >Cc: Liming Gao >Contributed-under: TianoCore Contribution Agreement 1.0 >Signed-off-by: Hao Wu >--- > MdePkg/Include/IndustryStandard/Tls1.h | 186 ++-- > MdePkg/Include/Protocol/Tls.h | 921 ++++++++++---------- > MdePkg/Include/Protocol/TlsConfig.h | 265 +++--- > MdePkg/Library/BaseLib/SafeString.c | 39 +- > 4 files changed, 707 insertions(+), 704 deletions(-) > >diff --git a/MdePkg/Include/IndustryStandard/Tls1.h >b/MdePkg/Include/IndustryStandard/Tls1.h >index 019ff617de..9009291ee3 100644 >--- a/MdePkg/Include/IndustryStandard/Tls1.h >+++ b/MdePkg/Include/IndustryStandard/Tls1.h >@@ -1,93 +1,93 @@ >-/** @file >- Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from= RFC >2246/4346/5246 >- >- This file contains common TLS 1.0/1.1/1.2 definitions from RFC >2246/4346/5246 >- >- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
>- This program and the accompanying materials >- are licensed and made available under the terms and conditions of the B= SD >License >- which accompanies this distribution. The full text of the license may = be >found at >- http://opensource.org/licenses/bsd-license.php >- >- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-**/ >- >-#ifndef __TLS_1_H__ >-#define __TLS_1_H__ >- >-#pragma pack(1) >- >-/// >-/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. >-/// >-#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} >-#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} >-#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} >-#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} >-#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} >-#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} >-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} >-#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} >-#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} >-#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} >-#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} >-#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} >-#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} >-#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} >-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} >-#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} >-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} >-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} >-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} >-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} >-#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} >-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} >-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} >-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} >-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} >-#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} >-#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} >-#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} >-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} >-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} >-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} >-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} >-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} >-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} >-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} >-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} >- >-/// >-/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. >-/// >-#define TLS10_PROTOCOL_VERSION_MAJOR 0x03 >-#define TLS10_PROTOCOL_VERSION_MINOR 0x01 >-#define TLS11_PROTOCOL_VERSION_MAJOR 0x03 >-#define TLS11_PROTOCOL_VERSION_MINOR 0x02 >-#define TLS12_PROTOCOL_VERSION_MAJOR 0x03 >-#define TLS12_PROTOCOL_VERSION_MINOR 0x03 >- >-/// >-/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. >-/// >-typedef enum { >- TlsContentTypeChangeCipherSpec =3D 20, >- TlsContentTypeAlert =3D 21, >- TlsContentTypeHandshake =3D 22, >- TlsContentTypeApplicationData =3D 23, >-} TLS_CONTENT_TYPE; >- >-/// >-/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. >-/// >-typedef struct { >- UINT8 ContentType; >- EFI_TLS_VERSION Version; >- UINT16 Length; >-} TLS_RECORD_HEADER; >- >-#pragma pack() >- >-#endif >- >+/** @file >+ Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from= RFC >2246/4346/5246 >+ >+ This file contains common TLS 1.0/1.1/1.2 definitions from RFC >2246/4346/5246 >+ >+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
>+ This program and the accompanying materials >+ are licensed and made available under the terms and conditions of the B= SD >License >+ which accompanies this distribution. The full text of the license may = be >found at >+ http://opensource.org/licenses/bsd-license.php >+ >+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >+**/ >+ >+#ifndef __TLS_1_H__ >+#define __TLS_1_H__ >+ >+#pragma pack(1) >+ >+/// >+/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. >+/// >+#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} >+#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} >+#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} >+#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} >+#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} >+#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} >+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} >+#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} >+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} >+#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} >+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} >+#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} >+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} >+#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} >+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} >+#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} >+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} >+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} >+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} >+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} >+#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} >+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} >+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} >+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} >+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} >+#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} >+#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} >+#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} >+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} >+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} >+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} >+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} >+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} >+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} >+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} >+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} >+ >+/// >+/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. >+/// >+#define TLS10_PROTOCOL_VERSION_MAJOR 0x03 >+#define TLS10_PROTOCOL_VERSION_MINOR 0x01 >+#define TLS11_PROTOCOL_VERSION_MAJOR 0x03 >+#define TLS11_PROTOCOL_VERSION_MINOR 0x02 >+#define TLS12_PROTOCOL_VERSION_MAJOR 0x03 >+#define TLS12_PROTOCOL_VERSION_MINOR 0x03 >+ >+/// >+/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. >+/// >+typedef enum { >+ TlsContentTypeChangeCipherSpec =3D 20, >+ TlsContentTypeAlert =3D 21, >+ TlsContentTypeHandshake =3D 22, >+ TlsContentTypeApplicationData =3D 23, >+} TLS_CONTENT_TYPE; >+ >+/// >+/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. >+/// >+typedef struct { >+ UINT8 ContentType; >+ EFI_TLS_VERSION Version; >+ UINT16 Length; >+} TLS_RECORD_HEADER; >+ >+#pragma pack() >+ >+#endif >+ >diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h >index f3cfccc953..2119f33c0f 100644 >--- a/MdePkg/Include/Protocol/Tls.h >+++ b/MdePkg/Include/Protocol/Tls.h >@@ -1,460 +1,461 @@ >-/** @file >- EFI TLS Protocols as defined in UEFI 2.5. >- >- The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol= drivers >- to create and destroy child of the driver to communicate with other hos= t >using >- TLS protocol. >- The EFI TLS Protocol provides the ability to manage TLS session. >- >- Copyright (c) 2016, Intel Corporation. All rights reserved.
>- This program and the accompanying materials >- are licensed and made available under the terms and conditions of the B= SD >License >- which accompanies this distribution. The full text of the license may b= e >found at >- http://opensource.org/licenses/bsd-license.php >- >- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >- @par Revision Reference: >- This Protocol is introduced in UEFI Specification 2.5 >- >-**/ >- >-#ifndef __EFI_TLS_PROTOCOL_H__ >-#define __EFI_TLS_PROTOCOL_H__ >- >-/// >-/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protoc= ol >drivers to >-/// create and destroy child of the driver to communicate with other host >using TLS >-/// protocol. >-/// >-#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ >- { \ >- 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab= , 0x8d } >\ >- } >- >-/// >-/// The EFI TLS protocol provides the ability to manage TLS session. >-/// >-#define EFI_TLS_PROTOCOL_GUID \ >- { \ >- 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, = 0x90 } \ >- } >- >-typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; >- >-/// >-/// EFI_TLS_SESSION_DATA_TYPE >-/// >-typedef enum { >- /// >- /// Session Configuration >- /// >- >- /// >- /// TLS session Version. The corresponding Data is of type EFI_TLS_VERS= ION. >- /// >- EfiTlsVersion, >- /// >- /// TLS session as client or as server. The corresponding Data is of >- /// EFI_TLS_CONNECTION_END. >- /// >- EfiTlsConnectionEnd, >- /// >- /// A priority list of preferred algorithms for the TLS session. >- /// The corresponding Data is a list of EFI_TLS_CIPHER. >- /// >- EfiTlsCipherList, >- /// >- /// TLS session compression method. >- /// The corresponding Data is of type EFI_TLS_COMPRESSION. >- /// >- EfiTlsCompressionMethod, >- /// >- /// TLS session extension data. >- /// The corresponding Data is a list of type EFI_TLS_EXTENSION . >- /// >- EfiTlsExtensionData, >- /// >- /// TLS session verify method. >- /// The corresponding Data is of type EFI_TLS_VERIFY. >- /// >- EfiTlsVerifyMethod, >- /// >- /// TLS session data session ID. >- /// For SetSessionData(), it is TLS session ID used for session resumpt= ion. >- /// For GetSessionData(), it is the TLS session ID used for current ses= sion. >- /// The corresponding Data is of type EFI_TLS_SESSION_ID. >- /// >- EfiTlsSessionID, >- /// >- /// TLS session data session state. >- /// The corresponding Data is of type EFI_TLS_SESSION_STATE. >- /// >- EfiTlsSessionState, >- >- /// >- /// Session information >- /// >- >- /// >- /// TLS session data client random. >- /// The corresponding Data is of type EFI_TLS_RANDOM. >- /// >- EfiTlsClientRandom, >- /// >- /// TLS session data server random. >- /// The corresponding Data is of type EFI_TLS_RANDOM. >- /// >- EfiTlsServerRandom, >- /// >- /// TLS session data key material. >- /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. >- /// >- EfiTlsKeyMaterial, >- >- EfiTlsSessionDataTypeMaximum >- >-} EFI_TLS_SESSION_DATA_TYPE; >- >-/// >-/// EFI_TLS_VERSION >-/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.= g. 1.2). >-/// SSL2.0 is obsolete and should not be used. >-/// >-typedef struct { >- UINT8 Major; >- UINT8 Minor; >-} EFI_TLS_VERSION; >- >-/// >-/// EFI_TLS_CONNECTION_END to define TLS session as client or server. >-/// >-typedef enum { >- EfiTlsClient, >- EfiTlsServer, >-} EFI_TLS_CONNECTION_END; >- >-/// >-/// EFI_TLS_CIPHER >-/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, = A.4.1. >-/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher >-/// Suite Registry of IANA. >-/// >-typedef struct { >- UINT8 Data1; >- UINT8 Data2; >-} EFI_TLS_CIPHER; >- >-/// >-/// EFI_TLS_COMPRESSION >-/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749". >-/// >-typedef UINT8 EFI_TLS_COMPRESSION; >- >-/// >-/// EFI_TLS_EXTENSION >-/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1. >-/// Hello Messages". >-/// >-typedef struct { >- UINT16 ExtensionType; >- UINT16 Length; >- UINT8 Data[1]; >-} EFI_TLS_EXTENSION; >- >-/// >-/// EFI_TLS_VERIFY >-/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two >options >-/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired. >-/// >-typedef UINT32 EFI_TLS_VERIFY; >-/// >-/// No certificates will be sent or the TLS/SSL handshake will be continu= ed >regardless >-/// of the certificate verification result. >-/// >-#define EFI_TLS_VERIFY_NONE 0x0 >-/// >-/// The TLS/SSL handshake is immediately terminated with an alert message >containing >-/// the reason for the certificate verification failure. >-/// >-#define EFI_TLS_VERIFY_PEER 0x1 >-/// >-/// TLS session will fail peer certificate is absent. >-/// >-#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 >-/// >-/// TLS session only verify client once, and doesn't request certificate = during >-/// re-negotiation. >-/// >-#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 >- >-/// >-/// EFI_TLS_RANDOM >-/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. >-/// Hello Messages". >-/// >-typedef struct { >- UINT32 GmtUnixTime; >- UINT8 RandomBytes[28]; >-} EFI_TLS_RANDOM; >- >-/// >-/// EFI_TLS_MASTER_SECRET >-/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1. >-/// Computing the Master Secret". >-/// >-typedef struct { >- UINT8 Data[48]; >-} EFI_TLS_MASTER_SECRET; >- >-/// >-/// EFI_TLS_SESSION_ID >-/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. H= ello >Messages". >-/// >-#define MAX_TLS_SESSION_ID_LENGTH 32 >-typedef struct { >- UINT16 Length; >- UINT8 Data[MAX_TLS_SESSION_ID_LENGTH]; >-} EFI_TLS_SESSION_ID; >- >-/// >-/// EFI_TLS_SESSION_STATE >-/// >-typedef enum { >- /// >- /// When a new child of TLS protocol is created, the initial state of T= LS >session >- /// is EfiTlsSessionNotStarted. >- /// >- EfiTlsSessionNotStarted, >- /// >- /// The consumer can call BuildResponsePacket() with NULL to get >ClientHello to >- /// start the TLS session. Then the status is EfiTlsSessionHandShaking. >- /// >- EfiTlsSessionHandShaking, >- /// >- /// During handshake, the consumer need call BuildResponsePacket() with >input >- /// data from peer, then get response packet and send to peer. After >handshake >- /// finish, the TLS session status becomes EfiTlsSessionDataTransferrin= g, and >- /// consumer can use ProcessPacket() for data transferring. >- /// >- EfiTlsSessionDataTransferring, >- /// >- /// Finally, if consumer wants to active close TLS session, consumer ne= ed >- /// call SetSessionData to set TLS session state to EfiTlsSessionClosin= g, and >- /// call BuildResponsePacket() with NULL to get CloseNotify alert messa= ge, >- /// and sent it out. >- /// >- EfiTlsSessionClosing, >- /// >- /// If any error happen during parsing ApplicationData content type, >EFI_ABORT >- /// will be returned by ProcessPacket(), and TLS session state will bec= ome >- /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() w= ith >- /// NULL to get alert message and sent it out. >- /// >- EfiTlsSessionError, >- >- EfiTlsSessionStateMaximum >- >-} EFI_TLS_SESSION_STATE; >- >-/// >-/// EFI_TLS_FRAGMENT_DATA >-/// >-typedef struct { >- /// >- /// Length of data buffer in the fragment. >- /// >- UINT32 FragmentLength; >- /// >- /// Pointer to the data buffer in the fragment. >- /// >- VOID *FragmentBuffer; >-} EFI_TLS_FRAGMENT_DATA; >- >-/// >-/// EFI_TLS_CRYPT_MODE >-/// >-typedef enum { >- /// >- /// Encrypt data provided in the fragment buffers. >- /// >- EfiTlsEncrypt, >- /// >- /// Decrypt data provided in the fragment buffers. >- /// >- EfiTlsDecrypt, >-} EFI_TLS_CRYPT_MODE; >- >-/** >- Set TLS session data. >- >- The SetSessionData() function set data for a new TLS session. All sessi= on >data should >- be set before BuildResponsePacket() invoked. >- >- @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >- @param[in] DataType TLS session data type. >- @param[in] Data Pointer to session data. >- @param[in] DataSize Total size of session data. >- >- @retval EFI_SUCCESS The TLS session data is set successfull= y. >- @retval EFI_INVALID_PARAMETER One or more of the following conditions >is TRUE: >- This is NULL. >- Data is NULL. >- DataSize is 0. >- @retval EFI_UNSUPPORTED The DataType is unsupported. >- @retval EFI_ACCESS_DENIED If the DataType is one of below: >- EfiTlsClientRandom >- EfiTlsServerRandom >- EfiTlsKeyMaterial >- @retval EFI_NOT_READY Current TLS session state is NOT >- EfiTlsSessionStateNotStarted. >- @retval EFI_OUT_OF_RESOURCES Required system resources could not >be allocated. >-**/ >-typedef >-EFI_STATUS >-(EFIAPI *EFI_TLS_SET_SESSION_DATA) ( >- IN EFI_TLS_PROTOCOL *This, >- IN EFI_TLS_SESSION_DATA_TYPE DataType, >- IN VOID *Data, >- IN UINTN DataSize >- ); >- >-/** >- Get TLS session data. >- >- The GetSessionData() function return the TLS session information. >- >- @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >- @param[in] DataType TLS session data type. >- @param[in, out] Data Pointer to session data. >- @param[in, out] DataSize Total size of session data. On input, i= t means >- the size of Data buffer. On output, it = means the size >- of copied Data buffer if EFI_SUCCESS, a= nd means the >- size of desired Data buffer if EFI_BUFF= ER_TOO_SMALL. >- >- @retval EFI_SUCCESS The TLS session data is got successfull= y. >- @retval EFI_INVALID_PARAMETER One or more of the following conditions >is TRUE: >- This is NULL. >- DataSize is NULL. >- Data is NULL if *DataSize is not zero. >- @retval EFI_UNSUPPORTED The DataType is unsupported. >- @retval EFI_NOT_FOUND The TLS session data is not found. >- @retval EFI_NOT_READY The DataType is not ready in current se= ssion >state. >- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the dat= a. >-**/ >-typedef >-EFI_STATUS >-(EFIAPI *EFI_TLS_GET_SESSION_DATA) ( >- IN EFI_TLS_PROTOCOL *This, >- IN EFI_TLS_SESSION_DATA_TYPE DataType, >- IN OUT VOID *Data, OPTIONAL >- IN OUT UINTN *DataSize >- ); >- >-/** >- Build response packet according to TLS state machine. This function is = only >valid for >- alert, handshake and change_cipher_spec content type. >- >- The BuildResponsePacket() function builds TLS response packet in respon= se >to the TLS >- request packet specified by RequestBuffer and RequestSize. If >RequestBuffer is NULL and >- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, th= e TLS >session >- will be initiated and the response packet needs to be ClientHello. If >RequestBuffer is >- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosi= ng, the >TLS >- session will be closed and response packet needs to be CloseNotify. If >RequestBuffer is >- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError= , the >TLS >- session has errors and the response packet needs to be Alert message >based on error >- type. >- >- @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >- @param[in] RequestBuffer Pointer to the most recently received T= LS >packet. NULL >- means TLS need initiate the TLS session= and response >- packet need to be ClientHello. >- @param[in] RequestSize Packet size in bytes for the most recen= tly >received TLS >- packet. 0 is only valid when RequestBuf= fer is NULL. >- @param[out] Buffer Pointer to the buffer to hold the built= packet. >- @param[in, out] BufferSize Pointer to the buffer size in bytes. On= input, it >is >- the buffer size provided by the caller.= On output, it >- is the buffer size in fact needed to co= ntain the >- packet. >- >- @retval EFI_SUCCESS The required TLS packet is built succes= sfully. >- @retval EFI_INVALID_PARAMETER One or more of the following conditions >is TRUE: >- This is NULL. >- RequestBuffer is NULL but RequestSize i= s NOT 0. >- RequestSize is 0 but RequestBuffer is N= OT NULL. >- BufferSize is NULL. >- Buffer is NULL if *BufferSize is not ze= ro. >- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the >response packet. >- @retval EFI_NOT_READY Current TLS session state is NOT ready = to >build >- ResponsePacket. >- @retval EFI_ABORTED Something wrong build response packet. >-**/ >-typedef >-EFI_STATUS >-(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) ( >- IN EFI_TLS_PROTOCOL *This, >- IN UINT8 *RequestBuffer, OPTIONAL >- IN UINTN RequestSize, OPTIONAL >- OUT UINT8 *Buffer, OPTIONAL >- IN OUT UINTN *BufferSize >- ); >- >-/** >- Decrypt or encrypt TLS packet during session. This function is only val= id after >- session connected and for application_data content type. >- >- The ProcessPacket () function process each inbound or outbound TLS APP >packet. >- >- @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >- @param[in, out] FragmentTable Pointer to a list of fragment. The call= er will >take >- responsible to handle the original Frag= mentTable while >- it may be reallocated in TLS driver. If= CryptMode is >- EfiTlsEncrypt, on input these fragments= contain the TLS >- header and plain text TLS APP payload; = on output these >- fragments contain the TLS header and ci= pher text TLS >- APP payload. If CryptMode is EfiTlsDecr= ypt, on input >- these fragments contain the TLS header = and cipher text >- TLS APP payload; on output these fragme= nts contain the >- TLS header and plain text TLS APP paylo= ad. >- @param[in] FragmentCount Number of fragment. >- @param[in] CryptMode Crypt mode. >- >- @retval EFI_SUCCESS The operation completed successfully. >- @retval EFI_INVALID_PARAMETER One or more of the following conditions >is TRUE: >- This is NULL. >- FragmentTable is NULL. >- FragmentCount is NULL. >- CryptoMode is invalid. >- @retval EFI_NOT_READY Current TLS session state is NOT >- EfiTlsSessionDataTransferring. >- @retval EFI_ABORTED Something wrong decryption the message.= TLS >session >- status will become EfiTlsSessionError. = The caller need >- call BuildResponsePacket() to generate = Error Alert >- message and send it out. >- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the >operation. >-**/ >-typedef >-EFI_STATUS >-(EFIAPI *EFI_TLS_PROCESS_PACKET) ( >- IN EFI_TLS_PROTOCOL *This, >- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, >- IN UINT32 *FragmentCount, >- IN EFI_TLS_CRYPT_MODE CryptMode >- ); >- >-/// >-/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS >session. >-/// For detail of TLS, please refer to TLS related RFC. >-/// >-struct _EFI_TLS_PROTOCOL { >- EFI_TLS_SET_SESSION_DATA SetSessionData; >- EFI_TLS_GET_SESSION_DATA GetSessionData; >- EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket; >- EFI_TLS_PROCESS_PACKET ProcessPacket; >-}; >- >-extern EFI_GUID gEfiTlsServiceBindingProtocolGuid; >-extern EFI_GUID gEfiTlsProtocolGuid; >- >-#endif // __EFI_TLS_PROTOCOL_H__ >+/** @file >+ EFI TLS Protocols as defined in UEFI 2.5. >+ >+ The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol= drivers >+ to create and destroy child of the driver to communicate with other hos= t >using >+ TLS protocol. >+ The EFI TLS Protocol provides the ability to manage TLS session. >+ >+ Copyright (c) 2016, Intel Corporation. All rights reserved.
>+ This program and the accompanying materials >+ are licensed and made available under the terms and conditions of the B= SD >License >+ which accompanies this distribution. The full text of the license may b= e >found at >+ http://opensource.org/licenses/bsd-license.php >+ >+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >+ >+ @par Revision Reference: >+ This Protocol is introduced in UEFI Specification 2.5 >+ >+**/ >+ >+#ifndef __EFI_TLS_PROTOCOL_H__ >+#define __EFI_TLS_PROTOCOL_H__ >+ >+/// >+/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protoc= ol >drivers to >+/// create and destroy child of the driver to communicate with other host >using TLS >+/// protocol. >+/// >+#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ >+ { \ >+ 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab= , 0x8d } >\ >+ } >+ >+/// >+/// The EFI TLS protocol provides the ability to manage TLS session. >+/// >+#define EFI_TLS_PROTOCOL_GUID \ >+ { \ >+ 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, = 0x90 } \ >+ } >+ >+typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; >+ >+/// >+/// EFI_TLS_SESSION_DATA_TYPE >+/// >+typedef enum { >+ /// >+ /// Session Configuration >+ /// >+ >+ /// >+ /// TLS session Version. The corresponding Data is of type EFI_TLS_VERS= ION. >+ /// >+ EfiTlsVersion, >+ /// >+ /// TLS session as client or as server. The corresponding Data is of >+ /// EFI_TLS_CONNECTION_END. >+ /// >+ EfiTlsConnectionEnd, >+ /// >+ /// A priority list of preferred algorithms for the TLS session. >+ /// The corresponding Data is a list of EFI_TLS_CIPHER. >+ /// >+ EfiTlsCipherList, >+ /// >+ /// TLS session compression method. >+ /// The corresponding Data is of type EFI_TLS_COMPRESSION. >+ /// >+ EfiTlsCompressionMethod, >+ /// >+ /// TLS session extension data. >+ /// The corresponding Data is a list of type EFI_TLS_EXTENSION . >+ /// >+ EfiTlsExtensionData, >+ /// >+ /// TLS session verify method. >+ /// The corresponding Data is of type EFI_TLS_VERIFY. >+ /// >+ EfiTlsVerifyMethod, >+ /// >+ /// TLS session data session ID. >+ /// For SetSessionData(), it is TLS session ID used for session resumpt= ion. >+ /// For GetSessionData(), it is the TLS session ID used for current ses= sion. >+ /// The corresponding Data is of type EFI_TLS_SESSION_ID. >+ /// >+ EfiTlsSessionID, >+ /// >+ /// TLS session data session state. >+ /// The corresponding Data is of type EFI_TLS_SESSION_STATE. >+ /// >+ EfiTlsSessionState, >+ >+ /// >+ /// Session information >+ /// >+ >+ /// >+ /// TLS session data client random. >+ /// The corresponding Data is of type EFI_TLS_RANDOM. >+ /// >+ EfiTlsClientRandom, >+ /// >+ /// TLS session data server random. >+ /// The corresponding Data is of type EFI_TLS_RANDOM. >+ /// >+ EfiTlsServerRandom, >+ /// >+ /// TLS session data key material. >+ /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. >+ /// >+ EfiTlsKeyMaterial, >+ >+ EfiTlsSessionDataTypeMaximum >+ >+} EFI_TLS_SESSION_DATA_TYPE; >+ >+/// >+/// EFI_TLS_VERSION >+/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.