From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 398E921942333 for ; Wed, 5 Apr 2017 22:29:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1491456599; x=1522992599; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lpvkjgdyslalXpG1YXfZuaGao8nlLzj+W4IExPN7byo=; b=n/27LkVcXbEIVXjsCI8xZiQozs7423/tNE5HRQTCKgYKnuZx3juLWIA8 L2yiO8sfhzlPwJVeNq/YgAtTNbyYVg==; Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Apr 2017 22:29:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,282,1488873600"; d="scan'208";a="244873901" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga004.fm.intel.com with ESMTP; 05 Apr 2017 22:29:57 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 22:29:57 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 22:29:54 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.117]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.193]) with mapi id 14.03.0319.002; Thu, 6 Apr 2017 13:29:51 +0800 From: "Wu, Jiaxin" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Fu, Siyuan" Thread-Topic: [PATCH 6/6] NetworkPkg: Convert files to CRLF line ending Thread-Index: AQHSrn0ikUM8td7Tg0WbgasHn6BBOqG30JFg Date: Thu, 6 Apr 2017 05:29:50 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B7274162BDDBD@SHSMSX103.ccr.corp.intel.com> References: <20170406022515.42504-1-hao.a.wu@intel.com> <20170406022515.42504-7-hao.a.wu@intel.com> In-Reply-To: <20170406022515.42504-7-hao.a.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTYyNjNkNDUtMWY0OC00ZjUyLTk5MWEtMzYwMjBlYjE5ZTcwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IkhaRzE0aEJQaUp3YnpmOEhPVytNbld2U0ZMXC9OYjdhRkZzUVJFVTljMVlJPSJ9 x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 6/6] NetworkPkg: Convert files to CRLF line ending X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 05:29:59 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Wu Jiaxin Thanks, Jiaxin > -----Original Message----- > From: Wu, Hao A > Sent: Thursday, April 6, 2017 10:25 AM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Fu, Siyuan ; > Wu, Jiaxin > Subject: [PATCH 6/6] NetworkPkg: Convert files to CRLF line ending >=20 > Cc: Siyuan Fu > Cc: Jiaxin Wu > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Hao Wu > --- > NetworkPkg/HttpDxe/HttpsSupport.c | 3439 +++++++++= +--------- > - > NetworkPkg/HttpDxe/HttpsSupport.h | 521 +-- > NetworkPkg/Include/Guid/TlsAuthConfigHii.h | 51 +- > NetworkPkg/Include/Guid/TlsAuthentication.h | 59 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c | 270 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 147 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni | 42 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni | 38 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni | 78 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 3377 +++++++++= - > --------- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 564 ++-- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h | 99 +- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr | 305 +- > NetworkPkg/TlsDxe/TlsConfigProtocol.c | 305 +- > NetworkPkg/TlsDxe/TlsDriver.c | 993 +++--- > NetworkPkg/TlsDxe/TlsDriver.h | 475 +-- > NetworkPkg/TlsDxe/TlsDxe.inf | 131 +- > NetworkPkg/TlsDxe/TlsDxe.uni | 50 +- > NetworkPkg/TlsDxe/TlsDxeExtra.uni | 37 +- > NetworkPkg/TlsDxe/TlsImpl.c | 653 ++-- > NetworkPkg/TlsDxe/TlsImpl.h | 631 ++-- > NetworkPkg/TlsDxe/TlsProtocol.c | 1265 +++---- > 22 files changed, 6773 insertions(+), 6757 deletions(-) >=20 > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c > b/NetworkPkg/HttpDxe/HttpsSupport.c > index f0077dd4b8..e4d9a37bee 100644 > --- a/NetworkPkg/HttpDxe/HttpsSupport.c > +++ b/NetworkPkg/HttpDxe/HttpsSupport.c > @@ -1,1719 +1,1720 @@ > -/** @file > - Miscellaneous routines specific to Https for HttpDxe driver. > - > -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> -(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "HttpDriver.h" > - > -/** > - Returns the first occurrence of a Null-terminated ASCII sub-string in = a Null- > terminated > - ASCII string and ignore case during the search process. > - > - This function scans the contents of the ASCII string specified by Stri= ng > - and returns the first occurrence of SearchString and ignore case durin= g the > search process. > - If SearchString is not found in String, then NULL is returned. If the = length of > SearchString > - is zero, then String is returned. > - > - If String is NULL, then ASSERT(). > - If SearchString is NULL, then ASSERT(). > - > - @param[in] String A pointer to a Null-terminated ASCII strin= g. > - @param[in] SearchString A pointer to a Null-terminated ASCII strin= g to > search for. > - > - @retval NULL If the SearchString does not appear in String. > - @retval others If there is a match return the first occurrenc= e of > SearchingString. > - If the length of SearchString is zero,return S= tring. > - > -**/ > -CHAR8 * > -AsciiStrCaseStr ( > - IN CONST CHAR8 *String, > - IN CONST CHAR8 *SearchString > - ) > -{ > - CONST CHAR8 *FirstMatch; > - CONST CHAR8 *SearchStringTmp; > - > - CHAR8 Src; > - CHAR8 Dst; > - > - // > - // ASSERT both strings are less long than PcdMaximumAsciiStringLength > - // > - ASSERT (AsciiStrSize (String) !=3D 0); > - ASSERT (AsciiStrSize (SearchString) !=3D 0); > - > - if (*SearchString =3D=3D '\0') { > - return (CHAR8 *) String; > - } > - > - while (*String !=3D '\0') { > - SearchStringTmp =3D SearchString; > - FirstMatch =3D String; > - > - while ((*SearchStringTmp !=3D '\0') > - && (*String !=3D '\0')) { > - Src =3D *String; > - Dst =3D *SearchStringTmp; > - > - if ((Src >=3D 'A') && (Src <=3D 'Z')) { > - Src -=3D ('A' - 'a'); > - } > - > - if ((Dst >=3D 'A') && (Dst <=3D 'Z')) { > - Dst -=3D ('A' - 'a'); > - } > - > - if (Src !=3D Dst) { > - break; > - } > - > - String++; > - SearchStringTmp++; > - } > - > - if (*SearchStringTmp =3D=3D '\0') { > - return (CHAR8 *) FirstMatch; > - } > - > - String =3D FirstMatch + 1; > - } > - > - return NULL; > -} > - > -/** > - The callback function to free the net buffer list. > - > - @param[in] Arg The opaque parameter. > - > -**/ > -VOID > -EFIAPI > -FreeNbufList ( > - IN VOID *Arg > - ) > -{ > - ASSERT (Arg !=3D NULL); > - > - NetbufFreeList ((LIST_ENTRY *) Arg); > - FreePool (Arg); > -} > - > -/** > - Check whether the Url is from Https. > - > - @param[in] Url The pointer to a HTTP or HTTPS URL strin= g. > - > - @retval TRUE The Url is from HTTPS. > - @retval FALSE The Url is from HTTP. > - > -**/ > -BOOLEAN > -IsHttpsUrl ( > - IN CHAR8 *Url > - ) > -{ > - CHAR8 *Tmp; > - > - Tmp =3D NULL; > - > - Tmp =3D AsciiStrCaseStr (Url, HTTPS_FLAG); > - if (Tmp !=3D NULL && Tmp =3D=3D Url) { > - return TRUE; > - } > - > - return FALSE; > -} > - > -/** > - Creates a Tls child handle, open EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > - > - @param[in] ImageHandle The firmware allocated handle for th= e UEFI > image. > - @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL inst= ance. > - @param[out] TlsConfiguration Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > - > - @return The child handle with opened EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > - > -**/ > -EFI_HANDLE > -EFIAPI > -TlsCreateChild ( > - IN EFI_HANDLE ImageHandle, > - OUT EFI_TLS_PROTOCOL **TlsProto, > - OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration > - ) > -{ > - EFI_STATUS Status; > - EFI_SERVICE_BINDING_PROTOCOL *TlsSb; > - EFI_HANDLE TlsChildHandle; > - > - TlsSb =3D NULL; > - TlsChildHandle =3D 0; > - > - // > - // Locate TlsServiceBinding protocol. > - // > - gBS->LocateProtocol ( > - &gEfiTlsServiceBindingProtocolGuid, > - NULL, > - (VOID **) &TlsSb > - ); > - if (TlsSb =3D=3D NULL) { > - return NULL; > - } > - > - Status =3D TlsSb->CreateChild (TlsSb, &TlsChildHandle); > - if (EFI_ERROR (Status)) { > - return NULL; > - } > - > - Status =3D gBS->OpenProtocol ( > - TlsChildHandle, > - &gEfiTlsProtocolGuid, > - (VOID **) TlsProto, > - ImageHandle, > - TlsChildHandle, > - EFI_OPEN_PROTOCOL_GET_PROTOCOL > - ); > - if (EFI_ERROR (Status)) { > - TlsSb->DestroyChild (TlsSb, TlsChildHandle); > - return NULL; > - } > - > - Status =3D gBS->OpenProtocol ( > - TlsChildHandle, > - &gEfiTlsConfigurationProtocolGuid, > - (VOID **) TlsConfiguration, > - ImageHandle, > - TlsChildHandle, > - EFI_OPEN_PROTOCOL_GET_PROTOCOL > - ); > - if (EFI_ERROR (Status)) { > - TlsSb->DestroyChild (TlsSb, TlsChildHandle); > - return NULL; > - } > - > - return TlsChildHandle; > -} > - > -/** > - Create event for the TLS receive and transmit tokens which are used to > receive and > - transmit TLS related messages. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure= . > - > - @retval EFI_SUCCESS The events are created successfully. > - @retval others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCreateTxRxEvent ( > - IN OUT HTTP_PROTOCOL *HttpInstance > - ) > -{ > - EFI_STATUS Status; > - > - if (!HttpInstance->LocalAddressIsIPv6) { > - // > - // For Tcp4TlsTxToken. > - // > - Status =3D gBS->CreateEvent ( > - EVT_NOTIFY_SIGNAL, > - TPL_NOTIFY, > - HttpCommonNotify, > - &HttpInstance->TlsIsTxDone, > - &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event > - ); > - if (EFI_ERROR (Status)) { > - goto ERROR; > - } > - > - HttpInstance->Tcp4TlsTxData.Push =3D TRUE; > - HttpInstance->Tcp4TlsTxData.Urgent =3D FALSE; > - HttpInstance->Tcp4TlsTxData.DataLength =3D 0; > - HttpInstance->Tcp4TlsTxData.FragmentCount =3D 1; > - HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp4TlsTxData.DataLength; > - HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer =3D NULL= ; > - HttpInstance->Tcp4TlsTxToken.Packet.TxData =3D &HttpInstance- > >Tcp4TlsTxData; > - HttpInstance->Tcp4TlsTxToken.CompletionToken.Status =3D > EFI_NOT_READY; > - > - // > - // For Tcp4TlsRxToken. > - // > - Status =3D gBS->CreateEvent ( > - EVT_NOTIFY_SIGNAL, > - TPL_NOTIFY, > - HttpCommonNotify, > - &HttpInstance->TlsIsRxDone, > - &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event > - ); > - if (EFI_ERROR (Status)) { > - goto ERROR; > - } > - > - HttpInstance->Tcp4TlsRxData.DataLength =3D 0; > - HttpInstance->Tcp4TlsRxData.FragmentCount =3D 1; > - HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp4TlsRxData.DataLength ; > - HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer =3D NUL= L; > - HttpInstance->Tcp4TlsRxToken.Packet.RxData =3D &HttpInstanc= e- > >Tcp4TlsRxData; > - HttpInstance->Tcp4TlsRxToken.CompletionToken.Status =3D > EFI_NOT_READY; > - } else { > - // > - // For Tcp6TlsTxToken. > - // > - Status =3D gBS->CreateEvent ( > - EVT_NOTIFY_SIGNAL, > - TPL_NOTIFY, > - HttpCommonNotify, > - &HttpInstance->TlsIsTxDone, > - &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event > - ); > - if (EFI_ERROR (Status)) { > - goto ERROR; > - } > - > - HttpInstance->Tcp6TlsTxData.Push =3D TRUE; > - HttpInstance->Tcp6TlsTxData.Urgent =3D FALSE; > - HttpInstance->Tcp6TlsTxData.DataLength =3D 0; > - HttpInstance->Tcp6TlsTxData.FragmentCount =3D 1; > - HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp6TlsTxData.DataLength; > - HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer =3D NULL= ; > - HttpInstance->Tcp6TlsTxToken.Packet.TxData =3D &HttpInstance- > >Tcp6TlsTxData; > - HttpInstance->Tcp6TlsTxToken.CompletionToken.Status =3D > EFI_NOT_READY; > - > - // > - // For Tcp6TlsRxToken. > - // > - Status =3D gBS->CreateEvent ( > - EVT_NOTIFY_SIGNAL, > - TPL_NOTIFY, > - HttpCommonNotify, > - &HttpInstance->TlsIsRxDone, > - &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event > - ); > - if (EFI_ERROR (Status)) { > - goto ERROR; > - } > - > - HttpInstance->Tcp6TlsRxData.DataLength =3D 0; > - HttpInstance->Tcp6TlsRxData.FragmentCount =3D 1; > - HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp6TlsRxData.DataLength ; > - HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer =3D NUL= L; > - HttpInstance->Tcp6TlsRxToken.Packet.RxData =3D &HttpInstanc= e- > >Tcp6TlsRxData; > - HttpInstance->Tcp6TlsRxToken.CompletionToken.Status =3D > EFI_NOT_READY; > - } > - > - return Status; > - > -ERROR: > - // > - // Error handling > - // > - TlsCloseTxRxEvent (HttpInstance); > - > - return Status; > -} > - > -/** > - Close events in the TlsTxToken and TlsRxToken. > - > - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. > - > -**/ > -VOID > -EFIAPI > -TlsCloseTxRxEvent ( > - IN HTTP_PROTOCOL *HttpInstance > - ) > -{ > - ASSERT (HttpInstance !=3D NULL); > - if (!HttpInstance->LocalAddressIsIPv6) { > - if (NULL !=3D HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) { > - gBS->CloseEvent(HttpInstance- > >Tcp4TlsTxToken.CompletionToken.Event); > - HttpInstance->Tcp4TlsTxToken.CompletionToken.Event =3D NULL; > - } > - > - if (NULL !=3D HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) { > - gBS->CloseEvent (HttpInstance- > >Tcp4TlsRxToken.CompletionToken.Event); > - HttpInstance->Tcp4TlsRxToken.CompletionToken.Event =3D NULL; > - } > - } else { > - if (NULL !=3D HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) { > - gBS->CloseEvent(HttpInstance- > >Tcp6TlsTxToken.CompletionToken.Event); > - HttpInstance->Tcp6TlsTxToken.CompletionToken.Event =3D NULL; > - } > - > - if (NULL !=3D HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) { > - gBS->CloseEvent (HttpInstance- > >Tcp6TlsRxToken.CompletionToken.Event); > - HttpInstance->Tcp6TlsRxToken.CompletionToken.Event =3D NULL; > - } > - } > -} > - > -/** > - Read the TlsCaCertificate variable and configure it. > - > - @param[in, out] HttpInstance The HTTP instance private data. > - > - @retval EFI_SUCCESS TlsCaCertificate is configured. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable= . > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -TlsConfigCertificate ( > - IN OUT HTTP_PROTOCOL *HttpInstance > - ) > -{ > - EFI_STATUS Status; > - UINT8 *CACert; > - UINTN CACertSize; > - UINT32 Index; > - EFI_SIGNATURE_LIST *CertList; > - EFI_SIGNATURE_DATA *Cert; > - UINTN CertCount; > - UINT32 ItemDataSize; > - > - CACert =3D NULL; > - CACertSize =3D 0; > - > - // > - // Try to read the TlsCaCertificate variable. > - // > - Status =3D gRT->GetVariable ( > - EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &gEfiTlsCaCertificateGuid, > - NULL, > - &CACertSize, > - NULL > - ); > - > - if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { > - return Status; > - } > - > - // > - // Allocate buffer and read the config variable. > - // > - CACert =3D AllocatePool (CACertSize); > - if (CACert =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - Status =3D gRT->GetVariable ( > - EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &gEfiTlsCaCertificateGuid, > - NULL, > - &CACertSize, > - CACert > - ); > - if (EFI_ERROR (Status)) { > - // > - // GetVariable still error or the variable is corrupted. > - // Fall back to the default value. > - // > - FreePool (CACert); > - > - return EFI_NOT_FOUND; > - } > - > - ASSERT (CACert !=3D NULL); > - > - // > - // Enumerate all data and erasing the target item. > - // > - ItemDataSize =3D (UINT32) CACertSize; > - CertList =3D (EFI_SIGNATURE_LIST *) CACert; > - while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > - Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof > (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); > - CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > - for (Index =3D 0; Index < CertCount; Index++) { > - // > - // EfiTlsConfigDataTypeCACertificate > - // > - Status =3D HttpInstance->TlsConfiguration->SetData ( > - HttpInstance->TlsConfig= uration, > - EfiTlsConfigDataTypeCAC= ertificate, > - Cert->SignatureData, > - CertList->SignatureSize= - sizeof (Cert- > >SignatureOwner) > - ); > - if (EFI_ERROR (Status)) { > - FreePool (CACert); > - return Status; > - } > - > - Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList- > >SignatureSize); > - } > - > - ItemDataSize -=3D CertList->SignatureListSize; > - CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > - } > - > - FreePool (CACert); > - return Status; > -} > - > -/** > - Configure TLS session data. > - > - @param[in, out] HttpInstance The HTTP instance private data. > - > - @retval EFI_SUCCESS TLS session data is configured. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsConfigureSession ( > - IN OUT HTTP_PROTOCOL *HttpInstance > - ) > -{ > - EFI_STATUS Status; > - > - // > - // TlsConfigData initialization > - // > - HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; > - HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER; > - HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStarted; > - > - // > - // EfiTlsConnectionEnd, > - // EfiTlsVerifyMethod > - // EfiTlsSessionState > - // > - Status =3D HttpInstance->Tls->SetSessionData ( > - HttpInstance->Tls, > - EfiTlsConnectionEnd, > - &(HttpInstance->TlsConfigData.Connection= End), > - sizeof (EFI_TLS_CONNECTION_END) > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - Status =3D HttpInstance->Tls->SetSessionData ( > - HttpInstance->Tls, > - EfiTlsVerifyMethod, > - &HttpInstance->TlsConfigData.VerifyMetho= d, > - sizeof (EFI_TLS_VERIFY) > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - Status =3D HttpInstance->Tls->SetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - &(HttpInstance->TlsConfigData.SessionSta= te), > - sizeof (EFI_TLS_SESSION_STATE) > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - // > - // Tls Config Certificate > - // > - Status =3D TlsConfigCertificate (HttpInstance); > - if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n")); > - return Status; > - } > - > - // > - // TlsCreateTxRxEvent > - // > - Status =3D TlsCreateTxRxEvent (HttpInstance); > - if (EFI_ERROR (Status)) { > - goto ERROR; > - } > - > - return Status; > - > -ERROR: > - TlsCloseTxRxEvent (HttpInstance); > - > - return Status; > -} > - > -/** > - Transmit the Packet by processing the associated HTTPS token. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > - @param[in] Packet The packet to transmit. > - > - @retval EFI_SUCCESS The packet is transmitted. > - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_DEVICE_ERROR An unexpected system or network error > occurred. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCommonTransmit ( > - IN OUT HTTP_PROTOCOL *HttpInstance, > - IN NET_BUF *Packet > - ) > -{ > - EFI_STATUS Status; > - VOID *Data; > - UINTN Size; > - > - if ((HttpInstance =3D=3D NULL) || (Packet =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - if (!HttpInstance->LocalAddressIsIPv6) { > - Size =3D sizeof (EFI_TCP4_TRANSMIT_DATA) + > - (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA); > - } else { > - Size =3D sizeof (EFI_TCP6_TRANSMIT_DATA) + > - (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA); > - } > - > - Data =3D AllocatePool (Size); > - if (Data =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - if (!HttpInstance->LocalAddressIsIPv6) { > - ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push =3D TRUE; > - ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent =3D FALSE; > - ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength =3D Packet->TotalSize= ; > - > - // > - // Build the fragment table. > - // > - ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount =3D Packet- > >BlockOpNum; > - > - NetbufBuildExt ( > - Packet, > - (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)- > >FragmentTable[0], > - &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount > - ); > - > - HttpInstance->Tcp4TlsTxToken.Packet.TxData =3D > (EFI_TCP4_TRANSMIT_DATA *) Data; > - > - Status =3D EFI_DEVICE_ERROR; > - > - // > - // Transmit the packet. > - // > - Status =3D HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4, > &HttpInstance->Tcp4TlsTxToken); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - while (!HttpInstance->TlsIsTxDone) { > - HttpInstance->Tcp4->Poll (HttpInstance->Tcp4); > - } > - > - HttpInstance->TlsIsTxDone =3D FALSE; > - Status =3D HttpInstance->Tcp4TlsTxToken.CompletionToken.Status; > - } else { > - ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push =3D TRUE; > - ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent =3D FALSE; > - ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength =3D Packet->TotalSize= ; > - > - // > - // Build the fragment table. > - // > - ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount =3D Packet- > >BlockOpNum; > - > - NetbufBuildExt ( > - Packet, > - (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)- > >FragmentTable[0], > - &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount > - ); > - > - HttpInstance->Tcp6TlsTxToken.Packet.TxData =3D > (EFI_TCP6_TRANSMIT_DATA *) Data; > - > - Status =3D EFI_DEVICE_ERROR; > - > - // > - // Transmit the packet. > - // > - Status =3D HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6, > &HttpInstance->Tcp6TlsTxToken); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - while (!HttpInstance->TlsIsTxDone) { > - HttpInstance->Tcp6->Poll (HttpInstance->Tcp6); > - } > - > - HttpInstance->TlsIsTxDone =3D FALSE; > - Status =3D HttpInstance->Tcp6TlsTxToken.CompletionToken.Status; > - } > - > -ON_EXIT: > - FreePool (Data); > - > - return Status; > -} > - > -/** > - Receive the Packet by processing the associated HTTPS token. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > - @param[in] Packet The packet to transmit. > - @param[in] Timeout The time to wait for connection done= . > - > - @retval EFI_SUCCESS The Packet is received. > - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_TIMEOUT The operation is time out. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCommonReceive ( > - IN OUT HTTP_PROTOCOL *HttpInstance, > - IN NET_BUF *Packet, > - IN EFI_EVENT Timeout > - ) > -{ > - EFI_TCP4_RECEIVE_DATA *Tcp4RxData; > - EFI_TCP6_RECEIVE_DATA *Tcp6RxData; > - EFI_STATUS Status; > - NET_FRAGMENT *Fragment; > - UINT32 FragmentCount; > - UINT32 CurrentFragment; > - > - Tcp4RxData =3D NULL; > - Tcp6RxData =3D NULL; > - > - if ((HttpInstance =3D=3D NULL) || (Packet =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - FragmentCount =3D Packet->BlockOpNum; > - Fragment =3D AllocatePool (FragmentCount * sizeof (NET_FRAGMENT))= ; > - if (Fragment =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // Build the fragment table. > - // > - NetbufBuildExt (Packet, Fragment, &FragmentCount); > - > - if (!HttpInstance->LocalAddressIsIPv6) { > - Tcp4RxData =3D HttpInstance->Tcp4TlsRxToken.Packet.RxData; > - if (Tcp4RxData =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - Tcp4RxData->FragmentCount =3D 1; > - } else { > - Tcp6RxData =3D HttpInstance->Tcp6TlsRxToken.Packet.RxData; > - if (Tcp6RxData =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - Tcp6RxData->FragmentCount =3D 1; > - } > - > - CurrentFragment =3D 0; > - Status =3D EFI_SUCCESS; > - > - while (CurrentFragment < FragmentCount) { > - if (!HttpInstance->LocalAddressIsIPv6) { > - Tcp4RxData->DataLength =3D Fragment[CurrentF= ragment].Len; > - Tcp4RxData->FragmentTable[0].FragmentLength =3D > Fragment[CurrentFragment].Len; > - Tcp4RxData->FragmentTable[0].FragmentBuffer =3D > Fragment[CurrentFragment].Bulk; > - Status =3D HttpInstance->Tcp4->Receive (HttpInstance->Tcp4, > &HttpInstance->Tcp4TlsRxToken); > - } else { > - Tcp6RxData->DataLength =3D Fragment[CurrentF= ragment].Len; > - Tcp6RxData->FragmentTable[0].FragmentLength =3D > Fragment[CurrentFragment].Len; > - Tcp6RxData->FragmentTable[0].FragmentBuffer =3D > Fragment[CurrentFragment].Bulk; > - Status =3D HttpInstance->Tcp6->Receive (HttpInstance->Tcp6, > &HttpInstance->Tcp6TlsRxToken); > - } > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - while (!HttpInstance->TlsIsRxDone && ((Timeout =3D=3D NULL) || EFI_E= RROR > (gBS->CheckEvent (Timeout)))) { > - // > - // Poll until some data is received or an error occurs. > - // > - if (!HttpInstance->LocalAddressIsIPv6) { > - HttpInstance->Tcp4->Poll (HttpInstance->Tcp4); > - } else { > - HttpInstance->Tcp6->Poll (HttpInstance->Tcp6); > - } > - } > - > - if (!HttpInstance->TlsIsRxDone) { > - // > - // Timeout occurs, cancel the receive request. > - // > - if (!HttpInstance->LocalAddressIsIPv6) { > - HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance- > >Tcp4TlsRxToken.CompletionToken); > - } else { > - HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance- > >Tcp6TlsRxToken.CompletionToken); > - } > - > - Status =3D EFI_TIMEOUT; > - goto ON_EXIT; > - } else { > - HttpInstance->TlsIsRxDone =3D FALSE; > - } > - > - if (!HttpInstance->LocalAddressIsIPv6) { > - Status =3D HttpInstance->Tcp4TlsRxToken.CompletionToken.Status; > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - Fragment[CurrentFragment].Len -=3D Tcp4RxData- > >FragmentTable[0].FragmentLength; > - if (Fragment[CurrentFragment].Len =3D=3D 0) { > - CurrentFragment++; > - } else { > - Fragment[CurrentFragment].Bulk +=3D Tcp4RxData- > >FragmentTable[0].FragmentLength; > - } > - } else { > - Status =3D HttpInstance->Tcp6TlsRxToken.CompletionToken.Status; > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - Fragment[CurrentFragment].Len -=3D Tcp6RxData- > >FragmentTable[0].FragmentLength; > - if (Fragment[CurrentFragment].Len =3D=3D 0) { > - CurrentFragment++; > - } else { > - Fragment[CurrentFragment].Bulk +=3D Tcp6RxData- > >FragmentTable[0].FragmentLength; > - } > - } > - } > - > -ON_EXIT: > - > - if (Fragment !=3D NULL) { > - FreePool (Fragment); > - } > - > - return Status; > -} > - > -/** > - Receive one TLS PDU. An TLS PDU contains an TLS record header and it's > - corresponding record data. These two parts will be put into two blocks= of > buffers in the > - net buffer. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > - @param[out] Pdu The received TLS PDU. > - @param[in] Timeout The time to wait for connection d= one. > - > - @retval EFI_SUCCESS An TLS PDU is received. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsReceiveOnePdu ( > - IN OUT HTTP_PROTOCOL *HttpInstance, > - OUT NET_BUF **Pdu, > - IN EFI_EVENT Timeout > - ) > -{ > - EFI_STATUS Status; > - > - LIST_ENTRY *NbufList; > - > - UINT32 Len; > - > - NET_BUF *PduHdr; > - UINT8 *Header; > - TLS_RECORD_HEADER RecordHeader; > - > - NET_BUF *DataSeg; > - > - NbufList =3D NULL; > - PduHdr =3D NULL; > - Header =3D NULL; > - DataSeg =3D NULL; > - > - NbufList =3D AllocatePool (sizeof (LIST_ENTRY)); > - if (NbufList =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - InitializeListHead (NbufList); > - > - // > - // Allocate buffer to receive one TLS header. > - // > - Len =3D sizeof (TLS_RECORD_HEADER); > - PduHdr =3D NetbufAlloc (Len); > - if (PduHdr =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - Header =3D NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL); > - if (Header =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // First step, receive one TLS header. > - // > - Status =3D TlsCommonReceive (HttpInstance, PduHdr, Timeout); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - RecordHeader =3D *(TLS_RECORD_HEADER *) Header; > - if ((RecordHeader.ContentType =3D=3D TlsContentTypeHandshake || > - RecordHeader.ContentType =3D=3D TlsContentTypeAlert || > - RecordHeader.ContentType =3D=3D TlsContentTypeChangeCipherSpec || > - RecordHeader.ContentType =3D=3D TlsContentTypeApplicationData) && > - (RecordHeader.Version.Major =3D=3D 0x03) && /// Major versions are s= ame. > - (RecordHeader.Version.Minor =3D=3D TLS10_PROTOCOL_VERSION_MINOR || > - RecordHeader.Version.Minor =3D=3DTLS11_PROTOCOL_VERSION_MINOR || > - RecordHeader.Version.Minor =3D=3D TLS12_PROTOCOL_VERSION_MINOR) > - ) { > - InsertTailList (NbufList, &PduHdr->List); > - } else { > - Status =3D EFI_PROTOCOL_ERROR; > - goto ON_EXIT; > - } > - > - Len =3D SwapBytes16(RecordHeader.Length); > - if (Len =3D=3D 0) { > - // > - // No TLS payload. > - // > - goto FORM_PDU; > - } > - > - // > - // Allocate buffer to receive one TLS payload. > - // > - DataSeg =3D NetbufAlloc (Len); > - if (DataSeg =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL); > - > - // > - // Second step, receive one TLS payload. > - // > - Status =3D TlsCommonReceive (HttpInstance, DataSeg, Timeout); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - InsertTailList (NbufList, &DataSeg->List); > - > -FORM_PDU: > - // > - // Form the PDU from a list of PDU. > - // > - *Pdu =3D NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList); > - if (*Pdu =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - } > - > -ON_EXIT: > - > - if (EFI_ERROR (Status)) { > - // > - // Free the Nbufs in this NbufList and the NbufList itself. > - // > - FreeNbufList (NbufList); > - } > - > - return Status; > -} > - > -/** > - Connect one TLS session by finishing the TLS handshake process. > - > - @param[in] HttpInstance The HTTP instance private data. > - @param[in] Timeout The time to wait for connection done. > - > - @retval EFI_SUCCESS The TLS session is established. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED TLS session state is incorrect. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsConnectSession ( > - IN HTTP_PROTOCOL *HttpInstance, > - IN EFI_EVENT Timeout > - ) > -{ > - EFI_STATUS Status; > - UINT8 *BufferOut; > - UINTN BufferOutSize; > - NET_BUF *PacketOut; > - UINT8 *DataOut; > - NET_BUF *Pdu; > - UINT8 *BufferIn; > - UINTN BufferInSize; > - UINT8 *GetSessionDataBuffer; > - UINTN GetSessionDataBufferSize; > - > - BufferOut =3D NULL; > - PacketOut =3D NULL; > - DataOut =3D NULL; > - Pdu =3D NULL; > - BufferIn =3D NULL; > - > - // > - // Initialize TLS state. > - // > - HttpInstance->TlsSessionState =3D EfiTlsSessionNotStarted; > - Status =3D HttpInstance->Tls->SetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - &(HttpInstance->TlsSessionState), > - sizeof (EFI_TLS_SESSION_STATE) > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - // > - // Create ClientHello > - // > - BufferOutSize =3D DEF_BUF_LEN; > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - NULL, > - 0, > - BufferOut, > - &BufferOutSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (BufferOut); > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - NULL, > - 0, > - BufferOut, > - &BufferOutSize > - ); > - } > - if (EFI_ERROR (Status)) { > - FreePool (BufferOut); > - return Status; > - } > - > - // > - // Transmit ClientHello > - // > - PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > - DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > - if (DataOut =3D=3D NULL) { > - FreePool (BufferOut); > - return EFI_OUT_OF_RESOURCES; > - } > - > - CopyMem (DataOut, BufferOut, BufferOutSize); > - Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > - > - FreePool (BufferOut); > - NetbufFree (PacketOut); > - > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - while(HttpInstance->TlsSessionState !=3D EfiTlsSessionDataTransferring= && \ > - ((Timeout =3D=3D NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) { > - // > - // Receive one TLS record. > - // > - Status =3D TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - BufferInSize =3D Pdu->TotalSize; > - BufferIn =3D AllocateZeroPool (BufferInSize); > - if (BufferIn =3D=3D NULL) { > - NetbufFree (Pdu); > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn); > - > - NetbufFree (Pdu); > - > - // > - // Handle Receive data. > - // > - BufferOutSize =3D DEF_BUF_LEN; > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - BufferIn, > - BufferInSize, > - BufferOut, > - &BufferOutSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (BufferOut); > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - FreePool (BufferIn); > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - BufferIn, > - BufferInSize, > - BufferOut, > - &BufferOutSize > - ); > - } > - > - FreePool (BufferIn); > - > - if (EFI_ERROR (Status)) { > - FreePool (BufferOut); > - return Status; > - } > - > - if (BufferOutSize !=3D 0) { > - // > - // Transmit the response packet. > - // > - PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > - DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > - if (DataOut =3D=3D NULL) { > - FreePool (BufferOut); > - return EFI_OUT_OF_RESOURCES; > - } > - > - CopyMem (DataOut, BufferOut, BufferOutSize); > - > - Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > - > - NetbufFree (PacketOut); > - > - if (EFI_ERROR (Status)) { > - FreePool (BufferOut); > - return Status; > - } > - } > - > - FreePool (BufferOut); > - > - // > - // Get the session state, then decide whether need to continue handl= e > received packet. > - // > - GetSessionDataBufferSize =3D DEF_BUF_LEN; > - GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSize)= ; > - if (GetSessionDataBuffer =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->GetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - GetSessionDataBuffer, > - &GetSessionDataBufferSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (GetSessionDataBuffer); > - GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSi= ze); > - if (GetSessionDataBuffer =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->GetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - GetSessionDataBuffer, > - &GetSessionDataBufferSize > - ); > - } > - if (EFI_ERROR (Status)) { > - FreePool(GetSessionDataBuffer); > - return Status; > - } > - > - ASSERT(GetSessionDataBufferSize =3D=3D sizeof (EFI_TLS_SESSION_STATE= )); > - HttpInstance->TlsSessionState =3D *(EFI_TLS_SESSION_STATE *) > GetSessionDataBuffer; > - > - FreePool (GetSessionDataBuffer); > - > - if(HttpInstance->TlsSessionState =3D=3D EfiTlsSessionError) { > - return EFI_ABORTED; > - } > - } > - > - if (HttpInstance->TlsSessionState !=3D EfiTlsSessionDataTransferring) = { > - Status =3D EFI_ABORTED; > - } > - > - return Status; > -} > - > -/** > - Close the TLS session and send out the close notification message. > - > - @param[in] HttpInstance The HTTP instance private data. > - > - @retval EFI_SUCCESS The TLS session is closed. > - @retval EFI_INVALID_PARAMETER HttpInstance is NULL. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCloseSession ( > - IN HTTP_PROTOCOL *HttpInstance > - ) > -{ > - EFI_STATUS Status; > - > - UINT8 *BufferOut; > - UINTN BufferOutSize; > - > - NET_BUF *PacketOut; > - UINT8 *DataOut; > - > - Status =3D EFI_SUCCESS; > - BufferOut =3D NULL; > - PacketOut =3D NULL; > - DataOut =3D NULL; > - > - if (HttpInstance =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - > - HttpInstance->TlsSessionState =3D EfiTlsSessionClosing; > - > - Status =3D HttpInstance->Tls->SetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - &(HttpInstance->TlsSessionState), > - sizeof (EFI_TLS_SESSION_STATE) > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - BufferOutSize =3D DEF_BUF_LEN; > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - NULL, > - 0, > - BufferOut, > - &BufferOutSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (BufferOut); > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - NULL, > - 0, > - BufferOut, > - &BufferOutSize > - ); > - } > - > - if (EFI_ERROR (Status)) { > - FreePool (BufferOut); > - return Status; > - } > - > - PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > - DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > - if (DataOut =3D=3D NULL) { > - FreePool (BufferOut); > - return EFI_OUT_OF_RESOURCES; > - } > - > - CopyMem (DataOut, BufferOut, BufferOutSize); > - > - Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > - > - FreePool (BufferOut); > - NetbufFree (PacketOut); > - > - return Status; > -} > - > -/** > - Process one message according to the CryptMode. > - > - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > - @param[in] Message Pointer to the message buffer nee= ded to > processed. > - @param[in] MessageSize Pointer to the message buffer siz= e. > - @param[in] ProcessMode Process mode. > - @param[in, out] Fragment Only one Fragment returned after = the > Message is > - processed successfully. > - > - @retval EFI_SUCCESS Message is processed successfully. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsProcessMessage ( > - IN HTTP_PROTOCOL *HttpInstance, > - IN UINT8 *Message, > - IN UINTN MessageSize, > - IN EFI_TLS_CRYPT_MODE ProcessMode, > - IN OUT NET_FRAGMENT *Fragment > - ) > -{ > - EFI_STATUS Status; > - UINT8 *Buffer; > - UINT32 BufferSize; > - UINT32 BytesCopied; > - EFI_TLS_FRAGMENT_DATA *FragmentTable; > - UINT32 FragmentCount; > - EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable; > - UINTN Index; > - > - Status =3D EFI_SUCCESS; > - Buffer =3D NULL; > - BufferSize =3D 0; > - BytesCopied =3D 0; > - FragmentTable =3D NULL; > - OriginalFragmentTable =3D NULL; > - > - // > - // Rebuild fragment table from BufferIn. > - // > - FragmentCount =3D 1; > - FragmentTable =3D AllocateZeroPool (FragmentCount * sizeof > (EFI_TLS_FRAGMENT_DATA)); > - if (FragmentTable =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - FragmentTable->FragmentLength =3D (UINT32) MessageSize; > - FragmentTable->FragmentBuffer =3D Message; > - > - // > - // Record the original FragmentTable. > - // > - OriginalFragmentTable =3D FragmentTable; > - > - // > - // Process the Message. > - // > - Status =3D HttpInstance->Tls->ProcessPacket ( > - HttpInstance->Tls, > - &FragmentTable, > - &FragmentCount, > - ProcessMode > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - // > - // Calculate the size according to FragmentTable. > - // > - for (Index =3D 0; Index < FragmentCount; Index++) { > - BufferSize +=3D FragmentTable[Index].FragmentLength; > - } > - > - // > - // Allocate buffer for processed data. > - // > - Buffer =3D AllocateZeroPool (BufferSize); > - if (Buffer =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // Copy the new FragmentTable buffer into Buffer. > - // > - for (Index =3D 0; Index < FragmentCount; Index++) { > - CopyMem ( > - (Buffer + BytesCopied), > - FragmentTable[Index].FragmentBuffer, > - FragmentTable[Index].FragmentLength > - ); > - BytesCopied +=3D FragmentTable[Index].FragmentLength; > - > - // > - // Free the FragmentBuffer since it has been copied. > - // > - FreePool (FragmentTable[Index].FragmentBuffer); > - } > - > - Fragment->Len =3D BufferSize; > - Fragment->Bulk =3D Buffer; > - > -ON_EXIT: > - > - if (OriginalFragmentTable !=3D NULL) { > - FreePool (OriginalFragmentTable); > - OriginalFragmentTable =3D NULL; > - } > - > - // > - // Caller has the responsibility to free the FragmentTable. > - // > - if (FragmentTable !=3D NULL) { > - FreePool (FragmentTable); > - FragmentTable =3D NULL; > - } > - > - return Status; > -} > - > -/** > - Receive one fragment decrypted from one TLS record. > - > - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > - @param[in, out] Fragment The received Fragment. > - @param[in] Timeout The time to wait for connection d= one. > - > - @retval EFI_SUCCESS One fragment is received. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED Something wrong decryption the message. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -HttpsReceive ( > - IN HTTP_PROTOCOL *HttpInstance, > - IN OUT NET_FRAGMENT *Fragment, > - IN EFI_EVENT Timeout > - ) > -{ > - EFI_STATUS Status; > - NET_BUF *Pdu; > - TLS_RECORD_HEADER RecordHeader; > - UINT8 *BufferIn; > - UINTN BufferInSize; > - NET_FRAGMENT TempFragment; > - UINT8 *BufferOut; > - UINTN BufferOutSize; > - NET_BUF *PacketOut; > - UINT8 *DataOut; > - UINT8 *GetSessionDataBuffer; > - UINTN GetSessionDataBufferSize; > - > - Status =3D EFI_SUCCESS; > - Pdu =3D NULL; > - BufferIn =3D NULL; > - BufferInSize =3D 0; > - BufferOut =3D NULL; > - BufferOutSize =3D 0; > - PacketOut =3D NULL; > - DataOut =3D NULL; > - GetSessionDataBuffer =3D NULL; > - GetSessionDataBufferSize =3D 0; > - > - // > - // Receive only one TLS record > - // > - Status =3D TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - BufferInSize =3D Pdu->TotalSize; > - BufferIn =3D AllocateZeroPool (BufferInSize); > - if (BufferIn =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - NetbufFree (Pdu); > - return Status; > - } > - > - NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn); > - > - NetbufFree (Pdu); > - > - // > - // Handle Receive data. > - // > - RecordHeader =3D *(TLS_RECORD_HEADER *) BufferIn; > - > - if ((RecordHeader.ContentType =3D=3D TlsContentTypeApplicationData) && > - (RecordHeader.Version.Major =3D=3D 0x03) && > - (RecordHeader.Version.Minor =3D=3D TLS10_PROTOCOL_VERSION_MINOR || > - RecordHeader.Version.Minor =3D=3D TLS11_PROTOCOL_VERSION_MINOR || > - RecordHeader.Version.Minor =3D=3D TLS12_PROTOCOL_VERSION_MINOR) > - ) { > - // > - // Decrypt Packet. > - // > - Status =3D TlsProcessMessage ( > - HttpInstance, > - BufferIn, > - BufferInSize, > - EfiTlsDecrypt, > - &TempFragment > - ); > - > - FreePool (BufferIn); > - > - if (EFI_ERROR (Status)) { > - if (Status =3D=3D EFI_ABORTED) { > - // > - // Something wrong decryption the message. > - // BuildResponsePacket() will be called to generate Error Alert = message > and send it out. > - // > - BufferOutSize =3D DEF_BUF_LEN; > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - NULL, > - 0, > - BufferOut, > - &BufferOutSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (BufferOut); > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - NULL, > - 0, > - BufferOut, > - &BufferOutSize > - ); > - } > - if (EFI_ERROR (Status)) { > - FreePool(BufferOut); > - return Status; > - } > - > - if (BufferOutSize !=3D 0) { > - PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); > - DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSiz= e, > NET_BUF_TAIL); > - if (DataOut =3D=3D NULL) { > - FreePool (BufferOut); > - return EFI_OUT_OF_RESOURCES; > - } > - > - CopyMem (DataOut, BufferOut, BufferOutSize); > - > - Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > - > - NetbufFree (PacketOut); > - } > - > - FreePool(BufferOut); > - > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - return EFI_ABORTED; > - } > - > - return Status; > - } > - > - // > - // Parsing buffer. > - // > - ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType > =3D=3D TlsContentTypeApplicationData); > - > - BufferInSize =3D ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length= ; > - BufferIn =3D AllocateZeroPool (BufferInSize); > - if (BufferIn =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), > BufferInSize); > - > - // > - // Free the buffer in TempFragment. > - // > - FreePool (TempFragment.Bulk); > - > - } else if ((RecordHeader.ContentType =3D=3D TlsContentTypeAlert) && > - (RecordHeader.Version.Major =3D=3D 0x03) && > - (RecordHeader.Version.Minor =3D=3D TLS10_PROTOCOL_VERSION_MINOR || > - RecordHeader.Version.Minor =3D=3D TLS11_PROTOCOL_VERSION_MINOR || > - RecordHeader.Version.Minor =3D=3D TLS12_PROTOCOL_VERSION_MINOR) > - ) { > - BufferOutSize =3D DEF_BUF_LEN; > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - FreePool (BufferIn); > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - BufferIn, > - BufferInSize, > - BufferOut, > - &BufferOutSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (BufferOut); > - BufferOut =3D AllocateZeroPool (BufferOutSize); > - if (BufferOut =3D=3D NULL) { > - FreePool (BufferIn); > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->BuildResponsePacket ( > - HttpInstance->Tls, > - BufferIn, > - BufferInSize, > - BufferOut, > - &BufferOutSize > - ); > - } > - > - FreePool (BufferIn); > - > - if (EFI_ERROR (Status)) { > - FreePool (BufferOut); > - return Status; > - } > - > - if (BufferOutSize !=3D 0) { > - PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > - DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > - if (DataOut =3D=3D NULL) { > - FreePool (BufferOut); > - return EFI_OUT_OF_RESOURCES; > - } > - > - CopyMem (DataOut, BufferOut, BufferOutSize); > - > - Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > - > - NetbufFree (PacketOut); > - } > - > - FreePool (BufferOut); > - > - // > - // Get the session state. > - // > - GetSessionDataBufferSize =3D DEF_BUF_LEN; > - GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSize)= ; > - if (GetSessionDataBuffer =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->GetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - GetSessionDataBuffer, > - &GetSessionDataBufferSize > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - FreePool (GetSessionDataBuffer); > - GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSi= ze); > - if (GetSessionDataBuffer =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - return Status; > - } > - > - Status =3D HttpInstance->Tls->GetSessionData ( > - HttpInstance->Tls, > - EfiTlsSessionState, > - GetSessionDataBuffer, > - &GetSessionDataBufferSize > - ); > - } > - if (EFI_ERROR (Status)) { > - FreePool (GetSessionDataBuffer); > - return Status; > - } > - > - ASSERT(GetSessionDataBufferSize =3D=3D sizeof (EFI_TLS_SESSION_STATE= )); > - HttpInstance->TlsSessionState =3D *(EFI_TLS_SESSION_STATE *) > GetSessionDataBuffer; > - > - FreePool (GetSessionDataBuffer); > - > - if(HttpInstance->TlsSessionState =3D=3D EfiTlsSessionError) { > - DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n")); > - return EFI_ABORTED; > - } > - > - BufferIn =3D NULL; > - BufferInSize =3D 0; > - } > - > - Fragment->Bulk =3D BufferIn; > - Fragment->Len =3D (UINT32) BufferInSize; > - > - return Status; > -} > +/** @file > + Miscellaneous routines specific to Https for HttpDxe driver. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "HttpDriver.h" > + > +/** > + Returns the first occurrence of a Null-terminated ASCII sub-string in = a Null- > terminated > + ASCII string and ignore case during the search process. > + > + This function scans the contents of the ASCII string specified by Stri= ng > + and returns the first occurrence of SearchString and ignore case durin= g the > search process. > + If SearchString is not found in String, then NULL is returned. If the = length of > SearchString > + is zero, then String is returned. > + > + If String is NULL, then ASSERT(). > + If SearchString is NULL, then ASSERT(). > + > + @param[in] String A pointer to a Null-terminated ASCII strin= g. > + @param[in] SearchString A pointer to a Null-terminated ASCII strin= g to > search for. > + > + @retval NULL If the SearchString does not appear in String. > + @retval others If there is a match return the first occurrenc= e of > SearchingString. > + If the length of SearchString is zero,return S= tring. > + > +**/ > +CHAR8 * > +AsciiStrCaseStr ( > + IN CONST CHAR8 *String, > + IN CONST CHAR8 *SearchString > + ) > +{ > + CONST CHAR8 *FirstMatch; > + CONST CHAR8 *SearchStringTmp; > + > + CHAR8 Src; > + CHAR8 Dst; > + > + // > + // ASSERT both strings are less long than PcdMaximumAsciiStringLength > + // > + ASSERT (AsciiStrSize (String) !=3D 0); > + ASSERT (AsciiStrSize (SearchString) !=3D 0); > + > + if (*SearchString =3D=3D '\0') { > + return (CHAR8 *) String; > + } > + > + while (*String !=3D '\0') { > + SearchStringTmp =3D SearchString; > + FirstMatch =3D String; > + > + while ((*SearchStringTmp !=3D '\0') > + && (*String !=3D '\0')) { > + Src =3D *String; > + Dst =3D *SearchStringTmp; > + > + if ((Src >=3D 'A') && (Src <=3D 'Z')) { > + Src -=3D ('A' - 'a'); > + } > + > + if ((Dst >=3D 'A') && (Dst <=3D 'Z')) { > + Dst -=3D ('A' - 'a'); > + } > + > + if (Src !