public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: "Long, Qin" <qin.long@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>,
	"Fu, Siyuan" <siyuan.fu@intel.com>,
	"Zhang, Lubo" <lubo.zhang@intel.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	Thomas Palmer <thomas.palmer@hpe.com>
Subject: Re: [Patch 01/10] MdePkg: Add TLS related protocol definition
Date: Wed, 14 Dec 2016 08:39:28 +0000	[thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B72741627EF1A@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <BF2CCE9263284D428840004653A28B6E53F3D5A1@SHSMSX103.ccr.corp.intel.com>

Thanks Qin, I will correct it before commit this patch.

Best Regards!
Jiaxin

> -----Original Message-----
> From: Long, Qin
> Sent: Wednesday, December 14, 2016 4:36 PM
> To: Wu, Jiaxin <jiaxin.wu@intel.com>; edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Zhang,
> Lubo <lubo.zhang@intel.com>; Gao, Liming <liming.gao@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Thomas Palmer
> <thomas.palmer@hpe.com>
> Subject: RE: [Patch 01/10] MdePkg: Add TLS related protocol definition
> 
> Reviewed-by: Qin Long <qin.long@intel.com>
> 
> Please correct some typos later:
> EFI_TLS_EXTENDION  --> EFI_TLS_EXTENSION TLS/SSLhandshake --> TLS/SSL
> handshake cerfificate --> certificate cypher --> cipher
> binaryX.509 --> binary X.509
> PEMencoded --> PEM-encoded
> 
> Best Regards & Thanks,
> LONG, Qin
> 
> > -----Original Message-----
> > From: Wu, Jiaxin
> > Sent: Wednesday, December 14, 2016 3:34 PM
> > To: edk2-devel@lists.01.org
> > Cc: Long, Qin; Ye, Ting; Fu, Siyuan; Zhang, Lubo; Gao, Liming; Kinney,
> > Michael D; Thomas Palmer; Wu, Jiaxin
> > Subject: [Patch 01/10] MdePkg: Add TLS related protocol definition
> >
> > This patch is used to add Tls.h and TlsConfig.h header files to define
> > EFI TLS Configuration Protocol, EFI TLS Service Binding Protocol and
> > EFI TLS Configuration Protocol.
> >
> > Cc: Long Qin <qin.long@intel.com>
> > Cc: Ye Ting <ting.ye@intel.com>
> > Cc: Fu Siyuan <siyuan.fu@intel.com>
> > Cc: Zhang Lubo <lubo.zhang@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Thomas Palmer <thomas.palmer@hpe.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> > ---
> >  MdePkg/Include/Protocol/Tls.h       | 460
> > ++++++++++++++++++++++++++++++++++++
> >  MdePkg/Include/Protocol/TlsConfig.h | 132 +++++++++++
> >  MdePkg/MdePkg.dec                   |   9 +
> >  3 files changed, 601 insertions(+)
> >  create mode 100644 MdePkg/Include/Protocol/Tls.h  create mode 100644
> > MdePkg/Include/Protocol/TlsConfig.h
> >
> > diff --git a/MdePkg/Include/Protocol/Tls.h
> > b/MdePkg/Include/Protocol/Tls.h new file mode 100644 index
> > 0000000..51a3cda
> > --- /dev/null
> > +++ b/MdePkg/Include/Protocol/Tls.h
> > @@ -0,0 +1,460 @@
> > +/** @file
> > +  EFI TLS Protocols as defined in UEFI 2.5.
> > +
> > +  The EFI TLS Service Binding Protocol is used to locate EFI TLS
> > + Protocol drivers  to create and destroy child of the driver to
> > + communicate with other host using  TLS protocol.
> > +  The EFI TLS Protocol provides the ability to manage TLS session.
> > +
> > +  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> > + This program and the accompanying materials  are licensed and made
> > + available under the terms and conditions of the BSD License  which
> > + accompanies this distribution. The full text of the license may be
> > + found at  http://opensource.org/licenses/bsd-license.php
> > +
> > +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > BASIS,
> > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> > EXPRESS OR IMPLIED.
