From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C4BC481F90 for ; Thu, 15 Dec 2016 00:34:33 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP; 15 Dec 2016 00:34:26 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,351,1477983600"; d="scan'208";a="40159043" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga004.jf.intel.com with ESMTP; 15 Dec 2016 00:34:26 -0800 Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 15 Dec 2016 00:34:25 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 15 Dec 2016 00:34:24 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.11]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.9]) with mapi id 14.03.0248.002; Thu, 15 Dec 2016 16:34:23 +0800 From: "Ye, Ting" To: "Wu, Jiaxin" , "Long, Qin" , "edk2-devel@lists.01.org" CC: "Fu, Siyuan" , "Zhang, Lubo" , "Gao, Liming" , "Kinney, Michael D" , Thomas Palmer Thread-Topic: [Patch 01/10] MdePkg: Add TLS related protocol definition Thread-Index: AQHSVdyC1RkZHZmUYUWaOKQ9U968LqEGmFwAgAAA+ACAAhVQMA== Date: Thu, 15 Dec 2016 08:34:22 +0000 Message-ID: References: <1481700859-76060-1-git-send-email-jiaxin.wu@intel.com> <1481700859-76060-2-git-send-email-jiaxin.wu@intel.com> <895558F6EA4E3B41AC93A00D163B72741627EF1A@SHSMSX103.ccr.corp.intel.com> In-Reply-To: <895558F6EA4E3B41AC93A00D163B72741627EF1A@SHSMSX103.ccr.corp.intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch 01/10] MdePkg: Add TLS related protocol definition X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 08:34:34 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ye Ting =20 -----Original Message----- From: Wu, Jiaxin=20 Sent: Wednesday, December 14, 2016 4:39 PM To: Long, Qin ; edk2-devel@lists.01.org Cc: Ye, Ting ; Fu, Siyuan ; Zhang, = Lubo ; Gao, Liming ; Kinney, Mi= chael D ; Thomas Palmer Subject: RE: [Patch 01/10] MdePkg: Add TLS related protocol definition Thanks Qin, I will correct it before commit this patch. Best Regards! Jiaxin > -----Original Message----- > From: Long, Qin > Sent: Wednesday, December 14, 2016 4:36 PM > To: Wu, Jiaxin ; edk2-devel@lists.01.org > Cc: Ye, Ting ; Fu, Siyuan ;=20 > Zhang, Lubo ; Gao, Liming=20 > ; Kinney, Michael D=20 > ; Thomas Palmer > Subject: RE: [Patch 01/10] MdePkg: Add TLS related protocol definition >=20 > Reviewed-by: Qin Long >=20 > Please correct some typos later: > EFI_TLS_EXTENDION --> EFI_TLS_EXTENSION TLS/SSLhandshake --> TLS/SSL=20 > handshake cerfificate --> certificate cypher --> cipher > binaryX.509 --> binary X.509 > PEMencoded --> PEM-encoded >=20 > Best Regards & Thanks, > LONG, Qin >=20 > > -----Original Message----- > > From: Wu, Jiaxin > > Sent: Wednesday, December 14, 2016 3:34 PM > > To: edk2-devel@lists.01.org > > Cc: Long, Qin; Ye, Ting; Fu, Siyuan; Zhang, Lubo; Gao, Liming;=20 > > Kinney, Michael D; Thomas Palmer; Wu, Jiaxin > > Subject: [Patch 01/10] MdePkg: Add TLS related protocol definition > > > > This patch is used to add Tls.h and TlsConfig.h header files to=20 > > define EFI TLS Configuration Protocol, EFI TLS Service Binding=20 > > Protocol and EFI TLS Configuration Protocol. > > > > Cc: Long Qin > > Cc: Ye Ting > > Cc: Fu Siyuan > > Cc: Zhang Lubo > > Cc: Liming Gao > > Cc: Michael D Kinney > > Cc: Thomas Palmer > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Wu Jiaxin > > --- > > MdePkg/Include/Protocol/Tls.h | 460 > > ++++++++++++++++++++++++++++++++++++ > > MdePkg/Include/Protocol/TlsConfig.h | 132 +++++++++++ > > MdePkg/MdePkg.dec | 9 + > > 3 files changed, 601 insertions(+) > > create mode 100644 MdePkg/Include/Protocol/Tls.h create mode=20 > > 100644 MdePkg/Include/Protocol/TlsConfig.h > > > > diff --git a/MdePkg/Include/Protocol/Tls.h=20 > > b/MdePkg/Include/Protocol/Tls.h new file mode 100644 index=20 > > 0000000..51a3cda > > --- /dev/null > > +++ b/MdePkg/Include/Protocol/Tls.h > > @@ -0,0 +1,460 @@ > > +/** @file > > + EFI TLS Protocols as defined in UEFI 2.5. > > + > > + The EFI TLS Service Binding Protocol is used to locate EFI TLS=20 > > + Protocol drivers to create and destroy child of the driver to=20 > > + communicate with other host using TLS protocol. > > + The EFI TLS Protocol provides the ability to manage TLS session. > > + > > + Copyright (c) 2016, Intel Corporation. All rights reserved.