=3D Dst) { > + break; > + } > + > + String++; > + SearchStringTmp++; > + } > + > + if (*SearchStringTmp =3D=3D '\0') { > + return (CHAR8 *) FirstMatch; > + } > + > + String =3D FirstMatch + 1; > + } > + > + return NULL; > +} > + > +/** > + The callback function to free the net buffer list. > + > + @param[in] Arg The opaque parameter. > + > +**/ > +VOID > +EFIAPI > +FreeNbufList ( > + IN VOID *Arg > + ) > +{ > + ASSERT (Arg !=3D NULL); > + > + NetbufFreeList ((LIST_ENTRY *) Arg); > + FreePool (Arg); > +} > + > +/** > + Check whether the Url is from Https. > + > + @param[in] Url The pointer to a HTTP or HTTPS URL strin= g. > + > + @retval TRUE The Url is from HTTPS. > + @retval FALSE The Url is from HTTP. > + > +**/ > +BOOLEAN > +IsHttpsUrl ( > + IN CHAR8 *Url > + ) > +{ > + CHAR8 *Tmp; > + > + Tmp =3D NULL; > + > + Tmp =3D AsciiStrCaseStr (Url, HTTPS_FLAG); > + if (Tmp !=3D NULL && Tmp =3D=3D Url) { > + return TRUE; > + } > + > + return FALSE; > +} > + > +/** > + Creates a Tls child handle, open EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > + > + @param[in] ImageHandle The firmware allocated handle for th= e UEFI > image. > + @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL inst= ance. > + @param[out] TlsConfiguration Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + > + @return The child handle with opened EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > + > +**/ > +EFI_HANDLE > +EFIAPI > +TlsCreateChild ( > + IN EFI_HANDLE ImageHandle, > + OUT EFI_TLS_PROTOCOL **TlsProto, > + OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration > + ) > +{ > + EFI_STATUS Status; > + EFI_SERVICE_BINDING_PROTOCOL *TlsSb; > + EFI_HANDLE TlsChildHandle; > + > + TlsSb =3D NULL; > + TlsChildHandle =3D 0; > + > + // > + // Locate TlsServiceBinding protocol. > + // > + gBS->LocateProtocol ( > + &gEfiTlsServiceBindingProtocolGuid, > + NULL, > + (VOID **) &TlsSb > + ); > + if (TlsSb =3D=3D NULL) { > + return NULL; > + } > + > + Status =3D TlsSb->CreateChild (TlsSb, &TlsChildHandle); > + if (EFI_ERROR (Status)) { > + return NULL; > + } > + > + Status =3D gBS->OpenProtocol ( > + TlsChildHandle, > + &gEfiTlsProtocolGuid, > + (VOID **) TlsProto, > + ImageHandle, > + TlsChildHandle, > + EFI_OPEN_PROTOCOL_GET_PROTOCOL > + ); > + if (EFI_ERROR (Status)) { > + TlsSb->DestroyChild (TlsSb, TlsChildHandle); > + return NULL; > + } > + > + Status =3D gBS->OpenProtocol ( > + TlsChildHandle, > + &gEfiTlsConfigurationProtocolGuid, > + (VOID **) TlsConfiguration, > + ImageHandle, > + TlsChildHandle, > + EFI_OPEN_PROTOCOL_GET_PROTOCOL > + ); > + if (EFI_ERROR (Status)) { > + TlsSb->DestroyChild (TlsSb, TlsChildHandle); > + return NULL; > + } > + > + return TlsChildHandle; > +} > + > +/** > + Create event for the TLS receive and transmit tokens which are used to > receive and > + transmit TLS related messages. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure= . > + > + @retval EFI_SUCCESS The events are created successfully. > + @retval others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCreateTxRxEvent ( > + IN OUT HTTP_PROTOCOL *HttpInstance > + ) > +{ > + EFI_STATUS Status; > + > + if (!HttpInstance->LocalAddressIsIPv6) { > + // > + // For Tcp4TlsTxToken. > + // > + Status =3D gBS->CreateEvent ( > + EVT_NOTIFY_SIGNAL, > + TPL_NOTIFY, > + HttpCommonNotify, > + &HttpInstance->TlsIsTxDone, > + &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event > + ); > + if (EFI_ERROR (Status)) { > + goto ERROR; > + } > + > + HttpInstance->Tcp4TlsTxData.Push =3D TRUE; > + HttpInstance->Tcp4TlsTxData.Urgent =3D FALSE; > + HttpInstance->Tcp4TlsTxData.DataLength =3D 0; > + HttpInstance->Tcp4TlsTxData.FragmentCount =3D 1; > + HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp4TlsTxData.DataLength; > + HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer =3D NULL= ; > + HttpInstance->Tcp4TlsTxToken.Packet.TxData =3D &HttpInstance- > >Tcp4TlsTxData; > + HttpInstance->Tcp4TlsTxToken.CompletionToken.Status =3D > EFI_NOT_READY; > + > + // > + // For Tcp4TlsRxToken. > + // > + Status =3D gBS->CreateEvent ( > + EVT_NOTIFY_SIGNAL, > + TPL_NOTIFY, > + HttpCommonNotify, > + &HttpInstance->TlsIsRxDone, > + &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event > + ); > + if (EFI_ERROR (Status)) { > + goto ERROR; > + } > + > + HttpInstance->Tcp4TlsRxData.DataLength =3D 0; > + HttpInstance->Tcp4TlsRxData.FragmentCount =3D 1; > + HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp4TlsRxData.DataLength ; > + HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer =3D NUL= L; > + HttpInstance->Tcp4TlsRxToken.Packet.RxData =3D &HttpInstanc= e- > >Tcp4TlsRxData; > + HttpInstance->Tcp4TlsRxToken.CompletionToken.Status =3D > EFI_NOT_READY; > + } else { > + // > + // For Tcp6TlsTxToken. > + // > + Status =3D gBS->CreateEvent ( > + EVT_NOTIFY_SIGNAL, > + TPL_NOTIFY, > + HttpCommonNotify, > + &HttpInstance->TlsIsTxDone, > + &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event > + ); > + if (EFI_ERROR (Status)) { > + goto ERROR; > + } > + > + HttpInstance->Tcp6TlsTxData.Push =3D TRUE; > + HttpInstance->Tcp6TlsTxData.Urgent =3D FALSE; > + HttpInstance->Tcp6TlsTxData.DataLength =3D 0; > + HttpInstance->Tcp6TlsTxData.FragmentCount =3D 1; > + HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp6TlsTxData.DataLength; > + HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer =3D NULL= ; > + HttpInstance->Tcp6TlsTxToken.Packet.TxData =3D &HttpInstance- > >Tcp6TlsTxData; > + HttpInstance->Tcp6TlsTxToken.CompletionToken.Status =3D > EFI_NOT_READY; > + > + // > + // For Tcp6TlsRxToken. > + // > + Status =3D gBS->CreateEvent ( > + EVT_NOTIFY_SIGNAL, > + TPL_NOTIFY, > + HttpCommonNotify, > + &HttpInstance->TlsIsRxDone, > + &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event > + ); > + if (EFI_ERROR (Status)) { > + goto ERROR; > + } > + > + HttpInstance->Tcp6TlsRxData.DataLength =3D 0; > + HttpInstance->Tcp6TlsRxData.FragmentCount =3D 1; > + HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength =3D > HttpInstance->Tcp6TlsRxData.DataLength ; > + HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer =3D NUL= L; > + HttpInstance->Tcp6TlsRxToken.Packet.RxData =3D &HttpInstanc= e- > >Tcp6TlsRxData; > + HttpInstance->Tcp6TlsRxToken.CompletionToken.Status =3D > EFI_NOT_READY; > + } > + > + return Status; > + > +ERROR: > + // > + // Error handling > + // > + TlsCloseTxRxEvent (HttpInstance); > + > + return Status; > +} > + > +/** > + Close events in the TlsTxToken and TlsRxToken. > + > + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. > + > +**/ > +VOID > +EFIAPI > +TlsCloseTxRxEvent ( > + IN HTTP_PROTOCOL *HttpInstance > + ) > +{ > + ASSERT (HttpInstance !=3D NULL); > + if (!HttpInstance->LocalAddressIsIPv6) { > + if (NULL !=3D HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) { > + gBS->CloseEvent(HttpInstance- > >Tcp4TlsTxToken.CompletionToken.Event); > + HttpInstance->Tcp4TlsTxToken.CompletionToken.Event =3D NULL; > + } > + > + if (NULL !=3D HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) { > + gBS->CloseEvent (HttpInstance- > >Tcp4TlsRxToken.CompletionToken.Event); > + HttpInstance->Tcp4TlsRxToken.CompletionToken.Event =3D NULL; > + } > + } else { > + if (NULL !=3D HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) { > + gBS->CloseEvent(HttpInstance- > >Tcp6TlsTxToken.CompletionToken.Event); > + HttpInstance->Tcp6TlsTxToken.CompletionToken.Event =3D NULL; > + } > + > + if (NULL !=3D HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) { > + gBS->CloseEvent (HttpInstance- > >Tcp6TlsRxToken.CompletionToken.Event); > + HttpInstance->Tcp6TlsRxToken.CompletionToken.Event =3D NULL; > + } > + } > +} > + > +/** > + Read the TlsCaCertificate variable and configure it. > + > + @param[in, out] HttpInstance The HTTP instance private data. > + > + @retval EFI_SUCCESS TlsCaCertificate is configured. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable= . > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +TlsConfigCertificate ( > + IN OUT HTTP_PROTOCOL *HttpInstance > + ) > +{ > + EFI_STATUS Status; > + UINT8 *CACert; > + UINTN CACertSize; > + UINT32 Index; > + EFI_SIGNATURE_LIST *CertList; > + EFI_SIGNATURE_DATA *Cert; > + UINTN CertCount; > + UINT32 ItemDataSize; > + > + CACert =3D NULL; > + CACertSize =3D 0; > + > + // > + // Try to read the TlsCaCertificate variable. > + // > + Status =3D gRT->GetVariable ( > + EFI_TLS_CA_CERTIFICATE_VARIABLE, > + &gEfiTlsCaCertificateGuid, > + NULL, > + &CACertSize, > + NULL > + ); > + > + if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { > + return Status; > + } > + > + // > + // Allocate buffer and read the config variable. > + // > + CACert =3D AllocatePool (CACertSize); > + if (CACert =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status =3D gRT->GetVariable ( > + EFI_TLS_CA_CERTIFICATE_VARIABLE, > + &gEfiTlsCaCertificateGuid, > + NULL, > + &CACertSize, > + CACert > + ); > + if (EFI_ERROR (Status)) { > + // > + // GetVariable still error or the variable is corrupted. > + // Fall back to the default value. > + // > + FreePool (CACert); > + > + return EFI_NOT_FOUND; > + } > + > + ASSERT (CACert !=3D NULL); > + > + // > + // Enumerate all data and erasing the target item. > + // > + ItemDataSize =3D (UINT32) CACertSize; > + CertList =3D (EFI_SIGNATURE_LIST *) CACert; > + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof > (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); > + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > + for (Index =3D 0; Index < CertCount; Index++) { > + // > + // EfiTlsConfigDataTypeCACertificate > + // > + Status =3D HttpInstance->TlsConfiguration->SetData ( > + HttpInstance->TlsConfig= uration, > + EfiTlsConfigDataTypeCAC= ertificate, > + Cert->SignatureData, > + CertList->SignatureSize= - sizeof (Cert- > >SignatureOwner) > + ); > + if (EFI_ERROR (Status)) { > + FreePool (CACert); > + return Status; > + } > + > + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList- > >SignatureSize); > + } > + > + ItemDataSize -=3D CertList->SignatureListSize; > + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > + } > + > + FreePool (CACert); > + return Status; > +} > + > +/** > + Configure TLS session data. > + > + @param[in, out] HttpInstance The HTTP instance private data. > + > + @retval EFI_SUCCESS TLS session data is configured. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsConfigureSession ( > + IN OUT HTTP_PROTOCOL *HttpInstance > + ) > +{ > + EFI_STATUS Status; > + > + // > + // TlsConfigData initialization > + // > + HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; > + HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER; > + HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStarted; > + > + // > + // EfiTlsConnectionEnd, > + // EfiTlsVerifyMethod > + // EfiTlsSessionState > + // > + Status =3D HttpInstance->Tls->SetSessionData ( > + HttpInstance->Tls, > + EfiTlsConnectionEnd, > + &(HttpInstance->TlsConfigData.Connection= End), > + sizeof (EFI_TLS_CONNECTION_END) > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + Status =3D HttpInstance->Tls->SetSessionData ( > + HttpInstance->Tls, > + EfiTlsVerifyMethod, > + &HttpInstance->TlsConfigData.VerifyMetho= d, > + sizeof (EFI_TLS_VERIFY) > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + Status =3D HttpInstance->Tls->SetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + &(HttpInstance->TlsConfigData.SessionSta= te), > + sizeof (EFI_TLS_SESSION_STATE) > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + // > + // Tls Config Certificate > + // > + Status =3D TlsConfigCertificate (HttpInstance); > + if (EFI_ERROR (Status)) { > + DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n")); > + return Status; > + } > + > + // > + // TlsCreateTxRxEvent > + // > + Status =3D TlsCreateTxRxEvent (HttpInstance); > + if (EFI_ERROR (Status)) { > + goto ERROR; > + } > + > + return Status; > + > +ERROR: > + TlsCloseTxRxEvent (HttpInstance); > + > + return Status; > +} > + > +/** > + Transmit the Packet by processing the associated HTTPS token. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > + @param[in] Packet The packet to transmit. > + > + @retval EFI_SUCCESS The packet is transmitted. > + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_DEVICE_ERROR An unexpected system or network error > occurred. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCommonTransmit ( > + IN OUT HTTP_PROTOCOL *HttpInstance, > + IN NET_BUF *Packet > + ) > +{ > + EFI_STATUS Status; > + VOID *Data; > + UINTN Size; > + > + if ((HttpInstance =3D=3D NULL) || (Packet =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + if (!HttpInstance->LocalAddressIsIPv6) { > + Size =3D sizeof (EFI_TCP4_TRANSMIT_DATA) + > + (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA); > + } else { > + Size =3D sizeof (EFI_TCP6_TRANSMIT_DATA) + > + (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA); > + } > + > + Data =3D AllocatePool (Size); > + if (Data =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + if (!HttpInstance->LocalAddressIsIPv6) { > + ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push =3D TRUE; > + ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent =3D FALSE; > + ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength =3D Packet->TotalSize= ; > + > + // > + // Build the fragment table. > + // > + ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount =3D Packet- > >BlockOpNum; > + > + NetbufBuildExt ( > + Packet, > + (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)- > >FragmentTable[0], > + &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount > + ); > + > + HttpInstance->Tcp4TlsTxToken.Packet.TxData =3D > (EFI_TCP4_TRANSMIT_DATA *) Data; > + > + Status =3D EFI_DEVICE_ERROR; > + > + // > + // Transmit the packet. > + // > + Status =3D HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4, > &HttpInstance->Tcp4TlsTxToken); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + while (!HttpInstance->TlsIsTxDone) { > + HttpInstance->Tcp4->Poll (HttpInstance->Tcp4); > + } > + > + HttpInstance->TlsIsTxDone =3D FALSE; > + Status =3D HttpInstance->Tcp4TlsTxToken.CompletionToken.Status; > + } else { > + ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push =3D TRUE; > + ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent =3D FALSE; > + ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength =3D Packet->TotalSize= ; > + > + // > + // Build the fragment table. > + // > + ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount =3D Packet- > >BlockOpNum; > + > + NetbufBuildExt ( > + Packet, > + (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)- > >FragmentTable[0], > + &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount > + ); > + > + HttpInstance->Tcp6TlsTxToken.Packet.TxData =3D > (EFI_TCP6_TRANSMIT_DATA *) Data; > + > + Status =3D EFI_DEVICE_ERROR; > + > + // > + // Transmit the packet. > + // > + Status =3D HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6, > &HttpInstance->Tcp6TlsTxToken); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + while (!HttpInstance->TlsIsTxDone) { > + HttpInstance->Tcp6->Poll (HttpInstance->Tcp6); > + } > + > + HttpInstance->TlsIsTxDone =3D FALSE; > + Status =3D HttpInstance->Tcp6TlsTxToken.CompletionToken.Status; > + } > + > +ON_EXIT: > + FreePool (Data); > + > + return Status; > +} > + > +/** > + Receive the Packet by processing the associated HTTPS token. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > + @param[in] Packet The packet to transmit. > + @param[in] Timeout The time to wait for connection done= . > + > + @retval EFI_SUCCESS The Packet is received. > + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_TIMEOUT The operation is time out. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCommonReceive ( > + IN OUT HTTP_PROTOCOL *HttpInstance, > + IN NET_BUF *Packet, > + IN EFI_EVENT Timeout > + ) > +{ > + EFI_TCP4_RECEIVE_DATA *Tcp4RxData; > + EFI_TCP6_RECEIVE_DATA *Tcp6RxData; > + EFI_STATUS Status; > + NET_FRAGMENT *Fragment; > + UINT32 FragmentCount; > + UINT32 CurrentFragment; > + > + Tcp4RxData =3D NULL; > + Tcp6RxData =3D NULL; > + > + if ((HttpInstance =3D=3D NULL) || (Packet =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + FragmentCount =3D Packet->BlockOpNum; > + Fragment =3D AllocatePool (FragmentCount * sizeof (NET_FRAGMENT))= ; > + if (Fragment =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // Build the fragment table. > + // > + NetbufBuildExt (Packet, Fragment, &FragmentCount); > + > + if (!HttpInstance->LocalAddressIsIPv6) { > + Tcp4RxData =3D HttpInstance->Tcp4TlsRxToken.Packet.RxData; > + if (Tcp4RxData =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + Tcp4RxData->FragmentCount =3D 1; > + } else { > + Tcp6RxData =3D HttpInstance->Tcp6TlsRxToken.Packet.RxData; > + if (Tcp6RxData =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + Tcp6RxData->FragmentCount =3D 1; > + } > + > + CurrentFragment =3D 0; > + Status =3D EFI_SUCCESS; > + > + while (CurrentFragment < FragmentCount) { > + if (!HttpInstance->LocalAddressIsIPv6) { > + Tcp4RxData->DataLength =3D Fragment[CurrentF= ragment].Len; > + Tcp4RxData->FragmentTable[0].FragmentLength =3D > Fragment[CurrentFragment].Len; > + Tcp4RxData->FragmentTable[0].FragmentBuffer =3D > Fragment[CurrentFragment].Bulk; > + Status =3D HttpInstance->Tcp4->Receive (HttpInstance->Tcp4, > &HttpInstance->Tcp4TlsRxToken); > + } else { > + Tcp6RxData->DataLength =3D Fragment[CurrentF= ragment].Len; > + Tcp6RxData->FragmentTable[0].FragmentLength =3D > Fragment[CurrentFragment].Len; > + Tcp6RxData->FragmentTable[0].FragmentBuffer =3D > Fragment[CurrentFragment].Bulk; > + Status =3D HttpInstance->Tcp6->Receive (HttpInstance->Tcp6, > &HttpInstance->Tcp6TlsRxToken); > + } > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + while (!HttpInstance->TlsIsRxDone && ((Timeout =3D=3D NULL) || EFI_E= RROR > (gBS->CheckEvent (Timeout)))) { > + // > + // Poll until some data is received or an error occurs. > + // > + if (!HttpInstance->LocalAddressIsIPv6) { > + HttpInstance->Tcp4->Poll (HttpInstance->Tcp4); > + } else { > + HttpInstance->Tcp6->Poll (HttpInstance->Tcp6); > + } > + } > + > + if (!HttpInstance->TlsIsRxDone) { > + // > + // Timeout occurs, cancel the receive request. > + // > + if (!HttpInstance->LocalAddressIsIPv6) { > + HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance- > >Tcp4TlsRxToken.CompletionToken); > + } else { > + HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance- > >Tcp6TlsRxToken.CompletionToken); > + } > + > + Status =3D EFI_TIMEOUT; > + goto ON_EXIT; > + } else { > + HttpInstance->TlsIsRxDone =3D FALSE; > + } > + > + if (!HttpInstance->LocalAddressIsIPv6) { > + Status =3D HttpInstance->Tcp4TlsRxToken.CompletionToken.Status; > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + Fragment[CurrentFragment].Len -=3D Tcp4RxData- > >FragmentTable[0].FragmentLength; > + if (Fragment[CurrentFragment].Len =3D=3D 0) { > + CurrentFragment++; > + } else { > + Fragment[CurrentFragment].Bulk +=3D Tcp4RxData- > >FragmentTable[0].FragmentLength; > + } > + } else { > + Status =3D HttpInstance->Tcp6TlsRxToken.CompletionToken.Status; > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + Fragment[CurrentFragment].Len -=3D Tcp6RxData- > >FragmentTable[0].FragmentLength; > + if (Fragment[CurrentFragment].Len =3D=3D 0) { > + CurrentFragment++; > + } else { > + Fragment[CurrentFragment].Bulk +=3D Tcp6RxData- > >FragmentTable[0].FragmentLength; > + } > + } > + } > + > +ON_EXIT: > + > + if (Fragment !=3D NULL) { > + FreePool (Fragment); > + } > + > + return Status; > +} > + > +/** > + Receive one TLS PDU. An TLS PDU contains an TLS record header and it's > + corresponding record data. These two parts will be put into two blocks= of > buffers in the > + net buffer. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > + @param[out] Pdu The received TLS PDU. > + @param[in] Timeout The time to wait for connection d= one. > + > + @retval EFI_SUCCESS An TLS PDU is received. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsReceiveOnePdu ( > + IN OUT HTTP_PROTOCOL *HttpInstance, > + OUT NET_BUF **Pdu, > + IN EFI_EVENT Timeout > + ) > +{ > + EFI_STATUS Status; > + > + LIST_ENTRY *NbufList; > + > + UINT32 Len; > + > + NET_BUF *PduHdr; > + UINT8 *Header; > + TLS_RECORD_HEADER RecordHeader; > + > + NET_BUF *DataSeg; > + > + NbufList =3D NULL; > + PduHdr =3D NULL; > + Header =3D NULL; > + DataSeg =3D NULL; > + > + NbufList =3D AllocatePool (sizeof (LIST_ENTRY)); > + if (NbufList =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + InitializeListHead (NbufList); > + > + // > + // Allocate buffer to receive one TLS header. > + // > + Len =3D sizeof (TLS_RECORD_HEADER); > + PduHdr =3D NetbufAlloc (Len); > + if (PduHdr =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + Header =3D NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL); > + if (Header =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // First step, receive one TLS header. > + // > + Status =3D TlsCommonReceive (HttpInstance, PduHdr, Timeout); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + RecordHeader =3D *(TLS_RECORD_HEADER *) Header; > + if ((RecordHeader.ContentType =3D=3D TlsContentTypeHandshake || > + RecordHeader.ContentType =3D=3D TlsContentTypeAlert || > + RecordHeader.ContentType =3D=3D TlsContentTypeChangeCipherSpec || > + RecordHeader.ContentType =3D=3D TlsContentTypeApplicationData) && > + (RecordHeader.Version.Major =3D=3D 0x03) && /// Major versions are s= ame. > + (RecordHeader.Version.Minor =3D=3D TLS10_PROTOCOL_VERSION_MINOR || > + RecordHeader.Version.Minor =3D=3DTLS11_PROTOCOL_VERSION_MINOR || > + RecordHeader.Version.Minor =3D=3D TLS12_PROTOCOL_VERSION_MINOR) > + ) { > + InsertTailList (NbufList, &PduHdr->List); > + } else { > + Status =3D EFI_PROTOCOL_ERROR; > + goto ON_EXIT; > + } > + > + Len =3D SwapBytes16(RecordHeader.Length); > + if (Len =3D=3D 0) { > + // > + // No TLS payload. > + // > + goto FORM_PDU; > + } > + > + // > + // Allocate buffer to receive one TLS payload. > + // > + DataSeg =3D NetbufAlloc (Len); > + if (DataSeg =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL); > + > + // > + // Second step, receive one TLS payload. > + // > + Status =3D TlsCommonReceive (HttpInstance, DataSeg, Timeout); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + InsertTailList (NbufList, &DataSeg->List); > + > +FORM_PDU: > + // > + // Form the PDU from a list of PDU. > + // > + *Pdu =3D NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList); > + if (*Pdu =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + } > + > +ON_EXIT: > + > + if (EFI_ERROR (Status)) { > + // > + // Free the Nbufs in this NbufList and the NbufList itself. > + // > + FreeNbufList (NbufList); > + } > + > + return Status; > +} > + > +/** > + Connect one TLS session by finishing the TLS handshake process. > + > + @param[in] HttpInstance The HTTP instance private data. > + @param[in] Timeout The time to wait for connection done. > + > + @retval EFI_SUCCESS The TLS session is established. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED TLS session state is incorrect. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsConnectSession ( > + IN HTTP_PROTOCOL *HttpInstance, > + IN EFI_EVENT Timeout > + ) > +{ > + EFI_STATUS Status; > + UINT8 *BufferOut; > + UINTN BufferOutSize; > + NET_BUF *PacketOut; > + UINT8 *DataOut; > + NET_BUF *Pdu; > + UINT8 *BufferIn; > + UINTN BufferInSize; > + UINT8 *GetSessionDataBuffer; > + UINTN GetSessionDataBufferSize; > + > + BufferOut =3D NULL; > + PacketOut =3D NULL; > + DataOut =3D NULL; > + Pdu =3D NULL; > + BufferIn =3D NULL; > + > + // > + // Initialize TLS state. > + // > + HttpInstance->TlsSessionState =3D EfiTlsSessionNotStarted; > + Status =3D HttpInstance->Tls->SetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + &(HttpInstance->TlsSessionState), > + sizeof (EFI_TLS_SESSION_STATE) > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + // > + // Create ClientHello > + // > + BufferOutSize =3D DEF_BUF_LEN; > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + NULL, > + 0, > + BufferOut, > + &BufferOutSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (BufferOut); > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + NULL, > + 0, > + BufferOut, > + &BufferOutSize > + ); > + } > + if (EFI_ERROR (Status)) { > + FreePool (BufferOut); > + return Status; > + } > + > + // > + // Transmit ClientHello > + // > + PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > + DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > + if (DataOut =3D=3D NULL) { > + FreePool (BufferOut); > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem (DataOut, BufferOut, BufferOutSize); > + Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > + > + FreePool (BufferOut); > + NetbufFree (PacketOut); > + > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + while(HttpInstance->TlsSessionState !=3D EfiTlsSessionDataTransferring= && \ > + ((Timeout =3D=3D NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) { > + // > + // Receive one TLS record. > + // > + Status =3D TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + BufferInSize =3D Pdu->TotalSize; > + BufferIn =3D AllocateZeroPool (BufferInSize); > + if (BufferIn =3D=3D NULL) { > + NetbufFree (Pdu); > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn); > + > + NetbufFree (Pdu); > + > + // > + // Handle Receive data. > + // > + BufferOutSize =3D DEF_BUF_LEN; > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + BufferIn, > + BufferInSize, > + BufferOut, > + &BufferOutSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (BufferOut); > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + FreePool (BufferIn); > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + BufferIn, > + BufferInSize, > + BufferOut, > + &BufferOutSize > + ); > + } > + > + FreePool (BufferIn); > + > + if (EFI_ERROR (Status)) { > + FreePool (BufferOut); > + return Status; > + } > + > + if (BufferOutSize !=3D 0) { > + // > + // Transmit the response packet. > + // > + PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > + DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > + if (DataOut =3D=3D NULL) { > + FreePool (BufferOut); > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem (DataOut, BufferOut, BufferOutSize); > + > + Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > + > + NetbufFree (PacketOut); > + > + if (EFI_ERROR (Status)) { > + FreePool (BufferOut); > + return Status; > + } > + } > + > + FreePool (BufferOut); > + > + // > + // Get the session state, then decide whether need to continue handl= e > received packet. > + // > + GetSessionDataBufferSize =3D DEF_BUF_LEN; > + GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSize)= ; > + if (GetSessionDataBuffer =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->GetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + GetSessionDataBuffer, > + &GetSessionDataBufferSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (GetSessionDataBuffer); > + GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSi= ze); > + if (GetSessionDataBuffer =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->GetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + GetSessionDataBuffer, > + &GetSessionDataBufferSize > + ); > + } > + if (EFI_ERROR (Status)) { > + FreePool(GetSessionDataBuffer); > + return Status; > + } > + > + ASSERT(GetSessionDataBufferSize =3D=3D sizeof (EFI_TLS_SESSION_STATE= )); > + HttpInstance->TlsSessionState =3D *(EFI_TLS_SESSION_STATE *) > GetSessionDataBuffer; > + > + FreePool (GetSessionDataBuffer); > + > + if(HttpInstance->TlsSessionState =3D=3D EfiTlsSessionError) { > + return EFI_ABORTED; > + } > + } > + > + if (HttpInstance->TlsSessionState !=3D EfiTlsSessionDataTransferring) = { > + Status =3D EFI_ABORTED; > + } > + > + return Status; > +} > + > +/** > + Close the TLS session and send out the close notification message. > + > + @param[in] HttpInstance The HTTP instance private data. > + > + @retval EFI_SUCCESS The TLS session is closed. > + @retval EFI_INVALID_PARAMETER HttpInstance is NULL. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCloseSession ( > + IN HTTP_PROTOCOL *HttpInstance > + ) > +{ > + EFI_STATUS Status; > + > + UINT8 *BufferOut; > + UINTN BufferOutSize; > + > + NET_BUF *PacketOut; > + UINT8 *DataOut; > + > + Status =3D EFI_SUCCESS; > + BufferOut =3D NULL; > + PacketOut =3D NULL; > + DataOut =3D NULL; > + > + if (HttpInstance =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + HttpInstance->TlsSessionState =3D EfiTlsSessionClosing; > + > + Status =3D HttpInstance->Tls->SetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + &(HttpInstance->TlsSessionState), > + sizeof (EFI_TLS_SESSION_STATE) > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + BufferOutSize =3D DEF_BUF_LEN; > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + NULL, > + 0, > + BufferOut, > + &BufferOutSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (BufferOut); > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + NULL, > + 0, > + BufferOut, > + &BufferOutSize > + ); > + } > + > + if (EFI_ERROR (Status)) { > + FreePool (BufferOut); > + return Status; > + } > + > + PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > + DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > + if (DataOut =3D=3D NULL) { > + FreePool (BufferOut); > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem (DataOut, BufferOut, BufferOutSize); > + > + Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > + > + FreePool (BufferOut); > + NetbufFree (PacketOut); > + > + return Status; > +} > + > +/** > + Process one message according to the CryptMode. > + > + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > + @param[in] Message Pointer to the message buffer nee= ded to > processed. > + @param[in] MessageSize Pointer to the message buffer siz= e. > + @param[in] ProcessMode Process mode. > + @param[in, out] Fragment Only one Fragment returned after = the > Message is > + processed successfully. > + > + @retval EFI_SUCCESS Message is processed successfully. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsProcessMessage ( > + IN HTTP_PROTOCOL *HttpInstance, > + IN UINT8 *Message, > + IN UINTN MessageSize, > + IN EFI_TLS_CRYPT_MODE ProcessMode, > + IN OUT NET_FRAGMENT *Fragment > + ) > +{ > + EFI_STATUS Status; > + UINT8 *Buffer; > + UINT32 BufferSize; > + UINT32 BytesCopied; > + EFI_TLS_FRAGMENT_DATA *FragmentTable; > + UINT32 FragmentCount; > + EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable; > + UINTN Index; > + > + Status =3D EFI_SUCCESS; > + Buffer =3D NULL; > + BufferSize =3D 0; > + BytesCopied =3D 0; > + FragmentTable =3D NULL; > + OriginalFragmentTable =3D NULL; > + > + // > + // Rebuild fragment table from BufferIn. > + // > + FragmentCount =3D 1; > + FragmentTable =3D AllocateZeroPool (FragmentCount * sizeof > (EFI_TLS_FRAGMENT_DATA)); > + if (FragmentTable =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + FragmentTable->FragmentLength =3D (UINT32) MessageSize; > + FragmentTable->FragmentBuffer =3D Message; > + > + // > + // Record the original FragmentTable. > + // > + OriginalFragmentTable =3D FragmentTable; > + > + // > + // Process the Message. > + // > + Status =3D HttpInstance->Tls->ProcessPacket ( > + HttpInstance->Tls, > + &FragmentTable, > + &FragmentCount, > + ProcessMode > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + // > + // Calculate the size according to FragmentTable. > + // > + for (Index =3D 0; Index < FragmentCount; Index++) { > + BufferSize +=3D FragmentTable[Index].FragmentLength; > + } > + > + // > + // Allocate buffer for processed data. > + // > + Buffer =3D AllocateZeroPool (BufferSize); > + if (Buffer =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // Copy the new FragmentTable buffer into Buffer. > + // > + for (Index =3D 0; Index < FragmentCount; Index++) { > + CopyMem ( > + (Buffer + BytesCopied), > + FragmentTable[Index].FragmentBuffer, > + FragmentTable[Index].FragmentLength > + ); > + BytesCopied +=3D FragmentTable[Index].FragmentLength; > + > + // > + // Free the FragmentBuffer since it has been copied. > + // > + FreePool (FragmentTable[Index].FragmentBuffer); > + } > + > + Fragment->Len =3D BufferSize; > + Fragment->Bulk =3D Buffer; > + > +ON_EXIT: > + > + if (OriginalFragmentTable !=3D NULL) { > + FreePool (OriginalFragmentTable); > + OriginalFragmentTable =3D NULL; > + } > + > + // > + // Caller has the responsibility to free the FragmentTable. > + // > + if (FragmentTable !=3D NULL) { > + FreePool (FragmentTable); > + FragmentTable =3D NULL; > + } > + > + return Status; > +} > + > +/** > + Receive one fragment decrypted from one TLS record. > + > + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > + @param[in, out] Fragment The received Fragment. > + @param[in] Timeout The time to wait for connection d= one. > + > + @retval EFI_SUCCESS One fragment is received. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED Something wrong decryption the message. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +HttpsReceive ( > + IN HTTP_PROTOCOL *HttpInstance, > + IN OUT NET_FRAGMENT *Fragment, > + IN EFI_EVENT Timeout > + ) > +{ > + EFI_STATUS Status; > + NET_BUF *Pdu; > + TLS_RECORD_HEADER RecordHeader; > + UINT8 *BufferIn; > + UINTN BufferInSize; > + NET_FRAGMENT TempFragment; > + UINT8 *BufferOut; > + UINTN BufferOutSize; > + NET_BUF *PacketOut; > + UINT8 *DataOut; > + UINT8 *GetSessionDataBuffer; > + UINTN GetSessionDataBufferSize; > + > + Status =3D EFI_SUCCESS; > + Pdu =3D NULL; > + BufferIn =3D NULL; > + BufferInSize =3D 0; > + BufferOut =3D NULL; > + BufferOutSize =3D 0; > + PacketOut =3D NULL; > + DataOut =3D NULL; > + GetSessionDataBuffer =3D NULL; > + GetSessionDataBufferSize =3D 0; > + > + // > + // Receive only one TLS record > + // > + Status =3D TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + BufferInSize =3D Pdu->TotalSize; > + BufferIn =3D AllocateZeroPool (BufferInSize); > + if (BufferIn =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + NetbufFree (Pdu); > + return Status; > + } > + > + NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn); > + > + NetbufFree (Pdu); > + > + // > + // Handle Receive data. > + // > + RecordHeader =3D *(TLS_RECORD_HEADER *) BufferIn; > + > + if ((RecordHeader.ContentType =3D=3D TlsContentTypeApplicationData) && > + (RecordHeader.Version.Major =3D=3D 0x03) && > + (RecordHeader.Version.Minor =3D=3D TLS10_PROTOCOL_VERSION_MINOR || > + RecordHeader.Version.Minor =3D=3D TLS11_PROTOCOL_VERSION_MINOR || > + RecordHeader.Version.Minor =3D=3D TLS12_PROTOCOL_VERSION_MINOR) > + ) { > + // > + // Decrypt Packet. > + // > + Status =3D TlsProcessMessage ( > + HttpInstance, > + BufferIn, > + BufferInSize, > + EfiTlsDecrypt, > + &TempFragment > + ); > + > + FreePool (BufferIn); > + > + if (EFI_ERROR (Status)) { > + if (Status =3D=3D EFI_ABORTED) { > + // > + // Something wrong decryption the message. > + // BuildResponsePacket() will be called to generate Error Alert = message > and send it out. > + // > + BufferOutSize =3D DEF_BUF_LEN; > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + NULL, > + 0, > + BufferOut, > + &BufferOutSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (BufferOut); > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + NULL, > + 0, > + BufferOut, > + &BufferOutSize > + ); > + } > + if (EFI_ERROR (Status)) { > + FreePool(BufferOut); > + return Status; > + } > + > + if (BufferOutSize !=3D 0) { > + PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); > + DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSiz= e, > NET_BUF_TAIL); > + if (DataOut =3D=3D NULL) { > + FreePool (BufferOut); > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem (DataOut, BufferOut, BufferOutSize); > + > + Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > + > + NetbufFree (PacketOut); > + } > + > + FreePool(BufferOut); > + > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + return EFI_ABORTED; > + } > + > + return Status; > + } > + > + // > + // Parsing buffer. > + // > + ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType > =3D=3D TlsContentTypeApplicationData); > + > + BufferInSize =3D ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length= ; > + BufferIn =3D AllocateZeroPool (BufferInSize); > + if (BufferIn =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + CopyMem (BufferIn, TempFragment.Bulk + sizeof > (TLS_RECORD_HEADER), BufferInSize); > + > + // > + // Free the buffer in TempFragment. > + // > + FreePool (TempFragment.Bulk); > + > + } else if ((RecordHeader.ContentType =3D=3D TlsContentTypeAlert) && > + (RecordHeader.Version.Major =3D=3D 0x03) && > + (RecordHeader.Version.Minor =3D=3D TLS10_PROTOCOL_VERSION_MINOR || > + RecordHeader.Version.Minor =3D=3D TLS11_PROTOCOL_VERSION_MINOR || > + RecordHeader.Version.Minor =3D=3D TLS12_PROTOCOL_VERSION_MINOR) > + ) { > + BufferOutSize =3D DEF_BUF_LEN; > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + FreePool (BufferIn); > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + BufferIn, > + BufferInSize, > + BufferOut, > + &BufferOutSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (BufferOut); > + BufferOut =3D AllocateZeroPool (BufferOutSize); > + if (BufferOut =3D=3D NULL) { > + FreePool (BufferIn); > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->BuildResponsePacket ( > + HttpInstance->Tls, > + BufferIn, > + BufferInSize, > + BufferOut, > + &BufferOutSize > + ); > + } > + > + FreePool (BufferIn); > + > + if (EFI_ERROR (Status)) { > + FreePool (BufferOut); > + return Status; > + } > + > + if (BufferOutSize !=3D 0) { > + PacketOut =3D NetbufAlloc ((UINT32) BufferOutSize); > + DataOut =3D NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, > NET_BUF_TAIL); > + if (DataOut =3D=3D NULL) { > + FreePool (BufferOut); > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem (DataOut, BufferOut, BufferOutSize); > + > + Status =3D TlsCommonTransmit (HttpInstance, PacketOut); > + > + NetbufFree (PacketOut); > + } > + > + FreePool (BufferOut); > + > + // > + // Get the session state. > + // > + GetSessionDataBufferSize =3D DEF_BUF_LEN; > + GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSize)= ; > + if (GetSessionDataBuffer =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->GetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + GetSessionDataBuffer, > + &GetSessionDataBufferSize > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + FreePool (GetSessionDataBuffer); > + GetSessionDataBuffer =3D AllocateZeroPool (GetSessionDataBufferSi= ze); > + if (GetSessionDataBuffer =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + return Status; > + } > + > + Status =3D HttpInstance->Tls->GetSessionData ( > + HttpInstance->Tls, > + EfiTlsSessionState, > + GetSessionDataBuffer, > + &GetSessionDataBufferSize > + ); > + } > + if (EFI_ERROR (Status)) { > + FreePool (GetSessionDataBuffer); > + return Status; > + } > + > + ASSERT(GetSessionDataBufferSize =3D=3D sizeof (EFI_TLS_SESSION_STATE= )); > + HttpInstance->TlsSessionState =3D *(EFI_TLS_SESSION_STATE *) > GetSessionDataBuffer; > + > + FreePool (GetSessionDataBuffer); > + > + if(HttpInstance->TlsSessionState =3D=3D EfiTlsSessionError) { > + DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n")); > + return EFI_ABORTED; > + } > + > + BufferIn =3D NULL; > + BufferInSize =3D 0; > + } > + > + Fragment->Bulk =3D BufferIn; > + Fragment->Len =3D (UINT32) BufferInSize; > + > + return Status; > +} > + > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h > b/NetworkPkg/HttpDxe/HttpsSupport.h > index fcb3aa05c1..68a6073ceb 100644 > --- a/NetworkPkg/HttpDxe/HttpsSupport.h > +++ b/NetworkPkg/HttpDxe/HttpsSupport.h > @@ -1,260 +1,261 @@ > -/** @file > - The header files of miscellaneous routines specific to Https for HttpD= xe > driver. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __EFI_HTTPS_SUPPORT_H__ > -#define __EFI_HTTPS_SUPPORT_H__ > - > -#define HTTPS_DEFAULT_PORT 443 > - > -#define HTTPS_FLAG "https://" > - > -/** > - Check whether the Url is from Https. > - > - @param[in] Url The pointer to a HTTP or HTTPS URL strin= g. > - > - @retval TRUE The Url is from HTTPS. > - @retval FALSE The Url is from HTTP. > - > -**/ > -BOOLEAN > -IsHttpsUrl ( > - IN CHAR8 *Url > - ); > - > -/** > - Creates a Tls child handle, open EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > - > - @param[in] ImageHandle The firmware allocated handle for th= e UEFI > image. > - @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL inst= ance. > - @param[out] TlsConfiguration Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > - > - @return The child handle with opened EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > - > -**/ > -EFI_HANDLE > -EFIAPI > -TlsCreateChild ( > - IN EFI_HANDLE ImageHandle, > - OUT EFI_TLS_PROTOCOL **TlsProto, > - OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration > - ); > - > -/** > - Create event for the TLS receive and transmit tokens which are used to > receive and > - transmit TLS related messages. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure= . > - > - @retval EFI_SUCCESS The events are created successfully. > - @retval others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCreateTxRxEvent ( > - IN OUT HTTP_PROTOCOL *HttpInstance > - ); > - > -/** > - Close events in the TlsTxToken and TlsRxToken. > - > - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. > - > -**/ > -VOID > -EFIAPI > -TlsCloseTxRxEvent ( > - IN HTTP_PROTOCOL *HttpInstance > - ); > - > -/** > - Read the TlsCaCertificate variable and configure it. > - > - @param[in, out] HttpInstance The HTTP instance private data. > - > - @retval EFI_SUCCESS TlsCaCertificate is configured. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable= . > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -TlsConfigCertificate ( > - IN OUT HTTP_PROTOCOL *HttpInstance > - ); > - > -/** > - Configure TLS session data. > - > - @param[in, out] HttpInstance The HTTP instance private data. > - > - @retval EFI_SUCCESS TLS session data is configured. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsConfigureSession ( > - IN OUT HTTP_PROTOCOL *HttpInstance > - ); > - > -/** > - Transmit the Packet by processing the associated HTTPS token. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > - @param[in] Packet The packet to transmit. > - > - @retval EFI_SUCCESS The packet is transmitted. > - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_DEVICE_ERROR An unexpected system or network error > occurred. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCommonTransmit ( > - IN OUT HTTP_PROTOCOL *HttpInstance, > - IN NET_BUF *Packet > - ); > - > -/** > - Receive the Packet by processing the associated HTTPS token. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > - @param[in] Packet The packet to transmit. > - @param[in] Timeout The time to wait for connection done= . > - > - @retval EFI_SUCCESS The Packet is received. > - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_TIMEOUT The operation is time out. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCommonReceive ( > - IN OUT HTTP_PROTOCOL *HttpInstance, > - IN NET_BUF *Packet, > - IN EFI_EVENT Timeout > - ); > - > -/** > - Receive one TLS PDU. An TLS PDU contains an TLS record header and it's > - corresponding record data. These two parts will be put into two blocks= of > buffers in the > - net buffer. > - > - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > - @param[out] Pdu The received TLS PDU. > - @param[in] Timeout The time to wait for connection d= one. > - > - @retval EFI_SUCCESS An TLS PDU is received. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsReceiveOnePdu ( > - IN OUT HTTP_PROTOCOL *HttpInstance, > - OUT NET_BUF **Pdu, > - IN EFI_EVENT Timeout > - ); > - > -/** > - Connect one TLS session by finishing the TLS handshake process. > - > - @param[in] HttpInstance The HTTP instance private data. > - @param[in] Timeout The time to wait for connection done. > - > - @retval EFI_SUCCESS The TLS session is established. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED TLS session state is incorrect. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsConnectSession ( > - IN HTTP_PROTOCOL *HttpInstance, > - IN EFI_EVENT Timeout > - ); > - > -/** > - Close the TLS session and send out the close notification message. > - > - @param[in] HttpInstance The HTTP instance private data. > - > - @retval EFI_SUCCESS The TLS session is closed. > - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval Others Other error as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsCloseSession ( > - IN HTTP_PROTOCOL *HttpInstance > - ); > - > -/** > - Process one message according to the CryptMode. > - > - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > - @param[in] Message Pointer to the message buffer nee= ded to > processed. > - @param[in] MessageSize Pointer to the message buffer siz= e. > - @param[in] ProcessMode Process mode. > - @param[in, out] Fragment Only one Fragment returned after = the > Message is > - processed successfully. > - > - @retval EFI_SUCCESS Message is processed successfully. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsProcessMessage ( > - IN HTTP_PROTOCOL *HttpInstance, > - IN UINT8 *Message, > - IN UINTN MessageSize, > - IN EFI_TLS_CRYPT_MODE ProcessMode, > - IN OUT NET_FRAGMENT *Fragment > - ); > - > -/** > - Receive one fragment decrypted from one TLS record. > - > - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > - @param[in, out] Fragment The received Fragment. > - @param[in] Timeout The time to wait for connection d= one. > - > - @retval EFI_SUCCESS One fragment is received. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED Something wrong decryption the message. > - @retval Others Other errors as indicated. > - > -**/ > -EFI_STATUS > -EFIAPI > -HttpsReceive ( > - IN HTTP_PROTOCOL *HttpInstance, > - IN OUT NET_FRAGMENT *Fragment, > - IN EFI_EVENT Timeout > - ); > - > -#endif > +/** @file > + The header files of miscellaneous routines specific to Https for HttpD= xe > driver. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __EFI_HTTPS_SUPPORT_H__ > +#define __EFI_HTTPS_SUPPORT_H__ > + > +#define HTTPS_DEFAULT_PORT 443 > + > +#define HTTPS_FLAG "https://" > + > +/** > + Check whether the Url is from Https. > + > + @param[in] Url The pointer to a HTTP or HTTPS URL strin= g. > + > + @retval TRUE The Url is from HTTPS. > + @retval FALSE The Url is from HTTP. > + > +**/ > +BOOLEAN > +IsHttpsUrl ( > + IN CHAR8 *Url > + ); > + > +/** > + Creates a Tls child handle, open EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > + > + @param[in] ImageHandle The firmware allocated handle for th= e UEFI > image. > + @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL inst= ance. > + @param[out] TlsConfiguration Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + > + @return The child handle with opened EFI_TLS_PROTOCOL and > EFI_TLS_CONFIGURATION_PROTOCOL. > + > +**/ > +EFI_HANDLE > +EFIAPI > +TlsCreateChild ( > + IN EFI_HANDLE ImageHandle, > + OUT EFI_TLS_PROTOCOL **TlsProto, > + OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration > + ); > + > +/** > + Create event for the TLS receive and transmit tokens which are used to > receive and > + transmit TLS related messages. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure= . > + > + @retval EFI_SUCCESS The events are created successfully. > + @retval others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCreateTxRxEvent ( > + IN OUT HTTP_PROTOCOL *HttpInstance > + ); > + > +/** > + Close events in the TlsTxToken and TlsRxToken. > + > + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. > + > +**/ > +VOID > +EFIAPI > +TlsCloseTxRxEvent ( > + IN HTTP_PROTOCOL *HttpInstance > + ); > + > +/** > + Read the TlsCaCertificate variable and configure it. > + > + @param[in, out] HttpInstance The HTTP instance private data. > + > + @retval EFI_SUCCESS TlsCaCertificate is configured. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable= . > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +TlsConfigCertificate ( > + IN OUT HTTP_PROTOCOL *HttpInstance > + ); > + > +/** > + Configure TLS session data. > + > + @param[in, out] HttpInstance The HTTP instance private data. > + > + @retval EFI_SUCCESS TLS session data is configured. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsConfigureSession ( > + IN OUT HTTP_PROTOCOL *HttpInstance > + ); > + > +/** > + Transmit the Packet by processing the associated HTTPS token. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > + @param[in] Packet The packet to transmit. > + > + @retval EFI_SUCCESS The packet is transmitted. > + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_DEVICE_ERROR An unexpected system or network error > occurred. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCommonTransmit ( > + IN OUT HTTP_PROTOCOL *HttpInstance, > + IN NET_BUF *Packet > + ); > + > +/** > + Receive the Packet by processing the associated HTTPS token. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure. > + @param[in] Packet The packet to transmit. > + @param[in] Timeout The time to wait for connection done= . > + > + @retval EFI_SUCCESS The Packet is received. > + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_TIMEOUT The operation is time out. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCommonReceive ( > + IN OUT HTTP_PROTOCOL *HttpInstance, > + IN NET_BUF *Packet, > + IN EFI_EVENT Timeout > + ); > + > +/** > + Receive one TLS PDU. An TLS PDU contains an TLS record header and it's > + corresponding record data. These two parts will be put into two blocks= of > buffers in the > + net buffer. > + > + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > + @param[out] Pdu The received TLS PDU. > + @param[in] Timeout The time to wait for connection d= one. > + > + @retval EFI_SUCCESS An TLS PDU is received. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsReceiveOnePdu ( > + IN OUT HTTP_PROTOCOL *HttpInstance, > + OUT NET_BUF **Pdu, > + IN EFI_EVENT Timeout > + ); > + > +/** > + Connect one TLS session by finishing the TLS handshake process. > + > + @param[in] HttpInstance The HTTP instance private data. > + @param[in] Timeout The time to wait for connection done. > + > + @retval EFI_SUCCESS The TLS session is established. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED TLS session state is incorrect. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsConnectSession ( > + IN HTTP_PROTOCOL *HttpInstance, > + IN EFI_EVENT Timeout > + ); > + > +/** > + Close the TLS session and send out the close notification message. > + > + @param[in] HttpInstance The HTTP instance private data. > + > + @retval EFI_SUCCESS The TLS session is closed. > + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval Others Other error as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCloseSession ( > + IN HTTP_PROTOCOL *HttpInstance > + ); > + > +/** > + Process one message according to the CryptMode. > + > + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > + @param[in] Message Pointer to the message buffer nee= ded to > processed. > + @param[in] MessageSize Pointer to the message buffer siz= e. > + @param[in] ProcessMode Process mode. > + @param[in, out] Fragment Only one Fragment returned after = the > Message is > + processed successfully. > + > + @retval EFI_SUCCESS Message is processed successfully. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsProcessMessage ( > + IN HTTP_PROTOCOL *HttpInstance, > + IN UINT8 *Message, > + IN UINTN MessageSize, > + IN EFI_TLS_CRYPT_MODE ProcessMode, > + IN OUT NET_FRAGMENT *Fragment > + ); > + > +/** > + Receive one fragment decrypted from one TLS record. > + > + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structur= e. > + @param[in, out] Fragment The received Fragment. > + @param[in] Timeout The time to wait for connection d= one. > + > + @retval EFI_SUCCESS One fragment is received. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED Something wrong decryption the message. > + @retval Others Other errors as indicated. > + > +**/ > +EFI_STATUS > +EFIAPI > +HttpsReceive ( > + IN HTTP_PROTOCOL *HttpInstance, > + IN OUT NET_FRAGMENT *Fragment, > + IN EFI_EVENT Timeout > + ); > + > +#endif > + > diff --git a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h > b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h > index 9d21426f9f..5e5637c4c6 100644 > --- a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h > +++ b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h > @@ -1,25 +1,26 @@ > -/** @file > - GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDx= e > driver. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials are licensed and made > available under > -the terms and conditions of the BSD License that accompanies this > distribution. > -The full text of the license may be found at > -http://opensource.org/licenses/bsd-license.php. > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__ > -#define __TLS_AUTH_CONFIG_HII_GUID_H__ > - > -#define TLS_AUTH_CONFIG_GUID \ > - { \ > - 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x6= 5, 0xdf } > \ > - } > - > -extern EFI_GUID gTlsAuthConfigGuid; > - > -#endif > +/** @file > + GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDx= e > driver. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> +This program and the accompanying materials are licensed and made > available under > +the terms and conditions of the BSD License that accompanies this > distribution. > +The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php. > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__ > +#define __TLS_AUTH_CONFIG_HII_GUID_H__ > + > +#define TLS_AUTH_CONFIG_GUID \ > + { \ > + 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x6= 5, > 0xdf } \ > + } > + > +extern EFI_GUID gTlsAuthConfigGuid; > + > +#endif > + > diff --git a/NetworkPkg/Include/Guid/TlsAuthentication.h > b/NetworkPkg/Include/Guid/TlsAuthentication.h > index 2e800dce12..e8497be68b 100644 > --- a/NetworkPkg/Include/Guid/TlsAuthentication.h > +++ b/NetworkPkg/Include/Guid/TlsAuthentication.h > @@ -1,29 +1,30 @@ > -/** @file > - This file defines TlsCaCertificate variable. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials are licensed and made > available under > -the terms and conditions of the BSD License that accompanies this > distribution. > -The full text of the license may be found at > -http://opensource.org/licenses/bsd-license.php. > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __TLS_AUTHENTICATION_H__ > -#define __TLS_AUTHENTICATION_H__ > - > -// Private variable for CA Certificate configuration > -// > -#define EFI_TLS_CA_CERTIFICATE_GUID \ > - { \ > - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x= 8e, > 0xae } \ > - } > - > -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" > - > -extern EFI_GUID gEfiTlsCaCertificateGuid; > - > -#endif > +/** @file > + This file defines TlsCaCertificate variable. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> +This program and the accompanying materials are licensed and made > available under > +the terms and conditions of the BSD License that accompanies this > distribution. > +The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php. > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __TLS_AUTHENTICATION_H__ > +#define __TLS_AUTHENTICATION_H__ > + > +// Private variable for CA Certificate configuration > +// > +#define EFI_TLS_CA_CERTIFICATE_GUID \ > + { \ > + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x= 8e, > 0xae } \ > + } > + > +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" > + > +extern EFI_GUID gEfiTlsCaCertificateGuid; > + > +#endif > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c > index 647bc2f01b..351656ff0c 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c > @@ -1,135 +1,135 @@ > -/** @file > - The DriverEntryPoint for TlsAuthConfigDxe driver. > - > - Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the = BSD > License > - which accompanies this distribution. The full text of the license may= be > found at > - http://opensource.org/licenses/bsd-license.php. > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsAuthConfigImpl.h" > - > -/** > - Unloads an image. > - > - @param ImageHandle Handle that identifies the image to be > unloaded. > - > - @retval EFI_SUCCESS The image has been unloaded. > - @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigDxeUnload ( > - IN EFI_HANDLE ImageHandle > - ) > -{ > - EFI_STATUS Status; > - TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData; > - > - Status =3D gBS->HandleProtocol ( > - ImageHandle, > - &gEfiCallerIdGuid, > - (VOID **) &PrivateData > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - ASSERT (PrivateData->Signature =3D=3D > TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE); > - > - gBS->UninstallMultipleProtocolInterfaces ( > - &ImageHandle, > - &gEfiCallerIdGuid, > - PrivateData, > - NULL > - ); > - > - TlsAuthConfigFormUnload (PrivateData); > - > - return EFI_SUCCESS; > -} > - > -/** > - This is the declaration of an EFI image entry point. This entry point = is > - the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers incl= uding > - both device drivers and bus drivers. > - > - @param ImageHandle The firmware allocated handle for the UE= FI > image. > - @param SystemTable A pointer to the EFI System Table. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval Others An unexpected error occurred. > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigDxeDriverEntryPoint ( > - IN EFI_HANDLE ImageHandle, > - IN EFI_SYSTEM_TABLE *SystemTable > - ) > -{ > - EFI_STATUS Status; > - > - TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData; > - > - PrivateData =3D NULL; > - > - // > - // If already started, return. > - // > - Status =3D gBS->OpenProtocol ( > - ImageHandle, > - &gEfiCallerIdGuid, > - NULL, > - ImageHandle, > - ImageHandle, > - EFI_OPEN_PROTOCOL_TEST_PROTOCOL > - ); > - if (!EFI_ERROR (Status)) { > - return EFI_ALREADY_STARTED; > - } > - > - // > - // Initialize the private data structure. > - // > - PrivateData =3D AllocateZeroPool (sizeof > (TLS_AUTH_CONFIG_PRIVATE_DATA)); > - if (PrivateData =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - // > - // Initialize the HII configuration form. > - // > - Status =3D TlsAuthConfigFormInit (PrivateData); > - if (EFI_ERROR (Status)) { > - goto ON_ERROR; > - } > - > - // > - // Install private GUID. > - // > - Status =3D gBS->InstallMultipleProtocolInterfaces ( > - &ImageHandle, > - &gEfiCallerIdGuid, > - PrivateData, > - NULL > - ); > - if (EFI_ERROR (Status)) { > - goto ON_ERROR; > - } > - > - return EFI_SUCCESS; > - > -ON_ERROR: > - TlsAuthConfigFormUnload (PrivateData); > - FreePool (PrivateData); > - > - return Status; > -} > - > +/** @file > + The DriverEntryPoint for TlsAuthConfigDxe driver. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be > found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsAuthConfigImpl.h" > + > +/** > + Unloads an image. > + > + @param ImageHandle Handle that identifies the image to be > unloaded. > + > + @retval EFI_SUCCESS The image has been unloaded. > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image > handle. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigDxeUnload ( > + IN EFI_HANDLE ImageHandle > + ) > +{ > + EFI_STATUS Status; > + TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData; > + > + Status =3D gBS->HandleProtocol ( > + ImageHandle, > + &gEfiCallerIdGuid, > + (VOID **) &PrivateData > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + ASSERT (PrivateData->Signature =3D=3D > TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE); > + > + gBS->UninstallMultipleProtocolInterfaces ( > + &ImageHandle, > + &gEfiCallerIdGuid, > + PrivateData, > + NULL > + ); > + > + TlsAuthConfigFormUnload (PrivateData); > + > + return EFI_SUCCESS; > +} > + > +/** > + This is the declaration of an EFI image entry point. This entry point = is > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers incl= uding > + both device drivers and bus drivers. > + > + @param ImageHandle The firmware allocated handle for the UE= FI > image. > + @param SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval Others An unexpected error occurred. > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigDxeDriverEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + > + TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData; > + > + PrivateData =3D NULL; > + > + // > + // If already started, return. > + // > + Status =3D gBS->OpenProtocol ( > + ImageHandle, > + &gEfiCallerIdGuid, > + NULL, > + ImageHandle, > + ImageHandle, > + EFI_OPEN_PROTOCOL_TEST_PROTOCOL > + ); > + if (!EFI_ERROR (Status)) { > + return EFI_ALREADY_STARTED; > + } > + > + // > + // Initialize the private data structure. > + // > + PrivateData =3D AllocateZeroPool (sizeof > (TLS_AUTH_CONFIG_PRIVATE_DATA)); > + if (PrivateData =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + // > + // Initialize the HII configuration form. > + // > + Status =3D TlsAuthConfigFormInit (PrivateData); > + if (EFI_ERROR (Status)) { > + goto ON_ERROR; > + } > + > + // > + // Install private GUID. > + // > + Status =3D gBS->InstallMultipleProtocolInterfaces ( > + &ImageHandle, > + &gEfiCallerIdGuid, > + PrivateData, > + NULL > + ); > + if (EFI_ERROR (Status)) { > + goto ON_ERROR; > + } > + > + return EFI_SUCCESS; > + > +ON_ERROR: > + TlsAuthConfigFormUnload (PrivateData); > + FreePool (PrivateData); > + > + return Status; > +} > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > index 19f095e89d..2a893689bb 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > @@ -1,73 +1,74 @@ > -## @file > -# Provides the capability to configure Tls Authentication in a setup br= owser > -# By this module, user may change the content of TlsCaCertificate. > -# > -# Copyright (c) 2016, Intel Corporation. All rights reserved.
> -# This program and the accompanying materials > -# are licensed and made available under the terms and conditions of the > BSD License > -# which accompanies this distribution. The full text of the license may = be > found at > -# http://opensource.org/licenses/bsd-license.php > -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > -# > -## > - > -[Defines] > - INF_VERSION =3D 0x00010005 > - BASE_NAME =3D TlsAuthConfigDxe > - MODULE_UNI_FILE =3D TlsAuthConfigDxe.uni > - FILE_GUID =3D 7ca1024f-eb17-11e5-9dba-28d2447c4829 > - MODULE_TYPE =3D DXE_DRIVER > - VERSION_STRING =3D 1.0 > - ENTRY_POINT =3D TlsAuthConfigDxeDriverEntryPoint > - UNLOAD_IMAGE =3D TlsAuthConfigDxeUnload > - > -# > -# VALID_ARCHITECTURES =3D IA32 X64 > -# > - > -[Packages] > - MdePkg/MdePkg.dec > - MdeModulePkg/MdeModulePkg.dec > - NetworkPkg/NetworkPkg.dec > - > -[Sources] > - TlsAuthConfigImpl.c > - TlsAuthConfigImpl.h > - TlsAuthConfigNvData.h > - TlsAuthConfigDxe.c > - TlsAuthConfigDxeStrings.uni > - TlsAuthConfigVfr.vfr > - > -[LibraryClasses] > - BaseLib > - BaseMemoryLib > - MemoryAllocationLib > - UefiLib > - UefiBootServicesTableLib > - UefiRuntimeServicesTableLib > - UefiDriverEntryPoint > - DebugLib > - HiiLib > - DevicePathLib > - UefiHiiServicesLib > - FileExplorerLib > - PrintLib > - > -[Protocols] > - gEfiDevicePathProtocolGuid ## PRODUCES > - gEfiHiiConfigAccessProtocolGuid ## PRODUCES > - gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES > - > -[Guids] > - gTlsAuthConfigGuid ## PRODUCES ## GUID > - gEfiCertX509Guid ## CONSUMES ## GUID # = Indicate the > cert type > - gEfiIfrTianoGuid ## CONSUMES ## HII > - gEfiTlsCaCertificateGuid ## PRODUCES ## GUID > - > -[Depex] > - gEfiHiiConfigRoutingProtocolGuid AND > - gEfiHiiDatabaseProtocolGuid > - > -[UserExtensions.TianoCore."ExtraFiles"] > - TlsAuthConfigDxeExtra.uni > +## @file > +# Provides the capability to configure Tls Authentication in a setup br= owser > +# By this module, user may change the content of TlsCaCertificate. > +# > +# Copyright (c) 2016, Intel Corporation. All rights reserved.
> +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the > BSD License > +# which accompanies this distribution. The full text of the license may = be > found at > +# http://opensource.org/licenses/bsd-license.php > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D TlsAuthConfigDxe > + MODULE_UNI_FILE =3D TlsAuthConfigDxe.uni > + FILE_GUID =3D 7ca1024f-eb17-11e5-9dba-28d2447c4829 > + MODULE_TYPE =3D DXE_DRIVER > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D TlsAuthConfigDxeDriverEntryPoint > + UNLOAD_IMAGE =3D TlsAuthConfigDxeUnload > + > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + NetworkPkg/NetworkPkg.dec > + > +[Sources] > + TlsAuthConfigImpl.c > + TlsAuthConfigImpl.h > + TlsAuthConfigNvData.h > + TlsAuthConfigDxe.c > + TlsAuthConfigDxeStrings.uni > + TlsAuthConfigVfr.vfr > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + MemoryAllocationLib > + UefiLib > + UefiBootServicesTableLib > + UefiRuntimeServicesTableLib > + UefiDriverEntryPoint > + DebugLib > + HiiLib > + DevicePathLib > + UefiHiiServicesLib > + FileExplorerLib > + PrintLib > + > +[Protocols] > + gEfiDevicePathProtocolGuid ## PRODUCES > + gEfiHiiConfigAccessProtocolGuid ## PRODUCES > + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES > + > +[Guids] > + gTlsAuthConfigGuid ## PRODUCES ## GUID > + gEfiCertX509Guid ## CONSUMES ## GUID # = Indicate the > cert type > + gEfiIfrTianoGuid ## CONSUMES ## HII > + gEfiTlsCaCertificateGuid ## PRODUCES ## GUID > + > +[Depex] > + gEfiHiiConfigRoutingProtocolGuid AND > + gEfiHiiDatabaseProtocolGuid > + > +[UserExtensions.TianoCore."ExtraFiles"] > + TlsAuthConfigDxeExtra.uni > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni > index f99a14f575..dcd308fda0 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni > @@ -1,21 +1,21 @@ > -// /** @file > -// Provides the capability to configure Tls Authentication in a setup br= owser > -// > -// By this module, user may change the content of TlsCaCertificate. > -// > -// Copyright (c) 2016, Intel Corporation. All rights reserved.
> -// > -// This program and the accompanying materials > -// are licensed and made available under the terms and conditions of the > BSD License > -// which accompanies this distribution. The full text of the license may= be > found at > -// http://opensource.org/licenses/bsd-license.php > -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > -// > -// **/ > - > - > -#string STR_MODULE_ABSTRACT #language en-US "Provides the > capability to configure Tls Authentication in a setup browser" > - > -#string STR_MODULE_DESCRIPTION #language en-US "By this module, > user may change the content of TlsCaCertificate." > - > +// /** @file > +// Provides the capability to configure Tls Authentication in a setup br= owser > +// > +// By this module, user may change the content of TlsCaCertificate. > +// > +// Copyright (c) 2016, Intel Corporation. All rights reserved.
> +// > +// This program and the accompanying materials > +// are licensed and made available under the terms and conditions of the > BSD License > +// which accompanies this distribution. The full text of the license may= be > found at > +// http://opensource.org/licenses/bsd-license.php > +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Provides the > capability to configure Tls Authentication in a setup browser" > + > +#string STR_MODULE_DESCRIPTION #language en-US "By this module, > user may change the content of TlsCaCertificate." > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni > index ee4c49f15b..d284537303 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni > @@ -1,19 +1,19 @@ > -// /** @file > -// TlsAuthConfigDxe Localized Strings and Content > -// > -// Copyright (c) 2016, Intel Corporation. All rights reserved.
> -// > -// This program and the accompanying materials > -// are licensed and made available under the terms and conditions of the > BSD License > -// which accompanies this distribution. The full text of the license may= be > found at > -// http://opensource.org/licenses/bsd-license.php > -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > -// > -// **/ > - > -#string STR_PROPERTIES_MODULE_NAME > -#language en-US > -"TLS Auth Config DXE" > - > - > +// /** @file > +// TlsAuthConfigDxe Localized Strings and Content > +// > +// Copyright (c) 2016, Intel Corporation. All rights reserved.
> +// > +// This program and the accompanying materials > +// are licensed and made available under the terms and conditions of the > BSD License > +// which accompanies this distribution. The full text of the license may= be > found at > +// http://opensource.org/licenses/bsd-license.php > +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +// > +// **/ > + > +#string STR_PROPERTIES_MODULE_NAME > +#language en-US > +"TLS Auth Config DXE" > + > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni > index a8f7e434c3..6ffa52df62 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni > @@ -1,39 +1,39 @@ > -/** @file > - String definitions for Tls Authentication Configuration form. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#langdef en-US "English" > - > -#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tl= s Auth > Configuration" > -#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Pr= ess > to select Tls Auth Configuration." > - > -#string STR_TLS_AUTH_CONFIG_SERVER_CA #language > en-US "Server CA Configuration" > -#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language > en-US "Press to configure Server CA." > -#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US > "Client Cert Configuration" > -#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language > en-US "Client cert configuration is unsupported currently." > - > -#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US > "Enroll Cert" > -#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US > "Press to enroll cert." > -#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US > "Delete Cert" > -#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US > "Press to delete cert." > - > -#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US > "Enroll Cert Using File" > - > -#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Ce= rt > GUID" > -#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US > "Input digit character in 11111111-2222-3333-4444-1234567890ab format." > -#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US > "Commit Changes and Exit" > -#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US > "Discard Changes and Exit" > - > -#string STR_CERT_TYPE_PCKS_GUID #language en-US "GU= ID for > CERT" > - > -#string STR_NULL #language en-US "" > \ No newline at end of file > +/** @file > + String definitions for Tls Authentication Configuration form. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#langdef en-US "English" > + > +#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tl= s Auth > Configuration" > +#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Pr= ess > to select Tls Auth Configuration." > + > +#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US > "Server CA Configuration" > +#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US > "Press to configure Server CA." > +#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US > "Client Cert Configuration" > +#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US > "Client cert configuration is unsupported currently." > + > +#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US > "Enroll Cert" > +#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US > "Press to enroll cert." > +#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US > "Delete Cert" > +#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US > "Press to delete cert." > + > +#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US > "Enroll Cert Using File" > + > +#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Ce= rt > GUID" > +#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US > "Input digit character in 11111111-2222-3333-4444-1234567890ab format." > +#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US > "Commit Changes and Exit" > +#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en- > US "Discard Changes and Exit" > + > +#string STR_CERT_TYPE_PCKS_GUID #language en-US "GU= ID for > CERT" > + > +#string STR_NULL #language en-US "" > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > index 5b4756f16b..81f7e7d0f4 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > @@ -1,1688 +1,1689 @@ > -/** @file > - The Miscellaneous Routines for TlsAuthConfigDxe driver. > - > -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> - > -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsAuthConfigImpl.h" > - > -VOID *mStartOpCodeHandle =3D NULL; > -VOID *mEndOpCodeHandle =3D NULL; > -EFI_IFR_GUID_LABEL *mStartLabel =3D NULL; > -EFI_IFR_GUID_LABEL *mEndLabel =3D NULL; > - > - > -CHAR16 mTlsAuthConfigStorageName[] =3D > L"TLS_AUTH_CONFIG_IFR_NVDATA"; > - > -TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData =3D NULL; > - > -HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath =3D { > - { > - { > - HARDWARE_DEVICE_PATH, > - HW_VENDOR_DP, > - { > - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), > - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) > - } > - }, > - TLS_AUTH_CONFIG_GUID > - }, > - { > - END_DEVICE_PATH_TYPE, > - END_ENTIRE_DEVICE_PATH_SUBTYPE, > - { > - (UINT8) (END_DEVICE_PATH_LENGTH), > - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) > - } > - } > -}; > - > -// > -// Possible DER-encoded certificate file suffixes, end with NULL pointer= . > -// > -CHAR16* mDerPemEncodedSuffix[] =3D { > - L".cer", > - L".der", > - L".crt", > - L".pem", > - NULL > -}; > - > -/** > - This code checks if the FileSuffix is one of the possible DER/PEM-enco= ded > certificate suffix. > - > - @param[in] FileSuffix The suffix of the input certificate f= ile > - > - @retval TRUE It's a DER/PEM-encoded certificate. > - @retval FALSE It's NOT a DER/PEM-encoded certificate. > - > -**/ > -BOOLEAN > -IsDerPemEncodeCertificate ( > - IN CONST CHAR16 *FileSuffix > -) > -{ > - UINTN Index; > - for (Index =3D 0; mDerPemEncodedSuffix[Index] !=3D NULL; Index++) { > - if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) =3D=3D 0) { > - return TRUE; > - } > - } > - return FALSE; > -} > - > -/** > - Worker function that prints an EFI_GUID into specified Buffer. > - > - @param[in] Guid Pointer to GUID to print. > - @param[in] Buffer Buffer to print Guid into. > - @param[in] BufferSize Size of Buffer. > - > - @retval Number of characters printed. > - > -**/ > -UINTN > -GuidToString ( > - IN EFI_GUID *Guid, > - IN CHAR16 *Buffer, > - IN UINTN BufferSize > - ) > -{ > - return UnicodeSPrint ( > - Buffer, > - BufferSize, > - L"%g", > - Guid > - ); > -} > - > -/** > - List all cert in specified database by GUID in the page > - for user to select and delete as needed. > - > - @param[in] PrivateData Module's private data. > - @param[in] VariableName The variable name of the vendor's > signature database. > - @param[in] VendorGuid A unique identifier for the vendor. > - @param[in] LabelNumber Label number to insert opcodes. > - @param[in] FormId Form ID of current page. > - @param[in] QuestionIdBase Base question id of the signature li= st. > - > - @retval EFI_SUCCESS Success to update the signature list= page > - @retval EFI_OUT_OF_RESOURCES Unable to allocate required resource= s. > - > -**/ > -EFI_STATUS > -UpdateDeletePage ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > - IN CHAR16 *VariableName, > - IN EFI_GUID *VendorGuid, > - IN UINT16 LabelNumber, > - IN EFI_FORM_ID FormId, > - IN EFI_QUESTION_ID QuestionIdBase > - ) > -{ > - EFI_STATUS Status; > - UINT32 Index; > - UINTN CertCount; > - UINTN GuidIndex; > - VOID *StartOpCodeHandle; > - VOID *EndOpCodeHandle; > - EFI_IFR_GUID_LABEL *StartLabel; > - EFI_IFR_GUID_LABEL *EndLabel; > - UINTN DataSize; > - UINT8 *Data; > - EFI_SIGNATURE_LIST *CertList; > - EFI_SIGNATURE_DATA *Cert; > - UINT32 ItemDataSize; > - CHAR16 *GuidStr; > - EFI_STRING_ID GuidID; > - EFI_STRING_ID Help; > - > - Data =3D NULL; > - CertList =3D NULL; > - Cert =3D NULL; > - GuidStr =3D NULL; > - StartOpCodeHandle =3D NULL; > - EndOpCodeHandle =3D NULL; > - > - // > - // Initialize the container for dynamic opcodes. > - // > - StartOpCodeHandle =3D HiiAllocateOpCodeHandle (); > - if (StartOpCodeHandle =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - EndOpCodeHandle =3D HiiAllocateOpCodeHandle (); > - if (EndOpCodeHandle =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // Create Hii Extend Label OpCode. > - // > - StartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > - StartOpCodeHandle, > - &gEfiIfrTianoGuid, > - NULL, > - sizeof (EFI_IFR_GUID_LABEL) > - ); > - StartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > - StartLabel->Number =3D LabelNumber; > - > - EndLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > - EndOpCodeHandle, > - &gEfiIfrTianoGuid, > - NULL, > - sizeof (EFI_IFR_GUID_LABEL) > - ); > - EndLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > - EndLabel->Number =3D LABEL_END; > - > - // > - // Read Variable. > - // > - DataSize =3D 0; > - Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize= , > Data); > - if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { > - goto ON_EXIT; > - } > - > - Data =3D (UINT8 *) AllocateZeroPool (DataSize); > - if (Data =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize= , > Data); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - GuidStr =3D AllocateZeroPool (100); > - if (GuidStr =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // Enumerate all data. > - // > - ItemDataSize =3D (UINT32) DataSize; > - CertList =3D (EFI_SIGNATURE_LIST *) Data; > - GuidIndex =3D 0; > - > - while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > - > - if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { > - Help =3D STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID); > - } else { > - // > - // The signature type is not supported in current implementation. > - // > - ItemDataSize -=3D CertList->SignatureListSize; > - CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList= - > >SignatureListSize); > - continue; > - } > - > - CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > - for (Index =3D 0; Index < CertCount; Index++) { > - Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList > - + sizeof (EFI_SIGNATURE_LI= ST) > - + CertList->SignatureHeade= rSize > - + Index * CertList->Signat= ureSize); > - // > - // Display GUID and help > - // > - GuidToString (&Cert->SignatureOwner, GuidStr, 100); > - GuidID =3D HiiSetString (Private->RegisteredHandle, 0, GuidStr, N= ULL); > - HiiCreateCheckBoxOpCode ( > - StartOpCodeHandle, > - (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++), > - 0, > - 0, > - GuidID, > - Help, > - EFI_IFR_FLAG_CALLBACK, > - 0, > - NULL > - ); > - } > - > - ItemDataSize -=3D CertList->SignatureListSize; > - CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > - } > - > -ON_EXIT: > - HiiUpdateForm ( > - Private->RegisteredHandle, > - &gTlsAuthConfigGuid, > - FormId, > - StartOpCodeHandle, > - EndOpCodeHandle > - ); > - > - if (StartOpCodeHandle !=3D NULL) { > - HiiFreeOpCodeHandle (StartOpCodeHandle); > - } > - > - if (EndOpCodeHandle !=3D NULL) { > - HiiFreeOpCodeHandle (EndOpCodeHandle); > - } > - > - if (Data !=3D NULL) { > - FreePool (Data); > - } > - > - if (GuidStr !=3D NULL) { > - FreePool (GuidStr); > - } > - > - return EFI_SUCCESS; > -} > - > -/** > - Delete one entry from cert database. > - > - @param[in] PrivateData Module's private data. > - @param[in] VariableName The variable name of the database. > - @param[in] VendorGuid A unique identifier for the vendor. > - @param[in] LabelNumber Label number to insert opcodes. > - @param[in] FormId Form ID of current page. > - @param[in] QuestionIdBase Base question id of the cert list. > - @param[in] DeleteIndex Cert index to delete. > - > - @retval EFI_SUCCESS Delete siganture successfully. > - @retval EFI_NOT_FOUND Can't find the signature item, > - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. > -**/ > -EFI_STATUS > -DeleteCert ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > - IN CHAR16 *VariableName, > - IN EFI_GUID *VendorGuid, > - IN UINT16 LabelNumber, > - IN EFI_FORM_ID FormId, > - IN EFI_QUESTION_ID QuestionIdBase, > - IN UINTN DeleteIndex > - ) > -{ > - EFI_STATUS Status; > - UINTN DataSize; > - UINT8 *Data; > - UINT8 *OldData; > - UINT32 Attr; > - UINT32 Index; > - EFI_SIGNATURE_LIST *CertList; > - EFI_SIGNATURE_LIST *NewCertList; > - EFI_SIGNATURE_DATA *Cert; > - UINTN CertCount; > - UINT32 Offset; > - BOOLEAN IsItemFound; > - UINT32 ItemDataSize; > - UINTN GuidIndex; > - > - Data =3D NULL; > - OldData =3D NULL; > - CertList =3D NULL; > - Cert =3D NULL; > - Attr =3D 0; > - > - // > - // Get original signature list data. > - // > - DataSize =3D 0; > - Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize= , > NULL); > - if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { > - goto ON_EXIT; > - } > - > - OldData =3D (UINT8 *) AllocateZeroPool (DataSize); > - if (OldData =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - Status =3D gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSiz= e, > OldData); > - if (EFI_ERROR(Status)) { > - goto ON_EXIT; > - } > - > - // > - // Allocate space for new variable. > - // > - Data =3D (UINT8*) AllocateZeroPool (DataSize); > - if (Data =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // Enumerate all data and erasing the target item. > - // > - IsItemFound =3D FALSE; > - ItemDataSize =3D (UINT32) DataSize; > - CertList =3D (EFI_SIGNATURE_LIST *) OldData; > - Offset =3D 0; > - GuidIndex =3D 0; > - while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > - if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { > - // > - // Copy EFI_SIGNATURE_LIST header then calculate the signature cou= nt > in this list. > - // > - CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + > CertList->SignatureHeaderSize)); > - NewCertList =3D (EFI_SIGNATURE_LIST*) (Data + Offset); > - Offset +=3D (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeade= rSize); > - Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof > (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); > - CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATUR= E_LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > - for (Index =3D 0; Index < CertCount; Index++) { > - if (GuidIndex =3D=3D DeleteIndex) { > - // > - // Find it! Skip it! > - // > - NewCertList->SignatureListSize -=3D CertList->SignatureSize; > - IsItemFound =3D TRUE; > - } else { > - // > - // This item doesn't match. Copy it to the Data buffer. > - // > - CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSiz= e); > - Offset +=3D CertList->SignatureSize; > - } > - GuidIndex++; > - Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList- > >SignatureSize); > - } > - } else { > - // > - // This List doesn't match. Just copy it to the Data buffer. > - // > - CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureLis= tSize); > - Offset +=3D CertList->SignatureListSize; > - } > - > - ItemDataSize -=3D CertList->SignatureListSize; > - CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > - } > - > - if (!IsItemFound) { > - // > - // Doesn't find the signature Item! > - // > - Status =3D EFI_NOT_FOUND; > - goto ON_EXIT; > - } > - > - // > - // Delete the EFI_SIGNATURE_LIST header if there is no signature in th= e list. > - // > - ItemDataSize =3D Offset; > - CertList =3D (EFI_SIGNATURE_LIST *) Data; > - Offset =3D 0; > - ZeroMem (OldData, ItemDataSize); > - while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > - CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > - DEBUG ((DEBUG_INFO, " CertCount =3D %x\n", CertCount)); > - if (CertCount !=3D 0) { > - CopyMem (OldData + Offset, (UINT8*)(CertList), CertList- > >SignatureListSize); > - Offset +=3D CertList->SignatureListSize; > - } > - ItemDataSize -=3D CertList->SignatureListSize; > - CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > - } > - > - DataSize =3D Offset; > - > - Status =3D gRT->SetVariable( > - VariableName, > - VendorGuid, > - Attr, > - DataSize, > - OldData > - ); > - if (EFI_ERROR (Status)) { > - DEBUG ((DEBUG_ERROR, "Failed to set variable, Status =3D %r\n", Stat= us)); > - goto ON_EXIT; > - } > - > -ON_EXIT: > - if (Data !=3D NULL) { > - FreePool(Data); > - } > - > - if (OldData !=3D NULL) { > - FreePool(OldData); > - } > - > - return UpdateDeletePage ( > - Private, > - VariableName, > - VendorGuid, > - LabelNumber, > - FormId, > - QuestionIdBase > - ); > -} > - > - > -/** > - Close an open file handle. > - > - @param[in] FileHandle The file handle to close. > - > -**/ > -VOID > -CloseFile ( > - IN EFI_FILE_HANDLE FileHandle > - ) > -{ > - if (FileHandle !=3D NULL) { > - FileHandle->Close (FileHandle); > - } > -} > - > -/** > - Read file content into BufferPtr, the size of the allocate buffer > - is *FileSize plus AddtionAllocateSize. > - > - @param[in] FileHandle The file to be read. > - @param[in, out] BufferPtr Pointers to the pointer of allo= cated buffer. > - @param[out] FileSize Size of input file > - @param[in] AddtionAllocateSize Addtion size the buffer need to= be > allocated. > - In case the buffer need to cont= ain others besides the > file content. > - > - @retval EFI_SUCCESS The file was read into the buff= er. > - @retval EFI_INVALID_PARAMETER A parameter was invalid. > - @retval EFI_OUT_OF_RESOURCES A memory allocation failed. > - @retval others Unexpected error. > - > -**/ > -EFI_STATUS > -ReadFileContent ( > - IN EFI_FILE_HANDLE FileHandle, > - IN OUT VOID **BufferPtr, > - OUT UINTN *FileSize, > - IN UINTN AddtionAllocateSize > - ) > - > -{ > - UINTN BufferSize; > - UINT64 SourceFileSize; > - VOID *Buffer; > - EFI_STATUS Status; > - > - if ((FileHandle =3D=3D NULL) || (FileSize =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - Buffer =3D NULL; > - > - // > - // Get the file size > - // > - Status =3D FileHandle->SetPosition (FileHandle, (UINT64) -1); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - Status =3D FileHandle->GetPosition (FileHandle, &SourceFileSize); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - Status =3D FileHandle->SetPosition (FileHandle, 0); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - BufferSize =3D (UINTN) SourceFileSize + AddtionAllocateSize; > - Buffer =3D AllocateZeroPool(BufferSize); > - if (Buffer =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - BufferSize =3D (UINTN) SourceFileSize; > - *FileSize =3D BufferSize; > - > - Status =3D FileHandle->Read (FileHandle, &BufferSize, Buffer); > - if (EFI_ERROR (Status) || BufferSize !=3D *FileSize) { > - FreePool (Buffer); > - Buffer =3D NULL; > - Status =3D EFI_BAD_BUFFER_SIZE; > - goto ON_EXIT; > - } > - > -ON_EXIT: > - > - *BufferPtr =3D Buffer; > - return Status; > -} > - > -/** > - This function will open a file or directory referenced by DevicePath. > - > - This function opens a file with the open mode according to the file pa= th. > The > - Attributes is valid only for EFI_FILE_MODE_CREATE. > - > - @param[in, out] FilePath On input, the device path to the file= . > - On output, the remaining device path. > - @param[out] FileHandle Pointer to the file handle. > - @param[in] OpenMode The mode to open the file with. > - @param[in] Attributes The file's file attributes. > - > - @retval EFI_SUCCESS The information was set. > - @retval EFI_INVALID_PARAMETER One of the parameters has an invalid > value. > - @retval EFI_UNSUPPORTED Could not open the file path. > - @retval EFI_NOT_FOUND The specified file could not be found= on the > - device or the file system could not b= e found on > - the device. > - @retval EFI_NO_MEDIA The device has no medium. > - @retval EFI_MEDIA_CHANGED The device has a different medium in = it > or the > - medium is no longer supported. > - @retval EFI_DEVICE_ERROR The device reported an error. > - @retval EFI_VOLUME_CORRUPTED The file system structures are > corrupted. > - @retval EFI_WRITE_PROTECTED The file or medium is write protected= . > - @retval EFI_ACCESS_DENIED The file was opened read only. > - @retval EFI_OUT_OF_RESOURCES Not enough resources were available > to open the > - file. > - @retval EFI_VOLUME_FULL The volume is full. > -**/ > -EFI_STATUS > -EFIAPI > -OpenFileByDevicePath ( > - IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath, > - OUT EFI_FILE_HANDLE *FileHandle, > - IN UINT64 OpenMode, > - IN UINT64 Attributes > - ) > -{ > - EFI_STATUS Status; > - EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol; > - EFI_FILE_PROTOCOL *Handle1; > - EFI_FILE_PROTOCOL *Handle2; > - EFI_HANDLE DeviceHandle; > - > - if ((FilePath =3D=3D NULL || FileHandle =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - Status =3D gBS->LocateDevicePath ( > - &gEfiSimpleFileSystemProtocolGuid, > - FilePath, > - &DeviceHandle > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - Status =3D gBS->OpenProtocol( > - DeviceHandle, > - &gEfiSimpleFileSystemProtocolGuid, > - (VOID**)&EfiSimpleFileSystemProtocol, > - gImageHandle, > - NULL, > - EFI_OPEN_PROTOCOL_GET_PROTOCOL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - Status =3D EfiSimpleFileSystemProtocol- > >OpenVolume(EfiSimpleFileSystemProtocol, &Handle1); > - if (EFI_ERROR (Status)) { > - FileHandle =3D NULL; > - return Status; > - } > - > - // > - // go down directories one node at a time. > - // > - while (!IsDevicePathEnd (*FilePath)) { > - // > - // For file system access each node should be a file path component > - // > - if (DevicePathType (*FilePath) !=3D MEDIA_DEVICE_PATH || > - DevicePathSubType (*FilePath) !=3D MEDIA_FILEPATH_DP > - ) { > - FileHandle =3D NULL; > - return (EFI_INVALID_PARAMETER); > - } > - // > - // Open this file path node > - // > - Handle2 =3D Handle1; > - Handle1 =3D NULL; > - > - // > - // Try to test opening an existing file > - // > - Status =3D Handle2->Open ( > - Handle2, > - &Handle1, > - ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > - OpenMode &~EFI_FILE_MODE_CREATE, > - 0 > - ); > - > - // > - // see if the error was that it needs to be created > - // > - if ((EFI_ERROR (Status)) && (OpenMode !=3D (OpenMode > &~EFI_FILE_MODE_CREATE))) { > - Status =3D Handle2->Open ( > - Handle2, > - &Handle1, > - ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > - OpenMode, > - Attributes > - ); > - } > - // > - // Close the last node > - // > - Handle2->Close (Handle2); > - > - if (EFI_ERROR(Status)) { > - return (Status); > - } > - > - // > - // Get the next node > - // > - *FilePath =3D NextDevicePathNode (*FilePath); > - } > - > - // > - // This is a weak spot since if the undefined SHELL_FILE_HANDLE format > changes this must change also! > - // > - *FileHandle =3D (VOID*)Handle1; > - return EFI_SUCCESS; > -} > - > -/** > - This function converts an input device structure to a Unicode string. > - > - @param[in] DevPath A pointer to the device path struc= ture. > - > - @return A new allocated Unicode string that represents the device path= . > - > -**/ > -CHAR16 * > -EFIAPI > -DevicePathToStr ( > - IN EFI_DEVICE_PATH_PROTOCOL *DevPath > - ) > -{ > - return ConvertDevicePathToText ( > - DevPath, > - FALSE, > - TRUE > - ); > -} > - > - > -/** > - Extract filename from device path. The returned buffer is allocated us= ing > AllocateCopyPool. > - The caller is responsible for freeing the allocated buffer using FreeP= ool(). If > return NULL > - means not enough memory resource. > - > - @param DevicePath Device path. > - > - @retval NULL Not enough memory resourece for AllocateCopyPo= ol. > - @retval Other A new allocated string that represents the fil= e name. > - > -**/ > -CHAR16 * > -ExtractFileNameFromDevicePath ( > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - CHAR16 *String; > - CHAR16 *MatchString; > - CHAR16 *LastMatch; > - CHAR16 *FileName; > - UINTN Length; > - > - ASSERT(DevicePath !=3D NULL); > - > - String =3D DevicePathToStr(DevicePath); > - MatchString =3D String; > - LastMatch =3D String; > - FileName =3D NULL; > - > - while(MatchString !=3D NULL){ > - LastMatch =3D MatchString + 1; > - MatchString =3D StrStr(LastMatch,L"\\"); > - } > - > - Length =3D StrLen(LastMatch); > - FileName =3D AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatc= h); > - if (FileName !=3D NULL) { > - *(FileName + Length) =3D 0; > - } > - > - FreePool(String); > - > - return FileName; > -} > - > -/** > - Enroll a new X509 certificate into Variable. > - > - @param[in] PrivateData The module's private data. > - @param[in] VariableName Variable name of CA database. > - > - @retval EFI_SUCCESS New X509 is enrolled successfully. > - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. > - > -**/ > -EFI_STATUS > -EnrollX509toVariable ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > - IN CHAR16 *VariableName > - ) > -{ > - EFI_STATUS Status; > - UINTN X509DataSize; > - VOID *X509Data; > - EFI_SIGNATURE_LIST *CACert; > - EFI_SIGNATURE_DATA *CACertData; > - VOID *Data; > - UINTN DataSize; > - UINTN SigDataSize; > - UINT32 Attr; > - > - X509DataSize =3D 0; > - SigDataSize =3D 0; > - DataSize =3D 0; > - X509Data =3D NULL; > - CACert =3D NULL; > - CACertData =3D NULL; > - Data =3D NULL; > - > - Status =3D ReadFileContent ( > - Private->FileContext->FHandle, > - &X509Data, > - &X509DataSize, > - 0 > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - ASSERT (X509Data !=3D NULL); > - > - SigDataSize =3D sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA= ) > - 1 + X509DataSize; > - > - Data =3D AllocateZeroPool (SigDataSize); > - if (Data =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - // > - // Fill Certificate Database parameters. > - // > - CACert =3D (EFI_SIGNATURE_LIST*) Data; > - CACert->SignatureListSize =3D (UINT32) SigDataSize; > - CACert->SignatureHeaderSize =3D 0; > - CACert->SignatureSize =3D (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + > X509DataSize); > - CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid); > - > - CACertData =3D (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof > (EFI_SIGNATURE_LIST)); > - CopyGuid (&CACertData->SignatureOwner, Private->CertGuid); > - CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, > X509DataSize); > - > - // > - // Check if signature database entry has been already existed. > - // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the > - // new signature data to original variable > - // > - Attr =3D TLS_AUTH_CONFIG_VAR_BASE_ATTR; > - > - Status =3D gRT->GetVariable( > - VariableName, > - &gEfiTlsCaCertificateGuid, > - NULL, > - &DataSize, > - NULL > - ); > - if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > - Attr |=3D EFI_VARIABLE_APPEND_WRITE; > - } else if (Status !=3D EFI_NOT_FOUND) { > - goto ON_EXIT; > - } > - > - Status =3D gRT->SetVariable( > - VariableName, > - &gEfiTlsCaCertificateGuid, > - Attr, > - SigDataSize, > - Data > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > -ON_EXIT: > - > - CloseFile (Private->FileContext->FHandle); > - if (Private->FileContext->FileName !=3D NULL) { > - FreePool(Private->FileContext->FileName); > - Private->FileContext->FileName =3D NULL; > - } > - > - Private->FileContext->FHandle =3D NULL; > - > - if (Private->CertGuid !=3D NULL) { > - FreePool (Private->CertGuid); > - Private->CertGuid =3D NULL; > - } > - > - if (Data !=3D NULL) { > - FreePool (Data); > - } > - > - if (X509Data !=3D NULL) { > - FreePool (X509Data); > - } > - > - return Status; > -} > - > -/** > - Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid. > - > - @param[in] PrivateData The module's private data. > - @param[in] VariableName Variable name of signature database. > - > - @retval EFI_SUCCESS New Cert enrolled successfully. > - @retval EFI_INVALID_PARAMETER The parameter is invalid. > - @retval EFI_UNSUPPORTED The Cert file is unsupported type. > - @retval others Fail to enroll Cert data. > - > -**/ > -EFI_STATUS > -EnrollCertDatabase ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > - IN CHAR16 *VariableName > - ) > -{ > - UINT16* FilePostFix; > - UINTN NameLength; > - > - if ((Private->FileContext->FileName =3D=3D NULL) || (Private->FileCont= ext- > >FHandle =3D=3D NULL) || (Private->CertGuid =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - // > - // Parse the file's postfix. > - // > - NameLength =3D StrLen (Private->FileContext->FileName); > - if (NameLength <=3D 4) { > - return EFI_INVALID_PARAMETER; > - } > - FilePostFix =3D Private->FileContext->FileName + NameLength - 4; > - > - if (IsDerPemEncodeCertificate (FilePostFix)) { > - // > - // Supports DER-encoded X509 certificate. > - // > - return EnrollX509toVariable (Private, VariableName); > - } > - > - return EFI_UNSUPPORTED; > -} > - > -/** > - Refresh the global UpdateData structure. > - > -**/ > -VOID > -RefreshUpdateData ( > - VOID > - ) > -{ > - // > - // Free current updated date > - // > - if (mStartOpCodeHandle !=3D NULL) { > - HiiFreeOpCodeHandle (mStartOpCodeHandle); > - } > - > - // > - // Create new OpCode Handle > - // > - mStartOpCodeHandle =3D HiiAllocateOpCodeHandle (); > - > - // > - // Create Hii Extend Label OpCode as the start opcode > - // > - mStartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > - mStartOpCodeHandle, > - &gEfiIfrTianoGuid, > - NULL, > - sizeof (EFI_IFR_GUID_LABEL) > - ); > - mStartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > -} > - > -/** > - Clean up the dynamic opcode at label and form specified by both LabelI= d. > - > - @param[in] LabelId It is both the Form ID and Label ID for opc= ode > deletion. > - @param[in] PrivateData Module private data. > - > -**/ > -VOID > -CleanUpPage ( > - IN UINT16 LabelId, > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData > - ) > -{ > - RefreshUpdateData (); > - > - // > - // Remove all op-codes from dynamic page > - // > - mStartLabel->Number =3D LabelId; > - HiiUpdateForm ( > - PrivateData->RegisteredHandle, > - &gTlsAuthConfigGuid, > - LabelId, > - mStartOpCodeHandle, // Label LabelId > - mEndOpCodeHandle // LABEL_END > - ); > -} > - > -/** > - Update the form base on the selected file. > - > - @param FilePath Point to the file path. > - @param FormId The form need to display. > - > - @retval TRUE Exit caller function. > - @retval FALSE Not exit caller function. > - > -**/ > -BOOLEAN > -UpdatePage( > - IN EFI_DEVICE_PATH_PROTOCOL *FilePath, > - IN EFI_FORM_ID FormId > - ) > -{ > - CHAR16 *FileName; > - EFI_STRING_ID StringToken; > - > - FileName =3D NULL; > - > - if (FilePath !=3D NULL) { > - FileName =3D ExtractFileNameFromDevicePath(FilePath); > - } > - if (FileName =3D=3D NULL) { > - // > - // FileName =3D NULL has two case: > - // 1. FilePath =3D=3D NULL, not select file. > - // 2. FilePath !=3D NULL, but ExtractFileNameFromDevicePath return N= ULL > not enough memory resource. > - // In these two case, no need to update the form, and exit the calle= r > function. > - // > - return TRUE; > - } > - StringToken =3D HiiSetString (mTlsAuthPrivateData->RegisteredHandle, = 0, > FileName, NULL); > - > - mTlsAuthPrivateData->FileContext->FileName =3D FileName; > - > - OpenFileByDevicePath ( > - &FilePath, > - &mTlsAuthPrivateData->FileContext->FHandle, > - EFI_FILE_MODE_READ, > - 0 > - ); > - // > - // Create Subtitle op-code for the display string of the option. > - // > - RefreshUpdateData (); > - mStartLabel->Number =3D FormId; > - > - HiiCreateSubTitleOpCode ( > - mStartOpCodeHandle, > - StringToken, > - 0, > - 0, > - 0 > - ); > - > - HiiUpdateForm ( > - mTlsAuthPrivateData->RegisteredHandle, > - &gTlsAuthConfigGuid, > - FormId, > - mStartOpCodeHandle, /// Label FormId > - mEndOpCodeHandle /// LABEL_END > - ); > - > - return TRUE; > -} > - > -/** > - Update the form base on the input file path info. > - > - @param FilePath Point to the file path. > - > - @retval TRUE Exit caller function. > - @retval FALSE Not exit caller function. > -**/ > -BOOLEAN > -EFIAPI > -UpdateCAFromFile ( > - IN EFI_DEVICE_PATH_PROTOCOL *FilePath > - ) > -{ > - return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM); > -} > - > -/** > - Unload the configuration form, this includes: delete all the configura= tion > - entries, uninstall the form callback protocol, and free the resources = used. > - > - @param[in] Private Pointer to the driver private data. > - > - @retval EFI_SUCCESS The configuration form is unloaded. > - @retval Others Failed to unload the form. > - > -**/ > -EFI_STATUS > -TlsAuthConfigFormUnload ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > - ) > -{ > - if (Private->DriverHandle !=3D NULL) { > - // > - // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL > - // > - gBS->UninstallMultipleProtocolInterfaces ( > - Private->DriverHandle, > - &gEfiDevicePathProtocolGuid, > - &mTlsAuthConfigHiiVendorDevicePath, > - &gEfiHiiConfigAccessProtocolGuid, > - &Private->ConfigAccess, > - NULL > - ); > - Private->DriverHandle =3D NULL; > - } > - > - if (Private->RegisteredHandle !=3D NULL) { > - // > - // Remove HII package list > - // > - HiiRemovePackages (Private->RegisteredHandle); > - Private->RegisteredHandle =3D NULL; > - } > - > - if (Private->CertGuid !=3D NULL) { > - FreePool (Private->CertGuid); > - } > - > - if (Private->FileContext !=3D NULL) { > - FreePool (Private->FileContext); > - } > - > - FreePool (Private); > - > - if (mStartOpCodeHandle !=3D NULL) { > - HiiFreeOpCodeHandle (mStartOpCodeHandle); > - } > - > - if (mEndOpCodeHandle !=3D NULL) { > - HiiFreeOpCodeHandle (mEndOpCodeHandle); > - } > - > - return EFI_SUCCESS; > -} > - > - > -/** > - Initialize the configuration form. > - > - @param[in] Private Pointer to the driver private data. > - > - @retval EFI_SUCCESS The configuration form is initialized. > - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. > - > -**/ > -EFI_STATUS > -TlsAuthConfigFormInit ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > - ) > -{ > - EFI_STATUS Status; > - > - Private->Signature =3D TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE; > - > - Private->ConfigAccess.ExtractConfig =3D TlsAuthConfigAccessExtractConf= ig; > - Private->ConfigAccess.RouteConfig =3D TlsAuthConfigAccessRouteConfig= ; > - Private->ConfigAccess.Callback =3D TlsAuthConfigAccessCallback; > - > - // > - // Install Device Path Protocol and Config Access protocol to driver h= andle. > - // > - Status =3D gBS->InstallMultipleProtocolInterfaces ( > - &Private->DriverHandle, > - &gEfiDevicePathProtocolGuid, > - &mTlsAuthConfigHiiVendorDevicePath, > - &gEfiHiiConfigAccessProtocolGuid, > - &Private->ConfigAccess, > - NULL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - // > - // Publish our HII data. > - // > - Private->RegisteredHandle =3D HiiAddPackages ( > - &gTlsAuthConfigGuid, > - Private->DriverHandle, > - TlsAuthConfigDxeStrings, > - TlsAuthConfigVfrBin, > - NULL > - ); > - if (Private->RegisteredHandle =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto Error; > - } > - > - Private->FileContext =3D AllocateZeroPool (sizeof > (TLS_AUTH_CONFIG_FILE_CONTEXT)); > - if (Private->FileContext =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto Error; > - } > - > - // > - // Init OpCode Handle and Allocate space for creation of Buffer > - // > - mStartOpCodeHandle =3D HiiAllocateOpCodeHandle (); > - if (mStartOpCodeHandle =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto Error; > - } > - > - mEndOpCodeHandle =3D HiiAllocateOpCodeHandle (); > - if (mEndOpCodeHandle =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto Error; > - } > - > - // > - // Create Hii Extend Label OpCode as the start opcode > - // > - mStartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > - mStartOpCodeHandle, > - &gEfiIfrTianoGuid, > - NULL, > - sizeof (EFI_IFR_GUID_LABEL) > - ); > - mStartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > - > - // > - // Create Hii Extend Label OpCode as the end opcode > - // > - mEndLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > - mEndOpCodeHandle, > - &gEfiIfrTianoGuid, > - NULL, > - sizeof (EFI_IFR_GUID_LABEL) > - ); > - mEndLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > - mEndLabel->Number =3D LABEL_END; > - > - return EFI_SUCCESS; > - > -Error: > - TlsAuthConfigFormUnload (Private); > - return Status; > -} > - > -/** > - > - This function allows the caller to request the current > - configuration for one or more named elements. The resulting > - string is in format. Any and all alternative > - configuration strings shall also be appended to the end of the > - current configuration string. If they are, they must appear > - after the current configuration. They must contain the same > - routing (GUID, NAME, PATH) as the current configuration string. > - They must have an additional description indicating the type of > - alternative configuration the string represents, > - "ALTCFG=3D". That (when > - converted from Hex UNICODE to binary) is a reference to a > - string in the associated string pack. > - > - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > - > - @param Request A null-terminated Unicode string in > - format. Note that this > - includes the routing information as well as > - the configurable name / value pairs. It is > - invalid for this string to be in > - format. > - If a NULL is passed in for the Request field, > - all of the settings being abstracted by this functio= n > - will be returned in the Results field. In addition, > - if a ConfigHdr is passed in with no request elements= , > - all of the settings being abstracted for that partic= ular > - ConfigHdr reference will be returned in the Results = Field. > - > - @param Progress On return, points to a character in the > - Request string. Points to the string's null > - terminator if request was successful. Points > - to the most recent "&" before the first > - failing name / value pair (or the beginning > - of the string if the failure is in the first > - name / value pair) if the request was not > - successful. > - > - @param Results A null-terminated Unicode string in > - format which has all values > - filled in for the names in the Request string. > - String to be allocated by the called function. > - > - @retval EFI_SUCCESS The Results string is filled with the > - values corresponding to all requested > - names. > - > - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > - parts of the results that must be > - stored awaiting possible future > - protocols. > - > - @retval EFI_NOT_FOUND Routing data doesn't match any > - known driver. Progress set to the > - first character in the routing header. > - Note: There is no requirement that the > - driver validate the routing data. It > - must skip the in order to > - process the names. > - > - @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set > - to most recent "&" before the > - error or the beginning of the > - string. > - > - @retval EFI_INVALID_PARAMETER Unknown name. Progress points > - to the & before the name in > - question. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigAccessExtractConfig ( > - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > - IN CONST EFI_STRING Request, > - OUT EFI_STRING *Progress, > - OUT EFI_STRING *Results > - ) > -{ > - EFI_STATUS Status; > - UINTN BufferSize; > - UINTN Size; > - EFI_STRING ConfigRequest; > - EFI_STRING ConfigRequestHdr; > - TLS_AUTH_CONFIG_PRIVATE_DATA *Private; > - BOOLEAN AllocatedRequest; > - > - if (Progress =3D=3D NULL || Results =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - > - AllocatedRequest =3D FALSE; > - ConfigRequestHdr =3D NULL; > - ConfigRequest =3D NULL; > - Size =3D 0; > - > - Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); > - > - BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > - ZeroMem (&Private->TlsAuthConfigNvData, BufferSize); > - > - *Progress =3D Request; > - > - if ((Request !=3D NULL) && !HiiIsConfigHdrMatch (Request, > &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) { > - return EFI_NOT_FOUND; > - } > - > - ConfigRequest =3D Request; > - if ((Request =3D=3D NULL) || (StrStr (Request, L"OFFSET") =3D=3D NULL)= ) { > - // > - // Request is set to NULL or OFFSET is NULL, construct full request = string. > - // > - // Allocate and fill a buffer large enough to hold the t= emplate > - // followed by "&OFFSET=3D0&WIDTH=3DWWWWWWWWWWWWWWWW" > followed by a Null-terminator > - // > - ConfigRequestHdr =3D HiiConstructConfigHdr (&gTlsAuthConfigGuid, > mTlsAuthConfigStorageName, Private->DriverHandle); > - Size =3D (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); > - ConfigRequest =3D AllocateZeroPool (Size); > - ASSERT (ConfigRequest !=3D NULL); > - AllocatedRequest =3D TRUE; > - UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=3D0&WIDTH=3D%016LX", > ConfigRequestHdr, (UINT64)BufferSize); > - FreePool (ConfigRequestHdr); > - ConfigRequestHdr =3D NULL; > - } > - > - Status =3D gHiiConfigRouting->BlockToConfig ( > - gHiiConfigRouting, > - ConfigRequest, > - (UINT8 *) &Private->TlsAuthConfigNvData, > - BufferSize, > - Results, > - Progress > - ); > - > - // > - // Free the allocated config request string. > - // > - if (AllocatedRequest) { > - FreePool (ConfigRequest); > - } > - > - // > - // Set Progress string to the original request string. > - // > - if (Request =3D=3D NULL) { > - *Progress =3D NULL; > - } else if (StrStr (Request, L"OFFSET") =3D=3D NULL) { > - *Progress =3D Request + StrLen (Request); > - } > - > - return Status; > -} > - > -/** > - > - This function applies changes in a driver's configuration. > - Input is a Configuration, which has the routing data for this > - driver followed by name / value configuration pairs. The driver > - must apply those pairs to its configurable storage. If the > - driver's configuration is stored in a linear block of data > - and the driver's name / value pairs are in > - format, it may use the ConfigToBlock helper function (above) to > - simplify the job. > - > - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > - > - @param Configuration A null-terminated Unicode string in > - format. > - > - @param Progress A pointer to a string filled in with the > - offset of the most recent '&' before the > - first failing name / value pair (or the > - beginn ing of the string if the failure > - is in the first name / value pair) or > - the terminating NULL if all was > - successful. > - > - @retval EFI_SUCCESS The results have been distributed or a= re > - awaiting distribution. > - > - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > - parts of the results that must be > - stored awaiting possible future > - protocols. > - > - @retval EFI_INVALID_PARAMETERS Passing in a NULL for the > - Results parameter would result > - in this type of error. > - > - @retval EFI_NOT_FOUND Target for the specified routing data > - was not found > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigAccessRouteConfig ( > - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > - IN CONST EFI_STRING Configuration, > - OUT EFI_STRING *Progress > - ) > -{ > - EFI_STATUS Status; > - UINTN BufferSize; > - TLS_AUTH_CONFIG_PRIVATE_DATA *Private; > - > - if (Progress =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - *Progress =3D Configuration; > - > - if (Configuration =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - > - // > - // Check routing data in . > - // Note: there is no name for Name/Value storage, only GUID will be > checked > - // > - if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, > mTlsAuthConfigStorageName)) { > - return EFI_NOT_FOUND; > - } > - > - Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); > - > - BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > - ZeroMem (&Private->TlsAuthConfigNvData, BufferSize); > - > - Status =3D gHiiConfigRouting->ConfigToBlock ( > - gHiiConfigRouting, > - Configuration, > - (UINT8 *) &Private->TlsAuthConfigNvData, > - &BufferSize, > - Progress > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - return Status; > -} > - > -/** > - > - This function is called to provide results data to the driver. > - This data consists of a unique key that is used to identify > - which data is either being passed back or being asked for. > - > - @param This Points to the EFI_HII_CONFIG_ACCESS_PRO= TOCOL. > - @param Action Specifies the type of action taken by t= he browser. > - @param QuestionId A unique value which is sent to the ori= ginal > - exporting driver so that it can identif= y the type > - of data to expect. The format of the da= ta tends to > - vary based on the opcode that generated= the callback. > - @param Type The type of value for the question. > - @param Value A pointer to the data being sent to the= original > - exporting driver. > - @param ActionRequest On return, points to the action request= ed by > the > - callback function. > - > - @retval EFI_SUCCESS The callback successfully handled the a= ction. > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the > - variable and its data. > - @retval EFI_DEVICE_ERROR The variable could not be saved. > - @retval EFI_UNSUPPORTED The specified Action is not supported b= y > the > - callback. > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigAccessCallback ( > - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > - IN EFI_BROWSER_ACTION Action, > - IN EFI_QUESTION_ID QuestionId, > - IN UINT8 Type, > - IN OUT EFI_IFR_TYPE_VALUE *Value, > - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest > - ) > -{ > - EFI_INPUT_KEY Key; > - EFI_STATUS Status; > - RETURN_STATUS RStatus; > - TLS_AUTH_CONFIG_PRIVATE_DATA *Private; > - UINTN BufferSize; > - TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData; > - UINT16 LabelId; > - EFI_DEVICE_PATH_PROTOCOL *File; > - > - Status =3D EFI_SUCCESS; > - File =3D NULL; > - > - if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionRequest =3D=3D= NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); > - > - mTlsAuthPrivateData =3D Private; > - > - // > - // Retrieve uncommitted data from Browser > - // > - BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > - IfrNvData =3D AllocateZeroPool (BufferSize); > - if (IfrNvData =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, > BufferSize, (UINT8 *) IfrNvData); > - > - if ((Action !=3D EFI_BROWSER_ACTION_CHANGED) && > - (Action !=3D EFI_BROWSER_ACTION_CHANGING)) { > - Status =3D EFI_UNSUPPORTED; > - goto EXIT; > - } > - > - if (Action =3D=3D EFI_BROWSER_ACTION_CHANGING) { > - switch (QuestionId) { > - case KEY_TLS_AUTH_CONFIG_CLIENT_CERT: > - case KEY_TLS_AUTH_CONFIG_SERVER_CA: > - // > - // Clear Cert GUID. > - // > - ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid)); > - if (Private->CertGuid =3D=3D NULL) { > - Private->CertGuid =3D (EFI_GUID *) AllocateZeroPool (sizeof (EFI= _GUID)); > - if (Private->CertGuid =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - } > - if (QuestionId =3D=3D KEY_TLS_AUTH_CONFIG_CLIENT_CERT) { > - LabelId =3D TLS_AUTH_CONFIG_FORMID3_FORM; > - } else { > - LabelId =3D TLS_AUTH_CONFIG_FORMID4_FORM; > - } > - > - // > - // Refresh selected file. > - // > - CleanUpPage (LabelId, Private); > - break; > - case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE: > - ChooseFile( NULL, NULL, UpdateCAFromFile, &File); > - break; > - > - case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT: > - Status =3D EnrollCertDatabase (Private, > EFI_TLS_CA_CERTIFICATE_VARIABLE); > - if (EFI_ERROR (Status)) { > - CreatePopUp ( > - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, > - &Key, > - L"ERROR: Enroll Cert Failure!", > - NULL > - ); > - } > - break; > - > - case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT: > - if (Private->FileContext->FHandle !=3D NULL) { > - CloseFile (Private->FileContext->FHandle); > - Private->FileContext->FHandle =3D NULL; > - if (Private->FileContext->FileName!=3D NULL){ > - FreePool(Private->FileContext->FileName); > - Private->FileContext->FileName =3D NULL; > - } > - } > - > - if (Private->CertGuid!=3D NULL) { > - FreePool (Private->CertGuid); > - Private->CertGuid =3D NULL; > - } > - break; > - > - case KEY_TLS_AUTH_CONFIG_DELETE_CERT: > - UpdateDeletePage ( > - Private, > - EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &gEfiTlsCaCertificateGuid, > - LABEL_CA_DELETE, > - TLS_AUTH_CONFIG_FORMID5_FORM, > - OPTION_DEL_CA_ESTION_ID > - ); > - break; > - > - default: > - if ((QuestionId >=3D OPTION_DEL_CA_ESTION_ID) && > - (QuestionId < (OPTION_DEL_CA_ESTION_ID + > OPTION_CONFIG_RANGE))) { > - DeleteCert ( > - Private, > - EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &gEfiTlsCaCertificateGuid, > - LABEL_CA_DELETE, > - TLS_AUTH_CONFIG_FORMID5_FORM, > - OPTION_DEL_CA_ESTION_ID, > - QuestionId - OPTION_DEL_CA_ESTION_ID > - ); > - } > - break; > - } > - } else if (Action =3D=3D EFI_BROWSER_ACTION_CHANGED) { > - switch (QuestionId) { > - case KEY_TLS_AUTH_CONFIG_CERT_GUID: > - ASSERT (Private->CertGuid !=3D NULL); > - RStatus =3D StrToGuid ( > - IfrNvData->CertGuid, > - Private->CertGuid > - ); > - if (RETURN_ERROR (RStatus) || (IfrNvData- > >CertGuid[GUID_STRING_LENGTH] !=3D L'\0')) { > - Status =3D EFI_INVALID_PARAMETER; > - break; > - } > - > - *ActionRequest =3D EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; > - break; > - default: > - break; > - } > - } > - > -EXIT: > - > - if (!EFI_ERROR (Status)) { > - BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > - HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, > BufferSize, (UINT8*) IfrNvData, NULL); > - } > - > - FreePool (IfrNvData); > - > - if (File !=3D NULL){ > - FreePool(File); > - File =3D NULL; > - } > - > - return EFI_SUCCESS; > - > -} > +/** @file > + The Miscellaneous Routines for TlsAuthConfigDxe driver. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> + > +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsAuthConfigImpl.h" > + > +VOID *mStartOpCodeHandle =3D NULL; > +VOID *mEndOpCodeHandle =3D NULL; > +EFI_IFR_GUID_LABEL *mStartLabel =3D NULL; > +EFI_IFR_GUID_LABEL *mEndLabel =3D NULL; > + > + > +CHAR16 mTlsAuthConfigStorageName[] =3D > L"TLS_AUTH_CONFIG_IFR_NVDATA"; > + > +TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData =3D NULL; > + > +HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath =3D { > + { > + { > + HARDWARE_DEVICE_PATH, > + HW_VENDOR_DP, > + { > + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), > + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) > + } > + }, > + TLS_AUTH_CONFIG_GUID > + }, > + { > + END_DEVICE_PATH_TYPE, > + END_ENTIRE_DEVICE_PATH_SUBTYPE, > + { > + (UINT8) (END_DEVICE_PATH_LENGTH), > + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) > + } > + } > +}; > + > +// > +// Possible DER-encoded certificate file suffixes, end with NULL pointer= . > +// > +CHAR16* mDerPemEncodedSuffix[] =3D { > + L".cer", > + L".der", > + L".crt", > + L".pem", > + NULL > +}; > + > +/** > + This code checks if the FileSuffix is one of the possible DER/PEM-enco= ded > certificate suffix. > + > + @param[in] FileSuffix The suffix of the input certificate f= ile > + > + @retval TRUE It's a DER/PEM-encoded certificate. > + @retval FALSE It's NOT a DER/PEM-encoded certificate. > + > +**/ > +BOOLEAN > +IsDerPemEncodeCertificate ( > + IN CONST CHAR16 *FileSuffix > +) > +{ > + UINTN Index; > + for (Index =3D 0; mDerPemEncodedSuffix[Index] !=3D NULL; Index++) { > + if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) =3D=3D 0) { > + return TRUE; > + } > + } > + return FALSE; > +} > + > +/** > + Worker function that prints an EFI_GUID into specified Buffer. > + > + @param[in] Guid Pointer to GUID to print. > + @param[in] Buffer Buffer to print Guid into. > + @param[in] BufferSize Size of Buffer. > + > + @retval Number of characters printed. > + > +**/ > +UINTN > +GuidToString ( > + IN EFI_GUID *Guid, > + IN CHAR16 *Buffer, > + IN UINTN BufferSize > + ) > +{ > + return UnicodeSPrint ( > + Buffer, > + BufferSize, > + L"%g", > + Guid > + ); > +} > + > +/** > + List all cert in specified database by GUID in the page > + for user to select and delete as needed. > + > + @param[in] PrivateData Module's private data. > + @param[in] VariableName The variable name of the vendor's > signature database. > + @param[in] VendorGuid A unique identifier for the vendor. > + @param[in] LabelNumber Label number to insert opcodes. > + @param[in] FormId Form ID of current page. > + @param[in] QuestionIdBase Base question id of the signature li= st. > + > + @retval EFI_SUCCESS Success to update the signature list= page > + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resource= s. > + > +**/ > +EFI_STATUS > +UpdateDeletePage ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > + IN CHAR16 *VariableName, > + IN EFI_GUID *VendorGuid, > + IN UINT16 LabelNumber, > + IN EFI_FORM_ID FormId, > + IN EFI_QUESTION_ID QuestionIdBase > + ) > +{ > + EFI_STATUS Status; > + UINT32 Index; > + UINTN CertCount; > + UINTN GuidIndex; > + VOID *StartOpCodeHandle; > + VOID *EndOpCodeHandle; > + EFI_IFR_GUID_LABEL *StartLabel; > + EFI_IFR_GUID_LABEL *EndLabel; > + UINTN DataSize; > + UINT8 *Data; > + EFI_SIGNATURE_LIST *CertList; > + EFI_SIGNATURE_DATA *Cert; > + UINT32 ItemDataSize; > + CHAR16 *GuidStr; > + EFI_STRING_ID GuidID; > + EFI_STRING_ID Help; > + > + Data =3D NULL; > + CertList =3D NULL; > + Cert =3D NULL; > + GuidStr =3D NULL; > + StartOpCodeHandle =3D NULL; > + EndOpCodeHandle =3D NULL; > + > + // > + // Initialize the container for dynamic opcodes. > + // > + StartOpCodeHandle =3D HiiAllocateOpCodeHandle (); > + if (StartOpCodeHandle =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + EndOpCodeHandle =3D HiiAllocateOpCodeHandle (); > + if (EndOpCodeHandle =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // Create Hii Extend Label OpCode. > + // > + StartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > + StartOpCodeHandle, > + &gEfiIfrTianoGuid, > + NULL, > + sizeof (EFI_IFR_GUID_LABEL) > + ); > + StartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > + StartLabel->Number =3D LabelNumber; > + > + EndLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > + EndOpCodeHandle, > + &gEfiIfrTianoGuid, > + NULL, > + sizeof (EFI_IFR_GUID_LABEL) > + ); > + EndLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > + EndLabel->Number =3D LABEL_END; > + > + // > + // Read Variable. > + // > + DataSize =3D 0; > + Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize= , > Data); > + if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { > + goto ON_EXIT; > + } > + > + Data =3D (UINT8 *) AllocateZeroPool (DataSize); > + if (Data =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize= , > Data); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + GuidStr =3D AllocateZeroPool (100); > + if (GuidStr =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // Enumerate all data. > + // > + ItemDataSize =3D (UINT32) DataSize; > + CertList =3D (EFI_SIGNATURE_LIST *) Data; > + GuidIndex =3D 0; > + > + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > + > + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { > + Help =3D STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID); > + } else { > + // > + // The signature type is not supported in current implementation. > + // > + ItemDataSize -=3D CertList->SignatureListSize; > + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList= - > >SignatureListSize); > + continue; > + } > + > + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > + for (Index =3D 0; Index < CertCount; Index++) { > + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList > + + sizeof (EFI_SIGNATURE_LI= ST) > + + CertList->SignatureHeade= rSize > + + Index * CertList->Signat= ureSize); > + // > + // Display GUID and help > + // > + GuidToString (&Cert->SignatureOwner, GuidStr, 100); > + GuidID =3D HiiSetString (Private->RegisteredHandle, 0, GuidStr, N= ULL); > + HiiCreateCheckBoxOpCode ( > + StartOpCodeHandle, > + (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++), > + 0, > + 0, > + GuidID, > + Help, > + EFI_IFR_FLAG_CALLBACK, > + 0, > + NULL > + ); > + } > + > + ItemDataSize -=3D CertList->SignatureListSize; > + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > + } > + > +ON_EXIT: > + HiiUpdateForm ( > + Private->RegisteredHandle, > + &gTlsAuthConfigGuid, > + FormId, > + StartOpCodeHandle, > + EndOpCodeHandle > + ); > + > + if (StartOpCodeHandle !=3D NULL) { > + HiiFreeOpCodeHandle (StartOpCodeHandle); > + } > + > + if (EndOpCodeHandle !=3D NULL) { > + HiiFreeOpCodeHandle (EndOpCodeHandle); > + } > + > + if (Data !=3D NULL) { > + FreePool (Data); > + } > + > + if (GuidStr !=3D NULL) { > + FreePool (GuidStr); > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Delete one entry from cert database. > + > + @param[in] PrivateData Module's private data. > + @param[in] VariableName The variable name of the database. > + @param[in] VendorGuid A unique identifier for the vendor. > + @param[in] LabelNumber Label number to insert opcodes. > + @param[in] FormId Form ID of current page. > + @param[in] QuestionIdBase Base question id of the cert list. > + @param[in] DeleteIndex Cert index to delete. > + > + @retval EFI_SUCCESS Delete siganture successfully. > + @retval EFI_NOT_FOUND Can't find the signature item, > + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. > +**/ > +EFI_STATUS > +DeleteCert ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > + IN CHAR16 *VariableName, > + IN EFI_GUID *VendorGuid, > + IN UINT16 LabelNumber, > + IN EFI_FORM_ID FormId, > + IN EFI_QUESTION_ID QuestionIdBase, > + IN UINTN DeleteIndex > + ) > +{ > + EFI_STATUS Status; > + UINTN DataSize; > + UINT8 *Data; > + UINT8 *OldData; > + UINT32 Attr; > + UINT32 Index; > + EFI_SIGNATURE_LIST *CertList; > + EFI_SIGNATURE_LIST *NewCertList; > + EFI_SIGNATURE_DATA *Cert; > + UINTN CertCount; > + UINT32 Offset; > + BOOLEAN IsItemFound; > + UINT32 ItemDataSize; > + UINTN GuidIndex; > + > + Data =3D NULL; > + OldData =3D NULL; > + CertList =3D NULL; > + Cert =3D NULL; > + Attr =3D 0; > + > + // > + // Get original signature list data. > + // > + DataSize =3D 0; > + Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize= , > NULL); > + if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { > + goto ON_EXIT; > + } > + > + OldData =3D (UINT8 *) AllocateZeroPool (DataSize); > + if (OldData =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + Status =3D gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSiz= e, > OldData); > + if (EFI_ERROR(Status)) { > + goto ON_EXIT; > + } > + > + // > + // Allocate space for new variable. > + // > + Data =3D (UINT8*) AllocateZeroPool (DataSize); > + if (Data =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // Enumerate all data and erasing the target item. > + // > + IsItemFound =3D FALSE; > + ItemDataSize =3D (UINT32) DataSize; > + CertList =3D (EFI_SIGNATURE_LIST *) OldData; > + Offset =3D 0; > + GuidIndex =3D 0; > + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { > + // > + // Copy EFI_SIGNATURE_LIST header then calculate the signature cou= nt > in this list. > + // > + CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + > CertList->SignatureHeaderSize)); > + NewCertList =3D (EFI_SIGNATURE_LIST*) (Data + Offset); > + Offset +=3D (sizeof(EFI_SIGNATURE_LIST) + CertList- > >SignatureHeaderSize); > + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof > (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); > + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATUR= E_LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > + for (Index =3D 0; Index < CertCount; Index++) { > + if (GuidIndex =3D=3D DeleteIndex) { > + // > + // Find it! Skip it! > + // > + NewCertList->SignatureListSize -=3D CertList->SignatureSize; > + IsItemFound =3D TRUE; > + } else { > + // > + // This item doesn't match. Copy it to the Data buffer. > + // > + CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSiz= e); > + Offset +=3D CertList->SignatureSize; > + } > + GuidIndex++; > + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList- > >SignatureSize); > + } > + } else { > + // > + // This List doesn't match. Just copy it to the Data buffer. > + // > + CopyMem (Data + Offset, (UINT8*)(CertList), CertList- > >SignatureListSize); > + Offset +=3D CertList->SignatureListSize; > + } > + > + ItemDataSize -=3D CertList->SignatureListSize; > + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > + } > + > + if (!IsItemFound) { > + // > + // Doesn't find the signature Item! > + // > + Status =3D EFI_NOT_FOUND; > + goto ON_EXIT; > + } > + > + // > + // Delete the EFI_SIGNATURE_LIST header if there is no signature in th= e > list. > + // > + ItemDataSize =3D Offset; > + CertList =3D (EFI_SIGNATURE_LIST *) Data; > + Offset =3D 0; > + ZeroMem (OldData, ItemDataSize); > + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureLis= tSize)) > { > + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - > CertList->SignatureHeaderSize) / CertList->SignatureSize; > + DEBUG ((DEBUG_INFO, " CertCount =3D %x\n", CertCount)); > + if (CertCount !=3D 0) { > + CopyMem (OldData + Offset, (UINT8*)(CertList), CertList- > >SignatureListSize); > + Offset +=3D CertList->SignatureListSize; > + } > + ItemDataSize -=3D CertList->SignatureListSize; > + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > + } > + > + DataSize =3D Offset; > + > + Status =3D gRT->SetVariable( > + VariableName, > + VendorGuid, > + Attr, > + DataSize, > + OldData > + ); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Failed to set variable, Status =3D %r\n", Stat= us)); > + goto ON_EXIT; > + } > + > +ON_EXIT: > + if (Data !=3D NULL) { > + FreePool(Data); > + } > + > + if (OldData !=3D NULL) { > + FreePool(OldData); > + } > + > + return UpdateDeletePage ( > + Private, > + VariableName, > + VendorGuid, > + LabelNumber, > + FormId, > + QuestionIdBase > + ); > +} > + > + > +/** > + Close an open file handle. > + > + @param[in] FileHandle The file handle to close. > + > +**/ > +VOID > +CloseFile ( > + IN EFI_FILE_HANDLE FileHandle > + ) > +{ > + if (FileHandle !=3D NULL) { > + FileHandle->Close (FileHandle); > + } > +} > + > +/** > + Read file content into BufferPtr, the size of the allocate buffer > + is *FileSize plus AddtionAllocateSize. > + > + @param[in] FileHandle The file to be read. > + @param[in, out] BufferPtr Pointers to the pointer of allo= cated > buffer. > + @param[out] FileSize Size of input file > + @param[in] AddtionAllocateSize Addtion size the buffer need to= be > allocated. > + In case the buffer need to cont= ain others besides the > file content. > + > + @retval EFI_SUCCESS The file was read into the buff= er. > + @retval EFI_INVALID_PARAMETER A parameter was invalid. > + @retval EFI_OUT_OF_RESOURCES A memory allocation failed. > + @retval others Unexpected error. > + > +**/ > +EFI_STATUS > +ReadFileContent ( > + IN EFI_FILE_HANDLE FileHandle, > + IN OUT VOID **BufferPtr, > + OUT UINTN *FileSize, > + IN UINTN AddtionAllocateSize > + ) > + > +{ > + UINTN BufferSize; > + UINT64 SourceFileSize; > + VOID *Buffer; > + EFI_STATUS Status; > + > + if ((FileHandle =3D=3D NULL) || (FileSize =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + Buffer =3D NULL; > + > + // > + // Get the file size > + // > + Status =3D FileHandle->SetPosition (FileHandle, (UINT64) -1); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + Status =3D FileHandle->GetPosition (FileHandle, &SourceFileSize); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + Status =3D FileHandle->SetPosition (FileHandle, 0); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + BufferSize =3D (UINTN) SourceFileSize + AddtionAllocateSize; > + Buffer =3D AllocateZeroPool(BufferSize); > + if (Buffer =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + BufferSize =3D (UINTN) SourceFileSize; > + *FileSize =3D BufferSize; > + > + Status =3D FileHandle->Read (FileHandle, &BufferSize, Buffer); > + if (EFI_ERROR (Status) || BufferSize !=3D *FileSize) { > + FreePool (Buffer); > + Buffer =3D NULL; > + Status =3D EFI_BAD_BUFFER_SIZE; > + goto ON_EXIT; > + } > + > +ON_EXIT: > + > + *BufferPtr =3D Buffer; > + return Status; > +} > + > +/** > + This function will open a file or directory referenced by DevicePath. > + > + This function opens a file with the open mode according to the file pa= th. > The > + Attributes is valid only for EFI_FILE_MODE_CREATE. > + > + @param[in, out] FilePath On input, the device path to the file= . > + On output, the remaining device path. > + @param[out] FileHandle Pointer to the file handle. > + @param[in] OpenMode The mode to open the file with. > + @param[in] Attributes The file's file attributes. > + > + @retval EFI_SUCCESS The information was set. > + @retval EFI_INVALID_PARAMETER One of the parameters has an invalid > value. > + @retval EFI_UNSUPPORTED Could not open the file path. > + @retval EFI_NOT_FOUND The specified file could not be found= on > the > + device or the file system could not b= e found on > + the device. > + @retval EFI_NO_MEDIA The device has no medium. > + @retval EFI_MEDIA_CHANGED The device has a different medium in = it > or the > + medium is no longer supported. > + @retval EFI_DEVICE_ERROR The device reported an error. > + @retval EFI_VOLUME_CORRUPTED The file system structures are > corrupted. > + @retval EFI_WRITE_PROTECTED The file or medium is write protected= . > + @retval EFI_ACCESS_DENIED The file was opened read only. > + @retval EFI_OUT_OF_RESOURCES Not enough resources were available > to open the > + file. > + @retval EFI_VOLUME_FULL The volume is full. > +**/ > +EFI_STATUS > +EFIAPI > +OpenFileByDevicePath ( > + IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath, > + OUT EFI_FILE_HANDLE *FileHandle, > + IN UINT64 OpenMode, > + IN UINT64 Attributes > + ) > +{ > + EFI_STATUS Status; > + EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol; > + EFI_FILE_PROTOCOL *Handle1; > + EFI_FILE_PROTOCOL *Handle2; > + EFI_HANDLE DeviceHandle; > + > + if ((FilePath =3D=3D NULL || FileHandle =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + Status =3D gBS->LocateDevicePath ( > + &gEfiSimpleFileSystemProtocolGuid, > + FilePath, > + &DeviceHandle > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + Status =3D gBS->OpenProtocol( > + DeviceHandle, > + &gEfiSimpleFileSystemProtocolGuid, > + (VOID**)&EfiSimpleFileSystemProtocol, > + gImageHandle, > + NULL, > + EFI_OPEN_PROTOCOL_GET_PROTOCOL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + Status =3D EfiSimpleFileSystemProtocol- > >OpenVolume(EfiSimpleFileSystemProtocol, &Handle1); > + if (EFI_ERROR (Status)) { > + FileHandle =3D NULL; > + return Status; > + } > + > + // > + // go down directories one node at a time. > + // > + while (!IsDevicePathEnd (*FilePath)) { > + // > + // For file system access each node should be a file path component > + // > + if (DevicePathType (*FilePath) !=3D MEDIA_DEVICE_PATH || > + DevicePathSubType (*FilePath) !=3D MEDIA_FILEPATH_DP > + ) { > + FileHandle =3D NULL; > + return (EFI_INVALID_PARAMETER); > + } > + // > + // Open this file path node > + // > + Handle2 =3D Handle1; > + Handle1 =3D NULL; > + > + // > + // Try to test opening an existing file > + // > + Status =3D Handle2->Open ( > + Handle2, > + &Handle1, > + ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > + OpenMode &~EFI_FILE_MODE_CREATE, > + 0 > + ); > + > + // > + // see if the error was that it needs to be created > + // > + if ((EFI_ERROR (Status)) && (OpenMode !=3D (OpenMode > &~EFI_FILE_MODE_CREATE))) { > + Status =3D Handle2->Open ( > + Handle2, > + &Handle1, > + ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, > + OpenMode, > + Attributes > + ); > + } > + // > + // Close the last node > + // > + Handle2->Close (Handle2); > + > + if (EFI_ERROR(Status)) { > + return (Status); > + } > + > + // > + // Get the next node > + // > + *FilePath =3D NextDevicePathNode (*FilePath); > + } > + > + // > + // This is a weak spot since if the undefined SHELL_FILE_HANDLE format > changes this must change also! > + // > + *FileHandle =3D (VOID*)Handle1; > + return EFI_SUCCESS; > +} > + > +/** > + This function converts an input device structure to a Unicode string. > + > + @param[in] DevPath A pointer to the device path struc= ture. > + > + @return A new allocated Unicode string that represents the device path= . > + > +**/ > +CHAR16 * > +EFIAPI > +DevicePathToStr ( > + IN EFI_DEVICE_PATH_PROTOCOL *DevPath > + ) > +{ > + return ConvertDevicePathToText ( > + DevPath, > + FALSE, > + TRUE > + ); > +} > + > + > +/** > + Extract filename from device path. The returned buffer is allocated us= ing > AllocateCopyPool. > + The caller is responsible for freeing the allocated buffer using FreeP= ool(). If > return NULL > + means not enough memory resource. > + > + @param DevicePath Device path. > + > + @retval NULL Not enough memory resourece for AllocateCopyPo= ol. > + @retval Other A new allocated string that represents the fil= e name. > + > +**/ > +CHAR16 * > +ExtractFileNameFromDevicePath ( > + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > + ) > +{ > + CHAR16 *String; > + CHAR16 *MatchString; > + CHAR16 *LastMatch; > + CHAR16 *FileName; > + UINTN Length; > + > + ASSERT(DevicePath !=3D NULL); > + > + String =3D DevicePathToStr(DevicePath); > + MatchString =3D String; > + LastMatch =3D String; > + FileName =3D NULL; > + > + while(MatchString !=3D NULL){ > + LastMatch =3D MatchString + 1; > + MatchString =3D StrStr(LastMatch,L"\\"); > + } > + > + Length =3D StrLen(LastMatch); > + FileName =3D AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatc= h); > + if (FileName !=3D NULL) { > + *(FileName + Length) =3D 0; > + } > + > + FreePool(String); > + > + return FileName; > +} > + > +/** > + Enroll a new X509 certificate into Variable. > + > + @param[in] PrivateData The module's private data. > + @param[in] VariableName Variable name of CA database. > + > + @retval EFI_SUCCESS New X509 is enrolled successfully. > + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. > + > +**/ > +EFI_STATUS > +EnrollX509toVariable ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > + IN CHAR16 *VariableName > + ) > +{ > + EFI_STATUS Status; > + UINTN X509DataSize; > + VOID *X509Data; > + EFI_SIGNATURE_LIST *CACert; > + EFI_SIGNATURE_DATA *CACertData; > + VOID *Data; > + UINTN DataSize; > + UINTN SigDataSize; > + UINT32 Attr; > + > + X509DataSize =3D 0; > + SigDataSize =3D 0; > + DataSize =3D 0; > + X509Data =3D NULL; > + CACert =3D NULL; > + CACertData =3D NULL; > + Data =3D NULL; > + > + Status =3D ReadFileContent ( > + Private->FileContext->FHandle, > + &X509Data, > + &X509DataSize, > + 0 > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + ASSERT (X509Data !=3D NULL); > + > + SigDataSize =3D sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA= ) > - 1 + X509DataSize; > + > + Data =3D AllocateZeroPool (SigDataSize); > + if (Data =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + // > + // Fill Certificate Database parameters. > + // > + CACert =3D (EFI_SIGNATURE_LIST*) Data; > + CACert->SignatureListSize =3D (UINT32) SigDataSize; > + CACert->SignatureHeaderSize =3D 0; > + CACert->SignatureSize =3D (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + > X509DataSize); > + CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid); > + > + CACertData =3D (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof > (EFI_SIGNATURE_LIST)); > + CopyGuid (&CACertData->SignatureOwner, Private->CertGuid); > + CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, > X509DataSize); > + > + // > + // Check if signature database entry has been already existed. > + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the > + // new signature data to original variable > + // > + Attr =3D TLS_AUTH_CONFIG_VAR_BASE_ATTR; > + > + Status =3D gRT->GetVariable( > + VariableName, > + &gEfiTlsCaCertificateGuid, > + NULL, > + &DataSize, > + NULL > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + Attr |=3D EFI_VARIABLE_APPEND_WRITE; > + } else if (Status !=3D EFI_NOT_FOUND) { > + goto ON_EXIT; > + } > + > + Status =3D gRT->SetVariable( > + VariableName, > + &gEfiTlsCaCertificateGuid, > + Attr, > + SigDataSize, > + Data > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > +ON_EXIT: > + > + CloseFile (Private->FileContext->FHandle); > + if (Private->FileContext->FileName !=3D NULL) { > + FreePool(Private->FileContext->FileName); > + Private->FileContext->FileName =3D NULL; > + } > + > + Private->FileContext->FHandle =3D NULL; > + > + if (Private->CertGuid !=3D NULL) { > + FreePool (Private->CertGuid); > + Private->CertGuid =3D NULL; > + } > + > + if (Data !=3D NULL) { > + FreePool (Data); > + } > + > + if (X509Data !=3D NULL) { > + FreePool (X509Data); > + } > + > + return Status; > +} > + > +/** > + Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid. > + > + @param[in] PrivateData The module's private data. > + @param[in] VariableName Variable name of signature database. > + > + @retval EFI_SUCCESS New Cert enrolled successfully. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED The Cert file is unsupported type. > + @retval others Fail to enroll Cert data. > + > +**/ > +EFI_STATUS > +EnrollCertDatabase ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, > + IN CHAR16 *VariableName > + ) > +{ > + UINT16* FilePostFix; > + UINTN NameLength; > + > + if ((Private->FileContext->FileName =3D=3D NULL) || (Private->FileCont= ext- > >FHandle =3D=3D NULL) || (Private->CertGuid =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Parse the file's postfix. > + // > + NameLength =3D StrLen (Private->FileContext->FileName); > + if (NameLength <=3D 4) { > + return EFI_INVALID_PARAMETER; > + } > + FilePostFix =3D Private->FileContext->FileName + NameLength - 4; > + > + if (IsDerPemEncodeCertificate (FilePostFix)) { > + // > + // Supports DER-encoded X509 certificate. > + // > + return EnrollX509toVariable (Private, VariableName); > + } > + > + return EFI_UNSUPPORTED; > +} > + > +/** > + Refresh the global UpdateData structure. > + > +**/ > +VOID > +RefreshUpdateData ( > + VOID > + ) > +{ > + // > + // Free current updated date > + // > + if (mStartOpCodeHandle !=3D NULL) { > + HiiFreeOpCodeHandle (mStartOpCodeHandle); > + } > + > + // > + // Create new OpCode Handle > + // > + mStartOpCodeHandle =3D HiiAllocateOpCodeHandle (); > + > + // > + // Create Hii Extend Label OpCode as the start opcode > + // > + mStartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > + mStartOpCodeHandle, > + &gEfiIfrTianoGuid, > + NULL, > + sizeof (EFI_IFR_GUID_LABEL) > + ); > + mStartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > +} > + > +/** > + Clean up the dynamic opcode at label and form specified by both LabelI= d. > + > + @param[in] LabelId It is both the Form ID and Label ID for opc= ode > deletion. > + @param[in] PrivateData Module private data. > + > +**/ > +VOID > +CleanUpPage ( > + IN UINT16 LabelId, > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData > + ) > +{ > + RefreshUpdateData (); > + > + // > + // Remove all op-codes from dynamic page > + // > + mStartLabel->Number =3D LabelId; > + HiiUpdateForm ( > + PrivateData->RegisteredHandle, > + &gTlsAuthConfigGuid, > + LabelId, > + mStartOpCodeHandle, // Label LabelId > + mEndOpCodeHandle // LABEL_END > + ); > +} > + > +/** > + Update the form base on the selected file. > + > + @param FilePath Point to the file path. > + @param FormId The form need to display. > + > + @retval TRUE Exit caller function. > + @retval FALSE Not exit caller function. > + > +**/ > +BOOLEAN > +UpdatePage( > + IN EFI_DEVICE_PATH_PROTOCOL *FilePath, > + IN EFI_FORM_ID FormId > + ) > +{ > + CHAR16 *FileName; > + EFI_STRING_ID StringToken; > + > + FileName =3D NULL; > + > + if (FilePath !=3D NULL) { > + FileName =3D ExtractFileNameFromDevicePath(FilePath); > + } > + if (FileName =3D=3D NULL) { > + // > + // FileName =3D NULL has two case: > + // 1. FilePath =3D=3D NULL, not select file. > + // 2. FilePath !=3D NULL, but ExtractFileNameFromDevicePath return N= ULL > not enough memory resource. > + // In these two case, no need to update the form, and exit the calle= r > function. > + // > + return TRUE; > + } > + StringToken =3D HiiSetString (mTlsAuthPrivateData->RegisteredHandle, = 0, > FileName, NULL); > + > + mTlsAuthPrivateData->FileContext->FileName =3D FileName; > + > + OpenFileByDevicePath ( > + &FilePath, > + &mTlsAuthPrivateData->FileContext->FHandle, > + EFI_FILE_MODE_READ, > + 0 > + ); > + // > + // Create Subtitle op-code for the display string of the option. > + // > + RefreshUpdateData (); > + mStartLabel->Number =3D FormId; > + > + HiiCreateSubTitleOpCode ( > + mStartOpCodeHandle, > + StringToken, > + 0, > + 0, > + 0 > + ); > + > + HiiUpdateForm ( > + mTlsAuthPrivateData->RegisteredHandle, > + &gTlsAuthConfigGuid, > + FormId, > + mStartOpCodeHandle, /// Label FormId > + mEndOpCodeHandle /// LABEL_END > + ); > + > + return TRUE; > +} > + > +/** > + Update the form base on the input file path info. > + > + @param FilePath Point to the file path. > + > + @retval TRUE Exit caller function. > + @retval FALSE Not exit caller function. > +**/ > +BOOLEAN > +EFIAPI > +UpdateCAFromFile ( > + IN EFI_DEVICE_PATH_PROTOCOL *FilePath > + ) > +{ > + return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM); > +} > + > +/** > + Unload the configuration form, this includes: delete all the configura= tion > + entries, uninstall the form callback protocol, and free the resources = used. > + > + @param[in] Private Pointer to the driver private data. > + > + @retval EFI_SUCCESS The configuration form is unloaded. > + @retval Others Failed to unload the form. > + > +**/ > +EFI_STATUS > +TlsAuthConfigFormUnload ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > + ) > +{ > + if (Private->DriverHandle !=3D NULL) { > + // > + // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL > + // > + gBS->UninstallMultipleProtocolInterfaces ( > + Private->DriverHandle, > + &gEfiDevicePathProtocolGuid, > + &mTlsAuthConfigHiiVendorDevicePath, > + &gEfiHiiConfigAccessProtocolGuid, > + &Private->ConfigAccess, > + NULL > + ); > + Private->DriverHandle =3D NULL; > + } > + > + if (Private->RegisteredHandle !=3D NULL) { > + // > + // Remove HII package list > + // > + HiiRemovePackages (Private->RegisteredHandle); > + Private->RegisteredHandle =3D NULL; > + } > + > + if (Private->CertGuid !=3D NULL) { > + FreePool (Private->CertGuid); > + } > + > + if (Private->FileContext !=3D NULL) { > + FreePool (Private->FileContext); > + } > + > + FreePool (Private); > + > + if (mStartOpCodeHandle !=3D NULL) { > + HiiFreeOpCodeHandle (mStartOpCodeHandle); > + } > + > + if (mEndOpCodeHandle !=3D NULL) { > + HiiFreeOpCodeHandle (mEndOpCodeHandle); > + } > + > + return EFI_SUCCESS; > +} > + > + > +/** > + Initialize the configuration form. > + > + @param[in] Private Pointer to the driver private data. > + > + @retval EFI_SUCCESS The configuration form is initialized. > + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. > + > +**/ > +EFI_STATUS > +TlsAuthConfigFormInit ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > + ) > +{ > + EFI_STATUS Status; > + > + Private->Signature =3D TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE; > + > + Private->ConfigAccess.ExtractConfig =3D TlsAuthConfigAccessExtractConf= ig; > + Private->ConfigAccess.RouteConfig =3D TlsAuthConfigAccessRouteConfig= ; > + Private->ConfigAccess.Callback =3D TlsAuthConfigAccessCallback; > + > + // > + // Install Device Path Protocol and Config Access protocol to driver h= andle. > + // > + Status =3D gBS->InstallMultipleProtocolInterfaces ( > + &Private->DriverHandle, > + &gEfiDevicePathProtocolGuid, > + &mTlsAuthConfigHiiVendorDevicePath, > + &gEfiHiiConfigAccessProtocolGuid, > + &Private->ConfigAccess, > + NULL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + // > + // Publish our HII data. > + // > + Private->RegisteredHandle =3D HiiAddPackages ( > + &gTlsAuthConfigGuid, > + Private->DriverHandle, > + TlsAuthConfigDxeStrings, > + TlsAuthConfigVfrBin, > + NULL > + ); > + if (Private->RegisteredHandle =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto Error; > + } > + > + Private->FileContext =3D AllocateZeroPool (sizeof > (TLS_AUTH_CONFIG_FILE_CONTEXT)); > + if (Private->FileContext =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto Error; > + } > + > + // > + // Init OpCode Handle and Allocate space for creation of Buffer > + // > + mStartOpCodeHandle =3D HiiAllocateOpCodeHandle (); > + if (mStartOpCodeHandle =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto Error; > + } > + > + mEndOpCodeHandle =3D HiiAllocateOpCodeHandle (); > + if (mEndOpCodeHandle =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto Error; > + } > + > + // > + // Create Hii Extend Label OpCode as the start opcode > + // > + mStartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > + mStartOpCodeHandle, > + &gEfiIfrTianoGuid, > + NULL, > + sizeof (EFI_IFR_GUID_LABEL) > + ); > + mStartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > + > + // > + // Create Hii Extend Label OpCode as the end opcode > + // > + mEndLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( > + mEndOpCodeHandle, > + &gEfiIfrTianoGuid, > + NULL, > + sizeof (EFI_IFR_GUID_LABEL) > + ); > + mEndLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; > + mEndLabel->Number =3D LABEL_END; > + > + return EFI_SUCCESS; > + > +Error: > + TlsAuthConfigFormUnload (Private); > + return Status; > +} > + > +/** > + > + This function allows the caller to request the current > + configuration for one or more named elements. The resulting > + string is in format. Any and all alternative > + configuration strings shall also be appended to the end of the > + current configuration string. If they are, they must appear > + after the current configuration. They must contain the same > + routing (GUID, NAME, PATH) as the current configuration string. > + They must have an additional description indicating the type of > + alternative configuration the string represents, > + "ALTCFG=3D". That (when > + converted from Hex UNICODE to binary) is a reference to a > + string in the associated string pack. > + > + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > + > + @param Request A null-terminated Unicode string in > + format. Note that this > + includes the routing information as well as > + the configurable name / value pairs. It is > + invalid for this string to be in > + format. > + If a NULL is passed in for the Request field, > + all of the settings being abstracted by this functio= n > + will be returned in the Results field. In addition, > + if a ConfigHdr is passed in with no request elements= , > + all of the settings being abstracted for that partic= ular > + ConfigHdr reference will be returned in the Results = Field. > + > + @param Progress On return, points to a character in the > + Request string. Points to the string's null > + terminator if request was successful. Points > + to the most recent "&" before the first > + failing name / value pair (or the beginning > + of the string if the failure is in the first > + name / value pair) if the request was not > + successful. > + > + @param Results A null-terminated Unicode string in > + format which has all values > + filled in for the names in the Request string. > + String to be allocated by the called function. > + > + @retval EFI_SUCCESS The Results string is filled with the > + values corresponding to all requested > + names. > + > + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > + parts of the results that must be > + stored awaiting possible future > + protocols. > + > + @retval EFI_NOT_FOUND Routing data doesn't match any > + known driver. Progress set to the > + first character in the routing header. > + Note: There is no requirement that the > + driver validate the routing data. It > + must skip the in order to > + process the names. > + > + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set > + to most recent "&" before the > + error or the beginning of the > + string. > + > + @retval EFI_INVALID_PARAMETER Unknown name. Progress points > + to the & before the name in > + question. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigAccessExtractConfig ( > + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > + IN CONST EFI_STRING Request, > + OUT EFI_STRING *Progress, > + OUT EFI_STRING *Results > + ) > +{ > + EFI_STATUS Status; > + UINTN BufferSize; > + UINTN Size; > + EFI_STRING ConfigRequest; > + EFI_STRING ConfigRequestHdr; > + TLS_AUTH_CONFIG_PRIVATE_DATA *Private; > + BOOLEAN AllocatedRequest; > + > + if (Progress =3D=3D NULL || Results =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + AllocatedRequest =3D FALSE; > + ConfigRequestHdr =3D NULL; > + ConfigRequest =3D NULL; > + Size =3D 0; > + > + Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); > + > + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > + ZeroMem (&Private->TlsAuthConfigNvData, BufferSize); > + > + *Progress =3D Request; > + > + if ((Request !=3D NULL) && !HiiIsConfigHdrMatch (Request, > &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) { > + return EFI_NOT_FOUND; > + } > + > + ConfigRequest =3D Request; > + if ((Request =3D=3D NULL) || (StrStr (Request, L"OFFSET") =3D=3D NULL)= ) { > + // > + // Request is set to NULL or OFFSET is NULL, construct full request = string. > + // > + // Allocate and fill a buffer large enough to hold the > template > + // followed by "&OFFSET=3D0&WIDTH=3DWWWWWWWWWWWWWWWW" > followed by a Null-terminator > + // > + ConfigRequestHdr =3D HiiConstructConfigHdr (&gTlsAuthConfigGuid, > mTlsAuthConfigStorageName, Private->DriverHandle); > + Size =3D (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); > + ConfigRequest =3D AllocateZeroPool (Size); > + ASSERT (ConfigRequest !=3D NULL); > + AllocatedRequest =3D TRUE; > + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=3D0&WIDTH=3D%016LX", > ConfigRequestHdr, (UINT64)BufferSize); > + FreePool (ConfigRequestHdr); > + ConfigRequestHdr =3D NULL; > + } > + > + Status =3D gHiiConfigRouting->BlockToConfig ( > + gHiiConfigRouting, > + ConfigRequest, > + (UINT8 *) &Private->TlsAuthConfigNvData, > + BufferSize, > + Results, > + Progress > + ); > + > + // > + // Free the allocated config request string. > + // > + if (AllocatedRequest) { > + FreePool (ConfigRequest); > + } > + > + // > + // Set Progress string to the original request string. > + // > + if (Request =3D=3D NULL) { > + *Progress =3D NULL; > + } else if (StrStr (Request, L"OFFSET") =3D=3D NULL) { > + *Progress =3D Request + StrLen (Request); > + } > + > + return Status; > +} > + > +/** > + > + This function applies changes in a driver's configuration. > + Input is a Configuration, which has the routing data for this > + driver followed by name / value configuration pairs. The driver > + must apply those pairs to its configurable storage. If the > + driver's configuration is stored in a linear block of data > + and the driver's name / value pairs are in > + format, it may use the ConfigToBlock helper function (above) to > + simplify the job. > + > + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > + > + @param Configuration A null-terminated Unicode string in > + format. > + > + @param Progress A pointer to a string filled in with the > + offset of the most recent '&' before the > + first failing name / value pair (or the > + beginn ing of the string if the failure > + is in the first name / value pair) or > + the terminating NULL if all was > + successful. > + > + @retval EFI_SUCCESS The results have been distributed or a= re > + awaiting distribution. > + > + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > + parts of the results that must be > + stored awaiting possible future > + protocols. > + > + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the > + Results parameter would result > + in this type of error. > + > + @retval EFI_NOT_FOUND Target for the specified routing data > + was not found > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigAccessRouteConfig ( > + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > + IN CONST EFI_STRING Configuration, > + OUT EFI_STRING *Progress > + ) > +{ > + EFI_STATUS Status; > + UINTN BufferSize; > + TLS_AUTH_CONFIG_PRIVATE_DATA *Private; > + > + if (Progress =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + *Progress =3D Configuration; > + > + if (Configuration =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Check routing data in . > + // Note: there is no name for Name/Value storage, only GUID will be > checked > + // > + if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, > mTlsAuthConfigStorageName)) { > + return EFI_NOT_FOUND; > + } > + > + Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); > + > + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > + ZeroMem (&Private->TlsAuthConfigNvData, BufferSize); > + > + Status =3D gHiiConfigRouting->ConfigToBlock ( > + gHiiConfigRouting, > + Configuration, > + (UINT8 *) &Private->TlsAuthConfigNvData, > + &BufferSize, > + Progress > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + return Status; > +} > + > +/** > + > + This function is called to provide results data to the driver. > + This data consists of a unique key that is used to identify > + which data is either being passed back or being asked for. > + > + @param This Points to the EFI_HII_CONFIG_ACCESS_PRO= TOCOL. > + @param Action Specifies the type of action taken by t= he browser. > + @param QuestionId A unique value which is sent to the ori= ginal > + exporting driver so that it can identif= y the type > + of data to expect. The format of the da= ta tends to > + vary based on the opcode that generated= the callback. > + @param Type The type of value for the question. > + @param Value A pointer to the data being sent to the= original > + exporting driver. > + @param ActionRequest On return, points to the action request= ed by > the > + callback function. > + > + @retval EFI_SUCCESS The callback successfully handled the a= ction. > + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the > + variable and its data. > + @retval EFI_DEVICE_ERROR The variable could not be saved. > + @retval EFI_UNSUPPORTED The specified Action is not supported b= y > the > + callback. > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigAccessCallback ( > + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > + IN EFI_BROWSER_ACTION Action, > + IN EFI_QUESTION_ID QuestionId, > + IN UINT8 Type, > + IN OUT EFI_IFR_TYPE_VALUE *Value, > + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest > + ) > +{ > + EFI_INPUT_KEY Key; > + EFI_STATUS Status; > + RETURN_STATUS RStatus; > + TLS_AUTH_CONFIG_PRIVATE_DATA *Private; > + UINTN BufferSize; > + TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData; > + UINT16 LabelId; > + EFI_DEVICE_PATH_PROTOCOL *File; > + > + Status =3D EFI_SUCCESS; > + File =3D NULL; > + > + if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionRequest =3D=3D= NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); > + > + mTlsAuthPrivateData =3D Private; > + > + // > + // Retrieve uncommitted data from Browser > + // > + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > + IfrNvData =3D AllocateZeroPool (BufferSize); > + if (IfrNvData =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, > BufferSize, (UINT8 *) IfrNvData); > + > + if ((Action !=3D EFI_BROWSER_ACTION_CHANGED) && > + (Action !=3D EFI_BROWSER_ACTION_CHANGING)) { > + Status =3D EFI_UNSUPPORTED; > + goto EXIT; > + } > + > + if (Action =3D=3D EFI_BROWSER_ACTION_CHANGING) { > + switch (QuestionId) { > + case KEY_TLS_AUTH_CONFIG_CLIENT_CERT: > + case KEY_TLS_AUTH_CONFIG_SERVER_CA: > + // > + // Clear Cert GUID. > + // > + ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid)); > + if (Private->CertGuid =3D=3D NULL) { > + Private->CertGuid =3D (EFI_GUID *) AllocateZeroPool (sizeof (EFI= _GUID)); > + if (Private->CertGuid =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + } > + if (QuestionId =3D=3D KEY_TLS_AUTH_CONFIG_CLIENT_CERT) { > + LabelId =3D TLS_AUTH_CONFIG_FORMID3_FORM; > + } else { > + LabelId =3D TLS_AUTH_CONFIG_FORMID4_FORM; > + } > + > + // > + // Refresh selected file. > + // > + CleanUpPage (LabelId, Private); > + break; > + case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE: > + ChooseFile( NULL, NULL, UpdateCAFromFile, &File); > + break; > + > + case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT: > + Status =3D EnrollCertDatabase (Private, > EFI_TLS_CA_CERTIFICATE_VARIABLE); > + if (EFI_ERROR (Status)) { > + CreatePopUp ( > + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, > + &Key, > + L"ERROR: Enroll Cert Failure!", > + NULL > + ); > + } > + break; > + > + case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT: > + if (Private->FileContext->FHandle !=3D NULL) { > + CloseFile (Private->FileContext->FHandle); > + Private->FileContext->FHandle =3D NULL; > + if (Private->FileContext->FileName!=3D NULL){ > + FreePool(Private->FileContext->FileName); > + Private->FileContext->FileName =3D NULL; > + } > + } > + > + if (Private->CertGuid!=3D NULL) { > + FreePool (Private->CertGuid); > + Private->CertGuid =3D NULL; > + } > + break; > + > + case KEY_TLS_AUTH_CONFIG_DELETE_CERT: > + UpdateDeletePage ( > + Private, > + EFI_TLS_CA_CERTIFICATE_VARIABLE, > + &gEfiTlsCaCertificateGuid, > + LABEL_CA_DELETE, > + TLS_AUTH_CONFIG_FORMID5_FORM, > + OPTION_DEL_CA_ESTION_ID > + ); > + break; > + > + default: > + if ((QuestionId >=3D OPTION_DEL_CA_ESTION_ID) && > + (QuestionId < (OPTION_DEL_CA_ESTION_ID + > OPTION_CONFIG_RANGE))) { > + DeleteCert ( > + Private, > + EFI_TLS_CA_CERTIFICATE_VARIABLE, > + &gEfiTlsCaCertificateGuid, > + LABEL_CA_DELETE, > + TLS_AUTH_CONFIG_FORMID5_FORM, > + OPTION_DEL_CA_ESTION_ID, > + QuestionId - OPTION_DEL_CA_ESTION_ID > + ); > + } > + break; > + } > + } else if (Action =3D=3D EFI_BROWSER_ACTION_CHANGED) { > + switch (QuestionId) { > + case KEY_TLS_AUTH_CONFIG_CERT_GUID: > + ASSERT (Private->CertGuid !=3D NULL); > + RStatus =3D StrToGuid ( > + IfrNvData->CertGuid, > + Private->CertGuid > + ); > + if (RETURN_ERROR (RStatus) || (IfrNvData- > >CertGuid[GUID_STRING_LENGTH] !=3D L'\0')) { > + Status =3D EFI_INVALID_PARAMETER; > + break; > + } > + > + *ActionRequest =3D EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; > + break; > + default: > + break; > + } > + } > + > +EXIT: > + > + if (!EFI_ERROR (Status)) { > + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); > + HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, > BufferSize, (UINT8*) IfrNvData, NULL); > + } > + > + FreePool (IfrNvData); > + > + if (File !=3D NULL){ > + FreePool(File); > + File =3D NULL; > + } > + > + return EFI_SUCCESS; > + > +} > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > index 398f7b6eea..f50d60d269 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > @@ -1,282 +1,282 @@ > -/** @file > - Header file of Miscellaneous Routines for TlsAuthConfigDxe driver. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __TLS_AUTH_CONFIG_IMPL_H__ > -#define __TLS_AUTH_CONFIG_IMPL_H__ > - > -#include > - > -#include > -#include > - > -// > -// Libraries > -// > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > - > -#include > -#include > -#include > - > - > -// > -// Include files with function prototypes > -// > -#include "TlsAuthConfigNvData.h" > - > -extern UINT8 TlsAuthConfigDxeStrings[]; > -extern UINT8 TlsAuthConfigVfrBin[]; > - > -#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 > ('T', 'A', 'C', 'D') > -#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, > TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, > TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE) > - > -#define TLS_AUTH_CONFIG_VAR_BASE_ATTR > (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) > - > -typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA > TLS_AUTH_CONFIG_PRIVATE_DATA; > -typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT > TLS_AUTH_CONFIG_FILE_CONTEXT; > - > -/// > -/// HII specific Vendor Device Path definition. > -/// > -typedef struct { > - VENDOR_DEVICE_PATH VendorDevicePath; > - EFI_DEVICE_PATH_PROTOCOL End; > -} HII_VENDOR_DEVICE_PATH; > - > -struct _TLS_AUTH_CONFIG_FILE_CONTEXT { > - EFI_FILE_HANDLE FHandle; > - UINT16 *FileName; > -}; > - > -struct _TLS_AUTH_CONFIG_PRIVATE_DATA { > - UINTN Signature; > - > - EFI_HANDLE DriverHandle; > - EFI_HII_HANDLE RegisteredHandle; > - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; > - TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData; > - > - TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext; > - > - EFI_GUID *CertGuid; > -}; > - > -/** > - Unload the configuration form, this includes: delete all the configura= tion > - entries, uninstall the form callback protocol, and free the resources = used. > - The form will only be unload completely when both IP4 and IP6 stack ar= e > stopped. > - > - @param[in] Private Pointer to the driver private data. > - > - @retval EFI_SUCCESS The configuration form is unloaded. > - @retval Others Failed to unload the form. > - > -**/ > -EFI_STATUS > -TlsAuthConfigFormUnload ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > - ); > - > -/** > - Initialize the configuration form. > - > - @param[in] Private Pointer to the driver private data. > - > - @retval EFI_SUCCESS The configuration form is initialized. > - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. > - > -**/ > -EFI_STATUS > -TlsAuthConfigFormInit ( > - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > - ); > - > -/** > - > - This function allows the caller to request the current > - configuration for one or more named elements. The resulting > - string is in format. Any and all alternative > - configuration strings shall also be appended to the end of the > - current configuration string. If they are, they must appear > - after the current configuration. They must contain the same > - routing (GUID, NAME, PATH) as the current configuration string. > - They must have an additional description indicating the type of > - alternative configuration the string represents, > - "ALTCFG=3D". That (when > - converted from Hex UNICODE to binary) is a reference to a > - string in the associated string pack. > - > - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > - > - @param Request A null-terminated Unicode string in > - format. Note that this > - includes the routing information as well as > - the configurable name / value pairs. It is > - invalid for this string to be in > - format. > - If a NULL is passed in for the Request field, > - all of the settings being abstracted by this functio= n > - will be returned in the Results field. In addition, > - if a ConfigHdr is passed in with no request elements= , > - all of the settings being abstracted for that partic= ular > - ConfigHdr reference will be returned in the Results = Field. > - > - @param Progress On return, points to a character in the > - Request string. Points to the string's null > - terminator if request was successful. Points > - to the most recent "&" before the first > - failing name / value pair (or the beginning > - of the string if the failure is in the first > - name / value pair) if the request was not > - successful. > - > - @param Results A null-terminated Unicode string in > - format which has all values > - filled in for the names in the Request string. > - String to be allocated by the called function. > - > - @retval EFI_SUCCESS The Results string is filled with the > - values corresponding to all requested > - names. > - > - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > - parts of the results that must be > - stored awaiting possible future > - protocols. > - > - @retval EFI_NOT_FOUND Routing data doesn't match any > - known driver. Progress set to the > - first character in the routing header. > - Note: There is no requirement that the > - driver validate the routing data. It > - must skip the in order to > - process the names. > - > - @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set > - to most recent "&" before the > - error or the beginning of the > - string. > - > - @retval EFI_INVALID_PARAMETER Unknown name. Progress points > - to the & before the name in > - question. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigAccessExtractConfig ( > - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > - IN CONST EFI_STRING Request, > - OUT EFI_STRING *Progress, > - OUT EFI_STRING *Results > - ); > - > -/** > - > - This function applies changes in a driver's configuration. > - Input is a Configuration, which has the routing data for this > - driver followed by name / value configuration pairs. The driver > - must apply those pairs to its configurable storage. If the > - driver's configuration is stored in a linear block of data > - and the driver's name / value pairs are in > - format, it may use the ConfigToBlock helper function (above) to > - simplify the job. > - > - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > - > - @param Configuration A null-terminated Unicode string in > - format. > - > - @param Progress A pointer to a string filled in with the > - offset of the most recent '&' before the > - first failing name / value pair (or the > - beginn ing of the string if the failure > - is in the first name / value pair) or > - the terminating NULL if all was > - successful. > - > - @retval EFI_SUCCESS The results have been distributed or a= re > - awaiting distribution. > - > - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > - parts of the results that must be > - stored awaiting possible future > - protocols. > - > - @retval EFI_INVALID_PARAMETERS Passing in a NULL for the > - Results parameter would result > - in this type of error. > - > - @retval EFI_NOT_FOUND Target for the specified routing data > - was not found > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigAccessRouteConfig ( > - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > - IN CONST EFI_STRING Configuration, > - OUT EFI_STRING *Progress > - ); > - > -/** > - > - This function is called to provide results data to the driver. > - This data consists of a unique key that is used to identify > - which data is either being passed back or being asked for. > - > - @param This Points to the EFI_HII_CONFIG_ACCESS_PRO= TOCOL. > - @param Action Specifies the type of action taken by t= he browser. > - @param QuestionId A unique value which is sent to the ori= ginal > - exporting driver so that it can identif= y the type > - of data to expect. The format of the da= ta tends to > - vary based on the opcode that generated= the callback. > - @param Type The type of value for the question. > - @param Value A pointer to the data being sent to the= original > - exporting driver. > - @param ActionRequest On return, points to the action request= ed by > the > - callback function. > - > - @retval EFI_SUCCESS The callback successfully handled the a= ction. > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the > - variable and its data. > - @retval EFI_DEVICE_ERROR The variable could not be saved. > - @retval EFI_UNSUPPORTED The specified Action is not supported b= y > the > - callback. > -**/ > -EFI_STATUS > -EFIAPI > -TlsAuthConfigAccessCallback ( > - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > - IN EFI_BROWSER_ACTION Action, > - IN EFI_QUESTION_ID QuestionId, > - IN UINT8 Type, > - IN OUT EFI_IFR_TYPE_VALUE *Value, > - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest > - ); > - > -#endif > - > +/** @file > + Header file of Miscellaneous Routines for TlsAuthConfigDxe driver. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __TLS_AUTH_CONFIG_IMPL_H__ > +#define __TLS_AUTH_CONFIG_IMPL_H__ > + > +#include > + > +#include > +#include > + > +// > +// Libraries > +// > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > + > + > +// > +// Include files with function prototypes > +// > +#include "TlsAuthConfigNvData.h" > + > +extern UINT8 TlsAuthConfigDxeStrings[]; > +extern UINT8 TlsAuthConfigVfrBin[]; > + > +#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 > ('T', 'A', 'C', 'D') > +#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, > TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, > TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE) > + > +#define TLS_AUTH_CONFIG_VAR_BASE_ATTR > (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) > + > +typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA > TLS_AUTH_CONFIG_PRIVATE_DATA; > +typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT > TLS_AUTH_CONFIG_FILE_CONTEXT; > + > +/// > +/// HII specific Vendor Device Path definition. > +/// > +typedef struct { > + VENDOR_DEVICE_PATH VendorDevicePath; > + EFI_DEVICE_PATH_PROTOCOL End; > +} HII_VENDOR_DEVICE_PATH; > + > +struct _TLS_AUTH_CONFIG_FILE_CONTEXT { > + EFI_FILE_HANDLE FHandle; > + UINT16 *FileName; > +}; > + > +struct _TLS_AUTH_CONFIG_PRIVATE_DATA { > + UINTN Signature; > + > + EFI_HANDLE DriverHandle; > + EFI_HII_HANDLE RegisteredHandle; > + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; > + TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData; > + > + TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext; > + > + EFI_GUID *CertGuid; > +}; > + > +/** > + Unload the configuration form, this includes: delete all the configura= tion > + entries, uninstall the form callback protocol, and free the resources = used. > + The form will only be unload completely when both IP4 and IP6 stack ar= e > stopped. > + > + @param[in] Private Pointer to the driver private data. > + > + @retval EFI_SUCCESS The configuration form is unloaded. > + @retval Others Failed to unload the form. > + > +**/ > +EFI_STATUS > +TlsAuthConfigFormUnload ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > + ); > + > +/** > + Initialize the configuration form. > + > + @param[in] Private Pointer to the driver private data. > + > + @retval EFI_SUCCESS The configuration form is initialized. > + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. > + > +**/ > +EFI_STATUS > +TlsAuthConfigFormInit ( > + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > + ); > + > +/** > + > + This function allows the caller to request the current > + configuration for one or more named elements. The resulting > + string is in format. Any and all alternative > + configuration strings shall also be appended to the end of the > + current configuration string. If they are, they must appear > + after the current configuration. They must contain the same > + routing (GUID, NAME, PATH) as the current configuration string. > + They must have an additional description indicating the type of > + alternative configuration the string represents, > + "ALTCFG=3D". That (when > + converted from Hex UNICODE to binary) is a reference to a > + string in the associated string pack. > + > + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > + > + @param Request A null-terminated Unicode string in > + format. Note that this > + includes the routing information as well as > + the configurable name / value pairs. It is > + invalid for this string to be in > + format. > + If a NULL is passed in for the Request field, > + all of the settings being abstracted by this functio= n > + will be returned in the Results field. In addition, > + if a ConfigHdr is passed in with no request elements= , > + all of the settings being abstracted for that partic= ular > + ConfigHdr reference will be returned in the Results = Field. > + > + @param Progress On return, points to a character in the > + Request string. Points to the string's null > + terminator if request was successful. Points > + to the most recent "&" before the first > + failing name / value pair (or the beginning > + of the string if the failure is in the first > + name / value pair) if the request was not > + successful. > + > + @param Results A null-terminated Unicode string in > + format which has all values > + filled in for the names in the Request string. > + String to be allocated by the called function. > + > + @retval EFI_SUCCESS The Results string is filled with the > + values corresponding to all requested > + names. > + > + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > + parts of the results that must be > + stored awaiting possible future > + protocols. > + > + @retval EFI_NOT_FOUND Routing data doesn't match any > + known driver. Progress set to the > + first character in the routing header. > + Note: There is no requirement that the > + driver validate the routing data. It > + must skip the in order to > + process the names. > + > + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set > + to most recent "&" before the > + error or the beginning of the > + string. > + > + @retval EFI_INVALID_PARAMETER Unknown name. Progress points > + to the & before the name in > + question. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigAccessExtractConfig ( > + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > + IN CONST EFI_STRING Request, > + OUT EFI_STRING *Progress, > + OUT EFI_STRING *Results > + ); > + > +/** > + > + This function applies changes in a driver's configuration. > + Input is a Configuration, which has the routing data for this > + driver followed by name / value configuration pairs. The driver > + must apply those pairs to its configurable storage. If the > + driver's configuration is stored in a linear block of data > + and the driver's name / value pairs are in > + format, it may use the ConfigToBlock helper function (above) to > + simplify the job. > + > + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. > + > + @param Configuration A null-terminated Unicode string in > + format. > + > + @param Progress A pointer to a string filled in with the > + offset of the most recent '&' before the > + first failing name / value pair (or the > + beginn ing of the string if the failure > + is in the first name / value pair) or > + the terminating NULL if all was > + successful. > + > + @retval EFI_SUCCESS The results have been distributed or a= re > + awaiting distribution. > + > + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the > + parts of the results that must be > + stored awaiting possible future > + protocols. > + > + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the > + Results parameter would result > + in this type of error. > + > + @retval EFI_NOT_FOUND Target for the specified routing data > + was not found > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigAccessRouteConfig ( > + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > + IN CONST EFI_STRING Configuration, > + OUT EFI_STRING *Progress > + ); > + > +/** > + > + This function is called to provide results data to the driver. > + This data consists of a unique key that is used to identify > + which data is either being passed back or being asked for. > + > + @param This Points to the EFI_HII_CONFIG_ACCESS_PRO= TOCOL. > + @param Action Specifies the type of action taken by t= he browser. > + @param QuestionId A unique value which is sent to the ori= ginal > + exporting driver so that it can identif= y the type > + of data to expect. The format of the da= ta tends to > + vary based on the opcode that generated= the callback. > + @param Type The type of value for the question. > + @param Value A pointer to the data being sent to the= original > + exporting driver. > + @param ActionRequest On return, points to the action request= ed by > the > + callback function. > + > + @retval EFI_SUCCESS The callback successfully handled the a= ction. > + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the > + variable and its data. > + @retval EFI_DEVICE_ERROR The variable could not be saved. > + @retval EFI_UNSUPPORTED The specified Action is not supported b= y > the > + callback. > +**/ > +EFI_STATUS > +EFIAPI > +TlsAuthConfigAccessCallback ( > + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, > + IN EFI_BROWSER_ACTION Action, > + IN EFI_QUESTION_ID QuestionId, > + IN UINT8 Type, > + IN OUT EFI_IFR_TYPE_VALUE *Value, > + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest > + ); > + > +#endif > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h > index f453201cb7..80baa3836f 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h > @@ -1,49 +1,50 @@ > -/** @file > - Header file for NV data structure definition. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__ > -#define __TLS_AUTH_CONFIG_NV_DATA_H__ > - > -#include > - > -#define TLS_AUTH_CONFIG_GUID_SIZE 36 > -#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37 > - > -#define TLS_AUTH_CONFIG_FORMID1_FORM 1 > -#define TLS_AUTH_CONFIG_FORMID2_FORM 2 > -#define TLS_AUTH_CONFIG_FORMID3_FORM 3 > -#define TLS_AUTH_CONFIG_FORMID4_FORM 4 > -#define TLS_AUTH_CONFIG_FORMID5_FORM 5 > - > - > -#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000 > -#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001 > -#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002 > -#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003 > -#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004 > -#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005 > -#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006 > -#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007 > - > -#define OPTION_DEL_CA_ESTION_ID 0x2000 > -#define OPTION_CONFIG_RANGE 0x1000 > - > -#define LABEL_CA_DELETE 0x1101 > -#define LABEL_END 0xffff > - > -typedef struct { > - CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE]; > -} TLS_AUTH_CONFIG_IFR_NVDATA; > - > -#endif > +/** @file > + Header file for NV data structure definition. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__ > +#define __TLS_AUTH_CONFIG_NV_DATA_H__ > + > +#include > + > +#define TLS_AUTH_CONFIG_GUID_SIZE 36 > +#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37 > + > +#define TLS_AUTH_CONFIG_FORMID1_FORM 1 > +#define TLS_AUTH_CONFIG_FORMID2_FORM 2 > +#define TLS_AUTH_CONFIG_FORMID3_FORM 3 > +#define TLS_AUTH_CONFIG_FORMID4_FORM 4 > +#define TLS_AUTH_CONFIG_FORMID5_FORM 5 > + > + > +#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000 > +#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001 > +#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002 > +#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003 > +#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004 > +#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005 > +#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006 > +#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007 > + > +#define OPTION_DEL_CA_ESTION_ID 0x2000 > +#define OPTION_CONFIG_RANGE 0x1000 > + > +#define LABEL_CA_DELETE 0x1101 > +#define LABEL_END 0xffff > + > +typedef struct { > + CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE]; > +} TLS_AUTH_CONFIG_IFR_NVDATA; > + > +#endif > + > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr > index fb130d9d9d..9bca2c119f 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr > @@ -1,152 +1,153 @@ > -/** @file > - VFR file used by TlsAuthConfigDxe driver. > - > - Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the = BSD > License > - which accompanies this distribution. The full text of the license may= be > found at > - http://opensource.org/licenses/bsd-license.php. > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsAuthConfigNvData.h" > - > -formset > - guid =3D TLS_AUTH_CONFIG_GUID, > - title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP), > - > - varstore TLS_AUTH_CONFIG_IFR_NVDATA, > - name =3D TLS_AUTH_CONFIG_IFR_NVDATA, > - guid =3D TLS_AUTH_CONFIG_GUID; > - > - // > - // ##1 Form1: Main form for Tls Auth configration > - // > - form formid =3D TLS_AUTH_CONFIG_FORMID1_FORM, > - title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE); > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - // > - // Display Server CA configration > - // > - goto TLS_AUTH_CONFIG_FORMID2_FORM, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_SERVER_CA; > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - // > - // Display Client cert configration > - // > - grayoutif TRUE; /// Current unsupported. > - goto TLS_AUTH_CONFIG_FORMID3_FORM, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_CLIENT_CERT; > - endif; > - endform; > - > - // > - // ##2 Form2: CA configuration > - // > - form formid =3D TLS_AUTH_CONFIG_FORMID2_FORM, > - title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA); > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - goto TLS_AUTH_CONFIG_FORMID4_FORM, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_ENROLL_CERT; > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - goto TLS_AUTH_CONFIG_FORMID5_FORM, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_DELETE_CERT; > - endform; > - > - // > - // ##3 Form3 : Client cert configuration > - // > - form formid =3D TLS_AUTH_CONFIG_FORMID3_FORM, > - title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT); > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - // > - // TODO... > - // > - endform; > - > - // > - // ##4 Form4: Enroll cert for CA > - // > - form formid =3D TLS_AUTH_CONFIG_FORMID4_FORM, > - title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT); > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - goto TLS_AUTH_CONFIG_FORMID4_FORM, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE; > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - label TLS_AUTH_CONFIG_FORMID4_FORM; > - label LABEL_END; > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - string varid =3D TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP)= , > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_CERT_GUID, > - minsize =3D TLS_AUTH_CONFIG_GUID_SIZE, > - maxsize =3D TLS_AUTH_CONFIG_GUID_SIZE, > - endstring; > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - goto TLS_AUTH_CONFIG_FORMID1_FORM, > - prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT), > - help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT; > - > - goto TLS_AUTH_CONFIG_FORMID1_FORM, > - prompt =3D > STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT), > - help =3D > STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT), > - flags =3D INTERACTIVE, > - key =3D KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT; > - > - endform; > - > - // > - // ##5 Form5: Delete cert for CA > - // > - form formid =3D TLS_AUTH_CONFIG_FORMID5_FORM, > - title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT); > - > - label LABEL_CA_DELETE; > - label LABEL_END; > - > - subtitle text =3D STRING_TOKEN(STR_NULL); > - > - endform; > - > -endformset; > +/** @file > + VFR file used by TlsAuthConfigDxe driver. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be > found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsAuthConfigNvData.h" > + > +formset > + guid =3D TLS_AUTH_CONFIG_GUID, > + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP), > + > + varstore TLS_AUTH_CONFIG_IFR_NVDATA, > + name =3D TLS_AUTH_CONFIG_IFR_NVDATA, > + guid =3D TLS_AUTH_CONFIG_GUID; > + > + // > + // ##1 Form1: Main form for Tls Auth configration > + // > + form formid =3D TLS_AUTH_CONFIG_FORMID1_FORM, > + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE); > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + // > + // Display Server CA configration > + // > + goto TLS_AUTH_CONFIG_FORMID2_FORM, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_SERVER_CA; > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + // > + // Display Client cert configration > + // > + grayoutif TRUE; /// Current unsupported. > + goto TLS_AUTH_CONFIG_FORMID3_FORM, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_CLIENT_CERT; > + endif; > + endform; > + > + // > + // ##2 Form2: CA configuration > + // > + form formid =3D TLS_AUTH_CONFIG_FORMID2_FORM, > + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA); > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + goto TLS_AUTH_CONFIG_FORMID4_FORM, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_ENROLL_CERT; > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + goto TLS_AUTH_CONFIG_FORMID5_FORM, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_DELETE_CERT; > + endform; > + > + // > + // ##3 Form3 : Client cert configuration > + // > + form formid =3D TLS_AUTH_CONFIG_FORMID3_FORM, > + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT); > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + // > + // TODO... > + // > + endform; > + > + // > + // ##4 Form4: Enroll cert for CA > + // > + form formid =3D TLS_AUTH_CONFIG_FORMID4_FORM, > + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT); > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + goto TLS_AUTH_CONFIG_FORMID4_FORM, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE; > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + label TLS_AUTH_CONFIG_FORMID4_FORM; > + label LABEL_END; > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + string varid =3D TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP)= , > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_CERT_GUID, > + minsize =3D TLS_AUTH_CONFIG_GUID_SIZE, > + maxsize =3D TLS_AUTH_CONFIG_GUID_SIZE, > + endstring; > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + goto TLS_AUTH_CONFIG_FORMID1_FORM, > + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT), > + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT; > + > + goto TLS_AUTH_CONFIG_FORMID1_FORM, > + prompt =3D > STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT), > + help =3D > STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT), > + flags =3D INTERACTIVE, > + key =3D KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT; > + > + endform; > + > + // > + // ##5 Form5: Delete cert for CA > + // > + form formid =3D TLS_AUTH_CONFIG_FORMID5_FORM, > + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT); > + > + label LABEL_CA_DELETE; > + label LABEL_END; > + > + subtitle text =3D STRING_TOKEN(STR_NULL); > + > + endform; > + > +endformset; > + > diff --git a/NetworkPkg/TlsDxe/TlsConfigProtocol.c > b/NetworkPkg/TlsDxe/TlsConfigProtocol.c > index 5292433da3..15a865e386 100644 > --- a/NetworkPkg/TlsDxe/TlsConfigProtocol.c > +++ b/NetworkPkg/TlsDxe/TlsConfigProtocol.c > @@ -1,152 +1,153 @@ > -/** @file > - Implementation of EFI TLS Configuration Protocol Interfaces. > - > - Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the = BSD > License > - which accompanies this distribution. The full text of the license may= be > found at > - http://opensource.org/licenses/bsd-license.php. > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsImpl.h" > - > -EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol =3D { > - TlsConfigurationSetData, > - TlsConfigurationGetData > -}; > - > -/** > - Set TLS configuration data. > - > - The SetData() function sets TLS configuration to non-volatile storage = or > volatile > - storage. > - > - @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > - @param[in] DataType Configuration data type. > - @param[in] Data Pointer to configuration data. > - @param[in] DataSize Total size of configuration data. > - > - @retval EFI_SUCCESS The TLS configuration data is set succ= essfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - Data is NULL. > - DataSize is 0. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsConfigurationSetData ( > - IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > - IN EFI_TLS_CONFIG_DATA_TYPE DataType, > - IN VOID *Data, > - IN UINTN DataSize > - ) > -{ > - EFI_STATUS Status; > - TLS_INSTANCE *Instance; > - EFI_TPL OldTpl; > - > - Status =3D EFI_SUCCESS; > - > - if (This =3D=3D NULL || Data =3D=3D NULL || DataSize =3D=3D 0) { > - return EFI_INVALID_PARAMETER; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - Instance =3D TLS_INSTANCE_FROM_CONFIGURATION (This); > - > - switch (DataType) { > - case EfiTlsConfigDataTypeCACertificate: > - Status =3D TlsSetCaCertificate (Instance->TlsConn, Data, DataSize); > - break; > - case EfiTlsConfigDataTypeHostPublicCert: > - Status =3D TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize); > - break; > - case EfiTlsConfigDataTypeHostPrivateKey: > - Status =3D TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize); > - break; > - case EfiTlsConfigDataTypeCertRevocationList: > - Status =3D TlsSetCertRevocationList (Data, DataSize); > - break; > - default: > - Status =3D EFI_UNSUPPORTED; > - } > - > - gBS->RestoreTPL (OldTpl); > - return Status; > -} > - > -/** > - Get TLS configuration data. > - > - The GetData() function gets TLS configuration. > - > - @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > - @param[in] DataType Configuration data type. > - @param[in, out] Data Pointer to configuration data. > - @param[in, out] DataSize Total size of configuration data. On i= nput, it > means > - the size of Data buffer. On output, it= means the size > - of copied Data buffer if EFI_SUCCESS, = and means the > - size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > - > - @retval EFI_SUCCESS The TLS configuration data is got succ= essfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - DataSize is NULL. > - Data is NULL if *DataSize is not zero. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_NOT_FOUND The TLS configuration data is not foun= d. > - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > -**/ > -EFI_STATUS > -EFIAPI > -TlsConfigurationGetData ( > - IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > - IN EFI_TLS_CONFIG_DATA_TYPE DataType, > - IN OUT VOID *Data, OPTIONAL > - IN OUT UINTN *DataSize > - ) > -{ > - EFI_STATUS Status; > - TLS_INSTANCE *Instance; > - > - EFI_TPL OldTpl; > - > - Status =3D EFI_SUCCESS; > - > - if (This =3D=3D NULL || DataSize =3D=3D NULL || (Data =3D=3D NULL && *= DataSize !=3D 0)) { > - return EFI_INVALID_PARAMETER; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - Instance =3D TLS_INSTANCE_FROM_CONFIGURATION (This); > - > - switch (DataType) { > - case EfiTlsConfigDataTypeCACertificate: > - Status =3D TlsGetCaCertificate (Instance->TlsConn, Data, DataSize); > - break; > - case EfiTlsConfigDataTypeHostPublicCert: > - Status =3D TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize); > - break; > - case EfiTlsConfigDataTypeHostPrivateKey: > - Status =3D TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize); > - break; > - case EfiTlsConfigDataTypeCertRevocationList: > - Status =3D TlsGetCertRevocationList (Data, DataSize); > - break; > - default: > - Status =3D EFI_UNSUPPORTED; > - } > - > - gBS->RestoreTPL (OldTpl); > - return Status; > -} > +/** @file > + Implementation of EFI TLS Configuration Protocol Interfaces. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be > found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsImpl.h" > + > +EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol =3D { > + TlsConfigurationSetData, > + TlsConfigurationGetData > +}; > + > +/** > + Set TLS configuration data. > + > + The SetData() function sets TLS configuration to non-volatile storage = or > volatile > + storage. > + > + @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + @param[in] DataType Configuration data type. > + @param[in] Data Pointer to configuration data. > + @param[in] DataSize Total size of configuration data. > + > + @retval EFI_SUCCESS The TLS configuration data is set succ= essfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + Data is NULL. > + DataSize is 0. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsConfigurationSetData ( > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > + IN VOID *Data, > + IN UINTN DataSize > + ) > +{ > + EFI_STATUS Status; > + TLS_INSTANCE *Instance; > + EFI_TPL OldTpl; > + > + Status =3D EFI_SUCCESS; > + > + if (This =3D=3D NULL || Data =3D=3D NULL || DataSize =3D=3D 0) { > + return EFI_INVALID_PARAMETER; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + Instance =3D TLS_INSTANCE_FROM_CONFIGURATION (This); > + > + switch (DataType) { > + case EfiTlsConfigDataTypeCACertificate: > + Status =3D TlsSetCaCertificate (Instance->TlsConn, Data, DataSize); > + break; > + case EfiTlsConfigDataTypeHostPublicCert: > + Status =3D TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize); > + break; > + case EfiTlsConfigDataTypeHostPrivateKey: > + Status =3D TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize); > + break; > + case EfiTlsConfigDataTypeCertRevocationList: > + Status =3D TlsSetCertRevocationList (Data, DataSize); > + break; > + default: > + Status =3D EFI_UNSUPPORTED; > + } > + > + gBS->RestoreTPL (OldTpl); > + return Status; > +} > + > +/** > + Get TLS configuration data. > + > + The GetData() function gets TLS configuration. > + > + @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + @param[in] DataType Configuration data type. > + @param[in, out] Data Pointer to configuration data. > + @param[in, out] DataSize Total size of configuration data. On i= nput, it > means > + the size of Data buffer. On output, it= means the size > + of copied Data buffer if EFI_SUCCESS, = and means the > + size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > + > + @retval EFI_SUCCESS The TLS configuration data is got succ= essfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + DataSize is NULL. > + Data is NULL if *DataSize is not zero. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_NOT_FOUND The TLS configuration data is not foun= d. > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > +**/ > +EFI_STATUS > +EFIAPI > +TlsConfigurationGetData ( > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > + IN OUT VOID *Data, OPTIONAL > + IN OUT UINTN *DataSize > + ) > +{ > + EFI_STATUS Status; > + TLS_INSTANCE *Instance; > + > + EFI_TPL OldTpl; > + > + Status =3D EFI_SUCCESS; > + > + if (This =3D=3D NULL || DataSize =3D=3D NULL || (Data =3D=3D NULL && *= DataSize !=3D 0)) > { > + return EFI_INVALID_PARAMETER; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + Instance =3D TLS_INSTANCE_FROM_CONFIGURATION (This); > + > + switch (DataType) { > + case EfiTlsConfigDataTypeCACertificate: > + Status =3D TlsGetCaCertificate (Instance->TlsConn, Data, DataSize); > + break; > + case EfiTlsConfigDataTypeHostPublicCert: > + Status =3D TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize); > + break; > + case EfiTlsConfigDataTypeHostPrivateKey: > + Status =3D TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize); > + break; > + case EfiTlsConfigDataTypeCertRevocationList: > + Status =3D TlsGetCertRevocationList (Data, DataSize); > + break; > + default: > + Status =3D EFI_UNSUPPORTED; > + } > + > + gBS->RestoreTPL (OldTpl); > + return Status; > +} > + > diff --git a/NetworkPkg/TlsDxe/TlsDriver.c b/NetworkPkg/TlsDxe/TlsDriver.= c > index 38bf5993ce..29bc966c3e 100644 > --- a/NetworkPkg/TlsDxe/TlsDriver.c > +++ b/NetworkPkg/TlsDxe/TlsDriver.c > @@ -1,496 +1,497 @@ > -/** @file > - The Driver Binding and Service Binding Protocol for TlsDxe driver. > - > - Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the = BSD > License > - which accompanies this distribution. The full text of the license may= be > found at > - http://opensource.org/licenses/bsd-license.php. > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsImpl.h" > - > -EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding =3D { > - TlsServiceBindingCreateChild, > - TlsServiceBindingDestroyChild > -}; > - > -/** > - Release all the resources used by the TLS instance. > - > - @param[in] Instance The TLS instance data. > - > -**/ > -VOID > -TlsCleanInstance ( > - IN TLS_INSTANCE *Instance > - ) > -{ > - if (Instance !=3D NULL) { > - if (Instance->TlsConn !=3D NULL) { > - TlsFree (Instance->TlsConn); > - } > - > - FreePool (Instance); > - } > -} > - > -/** > - Create the TLS instance and initialize it. > - > - @param[in] Service The pointer to the TLS service. > - @param[out] Instance The pointer to the TLS instance. > - > - @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. > - @retval EFI_SUCCESS The TLS instance is created. > - > -**/ > -EFI_STATUS > -TlsCreateInstance ( > - IN TLS_SERVICE *Service, > - OUT TLS_INSTANCE **Instance > - ) > -{ > - TLS_INSTANCE *TlsInstance; > - > - *Instance =3D NULL; > - > - TlsInstance =3D AllocateZeroPool (sizeof (TLS_INSTANCE)); > - if (TlsInstance =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - TlsInstance->Signature =3D TLS_INSTANCE_SIGNATURE; > - InitializeListHead (&TlsInstance->Link); > - TlsInstance->InDestroy =3D FALSE; > - TlsInstance->Service =3D Service; > - > - CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls)); > - CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof > (TlsInstance->TlsConfig)); > - > - TlsInstance->TlsSessionState =3D EfiTlsSessionNotStarted; > - > - *Instance =3D TlsInstance; > - > - return EFI_SUCCESS; > -} > - > -/** > - Release all the resources used by the TLS service binding instance. > - > - @param[in] Service The TLS service data. > - > -**/ > -VOID > -TlsCleanService ( > - IN TLS_SERVICE *Service > - ) > -{ > - if (Service !=3D NULL) { > - if (Service->TlsCtx !=3D NULL) { > - TlsCtxFree (Service->TlsCtx); > - } > - > - FreePool (Service); > - } > -} > - > -/** > - Create then initialize a TLS service. > - > - @param[in] Image ImageHandle of the TLS driver > - @param[out] Service The service for TLS driver > - > - @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create t= he > service. > - @retval EFI_SUCCESS The service is created for the driver. > - > -**/ > -EFI_STATUS > -TlsCreateService ( > - IN EFI_HANDLE Image, > - OUT TLS_SERVICE **Service > - ) > -{ > - TLS_SERVICE *TlsService; > - > - ASSERT (Service !=3D NULL); > - > - *Service =3D NULL; > - > - // > - // Allocate a TLS Service Data > - // > - TlsService =3D AllocateZeroPool (sizeof (TLS_SERVICE)); > - if (TlsService =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - // > - // Initialize TLS Service Data > - // > - TlsService->Signature =3D TLS_SERVICE_SIGNATURE; > - CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof > (TlsService->ServiceBinding)); > - TlsService->TlsChildrenNum =3D 0; > - InitializeListHead (&TlsService->TlsChildrenList); > - TlsService->ImageHandle =3D Image; > - > - *Service =3D TlsService; > - > - return EFI_SUCCESS; > -} > - > -/** > - Unloads an image. > - > - @param[in] ImageHandle Handle that identifies the image to = be > unloaded. > - > - @retval EFI_SUCCESS The image has been unloaded. > - @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsUnload ( > - IN EFI_HANDLE ImageHandle > - ) > -{ > - EFI_STATUS Status; > - UINTN HandleNum; > - EFI_HANDLE *HandleBuffer; > - UINT32 Index; > - EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding; > - TLS_SERVICE *TlsService; > - > - HandleBuffer =3D NULL; > - ServiceBinding =3D NULL; > - TlsService =3D NULL; > - > - // > - // Locate all the handles with Tls service binding protocol. > - // > - Status =3D gBS->LocateHandleBuffer ( > - ByProtocol, > - &gEfiTlsServiceBindingProtocolGuid, > - NULL, > - &HandleNum, > - &HandleBuffer > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - for (Index =3D 0; Index < HandleNum; Index++) { > - // > - // Firstly, find ServiceBinding interface > - // > - Status =3D gBS->OpenProtocol ( > - HandleBuffer[Index], > - &gEfiTlsServiceBindingProtocolGuid, > - (VOID **) &ServiceBinding, > - ImageHandle, > - NULL, > - EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - TlsService =3D TLS_SERVICE_FROM_THIS (ServiceBinding); > - > - // > - // Then, uninstall ServiceBinding interface > - // > - Status =3D gBS->UninstallMultipleProtocolInterfaces ( > - HandleBuffer[Index], > - &gEfiTlsServiceBindingProtocolGuid, ServiceBinding, > - NULL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - TlsCleanService (TlsService); > - } > - > - if (HandleBuffer !=3D NULL) { > - FreePool (HandleBuffer); > - } > - > - return EFI_SUCCESS; > -} > - > -/** > - This is the declaration of an EFI image entry point. This entry point = is > - the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers incl= uding > - both device drivers and bus drivers. > - > - @param ImageHandle The firmware allocated handle for the UE= FI > image. > - @param SystemTable A pointer to the EFI System Table. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval Others An unexpected error occurred. > -**/ > -EFI_STATUS > -EFIAPI > -TlsDriverEntryPoint ( > - IN EFI_HANDLE ImageHandle, > - IN EFI_SYSTEM_TABLE *SystemTable > - ) > -{ > - EFI_STATUS Status; > - > - TLS_SERVICE *TlsService; > - > - // > - // Create TLS Service > - // > - Status =3D TlsCreateService (ImageHandle, &TlsService); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - ASSERT (TlsService !=3D NULL); > - > - // > - // Initializes the OpenSSL library. > - // > - TlsInitialize (); > - > - // > - // Create a new SSL_CTX object as framework to establish TLS/SSL enabl= ed > - // connections. TLS 1.0 is used as the default version. > - // > - TlsService->TlsCtx =3D TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, > TLS10_PROTOCOL_VERSION_MINOR); > - if (TlsService->TlsCtx =3D=3D NULL) { > - FreePool (TlsService); > - return EFI_ABORTED; > - } > - > - // > - // Install the TlsServiceBinding Protocol onto Handle > - // > - Status =3D gBS->InstallMultipleProtocolInterfaces ( > - &TlsService->Handle, > - &gEfiTlsServiceBindingProtocolGuid, > - &TlsService->ServiceBinding, > - NULL > - ); > - if (EFI_ERROR (Status)) { > - goto ON_CLEAN_SERVICE; > - } > - > - return Status; > - > -ON_CLEAN_SERVICE: > - TlsCleanService (TlsService); > - > - return Status; > -} > - > -/** > - Creates a child handle and installs a protocol. > - > - The CreateChild() function installs a protocol on ChildHandle. > - If ChildHandle is a pointer to NULL, then a new handle is created and > returned in ChildHandle. > - If ChildHandle is not a pointer to NULL, then the protocol installs on= the > existing ChildHandle. > - > - @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > - @param[in] ChildHandle Pointer to the handle of the child to create. I= f it is > NULL, > - then a new handle is created. If it is a pointe= r to an existing UEFI > handle, > - then the protocol is added to the existing UEFI= handle. > - > - @retval EFI_SUCCES The protocol was added to ChildHandle. > - @retval EFI_INVALID_PARAMETER ChildHandle is NULL. > - @retval EFI_OUT_OF_RESOURCES There are not enough resources > available to create > - the child. > - @retval other The child handle was not created. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsServiceBindingCreateChild ( > - IN EFI_SERVICE_BINDING_PROTOCOL *This, > - IN EFI_HANDLE *ChildHandle > - ) > -{ > - TLS_SERVICE *TlsService; > - TLS_INSTANCE *TlsInstance; > - EFI_STATUS Status; > - EFI_TPL OldTpl; > - > - if ((This =3D=3D NULL) || (ChildHandle =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - TlsService =3D TLS_SERVICE_FROM_THIS (This); > - > - Status =3D TlsCreateInstance (TlsService, &TlsInstance); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - ASSERT (TlsInstance !=3D NULL); > - > - // > - // Create a new TLS connection object. > - // > - TlsInstance->TlsConn =3D TlsNew (TlsService->TlsCtx); > - if (TlsInstance->TlsConn =3D=3D NULL) { > - Status =3D EFI_ABORTED; > - goto ON_ERROR; > - } > - > - // > - // Set default ConnectionEnd to EfiTlsClient > - // > - Status =3D TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); > - if (EFI_ERROR (Status)) { > - goto ON_ERROR; > - } > - > - // > - // Install TLS protocol and configuration protocol onto ChildHandle > - // > - Status =3D gBS->InstallMultipleProtocolInterfaces ( > - ChildHandle, > - &gEfiTlsProtocolGuid, > - &TlsInstance->Tls, > - &gEfiTlsConfigurationProtocolGuid, > - &TlsInstance->TlsConfig, > - NULL > - ); > - if (EFI_ERROR (Status)) { > - goto ON_ERROR; > - } > - > - TlsInstance->ChildHandle =3D *ChildHandle; > - > - // > - // Add it to the TLS service's child list. > - // > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link); > - TlsService->TlsChildrenNum++; > - > - gBS->RestoreTPL (OldTpl); > - > - return EFI_SUCCESS; > - > -ON_ERROR: > - TlsCleanInstance (TlsInstance); > - return Status; > -} > - > -/** > - Destroys a child handle with a protocol installed on it. > - > - The DestroyChild() function does the opposite of CreateChild(). It rem= oves > a protocol > - that was installed by CreateChild() from ChildHandle. If the removed > protocol is the > - last protocol on ChildHandle, then ChildHandle is destroyed. > - > - @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > - @param ChildHandle Handle of the child to destroy. > - > - @retval EFI_SUCCES The protocol was removed from ChildHandl= e. > - @retval EFI_UNSUPPORTED ChildHandle does not support the protoco= l > that is being removed. > - @retval EFI_INVALID_PARAMETER Child handle is NULL. > - @retval EFI_ACCESS_DENIED The protocol could not be removed from > the ChildHandle > - because its services are being used. > - @retval other The child handle was not destroyed. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsServiceBindingDestroyChild ( > - IN EFI_SERVICE_BINDING_PROTOCOL *This, > - IN EFI_HANDLE ChildHandle > - ) > -{ > - TLS_SERVICE *TlsService; > - TLS_INSTANCE *TlsInstance; > - > - EFI_TLS_PROTOCOL *Tls; > - EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig; > - EFI_STATUS Status; > - EFI_TPL OldTpl; > - > - if ((This =3D=3D NULL) || (ChildHandle =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - TlsService =3D TLS_SERVICE_FROM_THIS (This); > - > - // > - // Find TLS protocol interface installed in ChildHandle > - // > - Status =3D gBS->OpenProtocol ( > - ChildHandle, > - &gEfiTlsProtocolGuid, > - (VOID **) &Tls, > - TlsService->ImageHandle, > - NULL, > - EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - // > - // Find TLS configuration protocol interface installed in ChildHandle > - // > - Status =3D gBS->OpenProtocol ( > - ChildHandle, > - &gEfiTlsConfigurationProtocolGuid, > - (VOID **) &TlsConfig, > - TlsService->ImageHandle, > - NULL, > - EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - TlsInstance =3D TLS_INSTANCE_FROM_PROTOCOL (Tls); > - > - if (TlsInstance->Service !=3D TlsService) { > - return EFI_INVALID_PARAMETER; > - } > - > - if (TlsInstance->InDestroy) { > - return EFI_SUCCESS; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - TlsInstance->InDestroy =3D TRUE; > - > - // > - // Uninstall the TLS protocol and TLS Configuration Protocol interface > installed in ChildHandle. > - // > - Status =3D gBS->UninstallMultipleProtocolInterfaces ( > - ChildHandle, > - &gEfiTlsProtocolGuid, > - Tls, > - &gEfiTlsConfigurationProtocolGuid, > - TlsConfig, > - NULL > - ); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - RemoveEntryList (&TlsInstance->Link); > - TlsService->TlsChildrenNum--; > - > - gBS->RestoreTPL (OldTpl); > - > - TlsCleanInstance (TlsInstance); > - > - return EFI_SUCCESS; > -} > +/** @file > + The Driver Binding and Service Binding Protocol for TlsDxe driver. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be > found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsImpl.h" > + > +EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding =3D { > + TlsServiceBindingCreateChild, > + TlsServiceBindingDestroyChild > +}; > + > +/** > + Release all the resources used by the TLS instance. > + > + @param[in] Instance The TLS instance data. > + > +**/ > +VOID > +TlsCleanInstance ( > + IN TLS_INSTANCE *Instance > + ) > +{ > + if (Instance !=3D NULL) { > + if (Instance->TlsConn !=3D NULL) { > + TlsFree (Instance->TlsConn); > + } > + > + FreePool (Instance); > + } > +} > + > +/** > + Create the TLS instance and initialize it. > + > + @param[in] Service The pointer to the TLS service. > + @param[out] Instance The pointer to the TLS instance. > + > + @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. > + @retval EFI_SUCCESS The TLS instance is created. > + > +**/ > +EFI_STATUS > +TlsCreateInstance ( > + IN TLS_SERVICE *Service, > + OUT TLS_INSTANCE **Instance > + ) > +{ > + TLS_INSTANCE *TlsInstance; > + > + *Instance =3D NULL; > + > + TlsInstance =3D AllocateZeroPool (sizeof (TLS_INSTANCE)); > + if (TlsInstance =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + TlsInstance->Signature =3D TLS_INSTANCE_SIGNATURE; > + InitializeListHead (&TlsInstance->Link); > + TlsInstance->InDestroy =3D FALSE; > + TlsInstance->Service =3D Service; > + > + CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls)); > + CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof > (TlsInstance->TlsConfig)); > + > + TlsInstance->TlsSessionState =3D EfiTlsSessionNotStarted; > + > + *Instance =3D TlsInstance; > + > + return EFI_SUCCESS; > +} > + > +/** > + Release all the resources used by the TLS service binding instance. > + > + @param[in] Service The TLS service data. > + > +**/ > +VOID > +TlsCleanService ( > + IN TLS_SERVICE *Service > + ) > +{ > + if (Service !=3D NULL) { > + if (Service->TlsCtx !=3D NULL) { > + TlsCtxFree (Service->TlsCtx); > + } > + > + FreePool (Service); > + } > +} > + > +/** > + Create then initialize a TLS service. > + > + @param[in] Image ImageHandle of the TLS driver > + @param[out] Service The service for TLS driver > + > + @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create > the service. > + @retval EFI_SUCCESS The service is created for the driver. > + > +**/ > +EFI_STATUS > +TlsCreateService ( > + IN EFI_HANDLE Image, > + OUT TLS_SERVICE **Service > + ) > +{ > + TLS_SERVICE *TlsService; > + > + ASSERT (Service !=3D NULL); > + > + *Service =3D NULL; > + > + // > + // Allocate a TLS Service Data > + // > + TlsService =3D AllocateZeroPool (sizeof (TLS_SERVICE)); > + if (TlsService =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + // > + // Initialize TLS Service Data > + // > + TlsService->Signature =3D TLS_SERVICE_SIGNATURE; > + CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof > (TlsService->ServiceBinding)); > + TlsService->TlsChildrenNum =3D 0; > + InitializeListHead (&TlsService->TlsChildrenList); > + TlsService->ImageHandle =3D Image; > + > + *Service =3D TlsService; > + > + return EFI_SUCCESS; > +} > + > +/** > + Unloads an image. > + > + @param[in] ImageHandle Handle that identifies the image to = be > unloaded. > + > + @retval EFI_SUCCESS The image has been unloaded. > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image > handle. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsUnload ( > + IN EFI_HANDLE ImageHandle > + ) > +{ > + EFI_STATUS Status; > + UINTN HandleNum; > + EFI_HANDLE *HandleBuffer; > + UINT32 Index; > + EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding; > + TLS_SERVICE *TlsService; > + > + HandleBuffer =3D NULL; > + ServiceBinding =3D NULL; > + TlsService =3D NULL; > + > + // > + // Locate all the handles with Tls service binding protocol. > + // > + Status =3D gBS->LocateHandleBuffer ( > + ByProtocol, > + &gEfiTlsServiceBindingProtocolGuid, > + NULL, > + &HandleNum, > + &HandleBuffer > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + for (Index =3D 0; Index < HandleNum; Index++) { > + // > + // Firstly, find ServiceBinding interface > + // > + Status =3D gBS->OpenProtocol ( > + HandleBuffer[Index], > + &gEfiTlsServiceBindingProtocolGuid, > + (VOID **) &ServiceBinding, > + ImageHandle, > + NULL, > + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + TlsService =3D TLS_SERVICE_FROM_THIS (ServiceBinding); > + > + // > + // Then, uninstall ServiceBinding interface > + // > + Status =3D gBS->UninstallMultipleProtocolInterfaces ( > + HandleBuffer[Index], > + &gEfiTlsServiceBindingProtocolGuid, ServiceBinding, > + NULL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + TlsCleanService (TlsService); > + } > + > + if (HandleBuffer !=3D NULL) { > + FreePool (HandleBuffer); > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + This is the declaration of an EFI image entry point. This entry point = is > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers incl= uding > + both device drivers and bus drivers. > + > + @param ImageHandle The firmware allocated handle for the UE= FI > image. > + @param SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval Others An unexpected error occurred. > +**/ > +EFI_STATUS > +EFIAPI > +TlsDriverEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + > + TLS_SERVICE *TlsService; > + > + // > + // Create TLS Service > + // > + Status =3D TlsCreateService (ImageHandle, &TlsService); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + ASSERT (TlsService !=3D NULL); > + > + // > + // Initializes the OpenSSL library. > + // > + TlsInitialize (); > + > + // > + // Create a new SSL_CTX object as framework to establish TLS/SSL enabl= ed > + // connections. TLS 1.0 is used as the default version. > + // > + TlsService->TlsCtx =3D TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, > TLS10_PROTOCOL_VERSION_MINOR); > + if (TlsService->TlsCtx =3D=3D NULL) { > + FreePool (TlsService); > + return EFI_ABORTED; > + } > + > + // > + // Install the TlsServiceBinding Protocol onto Handle > + // > + Status =3D gBS->InstallMultipleProtocolInterfaces ( > + &TlsService->Handle, > + &gEfiTlsServiceBindingProtocolGuid, > + &TlsService->ServiceBinding, > + NULL > + ); > + if (EFI_ERROR (Status)) { > + goto ON_CLEAN_SERVICE; > + } > + > + return Status; > + > +ON_CLEAN_SERVICE: > + TlsCleanService (TlsService); > + > + return Status; > +} > + > +/** > + Creates a child handle and installs a protocol. > + > + The CreateChild() function installs a protocol on ChildHandle. > + If ChildHandle is a pointer to NULL, then a new handle is created and > returned in ChildHandle. > + If ChildHandle is not a pointer to NULL, then the protocol installs on= the > existing ChildHandle. > + > + @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > + @param[in] ChildHandle Pointer to the handle of the child to create. I= f it is > NULL, > + then a new handle is created. If it is a pointe= r to an existing > UEFI handle, > + then the protocol is added to the existing UEFI= handle. > + > + @retval EFI_SUCCES The protocol was added to ChildHandle. > + @retval EFI_INVALID_PARAMETER ChildHandle is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough resources > available to create > + the child. > + @retval other The child handle was not created. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsServiceBindingCreateChild ( > + IN EFI_SERVICE_BINDING_PROTOCOL *This, > + IN EFI_HANDLE *ChildHandle > + ) > +{ > + TLS_SERVICE *TlsService; > + TLS_INSTANCE *TlsInstance; > + EFI_STATUS Status; > + EFI_TPL OldTpl; > + > + if ((This =3D=3D NULL) || (ChildHandle =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + TlsService =3D TLS_SERVICE_FROM_THIS (This); > + > + Status =3D TlsCreateInstance (TlsService, &TlsInstance); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + ASSERT (TlsInstance !=3D NULL); > + > + // > + // Create a new TLS connection object. > + // > + TlsInstance->TlsConn =3D TlsNew (TlsService->TlsCtx); > + if (TlsInstance->TlsConn =3D=3D NULL) { > + Status =3D EFI_ABORTED; > + goto ON_ERROR; > + } > + > + // > + // Set default ConnectionEnd to EfiTlsClient > + // > + Status =3D TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient); > + if (EFI_ERROR (Status)) { > + goto ON_ERROR; > + } > + > + // > + // Install TLS protocol and configuration protocol onto ChildHandle > + // > + Status =3D gBS->InstallMultipleProtocolInterfaces ( > + ChildHandle, > + &gEfiTlsProtocolGuid, > + &TlsInstance->Tls, > + &gEfiTlsConfigurationProtocolGuid, > + &TlsInstance->TlsConfig, > + NULL > + ); > + if (EFI_ERROR (Status)) { > + goto ON_ERROR; > + } > + > + TlsInstance->ChildHandle =3D *ChildHandle; > + > + // > + // Add it to the TLS service's child list. > + // > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link); > + TlsService->TlsChildrenNum++; > + > + gBS->RestoreTPL (OldTpl); > + > + return EFI_SUCCESS; > + > +ON_ERROR: > + TlsCleanInstance (TlsInstance); > + return Status; > +} > + > +/** > + Destroys a child handle with a protocol installed on it. > + > + The DestroyChild() function does the opposite of CreateChild(). It rem= oves > a protocol > + that was installed by CreateChild() from ChildHandle. If the removed > protocol is the > + last protocol on ChildHandle, then ChildHandle is destroyed. > + > + @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > + @param ChildHandle Handle of the child to destroy. > + > + @retval EFI_SUCCES The protocol was removed from ChildHandl= e. > + @retval EFI_UNSUPPORTED ChildHandle does not support the protoco= l > that is being removed. > + @retval EFI_INVALID_PARAMETER Child handle is NULL. > + @retval EFI_ACCESS_DENIED The protocol could not be removed from > the ChildHandle > + because its services are being used. > + @retval other The child handle was not destroyed. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsServiceBindingDestroyChild ( > + IN EFI_SERVICE_BINDING_PROTOCOL *This, > + IN EFI_HANDLE ChildHandle > + ) > +{ > + TLS_SERVICE *TlsService; > + TLS_INSTANCE *TlsInstance; > + > + EFI_TLS_PROTOCOL *Tls; > + EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig; > + EFI_STATUS Status; > + EFI_TPL OldTpl; > + > + if ((This =3D=3D NULL) || (ChildHandle =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + TlsService =3D TLS_SERVICE_FROM_THIS (This); > + > + // > + // Find TLS protocol interface installed in ChildHandle > + // > + Status =3D gBS->OpenProtocol ( > + ChildHandle, > + &gEfiTlsProtocolGuid, > + (VOID **) &Tls, > + TlsService->ImageHandle, > + NULL, > + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + // > + // Find TLS configuration protocol interface installed in ChildHandle > + // > + Status =3D gBS->OpenProtocol ( > + ChildHandle, > + &gEfiTlsConfigurationProtocolGuid, > + (VOID **) &TlsConfig, > + TlsService->ImageHandle, > + NULL, > + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + TlsInstance =3D TLS_INSTANCE_FROM_PROTOCOL (Tls); > + > + if (TlsInstance->Service !=3D TlsService) { > + return EFI_INVALID_PARAMETER; > + } > + > + if (TlsInstance->InDestroy) { > + return EFI_SUCCESS; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + TlsInstance->InDestroy =3D TRUE; > + > + // > + // Uninstall the TLS protocol and TLS Configuration Protocol interface > installed in ChildHandle. > + // > + Status =3D gBS->UninstallMultipleProtocolInterfaces ( > + ChildHandle, > + &gEfiTlsProtocolGuid, > + Tls, > + &gEfiTlsConfigurationProtocolGuid, > + TlsConfig, > + NULL > + ); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + RemoveEntryList (&TlsInstance->Link); > + TlsService->TlsChildrenNum--; > + > + gBS->RestoreTPL (OldTpl); > + > + TlsCleanInstance (TlsInstance); > + > + return EFI_SUCCESS; > +} > + > diff --git a/NetworkPkg/TlsDxe/TlsDriver.h b/NetworkPkg/TlsDxe/TlsDriver.= h > index a9e55ba752..950429af8f 100644 > --- a/NetworkPkg/TlsDxe/TlsDriver.h > +++ b/NetworkPkg/TlsDxe/TlsDriver.h > @@ -1,237 +1,238 @@ > -/** @file > - Header file of the Driver Binding and Service Binding Protocol for Tls= Dxe > driver. > - > - Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the = BSD > License > - which accompanies this distribution. The full text of the license may= be > found at > - http://opensource.org/licenses/bsd-license.php. > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __EFI_TLS_DRIVER_H__ > -#define __EFI_TLS_DRIVER_H__ > - > -#include > - > -// > -// Driver Protocols > -// > -#include > - > -// > -// Driver Version > -// > -#define TLS_VERSION 0x00000000 > - > -#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S') > - > -#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I') > - > -/// > -/// TLS Service Data > -/// > -typedef struct _TLS_SERVICE TLS_SERVICE; > - > -/// > -/// TLS Instance Data > -/// > -typedef struct _TLS_INSTANCE TLS_INSTANCE; > - > - > -struct _TLS_SERVICE { > - UINT32 Signature; > - EFI_SERVICE_BINDING_PROTOCOL ServiceBinding; > - > - UINT16 TlsChildrenNum; > - LIST_ENTRY TlsChildrenList; > - > - // > - // Handle to install TlsServiceBinding protocol. > - // > - EFI_HANDLE Handle; > - EFI_HANDLE ImageHandle; > - > - // > - // Main SSL Context object which is created by a server or client once= per > program > - // life-time and which holds mainly default values for the SSL object = which > are later > - // created for the connections. > - // > - VOID *TlsCtx; > -}; > - > -struct _TLS_INSTANCE { > - UINT32 Signature; > - LIST_ENTRY Link; > - > - BOOLEAN InDestroy; > - > - TLS_SERVICE *Service; > - EFI_HANDLE ChildHandle; > - > - EFI_TLS_PROTOCOL Tls; > - EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig; > - > - EFI_TLS_SESSION_STATE TlsSessionState; > - > - // > - // Main SSL Connection which is created by a server or a client > - // per established connection. > - // > - VOID *TlsConn; > -}; > - > - > -#define TLS_SERVICE_FROM_THIS(a) \ > - CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE) > - > -#define TLS_INSTANCE_FROM_PROTOCOL(a) \ > - CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE) > - > -#define TLS_INSTANCE_FROM_CONFIGURATION(a) \ > - CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE) > - > - > -/** > - Release all the resources used by the TLS instance. > - > - @param[in] Instance The TLS instance data. > - > -**/ > -VOID > -TlsCleanInstance ( > - IN TLS_INSTANCE *Instance > - ); > - > -/** > - Create the TLS instance and initialize it. > - > - @param[in] Service The pointer to the TLS service. > - @param[out] Instance The pointer to the TLS instance. > - > - @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. > - @retval EFI_SUCCESS The TLS instance is created. > - > -**/ > -EFI_STATUS > -TlsCreateInstance ( > - IN TLS_SERVICE *Service, > - OUT TLS_INSTANCE **Instance > - ); > - > -/** > - Release all the resources used by the TLS service binding instance. > - > - @param[in] Service The TLS service data. > - > -**/ > -VOID > -TlsCleanService ( > - IN TLS_SERVICE *Service > - ); > - > -/** > - Create then initialize a TLS service. > - > - @param[in] Image ImageHandle of the TLS driver > - @param[out] Service The service for TLS driver > - > - @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create t= he > service. > - @retval EFI_SUCCESS The service is created for the driver. > - > -**/ > -EFI_STATUS > -TlsCreateService ( > - IN EFI_HANDLE Image, > - OUT TLS_SERVICE **Service > - ); > - > -/** > - Unloads an image. > - > - @param[in] ImageHandle Handle that identifies the image to be > unloaded. > - > - @retval EFI_SUCCESS The image has been unloaded. > - @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsUnload ( > - IN EFI_HANDLE ImageHandle > - ); > - > -/** > - This is the declaration of an EFI image entry point. This entry point = is > - the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers incl= uding > - both device drivers and bus drivers. > - > - @param ImageHandle The firmware allocated handle for the UE= FI > image. > - @param SystemTable A pointer to the EFI System Table. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval Others An unexpected error occurred. > -**/ > -EFI_STATUS > -EFIAPI > -TlsDriverEntryPoint ( > - IN EFI_HANDLE ImageHandle, > - IN EFI_SYSTEM_TABLE *SystemTable > - ); > - > -/** > - Creates a child handle and installs a protocol. > - > - The CreateChild() function installs a protocol on ChildHandle. > - If ChildHandle is a pointer to NULL, then a new handle is created and > returned in ChildHandle. > - If ChildHandle is not a pointer to NULL, then the protocol installs on= the > existing ChildHandle. > - > - @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > - @param[in] ChildHandle Pointer to the handle of the child to create. I= f it is > NULL, > - then a new handle is created. If it is a pointe= r to an existing UEFI > handle, > - then the protocol is added to the existing UEFI= handle. > - > - @retval EFI_SUCCES The protocol was added to ChildHandle. > - @retval EFI_INVALID_PARAMETER ChildHandle is NULL. > - @retval EFI_OUT_OF_RESOURCES There are not enough resources > available to create > - the child. > - @retval other The child handle was not created. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsServiceBindingCreateChild ( > - IN EFI_SERVICE_BINDING_PROTOCOL *This, > - IN EFI_HANDLE *ChildHandle > - ); > - > -/** > - Destroys a child handle with a protocol installed on it. > - > - The DestroyChild() function does the opposite of CreateChild(). It rem= oves > a protocol > - that was installed by CreateChild() from ChildHandle. If the removed > protocol is the > - last protocol on ChildHandle, then ChildHandle is destroyed. > - > - @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > - @param ChildHandle Handle of the child to destroy. > - > - @retval EFI_SUCCES The protocol was removed from ChildHandl= e. > - @retval EFI_UNSUPPORTED ChildHandle does not support the protoco= l > that is being removed. > - @retval EFI_INVALID_PARAMETER Child handle is NULL. > - @retval EFI_ACCESS_DENIED The protocol could not be removed from > the ChildHandle > - because its services are being used. > - @retval other The child handle was not destroyed. > - > -**/ > -EFI_STATUS > -EFIAPI > -TlsServiceBindingDestroyChild ( > - IN EFI_SERVICE_BINDING_PROTOCOL *This, > - IN EFI_HANDLE ChildHandle > - ); > - > -#endif > +/** @file > + Header file of the Driver Binding and Service Binding Protocol for Tls= Dxe > driver. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be > found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __EFI_TLS_DRIVER_H__ > +#define __EFI_TLS_DRIVER_H__ > + > +#include > + > +// > +// Driver Protocols > +// > +#include > + > +// > +// Driver Version > +// > +#define TLS_VERSION 0x00000000 > + > +#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S') > + > +#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I') > + > +/// > +/// TLS Service Data > +/// > +typedef struct _TLS_SERVICE TLS_SERVICE; > + > +/// > +/// TLS Instance Data > +/// > +typedef struct _TLS_INSTANCE TLS_INSTANCE; > + > + > +struct _TLS_SERVICE { > + UINT32 Signature; > + EFI_SERVICE_BINDING_PROTOCOL ServiceBinding; > + > + UINT16 TlsChildrenNum; > + LIST_ENTRY TlsChildrenList; > + > + // > + // Handle to install TlsServiceBinding protocol. > + // > + EFI_HANDLE Handle; > + EFI_HANDLE ImageHandle; > + > + // > + // Main SSL Context object which is created by a server or client once= per > program > + // life-time and which holds mainly default values for the SSL object = which > are later > + // created for the connections. > + // > + VOID *TlsCtx; > +}; > + > +struct _TLS_INSTANCE { > + UINT32 Signature; > + LIST_ENTRY Link; > + > + BOOLEAN InDestroy; > + > + TLS_SERVICE *Service; > + EFI_HANDLE ChildHandle; > + > + EFI_TLS_PROTOCOL Tls; > + EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig; > + > + EFI_TLS_SESSION_STATE TlsSessionState; > + > + // > + // Main SSL Connection which is created by a server or a client > + // per established connection. > + // > + VOID *TlsConn; > +}; > + > + > +#define TLS_SERVICE_FROM_THIS(a) \ > + CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE) > + > +#define TLS_INSTANCE_FROM_PROTOCOL(a) \ > + CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE) > + > +#define TLS_INSTANCE_FROM_CONFIGURATION(a) \ > + CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE) > + > + > +/** > + Release all the resources used by the TLS instance. > + > + @param[in] Instance The TLS instance data. > + > +**/ > +VOID > +TlsCleanInstance ( > + IN TLS_INSTANCE *Instance > + ); > + > +/** > + Create the TLS instance and initialize it. > + > + @param[in] Service The pointer to the TLS service. > + @param[out] Instance The pointer to the TLS instance. > + > + @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. > + @retval EFI_SUCCESS The TLS instance is created. > + > +**/ > +EFI_STATUS > +TlsCreateInstance ( > + IN TLS_SERVICE *Service, > + OUT TLS_INSTANCE **Instance > + ); > + > +/** > + Release all the resources used by the TLS service binding instance. > + > + @param[in] Service The TLS service data. > + > +**/ > +VOID > +TlsCleanService ( > + IN TLS_SERVICE *Service > + ); > + > +/** > + Create then initialize a TLS service. > + > + @param[in] Image ImageHandle of the TLS driver > + @param[out] Service The service for TLS driver > + > + @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create > the service. > + @retval EFI_SUCCESS The service is created for the driver. > + > +**/ > +EFI_STATUS > +TlsCreateService ( > + IN EFI_HANDLE Image, > + OUT TLS_SERVICE **Service > + ); > + > +/** > + Unloads an image. > + > + @param[in] ImageHandle Handle that identifies the image to be > unloaded. > + > + @retval EFI_SUCCESS The image has been unloaded. > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image > handle. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsUnload ( > + IN EFI_HANDLE ImageHandle > + ); > + > +/** > + This is the declaration of an EFI image entry point. This entry point = is > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers incl= uding > + both device drivers and bus drivers. > + > + @param ImageHandle The firmware allocated handle for the UE= FI > image. > + @param SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval Others An unexpected error occurred. > +**/ > +EFI_STATUS > +EFIAPI > +TlsDriverEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ); > + > +/** > + Creates a child handle and installs a protocol. > + > + The CreateChild() function installs a protocol on ChildHandle. > + If ChildHandle is a pointer to NULL, then a new handle is created and > returned in ChildHandle. > + If ChildHandle is not a pointer to NULL, then the protocol installs on= the > existing ChildHandle. > + > + @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > + @param[in] ChildHandle Pointer to the handle of the child to create. I= f it is > NULL, > + then a new handle is created. If it is a pointe= r to an existing > UEFI handle, > + then the protocol is added to the existing UEFI= handle. > + > + @retval EFI_SUCCES The protocol was added to ChildHandle. > + @retval EFI_INVALID_PARAMETER ChildHandle is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough resources > available to create > + the child. > + @retval other The child handle was not created. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsServiceBindingCreateChild ( > + IN EFI_SERVICE_BINDING_PROTOCOL *This, > + IN EFI_HANDLE *ChildHandle > + ); > + > +/** > + Destroys a child handle with a protocol installed on it. > + > + The DestroyChild() function does the opposite of CreateChild(). It rem= oves > a protocol > + that was installed by CreateChild() from ChildHandle. If the removed > protocol is the > + last protocol on ChildHandle, then ChildHandle is destroyed. > + > + @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL > instance. > + @param ChildHandle Handle of the child to destroy. > + > + @retval EFI_SUCCES The protocol was removed from ChildHandl= e. > + @retval EFI_UNSUPPORTED ChildHandle does not support the protoco= l > that is being removed. > + @retval EFI_INVALID_PARAMETER Child handle is NULL. > + @retval EFI_ACCESS_DENIED The protocol could not be removed from > the ChildHandle > + because its services are being used. > + @retval other The child handle was not destroyed. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsServiceBindingDestroyChild ( > + IN EFI_SERVICE_BINDING_PROTOCOL *This, > + IN EFI_HANDLE ChildHandle > + ); > + > +#endif > + > diff --git a/NetworkPkg/TlsDxe/TlsDxe.inf b/NetworkPkg/TlsDxe/TlsDxe.inf > index dba3257203..907feb735b 100644 > --- a/NetworkPkg/TlsDxe/TlsDxe.inf > +++ b/NetworkPkg/TlsDxe/TlsDxe.inf > @@ -1,65 +1,66 @@ > -## @file > -# This module produces EFI TLS Protocol, EFI TLS Service Binding Protoc= ol > and > -# EFI TLS Configuration Protocol. > -# > -# This module produces EFI TLS (Transport Layer Security) Protocol and = EFI > TLS > -# Service Binding Protocol, to provide TLS services. > -# > -# Copyright (c) 2016, Intel Corporation. All rights reserved.
> -# > -# This program and the accompanying materials > -# are licensed and made available under the terms and conditions of the > BSD License > -# which accompanies this distribution. The full text of the license may= be > found at > -# http://opensource.org/licenses/bsd-license.php. > -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > -# > -# > -## > - > -[Defines] > - INF_VERSION =3D 0x00010005 > - BASE_NAME =3D TlsDxe > - FILE_GUID =3D 3aceb0c0-3c72-11e4-9a56-74d435052646 > - MODULE_TYPE =3D UEFI_DRIVER > - VERSION_STRING =3D 1.0 > - ENTRY_POINT =3D TlsDriverEntryPoint > - UNLOAD_IMAGE =3D TlsUnload > - MODULE_UNI_FILE =3D TlsDxe.uni > - > -# > -# VALID_ARCHITECTURES =3D IA32 X64 > -# > - > -[Packages] > - MdePkg/MdePkg.dec > - MdeModulePkg/MdeModulePkg.dec > - CryptoPkg/CryptoPkg.dec > - > -[Sources] > - TlsDriver.h > - TlsDriver.c > - TlsProtocol.c > - TlsConfigProtocol.c > - TlsImpl.h > - TlsImpl.c > - > -[LibraryClasses] > - UefiDriverEntryPoint > - UefiBootServicesTableLib > - MemoryAllocationLib > - BaseMemoryLib > - BaseLib > - UefiLib > - DebugLib > - NetLib > - BaseCryptLib > - TlsLib > - > -[Protocols] > - gEfiTlsServiceBindingProtocolGuid ## PRODUCES > - gEfiTlsProtocolGuid ## PRODUCES > - gEfiTlsConfigurationProtocolGuid ## PRODUCES > - > -[UserExtensions.TianoCore."ExtraFiles"] > - TlsDxeExtra.uni > +## @file > +# This module produces EFI TLS Protocol, EFI TLS Service Binding Protoc= ol > and > +# EFI TLS Configuration Protocol. > +# > +# This module produces EFI TLS (Transport Layer Security) Protocol and = EFI > TLS > +# Service Binding Protocol, to provide TLS services. > +# > +# Copyright (c) 2016, Intel Corporation. All rights reserved.
> +# > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the > BSD License > +# which accompanies this distribution. The full text of the license may= be > found at > +# http://opensource.org/licenses/bsd-license.php. > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +# > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D TlsDxe > + FILE_GUID =3D 3aceb0c0-3c72-11e4-9a56-74d435052646 > + MODULE_TYPE =3D UEFI_DRIVER > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D TlsDriverEntryPoint > + UNLOAD_IMAGE =3D TlsUnload > + MODULE_UNI_FILE =3D TlsDxe.uni > + > +# > +# VALID_ARCHITECTURES =3D IA32 X64 > +# > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + CryptoPkg/CryptoPkg.dec > + > +[Sources] > + TlsDriver.h > + TlsDriver.c > + TlsProtocol.c > + TlsConfigProtocol.c > + TlsImpl.h > + TlsImpl.c > + > +[LibraryClasses] > + UefiDriverEntryPoint > + UefiBootServicesTableLib > + MemoryAllocationLib > + BaseMemoryLib > + BaseLib > + UefiLib > + DebugLib > + NetLib > + BaseCryptLib > + TlsLib > + > +[Protocols] > + gEfiTlsServiceBindingProtocolGuid ## PRODUCES > + gEfiTlsProtocolGuid ## PRODUCES > + gEfiTlsConfigurationProtocolGuid ## PRODUCES > + > +[UserExtensions.TianoCore."ExtraFiles"] > + TlsDxeExtra.uni > + > diff --git a/NetworkPkg/TlsDxe/TlsDxe.uni b/NetworkPkg/TlsDxe/TlsDxe.uni > index 98c41ca7c5..e2b1f5cd0b 100644 > --- a/NetworkPkg/TlsDxe/TlsDxe.uni > +++ b/NetworkPkg/TlsDxe/TlsDxe.uni > @@ -1,25 +1,25 @@ > -// /** @file > -// This module produces EFI TLS Protocol, EFI TLS Service Binding Protoc= ol > and > -// EFI TLS Configuration Protocol. > -// > -// This module produces EFI TLS (Transport Layer Security) Protocol, EFI= TLS > -// Service Binding Protocol, and EFI TLS Configuration Protocol to provi= de TLS > -// services. > -// > -// Copyright (c) 2016, Intel Corporation. All rights reserved.
> -// > -// This program and the accompanying materials > -// are licensed and made available under the terms and conditions of the > BSD License > -// which accompanies this distribution. The full text of the license ma= y be > found at > -// http://opensource.org/licenses/bsd-license.php > -// > -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > -// > -// **/ > - > - > -#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS servic= e" > - > -#string STR_MODULE_DESCRIPTION #language en-US "This module > produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS > Configuration Protocol to provide EFI TLS services." > - > +// /** @file > +// This module produces EFI TLS Protocol, EFI TLS Service Binding Protoc= ol > and > +// EFI TLS Configuration Protocol. > +// > +// This module produces EFI TLS (Transport Layer Security) Protocol, EFI= TLS > +// Service Binding Protocol, and EFI TLS Configuration Protocol to provi= de > TLS > +// services. > +// > +// Copyright (c) 2016, Intel Corporation. All rights reserved.
> +// > +// This program and the accompanying materials > +// are licensed and made available under the terms and conditions of the > BSD License > +// which accompanies this distribution. The full text of the license ma= y be > found at > +// http://opensource.org/licenses/bsd-license.php > +// > +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS servic= e" > + > +#string STR_MODULE_DESCRIPTION #language en-US "This module > produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS > Configuration Protocol to provide EFI TLS services." > + > diff --git a/NetworkPkg/TlsDxe/TlsDxeExtra.uni > b/NetworkPkg/TlsDxe/TlsDxeExtra.uni > index a38582a887..a5663c3279 100644 > --- a/NetworkPkg/TlsDxe/TlsDxeExtra.uni > +++ b/NetworkPkg/TlsDxe/TlsDxeExtra.uni > @@ -1,18 +1,19 @@ > -// /** @file > -// TlsDxe Localized Strings and Content > -// > -// Copyright (c) 2016, Intel Corporation. All rights reserved.
> -// > -// This program and the accompanying materials > -// are licensed and made available under the terms and conditions of the > BSD License > -// which accompanies this distribution. The full text of the license may= be > found at > -// http://opensource.org/licenses/bsd-license.php. > -// > -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > -// > -// **/ > - > -#string STR_PROPERTIES_MODULE_NAME > -#language en-US > -"EFI TLS DXE Driver" > +// /** @file > +// TlsDxe Localized Strings and Content > +// > +// Copyright (c) 2016, Intel Corporation. All rights reserved.
> +// > +// This program and the accompanying materials > +// are licensed and made available under the terms and conditions of the > BSD License > +// which accompanies this distribution. The full text of the license may= be > found at > +// http://opensource.org/licenses/bsd-license.php. > +// > +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +// > +// **/ > + > +#string STR_PROPERTIES_MODULE_NAME > +#language en-US > +"EFI TLS DXE Driver" > + > diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c > index efdec2d92d..8e1238216b 100644 > --- a/NetworkPkg/TlsDxe/TlsImpl.c > +++ b/NetworkPkg/TlsDxe/TlsImpl.c > @@ -1,326 +1,327 @@ > -/** @file > - The Miscellaneous Routines for TlsDxe driver. > - > -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> - > -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsImpl.h" > - > -/** > - Encrypt the message listed in fragment. > - > - @param[in] TlsInstance The pointer to the TLS instance. > - @param[in, out] FragmentTable Pointer to a list of fragment. > - On input these fragments contain the T= LS header and > - plain text TLS payload; > - On output these fragments contain the = TLS header and > - cipher text TLS payload. > - @param[in] FragmentCount Number of fragment. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED TLS session state is incorrect. > - @retval Others Other errors as indicated. > -**/ > -EFI_STATUS > -TlsEncryptPacket ( > - IN TLS_INSTANCE *TlsInstance, > - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > - IN UINT32 *FragmentCount > - ) > -{ > - EFI_STATUS Status; > - UINTN Index; > - UINT32 BytesCopied; > - UINT32 BufferInSize; > - UINT8 *BufferIn; > - UINT8 *BufferInPtr; > - TLS_RECORD_HEADER *RecordHeaderIn; > - UINT16 ThisPlainMessageSize; > - TLS_RECORD_HEADER *TempRecordHeader; > - UINT16 ThisMessageSize; > - UINT32 BufferOutSize; > - UINT8 *BufferOut; > - INTN Ret; > - > - Status =3D EFI_SUCCESS; > - BytesCopied =3D 0; > - BufferInSize =3D 0; > - BufferIn =3D NULL; > - BufferInPtr =3D NULL; > - RecordHeaderIn =3D NULL; > - TempRecordHeader =3D NULL; > - BufferOutSize =3D 0; > - BufferOut =3D NULL; > - Ret =3D 0; > - > - // > - // Calculate the size according to the fragment table. > - // > - for (Index =3D 0; Index < *FragmentCount; Index++) { > - BufferInSize +=3D (*FragmentTable)[Index].FragmentLength; > - } > - > - // > - // Allocate buffer for processing data. > - // > - BufferIn =3D AllocateZeroPool (BufferInSize); > - if (BufferIn =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ERROR; > - } > - > - // > - // Copy all TLS plain record header and payload into BufferIn. > - // > - for (Index =3D 0; Index < *FragmentCount; Index++) { > - CopyMem ( > - (BufferIn + BytesCopied), > - (*FragmentTable)[Index].FragmentBuffer, > - (*FragmentTable)[Index].FragmentLength > - ); > - BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; > - } > - > - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ERROR; > - } > - > - // > - // Parsing buffer. > - // > - BufferInPtr =3D BufferIn; > - TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; > - while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { > - RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; > - > - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) = { > - Status =3D EFI_INVALID_PARAMETER; > - goto ERROR; > - } > - > - ThisPlainMessageSize =3D RecordHeaderIn->Length; > - > - TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), > ThisPlainMessageSize); > - > - Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 > *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize); > - > - if (Ret > 0) { > - ThisMessageSize =3D (UINT16) Ret; > - } else { > - // > - // No data was successfully encrypted, continue to encrypt other > messages. > - // > - DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS > object.\n")); > - > - ThisMessageSize =3D 0; > - } > - > - BufferOutSize +=3D ThisMessageSize; > - > - BufferInPtr +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; > - TempRecordHeader +=3D ThisMessageSize; > - } > - > - FreePool (BufferIn); > - BufferIn =3D NULL; > - > - // > - // The caller will be responsible to handle the original fragment tabl= e. > - // > - *FragmentTable =3D AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA)); > - if (*FragmentTable =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ERROR; > - } > - > - (*FragmentTable)[0].FragmentBuffer =3D BufferOut; > - (*FragmentTable)[0].FragmentLength =3D BufferOutSize; > - *FragmentCount =3D 1; > - > - return Status; > - > -ERROR: > - > - if (BufferIn !=3D NULL) { > - FreePool (BufferIn); > - BufferIn =3D NULL; > - } > - > - if (BufferOut !=3D NULL) { > - FreePool (BufferOut); > - BufferOut =3D NULL; > - } > - > - return Status; > -} > - > -/** > - Decrypt the message listed in fragment. > - > - @param[in] TlsInstance The pointer to the TLS instance. > - @param[in, out] FragmentTable Pointer to a list of fragment. > - On input these fragments contain the T= LS header and > - cipher text TLS payload; > - On output these fragments contain the = TLS header and > - plain text TLS payload. > - @param[in] FragmentCount Number of fragment. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED TLS session state is incorrect. > - @retval Others Other errors as indicated. > -**/ > -EFI_STATUS > -TlsDecryptPacket ( > - IN TLS_INSTANCE *TlsInstance, > - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > - IN UINT32 *FragmentCount > - ) > -{ > - EFI_STATUS Status; > - UINTN Index; > - UINT32 BytesCopied; > - UINT8 *BufferIn; > - UINT32 BufferInSize; > - UINT8 *BufferInPtr; > - TLS_RECORD_HEADER *RecordHeaderIn; > - UINT16 ThisCipherMessageSize; > - TLS_RECORD_HEADER *TempRecordHeader; > - UINT16 ThisPlainMessageSize; > - UINT8 *BufferOut; > - UINT32 BufferOutSize; > - INTN Ret; > - > - Status =3D EFI_SUCCESS; > - BytesCopied =3D 0; > - BufferIn =3D NULL; > - BufferInSize =3D 0; > - BufferInPtr =3D NULL; > - RecordHeaderIn =3D NULL; > - TempRecordHeader =3D NULL; > - BufferOut =3D NULL; > - BufferOutSize =3D 0; > - Ret =3D 0; > - > - // > - // Calculate the size according to the fragment table. > - // > - for (Index =3D 0; Index < *FragmentCount; Index++) { > - BufferInSize +=3D (*FragmentTable)[Index].FragmentLength; > - } > - > - // > - // Allocate buffer for processing data > - // > - BufferIn =3D AllocateZeroPool (BufferInSize); > - if (BufferIn =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ERROR; > - } > - > - // > - // Copy all TLS plain record header and payload to BufferIn > - // > - for (Index =3D 0; Index < *FragmentCount; Index++) { > - CopyMem ( > - (BufferIn + BytesCopied), > - (*FragmentTable)[Index].FragmentBuffer, > - (*FragmentTable)[Index].FragmentLength > - ); > - BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; > - } > - > - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); > - if (BufferOut =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ERROR; > - } > - > - // > - // Parsing buffer. Received packet may have multiple TLS record messag= es. > - // > - BufferInPtr =3D BufferIn; > - TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; > - while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { > - RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; > - > - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) = { > - Status =3D EFI_INVALID_PARAMETER; > - goto ERROR; > - } > - > - ThisCipherMessageSize =3D NTOHS (RecordHeaderIn->Length); > - > - Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHea= derIn), > RECORD_HEADER_LEN + ThisCipherMessageSize); > - if (Ret !=3D RECORD_HEADER_LEN + ThisCipherMessageSize) { > - TlsInstance->TlsSessionState =3D EfiTlsSessionError; > - Status =3D EFI_ABORTED; > - goto ERROR; > - } > - > - Ret =3D 0; > - Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader += 1), > MAX_BUFFER_SIZE - BufferOutSize); > - > - if (Ret > 0) { > - ThisPlainMessageSize =3D (UINT16) Ret; > - } else { > - // > - // No data was successfully decrypted, continue to decrypt other > messages. > - // > - DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS > object.\n")); > - > - ThisPlainMessageSize =3D 0; > - } > - > - CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN); > - TempRecordHeader->Length =3D ThisPlainMessageSize; > - BufferOutSize +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; > - > - BufferInPtr +=3D RECORD_HEADER_LEN + ThisCipherMessageSize; > - TempRecordHeader +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; > - } > - > - FreePool (BufferIn); > - BufferIn =3D NULL; > - > - // > - // The caller will be responsible to handle the original fragment tabl= e > - // > - *FragmentTable =3D AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA)); > - if (*FragmentTable =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ERROR; > - } > - > - (*FragmentTable)[0].FragmentBuffer =3D BufferOut; > - (*FragmentTable)[0].FragmentLength =3D BufferOutSize; > - *FragmentCount =3D 1; > - > - return Status; > - > -ERROR: > - > - if (BufferIn !=3D NULL) { > - FreePool (BufferIn); > - BufferIn =3D NULL; > - } > - > - if (BufferOut !=3D NULL) { > - FreePool (BufferOut); > - BufferOut =3D NULL; > - } > - > - return Status; > -} > +/** @file > + The Miscellaneous Routines for TlsDxe driver. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> + > +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsImpl.h" > + > +/** > + Encrypt the message listed in fragment. > + > + @param[in] TlsInstance The pointer to the TLS instance. > + @param[in, out] FragmentTable Pointer to a list of fragment. > + On input these fragments contain the T= LS header and > + plain text TLS payload; > + On output these fragments contain the = TLS header and > + cipher text TLS payload. > + @param[in] FragmentCount Number of fragment. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED TLS session state is incorrect. > + @retval Others Other errors as indicated. > +**/ > +EFI_STATUS > +TlsEncryptPacket ( > + IN TLS_INSTANCE *TlsInstance, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount > + ) > +{ > + EFI_STATUS Status; > + UINTN Index; > + UINT32 BytesCopied; > + UINT32 BufferInSize; > + UINT8 *BufferIn; > + UINT8 *BufferInPtr; > + TLS_RECORD_HEADER *RecordHeaderIn; > + UINT16 ThisPlainMessageSize; > + TLS_RECORD_HEADER *TempRecordHeader; > + UINT16 ThisMessageSize; > + UINT32 BufferOutSize; > + UINT8 *BufferOut; > + INTN Ret; > + > + Status =3D EFI_SUCCESS; > + BytesCopied =3D 0; > + BufferInSize =3D 0; > + BufferIn =3D NULL; > + BufferInPtr =3D NULL; > + RecordHeaderIn =3D NULL; > + TempRecordHeader =3D NULL; > + BufferOutSize =3D 0; > + BufferOut =3D NULL; > + Ret =3D 0; > + > + // > + // Calculate the size according to the fragment table. > + // > + for (Index =3D 0; Index < *FragmentCount; Index++) { > + BufferInSize +=3D (*FragmentTable)[Index].FragmentLength; > + } > + > + // > + // Allocate buffer for processing data. > + // > + BufferIn =3D AllocateZeroPool (BufferInSize); > + if (BufferIn =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ERROR; > + } > + > + // > + // Copy all TLS plain record header and payload into BufferIn. > + // > + for (Index =3D 0; Index < *FragmentCount; Index++) { > + CopyMem ( > + (BufferIn + BytesCopied), > + (*FragmentTable)[Index].FragmentBuffer, > + (*FragmentTable)[Index].FragmentLength > + ); > + BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; > + } > + > + BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ERROR; > + } > + > + // > + // Parsing buffer. > + // > + BufferInPtr =3D BufferIn; > + TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; > + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { > + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; > + > + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) = { > + Status =3D EFI_INVALID_PARAMETER; > + goto ERROR; > + } > + > + ThisPlainMessageSize =3D RecordHeaderIn->Length; > + > + TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), > ThisPlainMessageSize); > + > + Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 > *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize); > + > + if (Ret > 0) { > + ThisMessageSize =3D (UINT16) Ret; > + } else { > + // > + // No data was successfully encrypted, continue to encrypt other > messages. > + // > + DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS > object.\n")); > + > + ThisMessageSize =3D 0; > + } > + > + BufferOutSize +=3D ThisMessageSize; > + > + BufferInPtr +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; > + TempRecordHeader +=3D ThisMessageSize; > + } > + > + FreePool (BufferIn); > + BufferIn =3D NULL; > + > + // > + // The caller will be responsible to handle the original fragment tabl= e. > + // > + *FragmentTable =3D AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA)); > + if (*FragmentTable =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ERROR; > + } > + > + (*FragmentTable)[0].FragmentBuffer =3D BufferOut; > + (*FragmentTable)[0].FragmentLength =3D BufferOutSize; > + *FragmentCount =3D 1; > + > + return Status; > + > +ERROR: > + > + if (BufferIn !=3D NULL) { > + FreePool (BufferIn); > + BufferIn =3D NULL; > + } > + > + if (BufferOut !=3D NULL) { > + FreePool (BufferOut); > + BufferOut =3D NULL; > + } > + > + return Status; > +} > + > +/** > + Decrypt the message listed in fragment. > + > + @param[in] TlsInstance The pointer to the TLS instance. > + @param[in, out] FragmentTable Pointer to a list of fragment. > + On input these fragments contain the T= LS header and > + cipher text TLS payload; > + On output these fragments contain the = TLS header and > + plain text TLS payload. > + @param[in] FragmentCount Number of fragment. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED TLS session state is incorrect. > + @retval Others Other errors as indicated. > +**/ > +EFI_STATUS > +TlsDecryptPacket ( > + IN TLS_INSTANCE *TlsInstance, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount > + ) > +{ > + EFI_STATUS Status; > + UINTN Index; > + UINT32 BytesCopied; > + UINT8 *BufferIn; > + UINT32 BufferInSize; > + UINT8 *BufferInPtr; > + TLS_RECORD_HEADER *RecordHeaderIn; > + UINT16 ThisCipherMessageSize; > + TLS_RECORD_HEADER *TempRecordHeader; > + UINT16 ThisPlainMessageSize; > + UINT8 *BufferOut; > + UINT32 BufferOutSize; > + INTN Ret; > + > + Status =3D EFI_SUCCESS; > + BytesCopied =3D 0; > + BufferIn =3D NULL; > + BufferInSize =3D 0; > + BufferInPtr =3D NULL; > + RecordHeaderIn =3D NULL; > + TempRecordHeader =3D NULL; > + BufferOut =3D NULL; > + BufferOutSize =3D 0; > + Ret =3D 0; > + > + // > + // Calculate the size according to the fragment table. > + // > + for (Index =3D 0; Index < *FragmentCount; Index++) { > + BufferInSize +=3D (*FragmentTable)[Index].FragmentLength; > + } > + > + // > + // Allocate buffer for processing data > + // > + BufferIn =3D AllocateZeroPool (BufferInSize); > + if (BufferIn =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ERROR; > + } > + > + // > + // Copy all TLS plain record header and payload to BufferIn > + // > + for (Index =3D 0; Index < *FragmentCount; Index++) { > + CopyMem ( > + (BufferIn + BytesCopied), > + (*FragmentTable)[Index].FragmentBuffer, > + (*FragmentTable)[Index].FragmentLength > + ); > + BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; > + } > + > + BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); > + if (BufferOut =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ERROR; > + } > + > + // > + // Parsing buffer. Received packet may have multiple TLS record messag= es. > + // > + BufferInPtr =3D BufferIn; > + TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; > + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { > + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; > + > + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) = { > + Status =3D EFI_INVALID_PARAMETER; > + goto ERROR; > + } > + > + ThisCipherMessageSize =3D NTOHS (RecordHeaderIn->Length); > + > + Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHea= derIn), > RECORD_HEADER_LEN + ThisCipherMessageSize); > + if (Ret !=3D RECORD_HEADER_LEN + ThisCipherMessageSize) { > + TlsInstance->TlsSessionState =3D EfiTlsSessionError; > + Status =3D EFI_ABORTED; > + goto ERROR; > + } > + > + Ret =3D 0; > + Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader += 1), > MAX_BUFFER_SIZE - BufferOutSize); > + > + if (Ret > 0) { > + ThisPlainMessageSize =3D (UINT16) Ret; > + } else { > + // > + // No data was successfully decrypted, continue to decrypt other > messages. > + // > + DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS > object.\n")); > + > + ThisPlainMessageSize =3D 0; > + } > + > + CopyMem (TempRecordHeader, RecordHeaderIn, > RECORD_HEADER_LEN); > + TempRecordHeader->Length =3D ThisPlainMessageSize; > + BufferOutSize +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; > + > + BufferInPtr +=3D RECORD_HEADER_LEN + ThisCipherMessageSize; > + TempRecordHeader +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; > + } > + > + FreePool (BufferIn); > + BufferIn =3D NULL; > + > + // > + // The caller will be responsible to handle the original fragment tabl= e > + // > + *FragmentTable =3D AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA)); > + if (*FragmentTable =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ERROR; > + } > + > + (*FragmentTable)[0].FragmentBuffer =3D BufferOut; > + (*FragmentTable)[0].FragmentLength =3D BufferOutSize; > + *FragmentCount =3D 1; > + > + return Status; > + > +ERROR: > + > + if (BufferIn !=3D NULL) { > + FreePool (BufferIn); > + BufferIn =3D NULL; > + } > + > + if (BufferOut !=3D NULL) { > + FreePool (BufferOut); > + BufferOut =3D NULL; > + } > + > + return Status; > +} > + > diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h > index 71b1bdb7dc..3ae9d0d546 100644 > --- a/NetworkPkg/TlsDxe/TlsImpl.h > +++ b/NetworkPkg/TlsDxe/TlsImpl.h > @@ -1,315 +1,316 @@ > -/** @file > - Header file of Miscellaneous Routines for TlsDxe driver. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> - > -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e > found at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef __EFI_TLS_IMPL_H__ > -#define __EFI_TLS_IMPL_H__ > - > -// > -// Libraries > -// > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > - > -// > -// Consumed Protocols > -// > -#include > -#include > - > -#include > - > -#include "TlsDriver.h" > - > -// > -// Protocol instances > -// > -extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; > -extern EFI_TLS_PROTOCOL mTlsProtocol; > -extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; > - > -#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + > Length(2) > - > -#define MAX_BUFFER_SIZE 32768 > - > -/** > - Encrypt the message listed in fragment. > - > - @param[in] TlsInstance The pointer to the TLS instance. > - @param[in, out] FragmentTable Pointer to a list of fragment. > - On input these fragments contain the T= LS header and > - plain text TLS payload; > - On output these fragments contain the = TLS header and > - cipher text TLS payload. > - @param[in] FragmentCount Number of fragment. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED TLS session state is incorrect. > - @retval Others Other errors as indicated. > -**/ > -EFI_STATUS > -TlsEncryptPacket ( > - IN TLS_INSTANCE *TlsInstance, > - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > - IN UINT32 *FragmentCount > - ); > - > -/** > - Decrypt the message listed in fragment. > - > - @param[in] TlsInstance The pointer to the TLS instance. > - @param[in, out] FragmentTable Pointer to a list of fragment. > - On input these fragments contain the T= LS header and > - cipher text TLS payload; > - On output these fragments contain the = TLS header and > - plain text TLS payload. > - @param[in] FragmentCount Number of fragment. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > - @retval EFI_ABORTED TLS session state is incorrect. > - @retval Others Other errors as indicated. > -**/ > -EFI_STATUS > -TlsDecryptPacket ( > - IN TLS_INSTANCE *TlsInstance, > - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > - IN UINT32 *FragmentCount > - ); > - > -/** > - Set TLS session data. > - > - The SetSessionData() function set data for a new TLS session. All sess= ion > data should > - be set before BuildResponsePacket() invoked. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in] DataType TLS session data type. > - @param[in] Data Pointer to session data. > - @param[in] DataSize Total size of session data. > - > - @retval EFI_SUCCESS The TLS session data is set successful= ly. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - Data is NULL. > - DataSize is 0. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_ACCESS_DENIED If the DataType is one of below: > - EfiTlsClientRandom > - EfiTlsServerRandom > - EfiTlsKeyMaterial > - @retval EFI_NOT_READY Current TLS session state is NOT > - EfiTlsSessionStateNotStarted. > - @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > -**/ > -EFI_STATUS > -EFIAPI > -TlsSetSessionData ( > - IN EFI_TLS_PROTOCOL *This, > - IN EFI_TLS_SESSION_DATA_TYPE DataType, > - IN VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Get TLS session data. > - > - The GetSessionData() function return the TLS session information. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in] DataType TLS session data type. > - @param[in, out] Data Pointer to session data. > - @param[in, out] DataSize Total size of session data. On input, = it means > - the size of Data buffer. On output, it= means the size > - of copied Data buffer if EFI_SUCCESS, = and means the > - size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > - > - @retval EFI_SUCCESS The TLS session data is got successful= ly. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - DataSize is NULL. > - Data is NULL if *DataSize is not zero. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_NOT_FOUND The TLS session data is not found. > - @retval EFI_NOT_READY The DataType is not ready in current s= ession > state. > - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > -**/ > -EFI_STATUS > -EFIAPI > -TlsGetSessionData ( > - IN EFI_TLS_PROTOCOL *This, > - IN EFI_TLS_SESSION_DATA_TYPE DataType, > - IN OUT VOID *Data, OPTIONAL > - IN OUT UINTN *DataSize > - ); > - > -/** > - Build response packet according to TLS state machine. This function is= only > valid for > - alert, handshake and change_cipher_spec content type. > - > - The BuildResponsePacket() function builds TLS response packet in > response to the TLS > - request packet specified by RequestBuffer and RequestSize. If > RequestBuffer is NULL and > - RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, t= he TLS > session > - will be initiated and the response packet needs to be ClientHello. If > RequestBuffer is > - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClos= ing, > the TLS > - session will be closed and response packet needs to be CloseNotify. If > RequestBuffer is > - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionErro= r, the > TLS > - session has errors and the response packet needs to be Alert message > based on error > - type. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in] RequestBuffer Pointer to the most recently received = TLS > packet. NULL > - means TLS need initiate the TLS sessio= n and response > - packet need to be ClientHello. > - @param[in] RequestSize Packet size in bytes for the most rece= ntly > received TLS > - packet. 0 is only valid when RequestBu= ffer is NULL. > - @param[out] Buffer Pointer to the buffer to hold the buil= t packet. > - @param[in, out] BufferSize Pointer to the buffer size in bytes. O= n input, > it is > - the buffer size provided by the caller= . On output, it > - is the buffer size in fact needed to c= ontain the > - packet. > - > - @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - RequestBuffer is NULL but RequestSize = is NOT 0. > - RequestSize is 0 but RequestBuffer is = NOT NULL. > - BufferSize is NULL. > - Buffer is NULL if *BufferSize is not z= ero. > - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > response packet. > - @retval EFI_NOT_READY Current TLS session state is NOT ready= to > build > - ResponsePacket. > - @retval EFI_ABORTED Something wrong build response packet. > -**/ > -EFI_STATUS > -EFIAPI > -TlsBuildResponsePacket ( > - IN EFI_TLS_PROTOCOL *This, > - IN UINT8 *RequestBuffer, OPTIONAL > - IN UINTN RequestSize, OPTIONAL > - OUT UINT8 *Buffer, OPTIONAL > - IN OUT UINTN *BufferSize > - ); > - > -/** > - Decrypt or encrypt TLS packet during session. This function is only va= lid > after > - session connected and for application_data content type. > - > - The ProcessPacket () function process each inbound or outbound TLS APP > packet. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in, out] FragmentTable Pointer to a list of fragment. The cal= ler > will take > - responsible to handle the original Fra= gmentTable while > - it may be reallocated in TLS driver. I= f CryptMode is > - EfiTlsEncrypt, on input these fragment= s contain the TLS > - header and plain text TLS APP payload;= on output these > - fragments contain the TLS header and c= ipher text TLS > - APP payload. If CryptMode is EfiTlsDec= rypt, on input > - these fragments contain the TLS header= and cipher text > - TLS APP payload; on output these fragm= ents contain the > - TLS header and plain text TLS APP payl= oad. > - @param[in] FragmentCount Number of fragment. > - @param[in] CryptMode Crypt mode. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - FragmentTable is NULL. > - FragmentCount is NULL. > - CryptoMode is invalid. > - @retval EFI_NOT_READY Current TLS session state is NOT > - EfiTlsSessionDataTransferring. > - @retval EFI_ABORTED Something wrong decryption the message= . TLS > session > - status will become EfiTlsSessionError.= The caller need > - call BuildResponsePacket() to generate= Error Alert > - message and send it out. > - @retval EFI_OUT_OF_RESOURCES No enough resource to finish the > operation. > -**/ > -EFI_STATUS > -EFIAPI > -TlsProcessPacket ( > - IN EFI_TLS_PROTOCOL *This, > - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > - IN UINT32 *FragmentCount, > - IN EFI_TLS_CRYPT_MODE CryptMode > - ); > - > -/** > - Set TLS configuration data. > - > - The SetData() function sets TLS configuration to non-volatile storage = or > volatile > - storage. > - > - @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > - @param[in] DataType Configuration data type. > - @param[in] Data Pointer to configuration data. > - @param[in] DataSize Total size of configuration data. > - > - @retval EFI_SUCCESS The TLS configuration data is set succ= essfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - Data is NULL. > - DataSize is 0. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > -**/ > -EFI_STATUS > -EFIAPI > -TlsConfigurationSetData ( > - IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > - IN EFI_TLS_CONFIG_DATA_TYPE DataType, > - IN VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Get TLS configuration data. > - > - The GetData() function gets TLS configuration. > - > - @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > - @param[in] DataType Configuration data type. > - @param[in, out] Data Pointer to configuration data. > - @param[in, out] DataSize Total size of configuration data. On i= nput, it > means > - the size of Data buffer. On output, it= means the size > - of copied Data buffer if EFI_SUCCESS, = and means the > - size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > - > - @retval EFI_SUCCESS The TLS configuration data is got succ= essfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - DataSize is NULL. > - Data is NULL if *DataSize is not zero. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_NOT_FOUND The TLS configuration data is not foun= d. > - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > -**/ > -EFI_STATUS > -EFIAPI > -TlsConfigurationGetData ( > - IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > - IN EFI_TLS_CONFIG_DATA_TYPE DataType, > - IN OUT VOID *Data, OPTIONAL > - IN OUT UINTN *DataSize > - ); > - > -#endif > +/** @file > + Header file of Miscellaneous Routines for TlsDxe driver. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> + > +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D > License > +which accompanies this distribution. The full text of the license may b= e > found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __EFI_TLS_IMPL_H__ > +#define __EFI_TLS_IMPL_H__ > + > +// > +// Libraries > +// > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +// > +// Consumed Protocols > +// > +#include > +#include > + > +#include > + > +#include "TlsDriver.h" > + > +// > +// Protocol instances > +// > +extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; > +extern EFI_TLS_PROTOCOL mTlsProtocol; > +extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; > + > +#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + > Length(2) > + > +#define MAX_BUFFER_SIZE 32768 > + > +/** > + Encrypt the message listed in fragment. > + > + @param[in] TlsInstance The pointer to the TLS instance. > + @param[in, out] FragmentTable Pointer to a list of fragment. > + On input these fragments contain the T= LS header and > + plain text TLS payload; > + On output these fragments contain the = TLS header and > + cipher text TLS payload. > + @param[in] FragmentCount Number of fragment. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED TLS session state is incorrect. > + @retval Others Other errors as indicated. > +**/ > +EFI_STATUS > +TlsEncryptPacket ( > + IN TLS_INSTANCE *TlsInstance, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount > + ); > + > +/** > + Decrypt the message listed in fragment. > + > + @param[in] TlsInstance The pointer to the TLS instance. > + @param[in, out] FragmentTable Pointer to a list of fragment. > + On input these fragments contain the T= LS header and > + cipher text TLS payload; > + On output these fragments contain the = TLS header and > + plain text TLS payload. > + @param[in] FragmentCount Number of fragment. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. > + @retval EFI_ABORTED TLS session state is incorrect. > + @retval Others Other errors as indicated. > +**/ > +EFI_STATUS > +TlsDecryptPacket ( > + IN TLS_INSTANCE *TlsInstance, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount > + ); > + > +/** > + Set TLS session data. > + > + The SetSessionData() function set data for a new TLS session. All sess= ion > data should > + be set before BuildResponsePacket() invoked. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] DataType TLS session data type. > + @param[in] Data Pointer to session data. > + @param[in] DataSize Total size of session data. > + > + @retval EFI_SUCCESS The TLS session data is set successful= ly. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + Data is NULL. > + DataSize is 0. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_ACCESS_DENIED If the DataType is one of below: > + EfiTlsClientRandom > + EfiTlsServerRandom > + EfiTlsKeyMaterial > + @retval EFI_NOT_READY Current TLS session state is NOT > + EfiTlsSessionStateNotStarted. > + @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetSessionData ( > + IN EFI_TLS_PROTOCOL *This, > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > + IN VOID *Data, > + IN UINTN DataSize > + ); > + > +/** > + Get TLS session data. > + > + The GetSessionData() function return the TLS session information. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] DataType TLS session data type. > + @param[in, out] Data Pointer to session data. > + @param[in, out] DataSize Total size of session data. On input, = it means > + the size of Data buffer. On output, it= means the size > + of copied Data buffer if EFI_SUCCESS, = and means the > + size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > + > + @retval EFI_SUCCESS The TLS session data is got successful= ly. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + DataSize is NULL. > + Data is NULL if *DataSize is not zero. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_NOT_FOUND The TLS session data is not found. > + @retval EFI_NOT_READY The DataType is not ready in current s= ession > state. > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetSessionData ( > + IN EFI_TLS_PROTOCOL *This, > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > + IN OUT VOID *Data, OPTIONAL > + IN OUT UINTN *DataSize > + ); > + > +/** > + Build response packet according to TLS state machine. This function is= only > valid for > + alert, handshake and change_cipher_spec content type. > + > + The BuildResponsePacket() function builds TLS response packet in > response to the TLS > + request packet specified by RequestBuffer and RequestSize. If > RequestBuffer is NULL and > + RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, t= he TLS > session > + will be initiated and the response packet needs to be ClientHello. If > RequestBuffer is > + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClos= ing, > the TLS > + session will be closed and response packet needs to be CloseNotify. If > RequestBuffer is > + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionErro= r, the > TLS > + session has errors and the response packet needs to be Alert message > based on error > + type. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] RequestBuffer Pointer to the most recently received = TLS > packet. NULL > + means TLS need initiate the TLS sessio= n and response > + packet need to be ClientHello. > + @param[in] RequestSize Packet size in bytes for the most rece= ntly > received TLS > + packet. 0 is only valid when RequestBu= ffer is NULL. > + @param[out] Buffer Pointer to the buffer to hold the buil= t packet. > + @param[in, out] BufferSize Pointer to the buffer size in bytes. O= n input, > it is > + the buffer size provided by the caller= . On output, it > + is the buffer size in fact needed to c= ontain the > + packet. > + > + @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + RequestBuffer is NULL but RequestSize = is NOT 0. > + RequestSize is 0 but RequestBuffer is = NOT NULL. > + BufferSize is NULL. > + Buffer is NULL if *BufferSize is not z= ero. > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > response packet. > + @retval EFI_NOT_READY Current TLS session state is NOT ready= to > build > + ResponsePacket. > + @retval EFI_ABORTED Something wrong build response packet. > +**/ > +EFI_STATUS > +EFIAPI > +TlsBuildResponsePacket ( > + IN EFI_TLS_PROTOCOL *This, > + IN UINT8 *RequestBuffer, OPTIONAL > + IN UINTN RequestSize, OPTIONAL > + OUT UINT8 *Buffer, OPTIONAL > + IN OUT UINTN *BufferSize > + ); > + > +/** > + Decrypt or encrypt TLS packet during session. This function is only va= lid > after > + session connected and for application_data content type. > + > + The ProcessPacket () function process each inbound or outbound TLS APP > packet. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in, out] FragmentTable Pointer to a list of fragment. The cal= ler > will take > + responsible to handle the original Fra= gmentTable while > + it may be reallocated in TLS driver. I= f CryptMode is > + EfiTlsEncrypt, on input these fragment= s contain the TLS > + header and plain text TLS APP payload;= on output these > + fragments contain the TLS header and c= ipher text TLS > + APP payload. If CryptMode is EfiTlsDec= rypt, on input > + these fragments contain the TLS header= and cipher text > + TLS APP payload; on output these fragm= ents contain the > + TLS header and plain text TLS APP payl= oad. > + @param[in] FragmentCount Number of fragment. > + @param[in] CryptMode Crypt mode. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + FragmentTable is NULL. > + FragmentCount is NULL. > + CryptoMode is invalid. > + @retval EFI_NOT_READY Current TLS session state is NOT > + EfiTlsSessionDataTransferring. > + @retval EFI_ABORTED Something wrong decryption the message= . > TLS session > + status will become EfiTlsSessionError.= The caller need > + call BuildResponsePacket() to generate= Error Alert > + message and send it out. > + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the > operation. > +**/ > +EFI_STATUS > +EFIAPI > +TlsProcessPacket ( > + IN EFI_TLS_PROTOCOL *This, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount, > + IN EFI_TLS_CRYPT_MODE CryptMode > + ); > + > +/** > + Set TLS configuration data. > + > + The SetData() function sets TLS configuration to non-volatile storage = or > volatile > + storage. > + > + @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + @param[in] DataType Configuration data type. > + @param[in] Data Pointer to configuration data. > + @param[in] DataSize Total size of configuration data. > + > + @retval EFI_SUCCESS The TLS configuration data is set succ= essfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + Data is NULL. > + DataSize is 0. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > +**/ > +EFI_STATUS > +EFIAPI > +TlsConfigurationSetData ( > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > + IN VOID *Data, > + IN UINTN DataSize > + ); > + > +/** > + Get TLS configuration data. > + > + The GetData() function gets TLS configuration. > + > + @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + @param[in] DataType Configuration data type. > + @param[in, out] Data Pointer to configuration data. > + @param[in, out] DataSize Total size of configuration data. On i= nput, it > means > + the size of Data buffer. On output, it= means the size > + of copied Data buffer if EFI_SUCCESS, = and means the > + size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > + > + @retval EFI_SUCCESS The TLS configuration data is got succ= essfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + DataSize is NULL. > + Data is NULL if *DataSize is not zero. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_NOT_FOUND The TLS configuration data is not foun= d. > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > +**/ > +EFI_STATUS > +EFIAPI > +TlsConfigurationGetData ( > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > + IN OUT VOID *Data, OPTIONAL > + IN OUT UINTN *DataSize > + ); > + > +#endif > + > diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c > b/NetworkPkg/TlsDxe/TlsProtocol.c > index 58a83c3ab7..ad4c922c60 100644 > --- a/NetworkPkg/TlsDxe/TlsProtocol.c > +++ b/NetworkPkg/TlsDxe/TlsProtocol.c > @@ -1,632 +1,633 @@ > -/** @file > - Implementation of EFI TLS Protocol Interfaces. > - > - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the = BSD > License > - which accompanies this distribution. The full text of the license may= be > found at > - http://opensource.org/licenses/bsd-license.php. > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#include "TlsImpl.h" > - > -EFI_TLS_PROTOCOL mTlsProtocol =3D { > - TlsSetSessionData, > - TlsGetSessionData, > - TlsBuildResponsePacket, > - TlsProcessPacket > -}; > - > -/** > - Set TLS session data. > - > - The SetSessionData() function set data for a new TLS session. All sess= ion > data should > - be set before BuildResponsePacket() invoked. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in] DataType TLS session data type. > - @param[in] Data Pointer to session data. > - @param[in] DataSize Total size of session data. > - > - @retval EFI_SUCCESS The TLS session data is set successful= ly. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - Data is NULL. > - DataSize is 0. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_ACCESS_DENIED If the DataType is one of below: > - EfiTlsClientRandom > - EfiTlsServerRandom > - EfiTlsKeyMaterial > - @retval EFI_NOT_READY Current TLS session state is NOT > - EfiTlsSessionStateNotStarted. > - @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > -**/ > -EFI_STATUS > -EFIAPI > -TlsSetSessionData ( > - IN EFI_TLS_PROTOCOL *This, > - IN EFI_TLS_SESSION_DATA_TYPE DataType, > - IN VOID *Data, > - IN UINTN DataSize > - ) > -{ > - EFI_STATUS Status; > - TLS_INSTANCE *Instance; > - UINT16 *CipherId; > - UINTN Index; > - > - EFI_TPL OldTpl; > - > - Status =3D EFI_SUCCESS; > - CipherId =3D NULL; > - > - if (This =3D=3D NULL || Data =3D=3D NULL || DataSize =3D=3D 0) { > - return EFI_INVALID_PARAMETER; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > - > - if (DataType !=3D EfiTlsSessionState && Instance->TlsSessionState != =3D > EfiTlsSessionNotStarted){ > - Status =3D EFI_NOT_READY; > - goto ON_EXIT; > - } > - > - switch (DataType) { > - // > - // Session Configuration > - // > - case EfiTlsVersion: > - if (DataSize !=3D sizeof (EFI_TLS_VERSION)) { > - Status =3D EFI_INVALID_PARAMETER; > - goto ON_EXIT; > - } > - > - Status =3D TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Da= ta)- > >Major, ((EFI_TLS_VERSION *) Data)->Minor); > - break; > - case EfiTlsConnectionEnd: > - if (DataSize !=3D sizeof (EFI_TLS_CONNECTION_END)) { > - Status =3D EFI_INVALID_PARAMETER; > - goto ON_EXIT; > - } > - > - Status =3D TlsSetConnectionEnd (Instance->TlsConn, > *((EFI_TLS_CONNECTION_END *) Data)); > - break; > - case EfiTlsCipherList: > - CipherId =3D AllocatePool (DataSize); > - if (CipherId =3D=3D NULL) { > - Status =3D EFI_OUT_OF_RESOURCES; > - goto ON_EXIT; > - } > - > - for (Index =3D 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index+= +) { > - *(CipherId +Index) =3D HTONS (*(((UINT16 *) Data) + Index)); > - } > - > - Status =3D TlsSetCipherList (Instance->TlsConn, CipherId, DataSize /= sizeof > (EFI_TLS_CIPHER)); > - > - FreePool (CipherId); > - break; > - case EfiTlsCompressionMethod: > - // > - // TLS seems only define one CompressionMethod.null, which specifies > that data exchanged via the > - // record protocol will not be compressed. > - // More information from OpenSSL: > http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compressio > n_method.html > - // The TLS RFC does however not specify compression methods or their > corresponding identifiers, > - // so there is currently no compatible way to integrate compression = with > unknown peers. > - // It is therefore currently not recommended to integrate compressio= n > into applications. > - // Applications for non-public use may agree on certain compression > methods. > - // Using different compression methods with the same identifier will= lead > to connection failure. > - // > - for (Index =3D 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); > Index++) { > - Status =3D TlsSetCompressionMethod (*((UINT8 *) Data + Index)); > - if (EFI_ERROR (Status)) { > - break; > - } > - } > - > - break; > - case EfiTlsExtensionData: > - Status =3D EFI_UNSUPPORTED; > - goto ON_EXIT; > - case EfiTlsVerifyMethod: > - if (DataSize !=3D sizeof (EFI_TLS_VERIFY)) { > - Status =3D EFI_INVALID_PARAMETER; > - goto ON_EXIT; > - } > - > - TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data)); > - break; > - case EfiTlsSessionID: > - if (DataSize !=3D sizeof (EFI_TLS_SESSION_ID)) { > - Status =3D EFI_INVALID_PARAMETER; > - goto ON_EXIT; > - } > - > - Status =3D TlsSetSessionId ( > - Instance->TlsConn, > - ((EFI_TLS_SESSION_ID *) Data)->Data, > - ((EFI_TLS_SESSION_ID *) Data)->Length > - ); > - break; > - case EfiTlsSessionState: > - if (DataSize !=3D sizeof (EFI_TLS_SESSION_STATE)) { > - Status =3D EFI_INVALID_PARAMETER; > - goto ON_EXIT; > - } > - > - Instance->TlsSessionState =3D *(EFI_TLS_SESSION_STATE *) Data; > - break; > - // > - // Session information > - // > - case EfiTlsClientRandom: > - Status =3D EFI_ACCESS_DENIED; > - break; > - case EfiTlsServerRandom: > - Status =3D EFI_ACCESS_DENIED; > - break; > - case EfiTlsKeyMaterial: > - Status =3D EFI_ACCESS_DENIED; > - break; > - // > - // Unsupported type. > - // > - default: > - Status =3D EFI_UNSUPPORTED; > - } > - > -ON_EXIT: > - gBS->RestoreTPL (OldTpl); > - return Status; > -} > - > -/** > - Get TLS session data. > - > - The GetSessionData() function return the TLS session information. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in] DataType TLS session data type. > - @param[in, out] Data Pointer to session data. > - @param[in, out] DataSize Total size of session data. On input, = it means > - the size of Data buffer. On output, it= means the size > - of copied Data buffer if EFI_SUCCESS, = and means the > - size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > - > - @retval EFI_SUCCESS The TLS session data is got successful= ly. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - DataSize is NULL. > - Data is NULL if *DataSize is not zero. > - @retval EFI_UNSUPPORTED The DataType is unsupported. > - @retval EFI_NOT_FOUND The TLS session data is not found. > - @retval EFI_NOT_READY The DataType is not ready in current s= ession > state. > - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > -**/ > -EFI_STATUS > -EFIAPI > -TlsGetSessionData ( > - IN EFI_TLS_PROTOCOL *This, > - IN EFI_TLS_SESSION_DATA_TYPE DataType, > - IN OUT VOID *Data, OPTIONAL > - IN OUT UINTN *DataSize > - ) > -{ > - EFI_STATUS Status; > - TLS_INSTANCE *Instance; > - > - EFI_TPL OldTpl; > - > - Status =3D EFI_SUCCESS; > - > - if (This =3D=3D NULL || DataSize =3D=3D NULL || (Data =3D=3D NULL && *= DataSize !=3D 0)) { > - return EFI_INVALID_PARAMETER; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > - > - if (Instance->TlsSessionState =3D=3D EfiTlsSessionNotStarted && > - (DataType =3D=3D EfiTlsSessionID || DataType =3D=3D EfiTlsClientRand= om || > - DataType =3D=3D EfiTlsServerRandom || DataType =3D=3D EfiTlsKeyMater= ial)) { > - Status =3D EFI_NOT_READY; > - goto ON_EXIT; > - } > - > - switch (DataType) { > - case EfiTlsVersion: > - if (*DataSize < sizeof (EFI_TLS_VERSION)) { > - *DataSize =3D sizeof (EFI_TLS_VERSION); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_VERSION); > - *((UINT16 *) Data) =3D HTONS (TlsGetVersion (Instance->TlsConn)); > - break; > - case EfiTlsConnectionEnd: > - if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) { > - *DataSize =3D sizeof (EFI_TLS_CONNECTION_END); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_CONNECTION_END); > - *((UINT8 *) Data) =3D TlsGetConnectionEnd (Instance->TlsConn); > - break; > - case EfiTlsCipherList: > - // > - // Get the current session cipher suite. > - // > - if (*DataSize < sizeof (EFI_TLS_CIPHER)) { > - *DataSize =3D sizeof (EFI_TLS_CIPHER); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof(EFI_TLS_CIPHER); > - Status =3D TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data); > - *((UINT16 *) Data) =3D HTONS (*((UINT16 *) Data)); > - break; > - case EfiTlsCompressionMethod: > - // > - // Get the current session compression method. > - // > - if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) { > - *DataSize =3D sizeof (EFI_TLS_COMPRESSION); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_COMPRESSION); > - Status =3D TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) = Data); > - break; > - case EfiTlsExtensionData: > - Status =3D EFI_UNSUPPORTED; > - goto ON_EXIT; > - case EfiTlsVerifyMethod: > - if (*DataSize < sizeof (EFI_TLS_VERIFY)) { > - *DataSize =3D sizeof (EFI_TLS_VERIFY); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_VERIFY); > - *((UINT32 *) Data) =3D TlsGetVerify (Instance->TlsConn); > - break; > - case EfiTlsSessionID: > - if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) { > - *DataSize =3D sizeof (EFI_TLS_SESSION_ID); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_SESSION_ID); > - Status =3D TlsGetSessionId ( > - Instance->TlsConn, > - ((EFI_TLS_SESSION_ID *) Data)->Data, > - &(((EFI_TLS_SESSION_ID *) Data)->Length) > - ); > - break; > - case EfiTlsSessionState: > - if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) { > - *DataSize =3D sizeof (EFI_TLS_SESSION_STATE); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_SESSION_STATE); > - CopyMem (Data, &Instance->TlsSessionState, *DataSize); > - break; > - case EfiTlsClientRandom: > - if (*DataSize < sizeof (EFI_TLS_RANDOM)) { > - *DataSize =3D sizeof (EFI_TLS_RANDOM); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_RANDOM); > - TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data); > - break; > - case EfiTlsServerRandom: > - if (*DataSize < sizeof (EFI_TLS_RANDOM)) { > - *DataSize =3D sizeof (EFI_TLS_RANDOM); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_RANDOM); > - TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data); > - break; > - case EfiTlsKeyMaterial: > - if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) { > - *DataSize =3D sizeof (EFI_TLS_MASTER_SECRET); > - Status =3D EFI_BUFFER_TOO_SMALL; > - goto ON_EXIT; > - } > - *DataSize =3D sizeof (EFI_TLS_MASTER_SECRET); > - Status =3D TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data); > - break; > - // > - // Unsupported type. > - // > - default: > - Status =3D EFI_UNSUPPORTED; > - } > - > -ON_EXIT: > - gBS->RestoreTPL (OldTpl); > - return Status; > -} > - > -/** > - Build response packet according to TLS state machine. This function is= only > valid for > - alert, handshake and change_cipher_spec content type. > - > - The BuildResponsePacket() function builds TLS response packet in > response to the TLS > - request packet specified by RequestBuffer and RequestSize. If > RequestBuffer is NULL and > - RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, t= he TLS > session > - will be initiated and the response packet needs to be ClientHello. If > RequestBuffer is > - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClos= ing, > the TLS > - session will be closed and response packet needs to be CloseNotify. If > RequestBuffer is > - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionErro= r, the > TLS > - session has errors and the response packet needs to be Alert message > based on error > - type. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in] RequestBuffer Pointer to the most recently received = TLS > packet. NULL > - means TLS need initiate the TLS sessio= n and response > - packet need to be ClientHello. > - @param[in] RequestSize Packet size in bytes for the most rece= ntly > received TLS > - packet. 0 is only valid when RequestBu= ffer is NULL. > - @param[out] Buffer Pointer to the buffer to hold the buil= t packet. > - @param[in, out] BufferSize Pointer to the buffer size in bytes. O= n input, > it is > - the buffer size provided by the caller= . On output, it > - is the buffer size in fact needed to c= ontain the > - packet. > - > - @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - RequestBuffer is NULL but RequestSize = is NOT 0. > - RequestSize is 0 but RequestBuffer is = NOT NULL. > - BufferSize is NULL. > - Buffer is NULL if *BufferSize is not z= ero. > - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > response packet. > - @retval EFI_NOT_READY Current TLS session state is NOT ready= to > build > - ResponsePacket. > - @retval EFI_ABORTED Something wrong build response packet. > -**/ > -EFI_STATUS > -EFIAPI > -TlsBuildResponsePacket ( > - IN EFI_TLS_PROTOCOL *This, > - IN UINT8 *RequestBuffer, OPTIONAL > - IN UINTN RequestSize, OPTIONAL > - OUT UINT8 *Buffer, OPTIONAL > - IN OUT UINTN *BufferSize > - ) > -{ > - EFI_STATUS Status; > - TLS_INSTANCE *Instance; > - EFI_TPL OldTpl; > - > - Status =3D EFI_SUCCESS; > - > - if ((This =3D=3D NULL) || (BufferSize =3D=3D NULL) || > - (RequestBuffer =3D=3D NULL && RequestSize !=3D 0) || > - (RequestBuffer !=3D NULL && RequestSize =3D=3D 0) || > - (Buffer =3D=3D NULL && *BufferSize !=3D0)) { > - return EFI_INVALID_PARAMETER; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > - > - if(RequestBuffer =3D=3D NULL && RequestSize =3D=3D 0) { > - switch (Instance->TlsSessionState) { > - case EfiTlsSessionNotStarted: > - // > - // ClientHello. > - // > - Status =3D TlsDoHandshake ( > - Instance->TlsConn, > - NULL, > - 0, > - Buffer, > - BufferSize > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - // > - // *BufferSize should not be zero when ClientHello. > - // > - if (*BufferSize =3D=3D 0) { > - Status =3D EFI_ABORTED; > - goto ON_EXIT; > - } > - > - Instance->TlsSessionState =3D EfiTlsSessionHandShaking; > - > - break; > - case EfiTlsSessionClosing: > - // > - // TLS session will be closed and response packet needs to be Clos= eNotify. > - // > - Status =3D TlsCloseNotify ( > - Instance->TlsConn, > - Buffer, > - BufferSize > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - // > - // *BufferSize should not be zero when build CloseNotify message. > - // > - if (*BufferSize =3D=3D 0) { > - Status =3D EFI_ABORTED; > - goto ON_EXIT; > - } > - > - break; > - case EfiTlsSessionError: > - // > - // TLS session has errors and the response packet needs to be Aler= t > - // message based on error type. > - // > - Status =3D TlsHandleAlert ( > - Instance->TlsConn, > - NULL, > - 0, > - Buffer, > - BufferSize > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - break; > - default: > - // > - // Current TLS session state is NOT ready to build ResponsePacket. > - // > - Status =3D EFI_NOT_READY; > - } > - } else { > - // > - // 1. Received packet may have multiple TLS record messages. > - // 2. One TLS record message may have multiple handshake protocol. > - // 3. Some errors may be happened in handshake. > - // TlsDoHandshake() can handle all of those cases. > - // > - if (TlsInHandshake (Instance->TlsConn)) { > - Status =3D TlsDoHandshake ( > - Instance->TlsConn, > - RequestBuffer, > - RequestSize, > - Buffer, > - BufferSize > - ); > - if (EFI_ERROR (Status)) { > - goto ON_EXIT; > - } > - > - if (!TlsInHandshake (Instance->TlsConn)) { > - Instance->TlsSessionState =3D EfiTlsSessionDataTransferring; > - } > - } else { > - // > - // Must be alert message, Decrypt it and build the ResponsePacket. > - // > - ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType =3D=3D > TlsContentTypeAlert); > - > - Status =3D TlsHandleAlert ( > - Instance->TlsConn, > - RequestBuffer, > - RequestSize, > - Buffer, > - BufferSize > - ); > - if (EFI_ERROR (Status)) { > - if (Status !=3D EFI_BUFFER_TOO_SMALL) { > - Instance->TlsSessionState =3D EfiTlsSessionError; > - } > - > - goto ON_EXIT; > - } > - } > - } > - > -ON_EXIT: > - gBS->RestoreTPL (OldTpl); > - return Status; > -} > - > -/** > - Decrypt or encrypt TLS packet during session. This function is only va= lid > after > - session connected and for application_data content type. > - > - The ProcessPacket () function process each inbound or outbound TLS APP > packet. > - > - @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > - @param[in, out] FragmentTable Pointer to a list of fragment. The cal= ler > will take > - responsible to handle the original Fra= gmentTable while > - it may be reallocated in TLS driver. I= f CryptMode is > - EfiTlsEncrypt, on input these fragment= s contain the TLS > - header and plain text TLS APP payload;= on output these > - fragments contain the TLS header and c= ipher text TLS > - APP payload. If CryptMode is EfiTlsDec= rypt, on input > - these fragments contain the TLS header= and cipher text > - TLS APP payload; on output these fragm= ents contain the > - TLS header and plain text TLS APP payl= oad. > - @param[in] FragmentCount Number of fragment. > - @param[in] CryptMode Crypt mode. > - > - @retval EFI_SUCCESS The operation completed successfully. > - @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > - This is NULL. > - FragmentTable is NULL. > - FragmentCount is NULL. > - CryptoMode is invalid. > - @retval EFI_NOT_READY Current TLS session state is NOT > - EfiTlsSessionDataTransferring. > - @retval EFI_ABORTED Something wrong decryption the message= . TLS > session > - status will become EfiTlsSessionError.= The caller need > - call BuildResponsePacket() to generate= Error Alert > - message and send it out. > - @retval EFI_OUT_OF_RESOURCES No enough resource to finish the > operation. > -**/ > -EFI_STATUS > -EFIAPI > -TlsProcessPacket ( > - IN EFI_TLS_PROTOCOL *This, > - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > - IN UINT32 *FragmentCount, > - IN EFI_TLS_CRYPT_MODE CryptMode > - ) > -{ > - EFI_STATUS Status; > - TLS_INSTANCE *Instance; > - > - EFI_TPL OldTpl; > - > - Status =3D EFI_SUCCESS; > - > - if (This =3D=3D NULL || FragmentTable =3D=3D NULL || FragmentCount =3D= =3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - > - OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > - > - Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > - > - if (Instance->TlsSessionState !=3D EfiTlsSessionDataTransferring) { > - Status =3D EFI_NOT_READY; > - goto ON_EXIT; > - } > - > - // > - // Packet sent or received may have multiple TLS record messages > (Application data type). > - // So,on input these fragments contain the TLS header and TLS APP payl= oad; > - // on output these fragments also contain the TLS header and TLS APP > payload. > - // > - switch (CryptMode) { > - case EfiTlsEncrypt: > - Status =3D TlsEncryptPacket (Instance, FragmentTable, FragmentCount)= ; > - break; > - case EfiTlsDecrypt: > - Status =3D TlsDecryptPacket (Instance, FragmentTable, FragmentCount)= ; > - break; > - default: > - return EFI_INVALID_PARAMETER; > - } > - > -ON_EXIT: > - gBS->RestoreTPL (OldTpl); > - return Status; > -} > +/** @file > + Implementation of EFI TLS Protocol Interfaces. > + > + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the = BSD > License > + which accompanies this distribution. The full text of the license may= be > found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#include "TlsImpl.h" > + > +EFI_TLS_PROTOCOL mTlsProtocol =3D { > + TlsSetSessionData, > + TlsGetSessionData, > + TlsBuildResponsePacket, > + TlsProcessPacket > +}; > + > +/** > + Set TLS session data. > + > + The SetSessionData() function set data for a new TLS session. All sess= ion > data should > + be set before BuildResponsePacket() invoked. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] DataType TLS session data type. > + @param[in] Data Pointer to session data. > + @param[in] DataSize Total size of session data. > + > + @retval EFI_SUCCESS The TLS session data is set successful= ly. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + Data is NULL. > + DataSize is 0. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_ACCESS_DENIED If the DataType is one of below: > + EfiTlsClientRandom > + EfiTlsServerRandom > + EfiTlsKeyMaterial > + @retval EFI_NOT_READY Current TLS session state is NOT > + EfiTlsSessionStateNotStarted. > + @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetSessionData ( > + IN EFI_TLS_PROTOCOL *This, > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > + IN VOID *Data, > + IN UINTN DataSize > + ) > +{ > + EFI_STATUS Status; > + TLS_INSTANCE *Instance; > + UINT16 *CipherId; > + UINTN Index; > + > + EFI_TPL OldTpl; > + > + Status =3D EFI_SUCCESS; > + CipherId =3D NULL; > + > + if (This =3D=3D NULL || Data =3D=3D NULL || DataSize =3D=3D 0) { > + return EFI_INVALID_PARAMETER; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > + > + if (DataType !=3D EfiTlsSessionState && Instance->TlsSessionState != =3D > EfiTlsSessionNotStarted){ > + Status =3D EFI_NOT_READY; > + goto ON_EXIT; > + } > + > + switch (DataType) { > + // > + // Session Configuration > + // > + case EfiTlsVersion: > + if (DataSize !=3D sizeof (EFI_TLS_VERSION)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto ON_EXIT; > + } > + > + Status =3D TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Da= ta)- > >Major, ((EFI_TLS_VERSION *) Data)->Minor); > + break; > + case EfiTlsConnectionEnd: > + if (DataSize !=3D sizeof (EFI_TLS_CONNECTION_END)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto ON_EXIT; > + } > + > + Status =3D TlsSetConnectionEnd (Instance->TlsConn, > *((EFI_TLS_CONNECTION_END *) Data)); > + break; > + case EfiTlsCipherList: > + CipherId =3D AllocatePool (DataSize); > + if (CipherId =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + > + for (Index =3D 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index+= +) { > + *(CipherId +Index) =3D HTONS (*(((UINT16 *) Data) + Index)); > + } > + > + Status =3D TlsSetCipherList (Instance->TlsConn, CipherId, DataSize /= sizeof > (EFI_TLS_CIPHER)); > + > + FreePool (CipherId); > + break; > + case EfiTlsCompressionMethod: > + // > + // TLS seems only define one CompressionMethod.null, which specifies > that data exchanged via the > + // record protocol will not be compressed. > + // More information from OpenSSL: > http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compressio > n_method.html > + // The TLS RFC does however not specify compression methods or their > corresponding identifiers, > + // so there is currently no compatible way to integrate compression = with > unknown peers. > + // It is therefore currently not recommended to integrate compressio= n > into applications. > + // Applications for non-public use may agree on certain compression > methods. > + // Using different compression methods with the same identifier will= lead > to connection failure. > + // > + for (Index =3D 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); > Index++) { > + Status =3D TlsSetCompressionMethod (*((UINT8 *) Data + Index)); > + if (EFI_ERROR (Status)) { > + break; > + } > + } > + > + break; > + case EfiTlsExtensionData: > + Status =3D EFI_UNSUPPORTED; > + goto ON_EXIT; > + case EfiTlsVerifyMethod: > + if (DataSize !=3D sizeof (EFI_TLS_VERIFY)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto ON_EXIT; > + } > + > + TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data)); > + break; > + case EfiTlsSessionID: > + if (DataSize !=3D sizeof (EFI_TLS_SESSION_ID)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto ON_EXIT; > + } > + > + Status =3D TlsSetSessionId ( > + Instance->TlsConn, > + ((EFI_TLS_SESSION_ID *) Data)->Data, > + ((EFI_TLS_SESSION_ID *) Data)->Length > + ); > + break; > + case EfiTlsSessionState: > + if (DataSize !=3D sizeof (EFI_TLS_SESSION_STATE)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto ON_EXIT; > + } > + > + Instance->TlsSessionState =3D *(EFI_TLS_SESSION_STATE *) Data; > + break; > + // > + // Session information > + // > + case EfiTlsClientRandom: > + Status =3D EFI_ACCESS_DENIED; > + break; > + case EfiTlsServerRandom: > + Status =3D EFI_ACCESS_DENIED; > + break; > + case EfiTlsKeyMaterial: > + Status =3D EFI_ACCESS_DENIED; > + break; > + // > + // Unsupported type. > + // > + default: > + Status =3D EFI_UNSUPPORTED; > + } > + > +ON_EXIT: > + gBS->RestoreTPL (OldTpl); > + return Status; > +} > + > +/** > + Get TLS session data. > + > + The GetSessionData() function return the TLS session information. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] DataType TLS session data type. > + @param[in, out] Data Pointer to session data. > + @param[in, out] DataSize Total size of session data. On input, = it means > + the size of Data buffer. On output, it= means the size > + of copied Data buffer if EFI_SUCCESS, = and means the > + size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > + > + @retval EFI_SUCCESS The TLS session data is got successful= ly. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + DataSize is NULL. > + Data is NULL if *DataSize is not zero. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_NOT_FOUND The TLS session data is not found. > + @retval EFI_NOT_READY The DataType is not ready in current s= ession > state. > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetSessionData ( > + IN EFI_TLS_PROTOCOL *This, > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > + IN OUT VOID *Data, OPTIONAL > + IN OUT UINTN *DataSize > + ) > +{ > + EFI_STATUS Status; > + TLS_INSTANCE *Instance; > + > + EFI_TPL OldTpl; > + > + Status =3D EFI_SUCCESS; > + > + if (This =3D=3D NULL || DataSize =3D=3D NULL || (Data =3D=3D NULL && *= DataSize !=3D 0)) > { > + return EFI_INVALID_PARAMETER; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > + > + if (Instance->TlsSessionState =3D=3D EfiTlsSessionNotStarted && > + (DataType =3D=3D EfiTlsSessionID || DataType =3D=3D EfiTlsClientRand= om || > + DataType =3D=3D EfiTlsServerRandom || DataType =3D=3D EfiTlsKeyMater= ial)) { > + Status =3D EFI_NOT_READY; > + goto ON_EXIT; > + } > + > + switch (DataType) { > + case EfiTlsVersion: > + if (*DataSize < sizeof (EFI_TLS_VERSION)) { > + *DataSize =3D sizeof (EFI_TLS_VERSION); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_VERSION); > + *((UINT16 *) Data) =3D HTONS (TlsGetVersion (Instance->TlsConn)); > + break; > + case EfiTlsConnectionEnd: > + if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) { > + *DataSize =3D sizeof (EFI_TLS_CONNECTION_END); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_CONNECTION_END); > + *((UINT8 *) Data) =3D TlsGetConnectionEnd (Instance->TlsConn); > + break; > + case EfiTlsCipherList: > + // > + // Get the current session cipher suite. > + // > + if (*DataSize < sizeof (EFI_TLS_CIPHER)) { > + *DataSize =3D sizeof (EFI_TLS_CIPHER); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof(EFI_TLS_CIPHER); > + Status =3D TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data); > + *((UINT16 *) Data) =3D HTONS (*((UINT16 *) Data)); > + break; > + case EfiTlsCompressionMethod: > + // > + // Get the current session compression method. > + // > + if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) { > + *DataSize =3D sizeof (EFI_TLS_COMPRESSION); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_COMPRESSION); > + Status =3D TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) > Data); > + break; > + case EfiTlsExtensionData: > + Status =3D EFI_UNSUPPORTED; > + goto ON_EXIT; > + case EfiTlsVerifyMethod: > + if (*DataSize < sizeof (EFI_TLS_VERIFY)) { > + *DataSize =3D sizeof (EFI_TLS_VERIFY); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_VERIFY); > + *((UINT32 *) Data) =3D TlsGetVerify (Instance->TlsConn); > + break; > + case EfiTlsSessionID: > + if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) { > + *DataSize =3D sizeof (EFI_TLS_SESSION_ID); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_SESSION_ID); > + Status =3D TlsGetSessionId ( > + Instance->TlsConn, > + ((EFI_TLS_SESSION_ID *) Data)->Data, > + &(((EFI_TLS_SESSION_ID *) Data)->Length) > + ); > + break; > + case EfiTlsSessionState: > + if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) { > + *DataSize =3D sizeof (EFI_TLS_SESSION_STATE); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_SESSION_STATE); > + CopyMem (Data, &Instance->TlsSessionState, *DataSize); > + break; > + case EfiTlsClientRandom: > + if (*DataSize < sizeof (EFI_TLS_RANDOM)) { > + *DataSize =3D sizeof (EFI_TLS_RANDOM); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_RANDOM); > + TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data); > + break; > + case EfiTlsServerRandom: > + if (*DataSize < sizeof (EFI_TLS_RANDOM)) { > + *DataSize =3D sizeof (EFI_TLS_RANDOM); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_RANDOM); > + TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data); > + break; > + case EfiTlsKeyMaterial: > + if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) { > + *DataSize =3D sizeof (EFI_TLS_MASTER_SECRET); > + Status =3D EFI_BUFFER_TOO_SMALL; > + goto ON_EXIT; > + } > + *DataSize =3D sizeof (EFI_TLS_MASTER_SECRET); > + Status =3D TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data); > + break; > + // > + // Unsupported type. > + // > + default: > + Status =3D EFI_UNSUPPORTED; > + } > + > +ON_EXIT: > + gBS->RestoreTPL (OldTpl); > + return Status; > +} > + > +/** > + Build response packet according to TLS state machine. This function is= only > valid for > + alert, handshake and change_cipher_spec content type. > + > + The BuildResponsePacket() function builds TLS response packet in > response to the TLS > + request packet specified by RequestBuffer and RequestSize. If > RequestBuffer is NULL and > + RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, t= he TLS > session > + will be initiated and the response packet needs to be ClientHello. If > RequestBuffer is > + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClos= ing, > the TLS > + session will be closed and response packet needs to be CloseNotify. If > RequestBuffer is > + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionErro= r, the > TLS > + session has errors and the response packet needs to be Alert message > based on error > + type. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] RequestBuffer Pointer to the most recently received = TLS > packet. NULL > + means TLS need initiate the TLS sessio= n and response > + packet need to be ClientHello. > + @param[in] RequestSize Packet size in bytes for the most rece= ntly > received TLS > + packet. 0 is only valid when RequestBu= ffer is NULL. > + @param[out] Buffer Pointer to the buffer to hold the buil= t packet. > + @param[in, out] BufferSize Pointer to the buffer size in bytes. O= n input, > it is > + the buffer size provided by the caller= . On output, it > + is the buffer size in fact needed to c= ontain the > + packet. > + > + @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + RequestBuffer is NULL but RequestSize = is NOT 0. > + RequestSize is 0 but RequestBuffer is = NOT NULL. > + BufferSize is NULL. > + Buffer is NULL if *BufferSize is not z= ero. > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > response packet. > + @retval EFI_NOT_READY Current TLS session state is NOT ready= to > build > + ResponsePacket. > + @retval EFI_ABORTED Something wrong build response packet. > +**/ > +EFI_STATUS > +EFIAPI > +TlsBuildResponsePacket ( > + IN EFI_TLS_PROTOCOL *This, > + IN UINT8 *RequestBuffer, OPTIONAL > + IN UINTN RequestSize, OPTIONAL > + OUT UINT8 *Buffer, OPTIONAL > + IN OUT UINTN *BufferSize > + ) > +{ > + EFI_STATUS Status; > + TLS_INSTANCE *Instance; > + EFI_TPL OldTpl; > + > + Status =3D EFI_SUCCESS; > + > + if ((This =3D=3D NULL) || (BufferSize =3D=3D NULL) || > + (RequestBuffer =3D=3D NULL && RequestSize !=3D 0) || > + (RequestBuffer !=3D NULL && RequestSize =3D=3D 0) || > + (Buffer =3D=3D NULL && *BufferSize !=3D0)) { > + return EFI_INVALID_PARAMETER; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > + > + if(RequestBuffer =3D=3D NULL && RequestSize =3D=3D 0) { > + switch (Instance->TlsSessionState) { > + case EfiTlsSessionNotStarted: > + // > + // ClientHello. > + // > + Status =3D TlsDoHandshake ( > + Instance->TlsConn, > + NULL, > + 0, > + Buffer, > + BufferSize > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + // > + // *BufferSize should not be zero when ClientHello. > + // > + if (*BufferSize =3D=3D 0) { > + Status =3D EFI_ABORTED; > + goto ON_EXIT; > + } > + > + Instance->TlsSessionState =3D EfiTlsSessionHandShaking; > + > + break; > + case EfiTlsSessionClosing: > + // > + // TLS session will be closed and response packet needs to be > CloseNotify. > + // > + Status =3D TlsCloseNotify ( > + Instance->TlsConn, > + Buffer, > + BufferSize > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + // > + // *BufferSize should not be zero when build CloseNotify message. > + // > + if (*BufferSize =3D=3D 0) { > + Status =3D EFI_ABORTED; > + goto ON_EXIT; > + } > + > + break; > + case EfiTlsSessionError: > + // > + // TLS session has errors and the response packet needs to be Aler= t > + // message based on error type. > + // > + Status =3D TlsHandleAlert ( > + Instance->TlsConn, > + NULL, > + 0, > + Buffer, > + BufferSize > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + break; > + default: > + // > + // Current TLS session state is NOT ready to build ResponsePacket. > + // > + Status =3D EFI_NOT_READY; > + } > + } else { > + // > + // 1. Received packet may have multiple TLS record messages. > + // 2. One TLS record message may have multiple handshake protocol. > + // 3. Some errors may be happened in handshake. > + // TlsDoHandshake() can handle all of those cases. > + // > + if (TlsInHandshake (Instance->TlsConn)) { > + Status =3D TlsDoHandshake ( > + Instance->TlsConn, > + RequestBuffer, > + RequestSize, > + Buffer, > + BufferSize > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + if (!TlsInHandshake (Instance->TlsConn)) { > + Instance->TlsSessionState =3D EfiTlsSessionDataTransferring; > + } > + } else { > + // > + // Must be alert message, Decrypt it and build the ResponsePacket. > + // > + ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType =3D=3D > TlsContentTypeAlert); > + > + Status =3D TlsHandleAlert ( > + Instance->TlsConn, > + RequestBuffer, > + RequestSize, > + Buffer, > + BufferSize > + ); > + if (EFI_ERROR (Status)) { > + if (Status !=3D EFI_BUFFER_TOO_SMALL) { > + Instance->TlsSessionState =3D EfiTlsSessionError; > + } > + > + goto ON_EXIT; > + } > + } > + } > + > +ON_EXIT: > + gBS->RestoreTPL (OldTpl); > + return Status; > +} > + > +/** > + Decrypt or encrypt TLS packet during session. This function is only va= lid > after > + session connected and for application_data content type. > + > + The ProcessPacket () function process each inbound or outbound TLS APP > packet. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in, out] FragmentTable Pointer to a list of fragment. The cal= ler > will take > + responsible to handle the original Fra= gmentTable while > + it may be reallocated in TLS driver. I= f CryptMode is > + EfiTlsEncrypt, on input these fragment= s contain the TLS > + header and plain text TLS APP payload;= on output these > + fragments contain the TLS header and c= ipher text TLS > + APP payload. If CryptMode is EfiTlsDec= rypt, on input > + these fragments contain the TLS header= and cipher text > + TLS APP payload; on output these fragm= ents contain the > + TLS header and plain text TLS APP payl= oad. > + @param[in] FragmentCount Number of fragment. > + @param[in] CryptMode Crypt mode. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + FragmentTable is NULL. > + FragmentCount is NULL. > + CryptoMode is invalid. > + @retval EFI_NOT_READY Current TLS session state is NOT > + EfiTlsSessionDataTransferring. > + @retval EFI_ABORTED Something wrong decryption the message= . > TLS session > + status will become EfiTlsSessionError.= The caller need > + call BuildResponsePacket() to generate= Error Alert > + message and send it out. > + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the > operation. > +**/ > +EFI_STATUS > +EFIAPI > +TlsProcessPacket ( > + IN EFI_TLS_PROTOCOL *This, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount, > + IN EFI_TLS_CRYPT_MODE CryptMode > + ) > +{ > + EFI_STATUS Status; > + TLS_INSTANCE *Instance; > + > + EFI_TPL OldTpl; > + > + Status =3D EFI_SUCCESS; > + > + if (This =3D=3D NULL || FragmentTable =3D=3D NULL || FragmentCount =3D= =3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > + > + Instance =3D TLS_INSTANCE_FROM_PROTOCOL (This); > + > + if (Instance->TlsSessionState !=3D EfiTlsSessionDataTransferring) { > + Status =3D EFI_NOT_READY; > + goto ON_EXIT; > + } > + > + // > + // Packet sent or received may have multiple TLS record messages > (Application data type). > + // So,on input these fragments contain the TLS header and TLS APP > payload; > + // on output these fragments also contain the TLS header and TLS APP > payload. > + // > + switch (CryptMode) { > + case EfiTlsEncrypt: > + Status =3D TlsEncryptPacket (Instance, FragmentTable, FragmentCount)= ; > + break; > + case EfiTlsDecrypt: > + Status =3D TlsDecryptPacket (Instance, FragmentTable, FragmentCount)= ; > + break; > + default: > + return EFI_INVALID_PARAMETER; > + } > + > +ON_EXIT: > + gBS->RestoreTPL (OldTpl); > + return Status; > +} > + > -- > 2.12.0.windows.1