= g. 1.2). >+/// SSL2.0 is obsolete and should not be used. >+/// >+typedef struct { >+ UINT8 Major; >+ UINT8 Minor; >+} EFI_TLS_VERSION; >+ >+/// >+/// EFI_TLS_CONNECTION_END to define TLS session as client or server. >+/// >+typedef enum { >+ EfiTlsClient, >+ EfiTlsServer, >+} EFI_TLS_CONNECTION_END; >+ >+/// >+/// EFI_TLS_CIPHER >+/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, >A.4.1. >+/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher >+/// Suite Registry of IANA. >+/// >+typedef struct { >+ UINT8 Data1; >+ UINT8 Data2; >+} EFI_TLS_CIPHER; >+ >+/// >+/// EFI_TLS_COMPRESSION >+/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749". >+/// >+typedef UINT8 EFI_TLS_COMPRESSION; >+ >+/// >+/// EFI_TLS_EXTENSION >+/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1. >+/// Hello Messages". >+/// >+typedef struct { >+ UINT16 ExtensionType; >+ UINT16 Length; >+ UINT8 Data[1]; >+} EFI_TLS_EXTENSION; >+ >+/// >+/// EFI_TLS_VERIFY >+/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two >options >+/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired. >+/// >+typedef UINT32 EFI_TLS_VERIFY; >+/// >+/// No certificates will be sent or the TLS/SSL handshake will be continu= ed >regardless >+/// of the certificate verification result. >+/// >+#define EFI_TLS_VERIFY_NONE 0x0 >+/// >+/// The TLS/SSL handshake is immediately terminated with an alert message >containing >+/// the reason for the certificate verification failure. >+/// >+#define EFI_TLS_VERIFY_PEER 0x1 >+/// >+/// TLS session will fail peer certificate is absent. >+/// >+#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 >+/// >+/// TLS session only verify client once, and doesn't request certificate = during >+/// re-negotiation. >+/// >+#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 >+ >+/// >+/// EFI_TLS_RANDOM >+/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. >+/// Hello Messages". >+/// >+typedef struct { >+ UINT32 GmtUnixTime; >+ UINT8 RandomBytes[28]; >+} EFI_TLS_RANDOM; >+ >+/// >+/// EFI_TLS_MASTER_SECRET >+/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1. >+/// Computing the Master Secret". >+/// >+typedef struct { >+ UINT8 Data[48]; >+} EFI_TLS_MASTER_SECRET; >+ >+/// >+/// EFI_TLS_SESSION_ID >+/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. >Hello Messages". >+/// >+#define MAX_TLS_SESSION_ID_LENGTH 32 >+typedef struct { >+ UINT16 Length; >+ UINT8 Data[MAX_TLS_SESSION_ID_LENGTH]; >+} EFI_TLS_SESSION_ID; >+ >+/// >+/// EFI_TLS_SESSION_STATE >+/// >+typedef enum { >+ /// >+ /// When a new child of TLS protocol is created, the initial state of T= LS >session >+ /// is EfiTlsSessionNotStarted. >+ /// >+ EfiTlsSessionNotStarted, >+ /// >+ /// The consumer can call BuildResponsePacket() with NULL to get >ClientHello to >+ /// start the TLS session. Then the status is EfiTlsSessionHandShaking. >+ /// >+ EfiTlsSessionHandShaking, >+ /// >+ /// During handshake, the consumer need call BuildResponsePacket() with >input >+ /// data from peer, then get response packet and send to peer. After >handshake >+ /// finish, the TLS session status becomes EfiTlsSessionDataTransferrin= g, >and >+ /// consumer can use ProcessPacket() for data transferring. >+ /// >+ EfiTlsSessionDataTransferring, >+ /// >+ /// Finally, if consumer wants to active close TLS session, consumer ne= ed >+ /// call SetSessionData to set TLS session state to EfiTlsSessionClosin= g, and >+ /// call BuildResponsePacket() with NULL to get CloseNotify alert messa= ge, >+ /// and sent it out. >+ /// >+ EfiTlsSessionClosing, >+ /// >+ /// If any error happen during parsing ApplicationData content type, >EFI_ABORT >+ /// will be returned by ProcessPacket(), and TLS session state will bec= ome >+ /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() w= ith >+ /// NULL to get alert message and sent it out. >+ /// >+ EfiTlsSessionError, >+ >+ EfiTlsSessionStateMaximum >+ >+} EFI_TLS_SESSION_STATE; >+ >+/// >+/// EFI_TLS_FRAGMENT_DATA >+/// >+typedef struct { >+ /// >+ /// Length of data buffer in the fragment. >+ /// >+ UINT32 FragmentLength; >+ /// >+ /// Pointer to the data buffer in the fragment. >+ /// >+ VOID *FragmentBuffer; >+} EFI_TLS_FRAGMENT_DATA; >+ >+/// >+/// EFI_TLS_CRYPT_MODE >+/// >+typedef enum { >+ /// >+ /// Encrypt data provided in the fragment buffers. >+ /// >+ EfiTlsEncrypt, >+ /// >+ /// Decrypt data provided in the fragment buffers. >+ /// >+ EfiTlsDecrypt, >+} EFI_TLS_CRYPT_MODE; >+ >+/** >+ Set TLS session data. >+ >+ The SetSessionData() function set data for a new TLS session. All sessi= on >data should >+ be set before BuildResponsePacket() invoked. >+ >+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >+ @param[in] DataType TLS session data type. >+ @param[in] Data Pointer to session data. >+ @param[in] DataSize Total size of session data. >+ >+ @retval EFI_SUCCESS The TLS session data is set successfull= y. >+ @retval EFI_INVALID_PARAMETER One or more of the following >conditions is TRUE: >+ This is NULL. >+ Data is NULL. >+ DataSize is 0. >+ @retval EFI_UNSUPPORTED The DataType is unsupported. >+ @retval EFI_ACCESS_DENIED If the DataType is one of below: >+ EfiTlsClientRandom >+ EfiTlsServerRandom >+ EfiTlsKeyMaterial >+ @retval EFI_NOT_READY Current TLS session state is NOT >+ EfiTlsSessionStateNotStarted. >+ @retval EFI_OUT_OF_RESOURCES Required system resources could not >be allocated. >+**/ >+typedef >+EFI_STATUS >+(EFIAPI *EFI_TLS_SET_SESSION_DATA) ( >+ IN EFI_TLS_PROTOCOL *This, >+ IN EFI_TLS_SESSION_DATA_TYPE DataType, >+ IN VOID *Data, >+ IN UINTN DataSize >+ ); >+ >+/** >+ Get TLS session data. >+ >+ The GetSessionData() function return the TLS session information. >+ >+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >+ @param[in] DataType TLS session data type. >+ @param[in, out] Data Pointer to session data. >+ @param[in, out] DataSize Total size of session data. On input, i= t means >+ the size of Data buffer. On output, it = means the size >+ of copied Data buffer if EFI_SUCCESS, a= nd means the >+ size of desired Data buffer if EFI_BUFF= ER_TOO_SMALL. >+ >+ @retval EFI_SUCCESS The TLS session data is got successfull= y. >+ @retval EFI_INVALID_PARAMETER One or more of the following >conditions is TRUE: >+ This is NULL. >+ DataSize is NULL. >+ Data is NULL if *DataSize is not zero. >+ @retval EFI_UNSUPPORTED The DataType is unsupported. >+ @retval EFI_NOT_FOUND The TLS session data is not found. >+ @retval EFI_NOT_READY The DataType is not ready in current se= ssion >state. >+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the dat= a. >+**/ >+typedef >+EFI_STATUS >+(EFIAPI *EFI_TLS_GET_SESSION_DATA) ( >+ IN EFI_TLS_PROTOCOL *This, >+ IN EFI_TLS_SESSION_DATA_TYPE DataType, >+ IN OUT VOID *Data, OPTIONAL >+ IN OUT UINTN *DataSize >+ ); >+ >+/** >+ Build response packet according to TLS state machine. This function is = only >valid for >+ alert, handshake and change_cipher_spec content type. >+ >+ The BuildResponsePacket() function builds TLS response packet in respon= se >to the TLS >+ request packet specified by RequestBuffer and RequestSize. If >RequestBuffer is NULL and >+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, th= e TLS >session >+ will be initiated and the response packet needs to be ClientHello. If >RequestBuffer is >+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosi= ng, the >TLS >+ session will be closed and response packet needs to be CloseNotify. If >RequestBuffer is >+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError= , the >TLS >+ session has errors and the response packet needs to be Alert message >based on error >+ type. >+ >+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >+ @param[in] RequestBuffer Pointer to the most recently received T= LS >packet. NULL >+ means TLS need initiate the TLS session= and response >+ packet need to be ClientHello. >+ @param[in] RequestSize Packet size in bytes for the most recen= tly >received TLS >+ packet. 0 is only valid when RequestBuf= fer is NULL. >+ @param[out] Buffer Pointer to the buffer to hold the built= packet. >+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On= input, >it is >+ the buffer size provided by the caller.= On output, it >+ is the buffer size in fact needed to co= ntain the >+ packet. >+ >+ @retval EFI_SUCCESS The required TLS packet is built succes= sfully. >+ @retval EFI_INVALID_PARAMETER One or more of the following >conditions is TRUE: >+ This is NULL. >+ RequestBuffer is NULL but RequestSize i= s NOT 0. >+ RequestSize is 0 but RequestBuffer is N= OT NULL. >+ BufferSize is NULL. >+ Buffer is NULL if *BufferSize is not ze= ro. >+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the >response packet. >+ @retval EFI_NOT_READY Current TLS session state is NOT ready = to >build >+ ResponsePacket. >+ @retval EFI_ABORTED Something wrong build response packet. >+**/ >+typedef >+EFI_STATUS >+(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) ( >+ IN EFI_TLS_PROTOCOL *This, >+ IN UINT8 *RequestBuffer, OPTIONAL >+ IN UINTN RequestSize, OPTIONAL >+ OUT UINT8 *Buffer, OPTIONAL >+ IN OUT UINTN *BufferSize >+ ); >+ >+/** >+ Decrypt or encrypt TLS packet during session. This function is only val= id after >+ session connected and for application_data content type. >+ >+ The ProcessPacket () function process each inbound or outbound TLS APP >packet. >+ >+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instanc= e. >+ @param[in, out] FragmentTable Pointer to a list of fragment. The call= er will >take >+ responsible to handle the original Frag= mentTable while >+ it may be reallocated in TLS driver. If= CryptMode is >+ EfiTlsEncrypt, on input these fragments= contain the TLS >+ header and plain text TLS APP payload; = on output these >+ fragments contain the TLS header and ci= pher text TLS >+ APP payload. If CryptMode is EfiTlsDecr= ypt, on input >+ these fragments contain the TLS header = and cipher text >+ TLS APP payload; on output these fragme= nts contain the >+ TLS header and plain text TLS APP paylo= ad. >+ @param[in] FragmentCount Number of fragment. >+ @param[in] CryptMode Crypt mode. >+ >+ @retval EFI_SUCCESS The operation completed successfully. >+ @retval EFI_INVALID_PARAMETER One or more of the following >conditions is TRUE: >+ This is NULL. >+ FragmentTable is NULL. >+ FragmentCount is NULL. >+ CryptoMode is invalid. >+ @retval EFI_NOT_READY Current TLS session state is NOT >+ EfiTlsSessionDataTransferring. >+ @retval EFI_ABORTED Something wrong decryption the message.= TLS >session >+ status will become EfiTlsSessionError. = The caller need >+ call BuildResponsePacket() to generate = Error Alert >+ message and send it out. >+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the >operation. >+**/ >+typedef >+EFI_STATUS >+(EFIAPI *EFI_TLS_PROCESS_PACKET) ( >+ IN EFI_TLS_PROTOCOL *This, >+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, >+ IN UINT32 *FragmentCount, >+ IN EFI_TLS_CRYPT_MODE CryptMode >+ ); >+ >+/// >+/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS >session. >+/// For detail of TLS, please refer to TLS related RFC. >+/// >+struct _EFI_TLS_PROTOCOL { >+ EFI_TLS_SET_SESSION_DATA SetSessionData; >+ EFI_TLS_GET_SESSION_DATA GetSessionData; >+ EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket; >+ EFI_TLS_PROCESS_PACKET ProcessPacket; >+}; >+ >+extern EFI_GUID gEfiTlsServiceBindingProtocolGuid; >+extern EFI_GUID gEfiTlsProtocolGuid; >+ >+#endif // __EFI_TLS_PROTOCOL_H__ >+ >diff --git a/MdePkg/Include/Protocol/TlsConfig.h >b/MdePkg/Include/Protocol/TlsConfig.h >index 012f4ce75e..3e5916cb9d 100644 >--- a/MdePkg/Include/Protocol/TlsConfig.h >+++ b/MdePkg/Include/Protocol/TlsConfig.h >@@ -1,132 +1,133 @@ >-/** @file >- EFI TLS Configuration Protocol as defined in UEFI 2.5. >- The EFI TLS Configuration Protocol provides a way to set and get TLS >configuration. >- >- Copyright (c) 2016, Intel Corporation. All rights reserved.
>- This program and the accompanying materials >- are licensed and made available under the terms and conditions of the B= SD >License >- which accompanies this distribution. The full text of the license may b= e >found at >- http://opensource.org/licenses/bsd-license.php >- >- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >- @par Revision Reference: >- This Protocol is introduced in UEFI Specification 2.5 >- >-**/ >-#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__ >-#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__ >- >-/// >-/// The EFI Configuration protocol provides a way to set and get TLS >configuration. >-/// >-#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \ >- { \ >- 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x9= 2, >0x2d } \ >- } >- >-typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL >EFI_TLS_CONFIGURATION_PROTOCOL; >- >-/// >-/// EFI_TLS_CONFIG_DATA_TYPE >-/// >-typedef enum { >- /// >- /// Local host configuration data: public certificate data. >- /// This data should be DER-encoded binary X.509 certificate >- /// or PEM-encoded X.509 certificate. >- /// >- EfiTlsConfigDataTypeHostPublicCert, >- /// >- /// Local host configuration data: private key data. >- /// >- EfiTlsConfigDataTypeHostPrivateKey, >- /// >- /// CA certificate to verify peer. This data should be PEM-encoded >- /// RSA or PKCS#8 private key. >- /// >- EfiTlsConfigDataTypeCACertificate, >- /// >- /// CA-supplied Certificate Revocation List data. This data should >- /// be DER-encoded CRL data. >- /// >- EfiTlsConfigDataTypeCertRevocationList, >- >- EfiTlsConfigDataTypeMaximum >- >-} EFI_TLS_CONFIG_DATA_TYPE; >- >-/** >- Set TLS configuration data. >- >- The SetData() function sets TLS configuration to non-volatile storage o= r >volatile >- storage. >- >- @param[in] This Pointer to the >EFI_TLS_CONFIGURATION_PROTOCOL instance. >- @param[in] DataType Configuration data type. >- @param[in] Data Pointer to configuration data. >- @param[in] DataSize Total size of configuration data. >- >- @retval EFI_SUCCESS The TLS configuration data is set succe= ssfully. >- @retval EFI_INVALID_PARAMETER One or more of the following conditions >is TRUE: >- This is NULL. >- Data is NULL. >- DataSize is 0. >- @retval EFI_UNSUPPORTED The DataType is unsupported. >- @retval EFI_OUT_OF_RESOURCES Required system resources could not >be allocated. >- >-**/ >-typedef >-EFI_STATUS >-(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)( >- IN EFI_TLS_CONFIGURATION_PROTOCOL *This, >- IN EFI_TLS_CONFIG_DATA_TYPE DataType, >- IN VOID *Data, >- IN UINTN DataSize >- ); >- >-/** >- Get TLS configuration data. >- >- The GetData() function gets TLS configuration. >- >- @param[in] This Pointer to the >EFI_TLS_CONFIGURATION_PROTOCOL instance. >- @param[in] DataType Configuration data type. >- @param[in, out] Data Pointer to configuration data. >- @param[in, out] DataSize Total size of configuration data. On in= put, it >means >- the size of Data buffer. On output, it = means the size >- of copied Data buffer if EFI_SUCCESS, a= nd means the >- size of desired Data buffer if EFI_BUFF= ER_TOO_SMALL. >- >- @retval EFI_SUCCESS The TLS configuration data is got succe= ssfully. >- @retval EFI_INVALID_PARAMETER One or more of the following conditions >is TRUE: >- This is NULL. >- DataSize is NULL. >- Data is NULL if *DataSize is not zero. >- @retval EFI_UNSUPPORTED The DataType is unsupported. >- @retval EFI_NOT_FOUND The TLS configuration data is not found= . >- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the dat= a. >- >-**/ >-typedef >-EFI_STATUS >-(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)( >- IN EFI_TLS_CONFIGURATION_PROTOCOL *This, >- IN EFI_TLS_CONFIG_DATA_TYPE DataType, >- IN OUT VOID *Data, OPTIONAL >- IN OUT UINTN *DataSize >- ); >- >-/// >-/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way >to set and get >-/// TLS configuration, such as Certificate, private key data. >-/// >-struct _EFI_TLS_CONFIGURATION_PROTOCOL { >- EFI_TLS_CONFIGURATION_SET_DATA SetData; >- EFI_TLS_CONFIGURATION_GET_DATA GetData; >-}; >- >-extern EFI_GUID gEfiTlsConfigurationProtocolGuid; >- >-#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__ >+/** @file >+ EFI TLS Configuration Protocol as defined in UEFI 2.5. >+ The EFI TLS Configuration Protocol provides a way to set and get TLS >configuration. >+ >+ Copyright (c) 2016, Intel Corporation. All rights reserved.
>+ This program and the accompanying materials >+ are licensed and made available under the terms and conditions of the B= SD >License >+ which accompanies this distribution. The full text of the license may b= e >found at >+ http://opensource.org/licenses/bsd-license.php >+ >+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >+ >+ @par Revision Reference: >+ This Protocol is introduced in UEFI Specification 2.5 >+ >+**/ >+#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__ >+#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__ >+ >+/// >+/// The EFI Configuration protocol provides a way to set and get TLS >configuration. >+/// >+#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \ >+ { \ >+ 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x9= 2, >0x2d } \ >+ } >+ >+typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL >EFI_TLS_CONFIGURATION_PROTOCOL; >+ >+/// >+/// EFI_TLS_CONFIG_DATA_TYPE >+/// >+typedef enum { >+ /// >+ /// Local host configuration data: public certificate data. >+ /// This data should be DER-encoded binary X.509 certificate >+ /// or PEM-encoded X.509 certificate. >+ /// >+ EfiTlsConfigDataTypeHostPublicCert, >+ /// >+ /// Local host configuration data: private key data. >+ /// >+ EfiTlsConfigDataTypeHostPrivateKey, >+ /// >+ /// CA certificate to verify peer. This data should be PEM-encoded >+ /// RSA or PKCS#8 private key. >+ /// >+ EfiTlsConfigDataTypeCACertificate, >+ /// >+ /// CA-supplied Certificate Revocation List data. This data should >+ /// be DER-encoded CRL data. >+ /// >+ EfiTlsConfigDataTypeCertRevocationList, >+ >+ EfiTlsConfigDataTypeMaximum >+ >+} EFI_TLS_CONFIG_DATA_TYPE; >+ >+/** >+ Set TLS configuration data. >+ >+ The SetData() function sets TLS configuration to non-volatile storage o= r >volatile >+ storage. >+ >+ @param[in] This Pointer to the >EFI_TLS_CONFIGURATION_PROTOCOL instance. >+ @param[in] DataType Configuration data type. >+ @param[in] Data Pointer to configuration data. >+ @param[in] DataSize Total size of configuration data. >+ >+ @retval EFI_SUCCESS The TLS configuration data is set succe= ssfully. >+ @retval EFI_INVALID_PARAMETER One or more of the following >conditions is TRUE: >+ This is NULL. >+ Data is NULL. >+ DataSize is 0. >+ @retval EFI_UNSUPPORTED The DataType is unsupported. >+ @retval EFI_OUT_OF_RESOURCES Required system resources could not >be allocated. >+ >+**/ >+typedef >+EFI_STATUS >+(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)( >+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This, >+ IN EFI_TLS_CONFIG_DATA_TYPE DataType, >+ IN VOID *Data, >+ IN UINTN DataSize >+ ); >+ >+/** >+ Get TLS configuration data. >+ >+ The GetData() function gets TLS configuration. >+ >+ @param[in] This Pointer to the >EFI_TLS_CONFIGURATION_PROTOCOL instance. >+ @param[in] DataType Configuration data type. >+ @param[in, out] Data Pointer to configuration data. >+ @param[in, out] DataSize Total size of configuration data. On in= put, it >means >+ the size of Data buffer. On output, it = means the size >+ of copied Data buffer if EFI_SUCCESS, a= nd means the >+ size of desired Data buffer if EFI_BUFF= ER_TOO_SMALL. >+ >+ @retval EFI_SUCCESS The TLS configuration data is got succe= ssfully. >+ @retval EFI_INVALID_PARAMETER One or more of the following >conditions is TRUE: >+ This is NULL. >+ DataSize is NULL. >+ Data is NULL if *DataSize is not zero. >+ @retval EFI_UNSUPPORTED The DataType is unsupported. >+ @retval EFI_NOT_FOUND The TLS configuration data is not found= . >+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the dat= a. >+ >+**/ >+typedef >+EFI_STATUS >+(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)( >+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This, >+ IN EFI_TLS_CONFIG_DATA_TYPE DataType, >+ IN OUT VOID *Data, OPTIONAL >+ IN OUT UINTN *DataSize >+ ); >+ >+/// >+/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way >to set and get >+/// TLS configuration, such as Certificate, private key data. >+/// >+struct _EFI_TLS_CONFIGURATION_PROTOCOL { >+ EFI_TLS_CONFIGURATION_SET_DATA SetData; >+ EFI_TLS_CONFIGURATION_GET_DATA GetData; >+}; >+ >+extern EFI_GUID gEfiTlsConfigurationProtocolGuid; >+ >+#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__ >+ >diff --git a/MdePkg/Library/BaseLib/SafeString.c >b/MdePkg/Library/BaseLib/SafeString.c >index 249fe477b4..68c33e9b7b 100644 >--- a/MdePkg/Library/BaseLib/SafeString.c >+++ b/MdePkg/Library/BaseLib/SafeString.c >@@ -217,7 +217,7 @@ StrnSizeS ( > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumUnicodeStringLength is no= t zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumUnicodeStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -231,7 +231,7 @@ StrCpyS ( > ) > { > UINTN SourceLen; >- >+ > ASSERT (((UINTN) Destination & BIT0) =3D=3D 0); > ASSERT (((UINTN) Source & BIT0) =3D=3D 0); > >@@ -296,12 +296,12 @@ StrCpyS ( > @param Length The maximum number of Unicode characte= rs to >copy. > > @retval RETURN_SUCCESS String is copied. >- @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than >+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than > MIN(StrLen(Source), Length). > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumUnicodeStringLength is no= t zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumUnicodeStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -388,14 +388,14 @@ StrnCpyS ( > @param Source A pointer to a Null-terminated Unicode= string. > > @retval RETURN_SUCCESS String is appended. >- @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than >+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than > StrLen(Destination). > @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is >NOT > greater than StrLen(Source). > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumUnicodeStringLength is no= t zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumUnicodeStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -411,7 +411,7 @@ StrCatS ( > UINTN DestLen; > UINTN CopyLen; > UINTN SourceLen; >- >+ > ASSERT (((UINTN) Destination & BIT0) =3D=3D 0); > ASSERT (((UINTN) Source & BIT0) =3D=3D 0); > >@@ -497,7 +497,7 @@ StrCatS ( > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumUnicodeStringLength is no= t zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumUnicodeStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -514,7 +514,7 @@ StrnCatS ( > UINTN DestLen; > UINTN CopyLen; > UINTN SourceLen; >- >+ > ASSERT (((UINTN) Destination & BIT0) =3D=3D 0); > ASSERT (((UINTN) Source & BIT0) =3D=3D 0); > >@@ -1799,7 +1799,7 @@ AsciiStrnSizeS ( > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumAsciiStringLength is not = zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumAsciiStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -1813,7 +1813,7 @@ AsciiStrCpyS ( > ) > { > UINTN SourceLen; >- >+ > // > // 1. Neither Destination nor Source shall be a null pointer. > // >@@ -1873,12 +1873,12 @@ AsciiStrCpyS ( > @param Length The maximum number of Ascii characters= to copy. > > @retval RETURN_SUCCESS String is copied. >- @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than >+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than > MIN(StrLen(Source), Length). > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumAsciiStringLength is not = zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumAsciiStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -1960,14 +1960,14 @@ AsciiStrnCpyS ( > @param Source A pointer to a Null-terminated Ascii s= tring. > > @retval RETURN_SUCCESS String is appended. >- @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than >+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than > StrLen(Destination). > @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is >NOT > greater than StrLen(Source). > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumAsciiStringLength is not = zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumAsciiStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -1983,7 +1983,7 @@ AsciiStrCatS ( > UINTN DestLen; > UINTN CopyLen; > UINTN SourceLen; >- >+ > // > // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, >DestMax) upon entry to AsciiStrCatS. > // >@@ -2064,7 +2064,7 @@ AsciiStrCatS ( > @retval RETURN_INVALID_PARAMETER If Destination is NULL. > If Source is NULL. > If PcdMaximumAsciiStringLength is not = zero, >- and DestMax is greater than >+ and DestMax is greater than > PcdMaximumAsciiStringLength. > If DestMax is 0. > @retval RETURN_ACCESS_DENIED If Source and Destination overlap. >@@ -2081,7 +2081,7 @@ AsciiStrnCatS ( > UINTN DestLen; > UINTN CopyLen; > UINTN SourceLen; >- >+ > // > // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, >DestMax) upon entry to AsciiStrnCatS. > // >@@ -3265,7 +3265,8 @@ AsciiStrToIpv6Address ( > &Address->Addr[CompressStart + ARRAY_SIZE (Address->Addr) - >AddressIndex], > &LocalAddress.Addr[CompressStart], > AddressIndex - CompressStart >- ); > >+ ); >+ > } > > if (PrefixLength !=3D NULL) { >-- >2.12.0.windows.1