=20 > > + This program and the accompanying materials are licensed and made=20 > > + available under the terms and conditions of the BSD License which=20 > > + accompanies this distribution. The full text of the license may be=20 > > + found at http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > BASIS, > > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > EXPRESS OR IMPLIED. > > + > > + @par Revision Reference: > > + This Protocol is introduced in UEFI Specification 2.5 > > + > > +**/ > > + > > +#ifndef __EFI_TLS_PROTOCOL_H__ > > +#define __EFI_TLS_PROTOCOL_H__ > > + > > +/// > > +/// The EFI TLS Service Binding Protocol is used to locate EFI TLS=20 > > +Protocol drivers to /// create and destroy child of the driver to=20 > > +communicate with other host using TLS /// protocol. > > +/// > > +#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ > > + { \ > > + 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86,=20 > > +0xd6, 0xab, 0x8d } \ > > + } > > + > > +/// > > +/// The EFI TLS protocol provides the ability to manage TLS session. > > +/// > > +#define EFI_TLS_PROTOCOL_GUID \ > > + { \ > > + 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51,=20 > > +0x43, 0x90 } \ > > + } > > + > > +typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; > > + > > +/// > > +/// EFI_TLS_SESSION_DATA_TYPE > > +/// > > +typedef enum { > > + /// > > + /// Session Configuration > > + /// > > + > > + /// > > + /// TLS session Version. The corresponding Data is of type > > EFI_TLS_VERSION. > > + /// > > + EfiTlsVersion, > > + /// > > + /// TLS session as client or as server. The corresponding Data is=20 > > + of /// EFI_TLS_CONNECTION_END. > > + /// > > + EfiTlsConnectionEnd, > > + /// > > + /// A priority list of preferred algorithms for the TLS session. > > + /// The corresponding Data is a list of EFI_TLS_CIPHER. > > + /// > > + EfiTlsCipherList, > > + /// > > + /// TLS session compression method. > > + /// The corresponding Data is of type EFI_TLS_COMPRESSION. > > + /// > > + EfiTlsCompressionMethod, > > + /// > > + /// TLS session extension data. > > + /// The corresponding Data is a list of type EFI_TLS_EXTENDION. > > + /// > > + EfiTlsExtensionData, > > + /// > > + /// TLS session verify method. > > + /// The corresponding Data is of type EFI_TLS_VERIFY. > > + /// > > + EfiTlsVerifyMethod, > > + /// > > + /// TLS session data session ID. > > + /// For SetSessionData(), it is TLS session ID used for session resu= mption. > > + /// For GetSessionData(), it is the TLS session ID used for current = session. > > + /// The corresponding Data is of type EFI_TLS_SESSION_ID. > > + /// > > + EfiTlsSessionID, > > + /// > > + /// TLS session data session state. > > + /// The corresponding Data is of type EFI_TLS_SESSION_STATE. > > + /// > > + EfiTlsSessionState, > > + > > + /// > > + /// Session information > > + /// > > + > > + /// > > + /// TLS session data client random. > > + /// The corresponding Data is of type EFI_TLS_RANDOM. > > + /// > > + EfiTlsClientRandom, > > + /// > > + /// TLS session data server random. > > + /// The corresponding Data is of type EFI_TLS_RANDOM. > > + /// > > + EfiTlsServerRandom, > > + /// > > + /// TLS session data key material. > > + /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. > > + /// > > + EfiTlsKeyMaterial, > > + > > + EfiTlsSessionDataTypeMaximum > > + > > +} EFI_TLS_SESSION_DATA_TYPE; > > + > > +/// > > +/// EFI_TLS_VERSION > > +/// Note: The TLS version definition is from SSL3.0 to the latest TLS = (e.g. > 1.2). > > +/// SSL2.0 is obsolete and should not be used. > > +/// > > +typedef struct { > > + UINT8 Major; > > + UINT8 Minor; > > +} EFI_TLS_VERSION; > > + > > +/// > > +/// EFI_TLS_CONNECTION_END to define TLS session as client or server. > > +/// > > +typedef enum { > > + EfiTlsClient, > > + EfiTlsServer, > > +} EFI_TLS_CONNECTION_END; > > + > > +/// > > +/// EFI_TLS_CIPHER > > +/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC=20 > > +5246, > > A.4.1. > > +/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cip= her > > +/// Suite Registry of IANA. > > +/// > > +typedef struct { > > + UINT8 Data1; > > + UINT8 Data2; > > +} EFI_TLS_CIPHER; > > + > > +/// > > +/// EFI_TLS_COMPRESSION > > +/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC > 3749". > > +/// > > +typedef UINT8 EFI_TLS_COMPRESSION; > > + > > +/// > > +/// EFI_TLS_EXTENSION > > +/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1. > > +/// Hello Messages". > > +/// > > +typedef struct { > > + UINT16 ExtensionType; > > + UINT16 Length; > > + UINT8 Data[1]; > > +} EFI_TLS_EXTENSION; > > + > > +/// > > +/// EFI_TLS_VERIFY > > +/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last=20 > > +two options /// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desire= d. > > +/// > > +typedef UINT32 EFI_TLS_VERIFY; > > +/// > > +/// No certificates will be sent or the TLS/SSLhandshake will be=20 > > +continued regardless /// of the certificate verification result. > > +/// > > +#define EFI_TLS_VERIFY_NONE 0x0 > > +/// > > +/// The TLS/SSL handshake is immediately terminated with an alert=20 > > +message containing /// the reason for the certificate verification fai= lure. > > +/// > > +#define EFI_TLS_VERIFY_PEER 0x1 > > +/// > > +/// TLS session will fail peer certificate is absent. > > +/// > > +#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 /// /// TLS=20 > > +session only verify client once, and doesn't request cerfificate=20 > > +during /// re-negotiation. > > +/// > > +#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 > > + > > +/// > > +/// EFI_TLS_RANDOM > > +/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. > > +/// Hello Messages". > > +/// > > +typedef struct { > > + UINT32 GmtUnixTime; > > + UINT8 RandomBytes[28]; > > +} EFI_TLS_RANDOM; > > + > > +/// > > +/// EFI_TLS_MASTER_SECRET > > +/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.= 1. > > +/// Computing the Master Secret". > > +/// > > +typedef struct { > > + UINT8 Data[48]; > > +} EFI_TLS_MASTER_SECRET; > > + > > +/// > > +/// EFI_TLS_SESSION_ID > > +/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1= . > > Hello Messages". > > +/// > > +#define MAX_TLS_SESSION_ID_LENGTH 32 typedef struct { > > + UINT16 Length; > > + UINT8 Data[MAX_TLS_SESSION_ID_LENGTH]; > > +} EFI_TLS_SESSION_ID; > > + > > +/// > > +/// EFI_TLS_SESSION_STATE > > +/// > > +typedef enum { > > + /// > > + /// When a new child of TLS protocol is created, the initial=20 > > +state of TLS session > > + /// is EfiTlsSessionNotStarted. > > + /// > > + EfiTlsSessionNotStarted, > > + /// > > + /// The consumer can call BuildResponsePacket() with NULL to get=20 > > +ClientHello to > > + /// start the TLS session. Then the status is EfiTlsSessionHandShaki= ng. > > + /// > > + EfiTlsSessionHandShaking, > > + /// > > + /// During handshake, the consumer need call=20 > > +BuildResponsePacket() with input > > + /// data from peer, then get response packet and send to peer. > > +After handshake > > + /// finish, the TLS session status becomes=20 > > +EfiTlsSessionDataTransferring, and > > + /// consumer can use ProcessPacket() for data transferring. > > + /// > > + EfiTlsSessionDataTransferring, > > + /// > > + /// Finally, if consumer wants to active close TLS session,=20 > > +consumer need > > + /// call SetSessionData to set TLS session state to=20 > > +EfiTlsSessionClosing, and > > + /// call BuildResponsePacket() with NULL to get CloseNotify alert=20 > > +message, > > + /// and sent it out. > > + /// > > + EfiTlsSessionClosing, > > + /// > > + /// If any error happen during parsing ApplicationData content=20 > > +type, EFI_ABORT > > + /// will be returned by ProcessPacket(), and TLS session state=20 > > +will become > > + /// EfiTlsSessionError. Then consumer need call > > +BuildResponsePacket() with > > + /// NULL to get alert message and sent it out. > > + /// > > + EfiTlsSessionError, > > + > > + EfiTlsSessionStateMaximum > > + > > +} EFI_TLS_SESSION_STATE; > > + > > +/// > > +/// EFI_TLS_FRAGMENT_DATA > > +/// > > +typedef struct { > > + /// > > + /// Length of data buffer in the fragment. > > + /// > > + UINT32 FragmentLength; > > + /// > > + /// Pointer to the data buffer in the fragment. > > + /// > > + VOID *FragmentBuffer; > > +} EFI_TLS_FRAGMENT_DATA; > > + > > +/// > > +/// EFI_TLS_CRYPT_MODE > > +/// > > +typedef enum { > > + /// > > + /// Encrypt data provided in the fragment buffers. > > + /// > > + EfiTlsEncrypt, > > + /// > > + /// Decrypt data provided in the fragment buffers. > > + /// > > + EfiTlsDecrypt, > > +} EFI_TLS_CRYPT_MODE; > > + > > +/** > > + Set TLS session data. > > + > > + The SetSessionData() function set data for a new TLS session. All=20 > > + session data should be set before BuildResponsePacket() invoked. > > + > > + @param[in] This Pointer to the EFI_TLS_PROTOCOL inst= ance. > > + @param[in] DataType TLS session data type. > > + @param[in] Data Pointer to session data. > > + @param[in] DataSize Total size of session data. > > + > > + @retval EFI_SUCCESS The TLS session data is set successf= ully. > > + @retval EFI_INVALID_PARAMETER One or more of the following > > conditions is TRUE: > > + This is NULL. > > + Data is NULL. > > + DataSize is 0. > > + @retval EFI_UNSUPPORTED The DataType is unsupported. > > + @retval EFI_ACCESS_DENIED If the DataType is one of below: > > + EfiTlsClientRandom > > + EfiTlsServerRandom > > + EfiTlsKeyMaterial > > + @retval EFI_NOT_READY Current TLS session state is NOT > > + EfiTlsSessionStateNotStarted. > > + @retval EFI_OUT_OF_RESOURCES Required system resources could > not > > be allocated. > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EFI_TLS_SET_SESSION_DATA) ( > > + IN EFI_TLS_PROTOCOL *This, > > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ); > > + > > +/** > > + Get TLS session data. > > + > > + The GetSessionData() function return the TLS session information. > > + > > + @param[in] This Pointer to the EFI_TLS_PROTOCOL inst= ance. > > + @param[in] DataType TLS session data type. > > + @param[in, out] Data Pointer to session data. > > + @param[in, out] DataSize Total size of session data. On input= , it > means > > + the size of Data buffer. On output, = it means the size > > + of copied Data buffer if EFI_SUCCESS= , and means the > > + size of desired Data buffer if EFI_B= UFFER_TOO_SMALL. > > + > > + @retval EFI_SUCCESS The TLS session data is got successf= ully. > > + @retval EFI_INVALID_PARAMETER One or more of the following > > conditions is TRUE: > > + This is NULL. > > + DataSize is NULL. > > + Data is NULL if *DataSize is not zer= o. > > + @retval EFI_UNSUPPORTED The DataType is unsupported. > > + @retval EFI_NOT_FOUND The TLS session data is not found. > > + @retval EFI_NOT_READY The DataType is not ready in current > session > > state. > > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the > data. > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EFI_TLS_GET_SESSION_DATA) ( > > + IN EFI_TLS_PROTOCOL *This, > > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > > + IN OUT VOID *Data, OPTIONAL > > + IN OUT UINTN *DataSize > > + ); > > + > > +/** > > + Build response packet according to TLS state machine. This=20 > > +function is only valid for > > + alert, handshake and change_cipher_spec content type. > > + > > + The BuildResponsePacket() function builds TLS response packet in=20 > > + response to the TLS request packet specified by RequestBuffer and=20 > > + RequestSize. If RequestBuffer is NULL and RequestSize is 0, and=20 > > + TLS session status is EfiTlsSessionNotStarted, the TLS session =20 > > + will be initiated and the response packet needs to be ClientHello.=20 > > + If RequestBuffer is NULL and RequestSize is 0, and TLS session=20 > > + status is EfiTlsSessionClosing, the TLS session will be closed=20 > > + and response packet needs to be CloseNotify. If RequestBuffer is =20 > > + NULL and RequestSize is 0, and TLS session status is=20 > > + EfiTlsSessionError, the TLS > > session has errors and the response packet needs to be Alert message=20 > > based on error type. > > + > > + @param[in] This Pointer to the EFI_TLS_PROTOCOL inst= ance. > > + @param[in] RequestBuffer Pointer to the most recently receive= d TLS > > packet. NULL > > + means TLS need initiate the TLS sess= ion and response > > + packet need to be ClientHello. > > + @param[in] RequestSize Packet size in bytes for the most re= cently > > received TLS > > + packet. 0 is only valid when Request= Buffer is NULL. > > + @param[out] Buffer Pointer to the buffer to hold the bu= ilt packet. > > + @param[in, out] BufferSize Pointer to the buffer size in bytes.= On > input, > > it is > > + the buffer size provided by the call= er. On output, it > > + is the buffer size in fact needed to= contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS packet is built suc= cessfully. > > + @retval EFI_INVALID_PARAMETER One or more of the following > > conditions is TRUE: > > + This is NULL. > > + RequestBuffer is NULL but RequestSiz= e is NOT 0. > > + RequestSize is 0 but RequestBuffer i= s NOT NULL. > > + BufferSize is NULL. > > + Buffer is NULL if *BufferSize is not= zero. > > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > > response packet. > > + @retval EFI_NOT_READY Current TLS session state is NOT rea= dy to > > build > > + ResponsePacket. > > + @retval EFI_ABORTED Something wrong build response packe= t. > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) ( > > + IN EFI_TLS_PROTOCOL *This, > > + IN UINT8 *RequestBuffer, OPTIONAL > > + IN UINTN RequestSize, OPTIONAL > > + OUT UINT8 *Buffer, OPTIONAL > > + IN OUT UINTN *BufferSize > > + ); > > + > > +/** > > + Decrypt or encrypt TLS packet during session. This function is=20 > > +only valid after > > + session connected and for application_data content type. > > + > > + The ProcessPacket () function process each inbound or outbound=20 > > + TLS APP > > packet. > > + > > + @param[in] This Pointer to the EFI_TLS_PROTOCOL inst= ance. > > + @param[in, out] FragmentTable Pointer to a list of fragment.=20 > > + The caller > > will take > > + responsible to handle the original F= ragmentTable while > > + it may be reallocated in TLS driver.= If CryptMode is > > + EfiTlsEncrypt, on input these fragme= nts contain the TLS > > + header and plain text TLS APP payloa= d; on output these > > + fragments contain the TLS header and= cypher text TLS > > + APP payload. If CryptMode is EfiTlsD= ecrypt, on input > > + these fragments contain the TLS head= er and cypher text > > + TLS APP payload; on output these fra= gments contain the > > + TLS header and plain text TLS APP pa= yload. > > + @param[in] FragmentCount Number of fragment. > > + @param[in] CryptMode Crypt mode. > > + > > + @retval EFI_SUCCESS The operation completed successfully= . > > + @retval EFI_INVALID_PARAMETER One or more of the following > > conditions is TRUE: > > + This is NULL. > > + FragmentTable is NULL. > > + FragmentCount is NULL. > > + CryptoMode is invalid. > > + @retval EFI_NOT_READY Current TLS session state is NOT > > + EfiTlsSessionDataTransferring. > > + @retval EFI_ABORTED Something wrong decryption the messa= ge. > > TLS session > > + status will become EfiTlsSessionErro= r. The caller need > > + call BuildResponsePacket() to genera= te Error Alert > > + message and send it out. > > + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the > > operation. > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EFI_TLS_PROCESS_PACKET) ( > > + IN EFI_TLS_PROTOCOL *This, > > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > > + IN UINT32 *FragmentCount, > > + IN EFI_TLS_CRYPT_MODE CryptMode > > + ); > > + > > +/// > > +/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS > > session. > > +/// For detail of TLS, please refer to TLS related RFC. > > +/// > > +struct _EFI_TLS_PROTOCOL { > > + EFI_TLS_SET_SESSION_DATA SetSessionData; > > + EFI_TLS_GET_SESSION_DATA GetSessionData; > > + EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket; > > + EFI_TLS_PROCESS_PACKET ProcessPacket; > > +}; > > + > > +extern EFI_GUID gEfiTlsServiceBindingProtocolGuid; > > +extern EFI_GUID gEfiTlsProtocolGuid; > > + > > +#endif // __EFI_TLS_PROTOCOL_H__ > > diff --git a/MdePkg/Include/Protocol/TlsConfig.h > > b/MdePkg/Include/Protocol/TlsConfig.h > > new file mode 100644 > > index 0000000..4b62bf5 > > --- /dev/null > > +++ b/MdePkg/Include/Protocol/TlsConfig.h > > @@ -0,0 +1,132 @@ > > +/** @file > > + EFI TLS Configuration Protocol as defined in UEFI 2.5. > > + The EFI TLS Configuration Protocol provides a way to set and get=20 > > +TLS > > configuration. > > + > > + Copyright (c) 2016, Intel Corporation. All rights reserved.
=20 > > + This program and the accompanying materials are licensed and made=20 > > + available under the terms and conditions of the BSD License which=20 > > + accompanies this distribution. The full text of the license may be=20 > > + found at http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > BASIS, > > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > EXPRESS OR IMPLIED. > > + > > + @par Revision Reference: > > + This Protocol is introduced in UEFI Specification 2.5 > > + > > +**/ > > +#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__ > > +#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__ > > + > > +/// > > +/// The EFI Configuration protocol provides a way to set and get=20 > > +TLS > > configuration. > > +/// > > +#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \ > > + { \ > > + 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c,=20 > > +0xa3, 0x92, 0x2d } \ > > + } > > + > > +typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL=20 > > +EFI_TLS_CONFIGURATION_PROTOCOL; > > + > > +/// > > +/// EFI_TLS_CONFIG_DATA_TYPE > > +/// > > +typedef enum { > > + /// > > + /// Local host configuration data: public certificate data. > > + /// This data should be DER-encoded binaryX.509 certificate > > + /// or PEMencoded X.509 certificate. > > + /// > > + EfiTlsConfigDataTypeHostPublicCert, > > + /// > > + /// Local host configuration data: private key data. > > + /// > > + EfiTlsConfigDataTypeHostPrivateKey, > > + /// > > + /// CA certificate to verify peer. This data should be=20 > > +PEM-encoded > > + /// RSA or PKCS#8 private key. > > + /// > > + EfiTlsConfigDataTypeCACertificate, > > + /// > > + /// CA-supplied Certificate Revocation List data. This data=20 > > +should > > + /// be DER-encoded CRL data. > > + /// > > + EfiTlsConfigDataTypeCertRevocationList, > > + > > + EfiTlsConfigDataTypeMaximum > > + > > +} EFI_TLS_CONFIG_DATA_TYPE; > > + > > +/** > > + Set TLS configuration data. > > + > > + The SetData() function sets TLS configuration to non-volatile=20 > > + storage or volatile storage. > > + > > + @param[in] This Pointer to the > > EFI_TLS_CONFIGURATION_PROTOCOL instance. > > + @param[in] DataType Configuration data type. > > + @param[in] Data Pointer to configuration data. > > + @param[in] DataSize Total size of configuration data. > > + > > + @retval EFI_SUCCESS The TLS configuration data is set su= ccessfully. > > + @retval EFI_INVALID_PARAMETER One or more of the following > > conditions is TRUE: > > + This is NULL. > > + Data is NULL. > > + DataSize is 0. > > + @retval EFI_UNSUPPORTED The DataType is unsupported. > > + @retval EFI_OUT_OF_RESOURCES Required system resources could > not > > be allocated. > > + > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)( > > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ); > > + > > +/** > > + Get TLS configuration data. > > + > > + The GetData() function gets TLS configuration. > > + > > + @param[in] This Pointer to the > > EFI_TLS_CONFIGURATION_PROTOCOL instance. > > + @param[in] DataType Configuration data type. > > + @param[in, out] Data Pointer to configuration data. > > + @param[in, out] DataSize Total size of configuration data. On= input, it > > means > > + the size of Data buffer. On output, = it means the size > > + of copied Data buffer if EFI_SUCCESS= , and means the > > + size of desired Data buffer if EFI_B= UFFER_TOO_SMALL. > > + > > + @retval EFI_SUCCESS The TLS configuration data is got su= ccessfully. > > + @retval EFI_INVALID_PARAMETER One or more of the following > > conditions is TRUE: > > + This is NULL. > > + DataSize is NULL. > > + Data is NULL if *DataSize is not zer= o. > > + @retval EFI_UNSUPPORTED The DataType is unsupported. > > + @retval EFI_NOT_FOUND The TLS configuration data is not fo= und. > > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the > data. > > + > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)( > > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > > + IN OUT VOID *Data, OPTIONAL > > + IN OUT UINTN *DataSize > > + ); > > + > > +/// > > +/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a > way > > to > > +set and get /// TLS configuration, such as Certificate, private key da= ta. > > +/// > > +struct _EFI_TLS_CONFIGURATION_PROTOCOL { > > + EFI_TLS_CONFIGURATION_SET_DATA SetData; > > + EFI_TLS_CONFIGURATION_GET_DATA GetData; > > +}; > > + > > +extern EFI_GUID gEfiTlsConfigurationProtocolGuid; > > + > > +#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__ > > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index > > 3e08bed..f2bdb30 100644 > > --- a/MdePkg/MdePkg.dec > > +++ b/MdePkg/MdePkg.dec > > @@ -1607,10 +1607,19 @@ > > gEfiHttpProtocolGuid =3D { 0x7a59b29b, 0x910b, 0x417= 1, {0x82, 0x42, > > 0xa8, 0x5a, 0x0d, 0xf2, 0x5b, 0x5b }} > > > > ## Include/Protocol/HttpUtilities.h > > gEfiHttpUtilitiesProtocolGuid =3D { 0x3e35c163, 0x4074, 0x45d= d, {0x43, > > 0x1e, 0x23, 0x98, 0x9d, 0xd8, 0x6b, 0x32 }} > > > > + ## Include/Protocol/Tls.h > > + gEfiTlsServiceBindingProtocolGuid =3D { 0x952cb795, 0xff36, 0x48cf= , {0xa2, > > 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d }} > > + > > + ## Include/Protocol/Tls.h > > + gEfiTlsProtocolGuid =3D { 0xca959f, 0x6cfa, 0x4db1, = {0x95, 0xbc, > 0xe4, > > 0x6c, 0x47, 0x51, 0x43, 0x90 }} > > + > > + ## Include/Protocol/TlsConfig.h > > + gEfiTlsConfigurationProtocolGuid =3D { 0x1682fe44, 0xbd7a, 0x4407= , { 0xb7, > > 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d }} > > + > > ## Include/Protocol/Rest.h > > gEfiRestProtocolGuid =3D { 0x0db48a36, 0x4e54, 0xea= 9c, {0x9b, 0x09, > > 0x1e, 0xa5, 0xbe, 0x3a, 0x66, 0x0b }} > > > > ## Include/Protocol/Supplicant.h > > gEfiSupplicantServiceBindingProtocolGuid =3D { 0x45bcd98e, 0x59ad,= =20 > > 0x4174, { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 }} > > -- > > 1.9.5.msysgit.1