> > +
> > +  @par Revision Reference:
> > +  This Protocol is introduced in UEFI Specification 2.5
> > +
> > +**/
> > +
> > +#ifndef __EFI_TLS_PROTOCOL_H__
> > +#define __EFI_TLS_PROTOCOL_H__
> > +
> > +///
> > +/// The EFI TLS Service Binding Protocol is used to locate EFI TLS
> > +Protocol drivers to /// create and destroy child of the driver to
> > +communicate with other host using TLS /// protocol.
> > +///
> > +#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \
> > +  { \
> > +    0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6,
> > +0xab, 0x8d } \
> > +  }
> > +
> > +///
> > +/// The EFI TLS protocol provides the ability to manage TLS session.
> > +///
> > +#define EFI_TLS_PROTOCOL_GUID \
> > +  { \
> > +    0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51,
> > +0x43, 0x90 } \
> > +  }
> > +
> > +typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
> > +
> > +///
> > +/// EFI_TLS_SESSION_DATA_TYPE
> > +///
> > +typedef enum {
> > +  ///
> > +  /// Session Configuration
> > +  ///
> > +
> > +  ///
> > +  /// TLS session Version. The corresponding Data is of type
> > EFI_TLS_VERSION.
> > +  ///
> > +  EfiTlsVersion,
> > +  ///
> > +  /// TLS session as client or as server. The corresponding Data is
> > + of /// EFI_TLS_CONNECTION_END.
> > +  ///
> > +  EfiTlsConnectionEnd,
> > +  ///
> > +  /// A priority list of preferred algorithms for the TLS session.
> > +  /// The corresponding Data is a list of EFI_TLS_CIPHER.
> > +  ///
> > +  EfiTlsCipherList,
> > +  ///
> > +  /// TLS session compression method.
> > +  /// The corresponding Data is of type EFI_TLS_COMPRESSION.
> > +  ///
> > +  EfiTlsCompressionMethod,
> > +  ///
> > +  /// TLS session extension data.
> > +  /// The corresponding Data is a list of type EFI_TLS_EXTENDION.
> > +  ///
> > +  EfiTlsExtensionData,
> > +  ///
> > +  /// TLS session verify method.
> > +  /// The corresponding Data is of type EFI_TLS_VERIFY.
> > +  ///
> > +  EfiTlsVerifyMethod,
> > +  ///
> > +  /// TLS session data session ID.
> > +  /// For SetSessionData(), it is TLS session ID used for session resumption.
> > +  /// For GetSessionData(), it is the TLS session ID used for current session.
> > +  /// The corresponding Data is of type EFI_TLS_SESSION_ID.
> > +  ///
> > +  EfiTlsSessionID,
> > +  ///
> > +  /// TLS session data session state.
> > +  /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
> > +  ///
> > +  EfiTlsSessionState,
> > +
> > +  ///
> > +  /// Session information
> > +  ///
> > +
> > +  ///
> > +  /// TLS session data client random.
> > +  /// The corresponding Data is of type EFI_TLS_RANDOM.
> > +  ///
> > +  EfiTlsClientRandom,
> > +  ///
> > +  /// TLS session data server random.
> > +  /// The corresponding Data is of type EFI_TLS_RANDOM.
> > +  ///
> > +  EfiTlsServerRandom,
> > +  ///
> > +  /// TLS session data key material.
> > +  /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
> > +  ///
> > +  EfiTlsKeyMaterial,
> > +
> > +  EfiTlsSessionDataTypeMaximum
> > +
> > +} EFI_TLS_SESSION_DATA_TYPE;
> > +
> > +///
> > +/// EFI_TLS_VERSION
> > +/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g.
> 1.2).
> > +///       SSL2.0 is obsolete and should not be used.
> > +///
> > +typedef struct {
> > +  UINT8                         Major;
> > +  UINT8                         Minor;
> > +} EFI_TLS_VERSION;
> > +
> > +///
> > +/// EFI_TLS_CONNECTION_END to define TLS session as client or server.
> > +///
> > +typedef enum {
> > +  EfiTlsClient,
> > +  EfiTlsServer,
> > +} EFI_TLS_CONNECTION_END;
> > +
> > +///
> > +/// EFI_TLS_CIPHER
> > +/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC
> > +5246,
> > A.4.1.
> > +///       Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher
> > +///       Suite Registry of IANA.
> > +///
> > +typedef struct {
> > +  UINT8                         Data1;
> > +  UINT8                         Data2;
> > +} EFI_TLS_CIPHER;
> > +
> > +///
> > +/// EFI_TLS_COMPRESSION
> > +/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC
> 3749".
> > +///
> > +typedef UINT8 EFI_TLS_COMPRESSION;
> > +
> > +///
> > +/// EFI_TLS_EXTENSION
> > +/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.
> > +///       Hello Messages".
> > +///
> > +typedef struct {
> > +  UINT16                        ExtensionType;
> > +  UINT16                        Length;
> > +  UINT8                         Data[1];
> > +} EFI_TLS_EXTENSION;
> > +
> > +///
> > +/// EFI_TLS_VERIFY
> > +/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last
> > +two options /// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.
> > +///
> > +typedef UINT32  EFI_TLS_VERIFY;
> > +///
> > +/// No certificates will be sent or the TLS/SSLhandshake will be
> > +continued regardless /// of the certificate verification result.
> > +///
> > +#define EFI_TLS_VERIFY_NONE                  0x0
> > +///
> > +/// The TLS/SSL handshake is immediately terminated with an alert
> > +message containing /// the reason for the certificate verification failure.
> > +///
> > +#define EFI_TLS_VERIFY_PEER                  0x1
> > +///
> > +/// TLS session will fail peer certificate is absent.
> > +///
> > +#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT  0x2 /// /// TLS session
> > +only verify client once, and doesn't request cerfificate during ///
> > +re-negotiation.
> > +///
> > +#define EFI_TLS_VERIFY_CLIENT_ONCE           0x4
> > +
> > +///
> > +/// EFI_TLS_RANDOM
> > +/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
> > +///       Hello Messages".
> > +///
> > +typedef struct {
> > +  UINT32                        GmtUnixTime;
> > +  UINT8                         RandomBytes[28];
> > +} EFI_TLS_RANDOM;
> > +
> > +///
> > +/// EFI_TLS_MASTER_SECRET
> > +/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.
> > +///       Computing the Master Secret".
> > +///
> > +typedef struct {
> > +  UINT8                         Data[48];
> > +} EFI_TLS_MASTER_SECRET;
> > +
> > +///
> > +/// EFI_TLS_SESSION_ID
> > +/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1.
> > Hello Messages".
> > +///
> > +#define MAX_TLS_SESSION_ID_LENGTH  32 typedef struct {
> > +  UINT16                        Length;
> > +  UINT8                         Data[MAX_TLS_SESSION_ID_LENGTH];
> > +} EFI_TLS_SESSION_ID;
> > +
> > +///
> > +/// EFI_TLS_SESSION_STATE
> > +///
> > +typedef enum {
> > +  ///
> > +  /// When a new child of TLS protocol is created, the initial state
> > +of TLS session
> > +  /// is EfiTlsSessionNotStarted.
> > +  ///
> > +  EfiTlsSessionNotStarted,
> > +  ///
> > +  /// The consumer can call BuildResponsePacket() with NULL to get
> > +ClientHello to
> > +  /// start the TLS session. Then the status is EfiTlsSessionHandShaking.
> > +  ///
> > +  EfiTlsSessionHandShaking,
> > +  ///
> > +  /// During handshake, the consumer need call BuildResponsePacket()
> > +with input
> > +  /// data from peer, then get response packet and send to peer.
> > +After handshake
> > +  /// finish, the TLS session status becomes
> > +EfiTlsSessionDataTransferring, and
> > +  /// consumer can use ProcessPacket() for data transferring.
> > +  ///
> > +  EfiTlsSessionDataTransferring,
> > +  ///
> > +  /// Finally, if consumer wants to active close TLS session,
> > +consumer need
> > +  /// call SetSessionData to set TLS session state to
> > +EfiTlsSessionClosing, and
> > +  /// call BuildResponsePacket() with NULL to get CloseNotify alert
> > +message,
> > +  /// and sent it out.
> > +  ///
> > +  EfiTlsSessionClosing,
> > +  ///
> > +  /// If any error happen during parsing ApplicationData content
> > +type, EFI_ABORT
> > +  /// will be returned by ProcessPacket(), and TLS session state will
> > +become
> > +  /// EfiTlsSessionError. Then consumer need call
> > +BuildResponsePacket() with
> > +  /// NULL to get alert message and sent it out.
> > +  ///
> > +  EfiTlsSessionError,
> > +
> > +  EfiTlsSessionStateMaximum
> > +
> > +} EFI_TLS_SESSION_STATE;
> > +
> > +///
> > +/// EFI_TLS_FRAGMENT_DATA
> > +///
> > +typedef struct {
> > +  ///
> > +  /// Length of data buffer in the fragment.
> > +  ///
> > +  UINT32                        FragmentLength;
> > +  ///
> > +  /// Pointer to the data buffer in the fragment.
> > +  ///
> > +  VOID                          *FragmentBuffer;
> > +} EFI_TLS_FRAGMENT_DATA;
> > +
> > +///
> > +/// EFI_TLS_CRYPT_MODE
> > +///
> > +typedef enum {
> > +  ///
> > +  /// Encrypt data provided in the fragment buffers.
> > +  ///
> > +  EfiTlsEncrypt,
> > +  ///
> > +  /// Decrypt data provided in the fragment buffers.
> > +  ///
> > +  EfiTlsDecrypt,
> > +} EFI_TLS_CRYPT_MODE;
> > +
> > +/**
> > +  Set TLS session data.
> > +
> > +  The SetSessionData() function set data for a new TLS session. All
> > + session data should  be set before BuildResponsePacket() invoked.
> > +
> > +  @param[in]  This                Pointer to the EFI_TLS_PROTOCOL instance.
> > +  @param[in]  DataType            TLS session data type.
> > +  @param[in]  Data                Pointer to session data.
> > +  @param[in]  DataSize            Total size of session data.
> > +
> > +  @retval EFI_SUCCESS             The TLS session data is set successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the following
> > conditions is TRUE:
> > +                                  This is NULL.
> > +                                  Data is NULL.
> > +                                  DataSize is 0.
> > +  @retval EFI_UNSUPPORTED         The DataType is unsupported.
> > +  @retval EFI_ACCESS_DENIED       If the DataType is one of below:
> > +                                  EfiTlsClientRandom
> > +                                  EfiTlsServerRandom
> > +                                  EfiTlsKeyMaterial
> > +  @retval EFI_NOT_READY           Current TLS session state is NOT
> > +                                  EfiTlsSessionStateNotStarted.
> > +  @retval EFI_OUT_OF_RESOURCES    Required system resources could
> not
> > be allocated.
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *EFI_TLS_SET_SESSION_DATA) (
> > +  IN EFI_TLS_PROTOCOL                *This,
> > +  IN EFI_TLS_SESSION_DATA_TYPE       DataType,
> > +  IN VOID                            *Data,
> > +  IN UINTN                           DataSize
> > +  );
> > +
> > +/**
> > +  Get TLS session data.
> > +
> > +  The GetSessionData() function return the TLS session information.
> > +
> > +  @param[in]       This           Pointer to the EFI_TLS_PROTOCOL instance.
> > +  @param[in]       DataType       TLS session data type.
> > +  @param[in, out]  Data           Pointer to session data.
> > +  @param[in, out]  DataSize       Total size of session data. On input, it
> means
> > +                                  the size of Data buffer. On output, it means the size
> > +                                  of copied Data buffer if EFI_SUCCESS, and means the
> > +                                  size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> > +
> > +  @retval EFI_SUCCESS             The TLS session data is got successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the following
> > conditions is TRUE:
> > +                                  This is NULL.
> > +                                  DataSize is NULL.
> > +                                  Data is NULL if *DataSize is not zero.
> > +  @retval EFI_UNSUPPORTED         The DataType is unsupported.
> > +  @retval EFI_NOT_FOUND           The TLS session data is not found.
> > +  @retval EFI_NOT_READY           The DataType is not ready in current
> session
> > state.
> > +  @retval EFI_BUFFER_TOO_SMALL    The buffer is too small to hold the
> data.
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *EFI_TLS_GET_SESSION_DATA) (
> > +  IN EFI_TLS_PROTOCOL                *This,
> > +  IN EFI_TLS_SESSION_DATA_TYPE       DataType,
> > +  IN OUT VOID                        *Data,  OPTIONAL
> > +  IN OUT UINTN                       *DataSize
> > +  );
> > +
> > +/**
> > +  Build response packet according to TLS state machine. This function
> > +is only valid for
> > +  alert, handshake and change_cipher_spec content type.
> > +
> > +  The BuildResponsePacket() function builds TLS response packet in
> > + response to the TLS  request packet specified by RequestBuffer and
> > + RequestSize. If RequestBuffer is NULL and  RequestSize is 0, and TLS
> > + session status is EfiTlsSessionNotStarted, the TLS session  will be
> > + initiated and the response packet needs to be ClientHello. If
> > + RequestBuffer is  NULL and RequestSize is 0, and TLS session status
> > + is EfiTlsSessionClosing, the TLS  session will be closed and
> > + response packet needs to be CloseNotify. If RequestBuffer is  NULL
> > + and RequestSize is 0, and TLS session status is EfiTlsSessionError,
> > + the TLS
> > session has errors and the response packet needs to be Alert message
> > based on error  type.
> > +
> > +  @param[in]       This           Pointer to the EFI_TLS_PROTOCOL instance.
> > +  @param[in]       RequestBuffer  Pointer to the most recently received TLS
> > packet. NULL
> > +                                  means TLS need initiate the TLS session and response
> > +                                  packet need to be ClientHello.
> > +  @param[in]       RequestSize    Packet size in bytes for the most recently
> > received TLS
> > +                                  packet. 0 is only valid when RequestBuffer is NULL.
> > +  @param[out]      Buffer         Pointer to the buffer to hold the built packet.
> > +  @param[in, out]  BufferSize     Pointer to the buffer size in bytes. On
> input,
> > it is
> > +                                  the buffer size provided by the caller. On output, it
> > +                                  is the buffer size in fact needed to contain the
> > +                                  packet.
> > +
> > +  @retval EFI_SUCCESS             The required TLS packet is built successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the following
> > conditions is TRUE:
> > +                                  This is NULL.
> > +                                  RequestBuffer is NULL but RequestSize is NOT 0.
> > +                                  RequestSize is 0 but RequestBuffer is NOT NULL.
> > +                                  BufferSize is NULL.
> > +                                  Buffer is NULL if *BufferSize is not zero.
> > +  @retval EFI_BUFFER_TOO_SMALL    BufferSize is too small to hold the
> > response packet.
> > +  @retval EFI_NOT_READY           Current TLS session state is NOT ready to
> > build
> > +                                  ResponsePacket.
> > +  @retval EFI_ABORTED             Something wrong build response packet.
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (
> > +  IN EFI_TLS_PROTOCOL                *This,
> > +  IN UINT8                           *RequestBuffer, OPTIONAL
> > +  IN UINTN                           RequestSize, OPTIONAL
> > +  OUT UINT8                          *Buffer, OPTIONAL
> > +  IN OUT UINTN                       *BufferSize
> > +  );
> > +
> > +/**
> > +  Decrypt or encrypt TLS packet during session. This function is only
> > +valid after
> > +  session connected and for application_data content type.
> > +
> > +  The ProcessPacket () function process each inbound or outbound TLS
> > + APP
> > packet.
> > +
> > +  @param[in]       This           Pointer to the EFI_TLS_PROTOCOL instance.
> > +  @param[in, out]  FragmentTable  Pointer to a list of fragment. The
> > + caller
> > will take
> > +                                  responsible to handle the original FragmentTable while
> > +                                  it may be reallocated in TLS driver. If CryptMode is
> > +                                  EfiTlsEncrypt, on input these fragments contain the TLS
> > +                                  header and plain text TLS APP payload; on output these
> > +                                  fragments contain the TLS header and cypher text TLS
> > +                                  APP payload. If CryptMode is EfiTlsDecrypt, on input
> > +                                  these fragments contain the TLS header and cypher text
> > +                                  TLS APP payload; on output these fragments contain the
> > +                                  TLS header and plain text TLS APP payload.
> > +  @param[in]       FragmentCount  Number of fragment.
> > +  @param[in]       CryptMode      Crypt mode.
> > +
> > +  @retval EFI_SUCCESS             The operation completed successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the following
> > conditions is TRUE:
> > +                                  This is NULL.
> > +                                  FragmentTable is NULL.
> > +                                  FragmentCount is NULL.
> > +                                  CryptoMode is invalid.
> > +  @retval EFI_NOT_READY           Current TLS session state is NOT
> > +                                  EfiTlsSessionDataTransferring.
> > +  @retval EFI_ABORTED             Something wrong decryption the message.
> > TLS session
> > +                                  status will become EfiTlsSessionError. The caller need
> > +                                  call BuildResponsePacket() to generate Error Alert
> > +                                  message and send it out.
> > +  @retval EFI_OUT_OF_RESOURCES    No enough resource to finish the
> > operation.
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *EFI_TLS_PROCESS_PACKET) (
> > +  IN EFI_TLS_PROTOCOL                *This,
> > +  IN OUT EFI_TLS_FRAGMENT_DATA       **FragmentTable,
> > +  IN UINT32                          *FragmentCount,
> > +  IN EFI_TLS_CRYPT_MODE              CryptMode
> > +  );
> > +
> > +///
> > +/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS
> > session.
> > +/// For detail of TLS, please refer to TLS related RFC.
> > +///
> > +struct _EFI_TLS_PROTOCOL {
> > +  EFI_TLS_SET_SESSION_DATA           SetSessionData;
> > +  EFI_TLS_GET_SESSION_DATA           GetSessionData;
> > +  EFI_TLS_BUILD_RESPONSE_PACKET      BuildResponsePacket;
> > +  EFI_TLS_PROCESS_PACKET             ProcessPacket;
> > +};
> > +
> > +extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;
> > +extern EFI_GUID gEfiTlsProtocolGuid;
> > +
> > +#endif  // __EFI_TLS_PROTOCOL_H__
> > diff --git a/MdePkg/Include/Protocol/TlsConfig.h
> > b/MdePkg/Include/Protocol/TlsConfig.h
> > new file mode 100644
> > index 0000000..4b62bf5
> > --- /dev/null
> > +++ b/MdePkg/Include/Protocol/TlsConfig.h
> > @@ -0,0 +1,132 @@
> > +/** @file
> > +  EFI TLS Configuration Protocol as defined in UEFI 2.5.
> > +  The EFI TLS Configuration Protocol provides a way to set and get
> > +TLS
> > configuration.
> > +
> > +  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> > + This program and the accompanying materials  are licensed and made
> > + available under the terms and conditions of the BSD License  which
> > + accompanies this distribution. The full text of the license may be
> > + found at  http://opensource.org/licenses/bsd-license.php
> > +
> > +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > BASIS,
> > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> > EXPRESS OR IMPLIED.
> > +
> > +  @par Revision Reference:
> > +  This Protocol is introduced in UEFI Specification 2.5
> > +
> > +**/
> > +#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__
> > +#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__
> > +
> > +///
> > +/// The EFI Configuration protocol provides a way to set and get TLS
> > configuration.
> > +///
> > +#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID  \
> > +  { \
> > +    0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3,
> > +0x92, 0x2d }  \
> > +  }
> > +
> > +typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL
> > +EFI_TLS_CONFIGURATION_PROTOCOL;
> > +
> > +///
> > +/// EFI_TLS_CONFIG_DATA_TYPE
> > +///
> > +typedef enum {
> > +  ///
> > +  /// Local host configuration data: public certificate data.
> > +  /// This data should be DER-encoded binaryX.509 certificate
> > +  /// or PEMencoded X.509 certificate.
> > +  ///
> > +  EfiTlsConfigDataTypeHostPublicCert,
> > +  ///
> > +  /// Local host configuration data: private key data.
> > +  ///
> > +  EfiTlsConfigDataTypeHostPrivateKey,
> > +  ///
> > +  /// CA certificate to verify peer. This data should be PEM-encoded
> > +  /// RSA or PKCS#8 private key.
> > +  ///
> > +  EfiTlsConfigDataTypeCACertificate,
> > +  ///
> > +  /// CA-supplied Certificate Revocation List data. This data should
> > +  /// be DER-encoded CRL data.
> > +  ///
> > +  EfiTlsConfigDataTypeCertRevocationList,
> > +
> > +  EfiTlsConfigDataTypeMaximum
> > +
> > +} EFI_TLS_CONFIG_DATA_TYPE;
> > +
> > +/**
> > +  Set TLS configuration data.
> > +
> > +  The SetData() function sets TLS configuration to non-volatile
> > + storage or volatile  storage.
> > +
> > +  @param[in]  This                Pointer to the
> > EFI_TLS_CONFIGURATION_PROTOCOL instance.
> > +  @param[in]  DataType            Configuration data type.
> > +  @param[in]  Data                Pointer to configuration data.
> > +  @param[in]  DataSize            Total size of configuration data.
> > +
> > +  @retval EFI_SUCCESS             The TLS configuration data is set successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the following
> > conditions is TRUE:
> > +                                  This is NULL.
> > +                                  Data is NULL.
> > +                                  DataSize is 0.
> > +  @retval EFI_UNSUPPORTED         The DataType is unsupported.
> > +  @retval EFI_OUT_OF_RESOURCES    Required system resources could
> not
> > be allocated.
> > +
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)(
> > +  IN EFI_TLS_CONFIGURATION_PROTOCOL  *This,
> > +  IN EFI_TLS_CONFIG_DATA_TYPE        DataType,
> > +  IN VOID                            *Data,
> > +  IN UINTN                           DataSize
> > +  );
> > +
> > +/**
> > +  Get TLS configuration data.
> > +
> > +  The GetData() function gets TLS configuration.
> > +
> > +  @param[in]       This           Pointer to the
> > EFI_TLS_CONFIGURATION_PROTOCOL instance.
> > +  @param[in]       DataType       Configuration data type.
> > +  @param[in, out]  Data           Pointer to configuration data.
> > +  @param[in, out]  DataSize       Total size of configuration data. On input, it
> > means
> > +                                  the size of Data buffer. On output, it means the size
> > +                                  of copied Data buffer if EFI_SUCCESS, and means the
> > +                                  size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> > +
> > +  @retval EFI_SUCCESS             The TLS configuration data is got successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the following
> > conditions is TRUE:
> > +                                  This is NULL.
> > +                                  DataSize is NULL.
> > +                                  Data is NULL if *DataSize is not zero.
> > +  @retval EFI_UNSUPPORTED         The DataType is unsupported.
> > +  @retval EFI_NOT_FOUND           The TLS configuration data is not found.
> > +  @retval EFI_BUFFER_TOO_SMALL    The buffer is too small to hold the
> data.
> > +
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)(
> > +  IN EFI_TLS_CONFIGURATION_PROTOCOL  *This,
> > +  IN EFI_TLS_CONFIG_DATA_TYPE        DataType,
> > +  IN OUT VOID                        *Data,  OPTIONAL
> > +  IN OUT UINTN                       *DataSize
> > +  );
> > +
> > +///
> > +/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a
> way
> > to
> > +set and get /// TLS configuration, such as Certificate, private key data.
> > +///
> > +struct _EFI_TLS_CONFIGURATION_PROTOCOL {
> > +  EFI_TLS_CONFIGURATION_SET_DATA     SetData;
> > +  EFI_TLS_CONFIGURATION_GET_DATA     GetData;
> > +};
> > +
> > +extern EFI_GUID gEfiTlsConfigurationProtocolGuid;
> > +
> > +#endif  //__EFI_TLS_CONFIGURATION_PROTOCOL_H__
> > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index
> > 3e08bed..f2bdb30 100644
> > --- a/MdePkg/MdePkg.dec
> > +++ b/MdePkg/MdePkg.dec
> > @@ -1607,10 +1607,19 @@
> >    gEfiHttpProtocolGuid                 = { 0x7a59b29b, 0x910b, 0x4171, {0x82, 0x42,
> > 0xa8, 0x5a, 0x0d, 0xf2, 0x5b, 0x5b }}
> >
> >    ## Include/Protocol/HttpUtilities.h
> >    gEfiHttpUtilitiesProtocolGuid        = { 0x3e35c163, 0x4074, 0x45dd, {0x43,
> > 0x1e, 0x23, 0x98, 0x9d, 0xd8, 0x6b, 0x32 }}
> >
> > +  ## Include/Protocol/Tls.h
> > +  gEfiTlsServiceBindingProtocolGuid   = { 0x952cb795, 0xff36, 0x48cf, {0xa2,
> > 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d }}
> > +
> > +  ## Include/Protocol/Tls.h
> > +  gEfiTlsProtocolGuid                 = { 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc,
> 0xe4,
> > 0x6c, 0x47, 0x51, 0x43, 0x90 }}
> > +
> > +  ## Include/Protocol/TlsConfig.h
> > +  gEfiTlsConfigurationProtocolGuid    = { 0x1682fe44, 0xbd7a, 0x4407, { 0xb7,
> > 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d }}
> > +
> >    ## Include/Protocol/Rest.h
> >    gEfiRestProtocolGuid                 =  { 0x0db48a36, 0x4e54, 0xea9c, {0x9b, 0x09,
> > 0x1e, 0xa5, 0xbe, 0x3a, 0x66, 0x0b }}
> >
> >    ## Include/Protocol/Supplicant.h
> >    gEfiSupplicantServiceBindingProtocolGuid  = { 0x45bcd98e, 0x59ad,
> > 0x4174, { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 }}
> > --
> > 1.9.5.msysgit.1



  reply	other threads:[~2016-12-14  8:39 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-14  7:34 [Patch 00/10] Sync staging/HTTPS-TLS feature into edk2 master Jiaxin Wu
2016-12-14  7:34 ` [Patch 01/10] MdePkg: Add TLS related protocol definition Jiaxin Wu
2016-12-14  8:36   ` Long, Qin
2016-12-14  8:39     ` Wu, Jiaxin [this message]
2016-12-15  8:34       ` Ye, Ting
2016-12-14  8:43   ` Fu, Siyuan
2016-12-14  7:34 ` [Patch 02/10] MdePkg: Add a header to standardize TLS definitions Jiaxin Wu
2016-12-14  8:42   ` Long, Qin
2016-12-14  8:43   ` Fu, Siyuan
2016-12-15  8:35   ` Ye, Ting
2016-12-14  7:34 ` [Patch 03/10] CryptoPkg: Enable ssl build in OpensslLib directly Jiaxin Wu
2016-12-15  8:37   ` Ye, Ting
2016-12-14  7:34 ` [Patch 04/10] CryptoPkg: Add new TlsLib library Jiaxin Wu
2016-12-16  2:10   ` Ye, Ting
2016-12-16  2:51     ` Wu, Jiaxin
2016-12-14  7:34 ` [Patch 05/10] NetworkPkg/TlsDxe: TlsDxe driver implementation over OpenSSL Jiaxin Wu
2016-12-14  8:41   ` Fu, Siyuan
2016-12-15  7:24     ` Wu, Jiaxin
2016-12-14  7:34 ` [Patch 06/10] NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS auth configuration Jiaxin Wu
2016-12-15  2:22   ` Fu, Siyuan
2016-12-22  2:52     ` Ye, Ting
2016-12-22  3:13       ` Wu, Jiaxin
2016-12-14  7:34 ` [Patch 07/10] NetworkPkg/HttpDxe: HTTPS support over IPv4 and IPv6 Jiaxin Wu
2016-12-15  2:39   ` Fu, Siyuan
2016-12-15  7:14     ` Wu, Jiaxin
2016-12-22  7:33   ` Ye, Ting
2016-12-22  8:30     ` Wu, Jiaxin
2016-12-14  7:34 ` [Patch 08/10] NetworkPkg/NetworkPkg.dsc: Enable TlsDxe and TlsAuthConfigDxe module Jiaxin Wu
2016-12-15  2:39   ` Fu, Siyuan
2016-12-22  7:37   ` Ye, Ting
2016-12-14  7:34 ` [Patch 09/10] Nt32Pkg/Nt32Pkg.dsc: Remove the flag for OpensslLib and BaseCryptLib Jiaxin Wu
2016-12-14  7:56   ` Ni, Ruiyu
2016-12-15  8:25   ` Long, Qin
2016-12-22  7:39   ` Ye, Ting
2016-12-14  7:34 ` [Patch 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform Jiaxin Wu
2016-12-14  7:44   ` Yao, Jiewen
2016-12-14  7:46     ` Wu, Jiaxin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=895558F6EA4E3B41AC93A00D163B72741627EF1A@SHSMSX103.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox