From: "Long, Qin" <qin.long@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>,
"Zhang, Lubo" <lubo.zhang@intel.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
Thomas Palmer <thomas.palmer@hpe.com>
Subject: Re: [Patch 01/10] MdePkg: Add TLS related protocol definition
Date: Wed, 14 Dec 2016 08:36:00 +0000 [thread overview]
Message-ID: <BF2CCE9263284D428840004653A28B6E53F3D5A1@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <1481700859-76060-2-git-send-email-jiaxin.wu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Please correct some typos later:
EFI_TLS_EXTENDION --> EFI_TLS_EXTENSION
TLS/SSLhandshake --> TLS/SSL handshake
cerfificate --> certificate
cypher --> cipher
binaryX.509 --> binary X.509
PEMencoded --> PEM-encoded
Best Regards & Thanks,
LONG, Qin
> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Wednesday, December 14, 2016 3:34 PM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin; Ye, Ting; Fu, Siyuan; Zhang, Lubo; Gao, Liming; Kinney, Michael
> D; Thomas Palmer; Wu, Jiaxin
> Subject: [Patch 01/10] MdePkg: Add TLS related protocol definition
>
> This patch is used to add Tls.h and TlsConfig.h header files to define EFI TLS
> Configuration Protocol, EFI TLS Service Binding Protocol and EFI TLS
> Configuration Protocol.
>
> Cc: Long Qin <qin.long@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Zhang Lubo <lubo.zhang@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Thomas Palmer <thomas.palmer@hpe.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> ---
> MdePkg/Include/Protocol/Tls.h | 460
> ++++++++++++++++++++++++++++++++++++
> MdePkg/Include/Protocol/TlsConfig.h | 132 +++++++++++
> MdePkg/MdePkg.dec | 9 +
> 3 files changed, 601 insertions(+)
> create mode 100644 MdePkg/Include/Protocol/Tls.h create mode 100644
> MdePkg/Include/Protocol/TlsConfig.h
>
> diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
> new file mode 100644 index 0000000..51a3cda
> --- /dev/null
> +++ b/MdePkg/Include/Protocol/Tls.h
> @@ -0,0 +1,460 @@
> +/** @file
> + EFI TLS Protocols as defined in UEFI 2.5.
> +
> + The EFI TLS Service Binding Protocol is used to locate EFI TLS
> + Protocol drivers to create and destroy child of the driver to
> + communicate with other host using TLS protocol.
> + The EFI TLS Protocol provides the ability to manage TLS session.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> This
> + program and the accompanying materials are licensed and made
> + available under the terms and conditions of the BSD License which
> + accompanies this distribution. The full text of the license may be
> + found at http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> + @par Revision Reference:
> + This Protocol is introduced in UEFI Specification 2.5
> +
> +**/
> +
> +#ifndef __EFI_TLS_PROTOCOL_H__
> +#define __EFI_TLS_PROTOCOL_H__
> +
> +///
> +/// The EFI TLS Service Binding Protocol is used to locate EFI TLS
> +Protocol drivers to /// create and destroy child of the driver to
> +communicate with other host using TLS /// protocol.
> +///
> +#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \
> + { \
> + 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6,
> +0xab, 0x8d } \
> + }
> +
> +///
> +/// The EFI TLS protocol provides the ability to manage TLS session.
> +///
> +#define EFI_TLS_PROTOCOL_GUID \
> + { \
> + 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51,
> +0x43, 0x90 } \
> + }
> +
> +typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
> +
> +///
> +/// EFI_TLS_SESSION_DATA_TYPE
> +///
> +typedef enum {
> + ///
> + /// Session Configuration
> + ///
> +
> + ///
> + /// TLS session Version. The corresponding Data is of type
> EFI_TLS_VERSION.
> + ///
> + EfiTlsVersion,
> + ///
> + /// TLS session as client or as server. The corresponding Data is of
> + /// EFI_TLS_CONNECTION_END.
> + ///
> + EfiTlsConnectionEnd,
> + ///
> + /// A priority list of preferred algorithms for the TLS session.
> + /// The corresponding Data is a list of EFI_TLS_CIPHER.
> + ///
> + EfiTlsCipherList,
> + ///
> + /// TLS session compression method.
> + /// The corresponding Data is of type EFI_TLS_COMPRESSION.
> + ///
> + EfiTlsCompressionMethod,
> + ///
> + /// TLS session extension data.
> + /// The corresponding Data is a list of type EFI_TLS_EXTENDION.
> + ///
> + EfiTlsExtensionData,
> + ///
> + /// TLS session verify method.
> + /// The corresponding Data is of type EFI_TLS_VERIFY.
> + ///
> + EfiTlsVerifyMethod,
> + ///
> + /// TLS session data session ID.
> + /// For SetSessionData(), it is TLS session ID used for session resumption.
> + /// For GetSessionData(), it is the TLS session ID used for current session.
> + /// The corresponding Data is of type EFI_TLS_SESSION_ID.
> + ///
> + EfiTlsSessionID,
> + ///
> + /// TLS session data session state.
> + /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
> + ///
> + EfiTlsSessionState,
> +
> + ///
> + /// Session information
> + ///
> +
> + ///
> + /// TLS session data client random.
> + /// The corresponding Data is of type EFI_TLS_RANDOM.
> + ///
> + EfiTlsClientRandom,
> + ///
> + /// TLS session data server random.
> + /// The corresponding Data is of type EFI_TLS_RANDOM.
> + ///
> + EfiTlsServerRandom,
> + ///
> + /// TLS session data key material.
> + /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
> + ///
> + EfiTlsKeyMaterial,
> +
> + EfiTlsSessionDataTypeMaximum
> +
> +} EFI_TLS_SESSION_DATA_TYPE;
> +
> +///
> +/// EFI_TLS_VERSION
> +/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2).
> +/// SSL2.0 is obsolete and should not be used.
> +///
> +typedef struct {
> + UINT8 Major;
> + UINT8 Minor;
> +} EFI_TLS_VERSION;
> +
> +///
> +/// EFI_TLS_CONNECTION_END to define TLS session as client or server.
> +///
> +typedef enum {
> + EfiTlsClient,
> + EfiTlsServer,
> +} EFI_TLS_CONNECTION_END;
> +
> +///
> +/// EFI_TLS_CIPHER
> +/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246,
> A.4.1.
> +/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher
> +/// Suite Registry of IANA.
> +///
> +typedef struct {
> + UINT8 Data1;
> + UINT8 Data2;
> +} EFI_TLS_CIPHER;
> +
> +///
> +/// EFI_TLS_COMPRESSION
> +/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749".
> +///
> +typedef UINT8 EFI_TLS_COMPRESSION;
> +
> +///
> +/// EFI_TLS_EXTENSION
> +/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.
> +/// Hello Messages".
> +///
> +typedef struct {
> + UINT16 ExtensionType;
> + UINT16 Length;
> + UINT8 Data[1];
> +} EFI_TLS_EXTENSION;
> +
> +///
> +/// EFI_TLS_VERIFY
> +/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two
> +options /// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.
> +///
> +typedef UINT32 EFI_TLS_VERIFY;
> +///
> +/// No certificates will be sent or the TLS/SSLhandshake will be
> +continued regardless /// of the certificate verification result.
> +///
> +#define EFI_TLS_VERIFY_NONE 0x0
> +///
> +/// The TLS/SSL handshake is immediately terminated with an alert
> +message containing /// the reason for the certificate verification failure.
> +///
> +#define EFI_TLS_VERIFY_PEER 0x1
> +///
> +/// TLS session will fail peer certificate is absent.
> +///
> +#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 /// /// TLS session
> +only verify client once, and doesn't request cerfificate during ///
> +re-negotiation.
> +///
> +#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
> +
> +///
> +/// EFI_TLS_RANDOM
> +/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
> +/// Hello Messages".
> +///
> +typedef struct {
> + UINT32 GmtUnixTime;
> + UINT8 RandomBytes[28];
> +} EFI_TLS_RANDOM;
> +
> +///
> +/// EFI_TLS_MASTER_SECRET
> +/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.
> +/// Computing the Master Secret".
> +///
> +typedef struct {
> + UINT8 Data[48];
> +} EFI_TLS_MASTER_SECRET;
> +
> +///
> +/// EFI_TLS_SESSION_ID
> +/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1.
> Hello Messages".
> +///
> +#define MAX_TLS_SESSION_ID_LENGTH 32
> +typedef struct {
> + UINT16 Length;
> + UINT8 Data[MAX_TLS_SESSION_ID_LENGTH];
> +} EFI_TLS_SESSION_ID;
> +
> +///
> +/// EFI_TLS_SESSION_STATE
> +///
> +typedef enum {
> + ///
> + /// When a new child of TLS protocol is created, the initial state of
> +TLS session
> + /// is EfiTlsSessionNotStarted.
> + ///
> + EfiTlsSessionNotStarted,
> + ///
> + /// The consumer can call BuildResponsePacket() with NULL to get
> +ClientHello to
> + /// start the TLS session. Then the status is EfiTlsSessionHandShaking.
> + ///
> + EfiTlsSessionHandShaking,
> + ///
> + /// During handshake, the consumer need call BuildResponsePacket()
> +with input
> + /// data from peer, then get response packet and send to peer. After
> +handshake
> + /// finish, the TLS session status becomes
> +EfiTlsSessionDataTransferring, and
> + /// consumer can use ProcessPacket() for data transferring.
> + ///
> + EfiTlsSessionDataTransferring,
> + ///
> + /// Finally, if consumer wants to active close TLS session, consumer
> +need
> + /// call SetSessionData to set TLS session state to
> +EfiTlsSessionClosing, and
> + /// call BuildResponsePacket() with NULL to get CloseNotify alert
> +message,
> + /// and sent it out.
> + ///
> + EfiTlsSessionClosing,
> + ///
> + /// If any error happen during parsing ApplicationData content type,
> +EFI_ABORT
> + /// will be returned by ProcessPacket(), and TLS session state will
> +become
> + /// EfiTlsSessionError. Then consumer need call BuildResponsePacket()
> +with
> + /// NULL to get alert message and sent it out.
> + ///
> + EfiTlsSessionError,
> +
> + EfiTlsSessionStateMaximum
> +
> +} EFI_TLS_SESSION_STATE;
> +
> +///
> +/// EFI_TLS_FRAGMENT_DATA
> +///
> +typedef struct {
> + ///
> + /// Length of data buffer in the fragment.
> + ///
> + UINT32 FragmentLength;
> + ///
> + /// Pointer to the data buffer in the fragment.
> + ///
> + VOID *FragmentBuffer;
> +} EFI_TLS_FRAGMENT_DATA;
> +
> +///
> +/// EFI_TLS_CRYPT_MODE
> +///
> +typedef enum {
> + ///
> + /// Encrypt data provided in the fragment buffers.
> + ///
> + EfiTlsEncrypt,
> + ///
> + /// Decrypt data provided in the fragment buffers.
> + ///
> + EfiTlsDecrypt,
> +} EFI_TLS_CRYPT_MODE;
> +
> +/**
> + Set TLS session data.
> +
> + The SetSessionData() function set data for a new TLS session. All
> + session data should be set before BuildResponsePacket() invoked.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] DataType TLS session data type.
> + @param[in] Data Pointer to session data.
> + @param[in] DataSize Total size of session data.
> +
> + @retval EFI_SUCCESS The TLS session data is set successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + Data is NULL.
> + DataSize is 0.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_ACCESS_DENIED If the DataType is one of below:
> + EfiTlsClientRandom
> + EfiTlsServerRandom
> + EfiTlsKeyMaterial
> + @retval EFI_NOT_READY Current TLS session state is NOT
> + EfiTlsSessionStateNotStarted.
> + @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EFI_TLS_SET_SESSION_DATA) (
> + IN EFI_TLS_PROTOCOL *This,
> + IN EFI_TLS_SESSION_DATA_TYPE DataType,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Get TLS session data.
> +
> + The GetSessionData() function return the TLS session information.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] DataType TLS session data type.
> + @param[in, out] Data Pointer to session data.
> + @param[in, out] DataSize Total size of session data. On input, it means
> + the size of Data buffer. On output, it means the size
> + of copied Data buffer if EFI_SUCCESS, and means the
> + size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> +
> + @retval EFI_SUCCESS The TLS session data is got successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + DataSize is NULL.
> + Data is NULL if *DataSize is not zero.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_NOT_FOUND The TLS session data is not found.
> + @retval EFI_NOT_READY The DataType is not ready in current session
> state.
> + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EFI_TLS_GET_SESSION_DATA) (
> + IN EFI_TLS_PROTOCOL *This,
> + IN EFI_TLS_SESSION_DATA_TYPE DataType,
> + IN OUT VOID *Data, OPTIONAL
> + IN OUT UINTN *DataSize
> + );
> +
> +/**
> + Build response packet according to TLS state machine. This function
> +is only valid for
> + alert, handshake and change_cipher_spec content type.
> +
> + The BuildResponsePacket() function builds TLS response packet in
> + response to the TLS request packet specified by RequestBuffer and
> + RequestSize. If RequestBuffer is NULL and RequestSize is 0, and TLS
> + session status is EfiTlsSessionNotStarted, the TLS session will be
> + initiated and the response packet needs to be ClientHello. If
> + RequestBuffer is NULL and RequestSize is 0, and TLS session status is
> + EfiTlsSessionClosing, the TLS session will be closed and response
> + packet needs to be CloseNotify. If RequestBuffer is NULL and
> + RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
> session has errors and the response packet needs to be Alert message based
> on error type.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] RequestBuffer Pointer to the most recently received TLS
> packet. NULL
> + means TLS need initiate the TLS session and response
> + packet need to be ClientHello.
> + @param[in] RequestSize Packet size in bytes for the most recently
> received TLS
> + packet. 0 is only valid when RequestBuffer is NULL.
> + @param[out] Buffer Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + RequestBuffer is NULL but RequestSize is NOT 0.
> + RequestSize is 0 but RequestBuffer is NOT NULL.
> + BufferSize is NULL.
> + Buffer is NULL if *BufferSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> + @retval EFI_NOT_READY Current TLS session state is NOT ready to
> build
> + ResponsePacket.
> + @retval EFI_ABORTED Something wrong build response packet.
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (
> + IN EFI_TLS_PROTOCOL *This,
> + IN UINT8 *RequestBuffer, OPTIONAL
> + IN UINTN RequestSize, OPTIONAL
> + OUT UINT8 *Buffer, OPTIONAL
> + IN OUT UINTN *BufferSize
> + );
> +
> +/**
> + Decrypt or encrypt TLS packet during session. This function is only
> +valid after
> + session connected and for application_data content type.
> +
> + The ProcessPacket () function process each inbound or outbound TLS APP
> packet.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment. The caller
> will take
> + responsible to handle the original FragmentTable while
> + it may be reallocated in TLS driver. If CryptMode is
> + EfiTlsEncrypt, on input these fragments contain the TLS
> + header and plain text TLS APP payload; on output these
> + fragments contain the TLS header and cypher text TLS
> + APP payload. If CryptMode is EfiTlsDecrypt, on input
> + these fragments contain the TLS header and cypher text
> + TLS APP payload; on output these fragments contain the
> + TLS header and plain text TLS APP payload.
> + @param[in] FragmentCount Number of fragment.
> + @param[in] CryptMode Crypt mode.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + FragmentTable is NULL.
> + FragmentCount is NULL.
> + CryptoMode is invalid.
> + @retval EFI_NOT_READY Current TLS session state is NOT
> + EfiTlsSessionDataTransferring.
> + @retval EFI_ABORTED Something wrong decryption the message.
> TLS session
> + status will become EfiTlsSessionError. The caller need
> + call BuildResponsePacket() to generate Error Alert
> + message and send it out.
> + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
> operation.
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EFI_TLS_PROCESS_PACKET) (
> + IN EFI_TLS_PROTOCOL *This,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount,
> + IN EFI_TLS_CRYPT_MODE CryptMode
> + );
> +
> +///
> +/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS
> session.
> +/// For detail of TLS, please refer to TLS related RFC.
> +///
> +struct _EFI_TLS_PROTOCOL {
> + EFI_TLS_SET_SESSION_DATA SetSessionData;
> + EFI_TLS_GET_SESSION_DATA GetSessionData;
> + EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket;
> + EFI_TLS_PROCESS_PACKET ProcessPacket;
> +};
> +
> +extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;
> +extern EFI_GUID gEfiTlsProtocolGuid;
> +
> +#endif // __EFI_TLS_PROTOCOL_H__
> diff --git a/MdePkg/Include/Protocol/TlsConfig.h
> b/MdePkg/Include/Protocol/TlsConfig.h
> new file mode 100644
> index 0000000..4b62bf5
> --- /dev/null
> +++ b/MdePkg/Include/Protocol/TlsConfig.h
> @@ -0,0 +1,132 @@
> +/** @file
> + EFI TLS Configuration Protocol as defined in UEFI 2.5.
> + The EFI TLS Configuration Protocol provides a way to set and get TLS
> configuration.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> This
> + program and the accompanying materials are licensed and made
> + available under the terms and conditions of the BSD License which
> + accompanies this distribution. The full text of the license may be
> + found at http://opensource.org/licenses/bsd-license.php
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> + @par Revision Reference:
> + This Protocol is introduced in UEFI Specification 2.5
> +
> +**/
> +#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__
> +#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__
> +
> +///
> +/// The EFI Configuration protocol provides a way to set and get TLS
> configuration.
> +///
> +#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \
> + { \
> + 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3,
> +0x92, 0x2d } \
> + }
> +
> +typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL
> +EFI_TLS_CONFIGURATION_PROTOCOL;
> +
> +///
> +/// EFI_TLS_CONFIG_DATA_TYPE
> +///
> +typedef enum {
> + ///
> + /// Local host configuration data: public certificate data.
> + /// This data should be DER-encoded binaryX.509 certificate
> + /// or PEMencoded X.509 certificate.
> + ///
> + EfiTlsConfigDataTypeHostPublicCert,
> + ///
> + /// Local host configuration data: private key data.
> + ///
> + EfiTlsConfigDataTypeHostPrivateKey,
> + ///
> + /// CA certificate to verify peer. This data should be PEM-encoded
> + /// RSA or PKCS#8 private key.
> + ///
> + EfiTlsConfigDataTypeCACertificate,
> + ///
> + /// CA-supplied Certificate Revocation List data. This data should
> + /// be DER-encoded CRL data.
> + ///
> + EfiTlsConfigDataTypeCertRevocationList,
> +
> + EfiTlsConfigDataTypeMaximum
> +
> +} EFI_TLS_CONFIG_DATA_TYPE;
> +
> +/**
> + Set TLS configuration data.
> +
> + The SetData() function sets TLS configuration to non-volatile storage
> + or volatile storage.
> +
> + @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> + @param[in] DataType Configuration data type.
> + @param[in] Data Pointer to configuration data.
> + @param[in] DataSize Total size of configuration data.
> +
> + @retval EFI_SUCCESS The TLS configuration data is set successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + Data is NULL.
> + DataSize is 0.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)(
> + IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> + IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Get TLS configuration data.
> +
> + The GetData() function gets TLS configuration.
> +
> + @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> + @param[in] DataType Configuration data type.
> + @param[in, out] Data Pointer to configuration data.
> + @param[in, out] DataSize Total size of configuration data. On input, it
> means
> + the size of Data buffer. On output, it means the size
> + of copied Data buffer if EFI_SUCCESS, and means the
> + size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> +
> + @retval EFI_SUCCESS The TLS configuration data is got successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + DataSize is NULL.
> + Data is NULL if *DataSize is not zero.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_NOT_FOUND The TLS configuration data is not found.
> + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)(
> + IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> + IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> + IN OUT VOID *Data, OPTIONAL
> + IN OUT UINTN *DataSize
> + );
> +
> +///
> +/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way
> to
> +set and get /// TLS configuration, such as Certificate, private key data.
> +///
> +struct _EFI_TLS_CONFIGURATION_PROTOCOL {
> + EFI_TLS_CONFIGURATION_SET_DATA SetData;
> + EFI_TLS_CONFIGURATION_GET_DATA GetData;
> +};
> +
> +extern EFI_GUID gEfiTlsConfigurationProtocolGuid;
> +
> +#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index
> 3e08bed..f2bdb30 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -1607,10 +1607,19 @@
> gEfiHttpProtocolGuid = { 0x7a59b29b, 0x910b, 0x4171, {0x82, 0x42,
> 0xa8, 0x5a, 0x0d, 0xf2, 0x5b, 0x5b }}
>
> ## Include/Protocol/HttpUtilities.h
> gEfiHttpUtilitiesProtocolGuid = { 0x3e35c163, 0x4074, 0x45dd, {0x43,
> 0x1e, 0x23, 0x98, 0x9d, 0xd8, 0x6b, 0x32 }}
>
> + ## Include/Protocol/Tls.h
> + gEfiTlsServiceBindingProtocolGuid = { 0x952cb795, 0xff36, 0x48cf, {0xa2,
> 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d }}
> +
> + ## Include/Protocol/Tls.h
> + gEfiTlsProtocolGuid = { 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4,
> 0x6c, 0x47, 0x51, 0x43, 0x90 }}
> +
> + ## Include/Protocol/TlsConfig.h
> + gEfiTlsConfigurationProtocolGuid = { 0x1682fe44, 0xbd7a, 0x4407, { 0xb7,
> 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d }}
> +
> ## Include/Protocol/Rest.h
> gEfiRestProtocolGuid = { 0x0db48a36, 0x4e54, 0xea9c, {0x9b, 0x09,
> 0x1e, 0xa5, 0xbe, 0x3a, 0x66, 0x0b }}
>
> ## Include/Protocol/Supplicant.h
> gEfiSupplicantServiceBindingProtocolGuid = { 0x45bcd98e, 0x59ad, 0x4174,
> { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 }}
> --
> 1.9.5.msysgit.1
next prev parent reply other threads:[~2016-12-14 8:36 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-14 7:34 [Patch 00/10] Sync staging/HTTPS-TLS feature into edk2 master Jiaxin Wu
2016-12-14 7:34 ` [Patch 01/10] MdePkg: Add TLS related protocol definition Jiaxin Wu
2016-12-14 8:36 ` Long, Qin [this message]
2016-12-14 8:39 ` Wu, Jiaxin
2016-12-15 8:34 ` Ye, Ting
2016-12-14 8:43 ` Fu, Siyuan
2016-12-14 7:34 ` [Patch 02/10] MdePkg: Add a header to standardize TLS definitions Jiaxin Wu
2016-12-14 8:42 ` Long, Qin
2016-12-14 8:43 ` Fu, Siyuan
2016-12-15 8:35 ` Ye, Ting
2016-12-14 7:34 ` [Patch 03/10] CryptoPkg: Enable ssl build in OpensslLib directly Jiaxin Wu
2016-12-15 8:37 ` Ye, Ting
2016-12-14 7:34 ` [Patch 04/10] CryptoPkg: Add new TlsLib library Jiaxin Wu
2016-12-16 2:10 ` Ye, Ting
2016-12-16 2:51 ` Wu, Jiaxin
2016-12-14 7:34 ` [Patch 05/10] NetworkPkg/TlsDxe: TlsDxe driver implementation over OpenSSL Jiaxin Wu
2016-12-14 8:41 ` Fu, Siyuan
2016-12-15 7:24 ` Wu, Jiaxin
2016-12-14 7:34 ` [Patch 06/10] NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS auth configuration Jiaxin Wu
2016-12-15 2:22 ` Fu, Siyuan
2016-12-22 2:52 ` Ye, Ting
2016-12-22 3:13 ` Wu, Jiaxin
2016-12-14 7:34 ` [Patch 07/10] NetworkPkg/HttpDxe: HTTPS support over IPv4 and IPv6 Jiaxin Wu
2016-12-15 2:39 ` Fu, Siyuan
2016-12-15 7:14 ` Wu, Jiaxin
2016-12-22 7:33 ` Ye, Ting
2016-12-22 8:30 ` Wu, Jiaxin
2016-12-14 7:34 ` [Patch 08/10] NetworkPkg/NetworkPkg.dsc: Enable TlsDxe and TlsAuthConfigDxe module Jiaxin Wu
2016-12-15 2:39 ` Fu, Siyuan
2016-12-22 7:37 ` Ye, Ting
2016-12-14 7:34 ` [Patch 09/10] Nt32Pkg/Nt32Pkg.dsc: Remove the flag for OpensslLib and BaseCryptLib Jiaxin Wu
2016-12-14 7:56 ` Ni, Ruiyu
2016-12-15 8:25 ` Long, Qin
2016-12-22 7:39 ` Ye, Ting
2016-12-14 7:34 ` [Patch 10/10] Nt32Pkg: Enable HTTPS boot feature for Nt32 platform Jiaxin Wu
2016-12-14 7:44 ` Yao, Jiewen
2016-12-14 7:46 ` Wu, Jiaxin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BF2CCE9263284D428840004653A28B6E53F3D5A1@SHSMSX103.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox