From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CEEA081A33 for ; Wed, 14 Dec 2016 00:36:16 -0800 (PST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP; 14 Dec 2016 00:36:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,346,1477983600"; d="scan'208";a="912030296" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga003.jf.intel.com with ESMTP; 14 Dec 2016 00:36:05 -0800 Received: from fmsmsx111.amr.corp.intel.com (10.18.116.5) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 14 Dec 2016 00:36:05 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx111.amr.corp.intel.com (10.18.116.5) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 14 Dec 2016 00:36:04 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.11]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.77]) with mapi id 14.03.0248.002; Wed, 14 Dec 2016 16:36:00 +0800 From: "Long, Qin" To: "Wu, Jiaxin" , "edk2-devel@lists.01.org" CC: "Ye, Ting" , "Fu, Siyuan" , "Zhang, Lubo" , "Gao, Liming" , "Kinney, Michael D" , Thomas Palmer Thread-Topic: [Patch 01/10] MdePkg: Add TLS related protocol definition Thread-Index: AQHSVdyCFgQIJ2wCz0OJnAUBNYLrzqEHHBMA Date: Wed, 14 Dec 2016 08:36:00 +0000 Message-ID: References: <1481700859-76060-1-git-send-email-jiaxin.wu@intel.com> <1481700859-76060-2-git-send-email-jiaxin.wu@intel.com> In-Reply-To: <1481700859-76060-2-git-send-email-jiaxin.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch 01/10] MdePkg: Add TLS related protocol definition X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 08:36:16 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Qin Long Please correct some typos later: EFI_TLS_EXTENDION --> EFI_TLS_EXTENSION TLS/SSLhandshake --> TLS/SSL handshake cerfificate --> certificate cypher --> cipher binaryX.509 --> binary X.509 PEMencoded --> PEM-encoded Best Regards & Thanks, LONG, Qin > -----Original Message----- > From: Wu, Jiaxin > Sent: Wednesday, December 14, 2016 3:34 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin; Ye, Ting; Fu, Siyuan; Zhang, Lubo; Gao, Liming; Kinney, Mi= chael > D; Thomas Palmer; Wu, Jiaxin > Subject: [Patch 01/10] MdePkg: Add TLS related protocol definition >=20 > This patch is used to add Tls.h and TlsConfig.h header files to define EF= I TLS > Configuration Protocol, EFI TLS Service Binding Protocol and EFI TLS > Configuration Protocol. >=20 > Cc: Long Qin > Cc: Ye Ting > Cc: Fu Siyuan > Cc: Zhang Lubo > Cc: Liming Gao > Cc: Michael D Kinney > Cc: Thomas Palmer > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Wu Jiaxin > --- > MdePkg/Include/Protocol/Tls.h | 460 > ++++++++++++++++++++++++++++++++++++ > MdePkg/Include/Protocol/TlsConfig.h | 132 +++++++++++ > MdePkg/MdePkg.dec | 9 + > 3 files changed, 601 insertions(+) > create mode 100644 MdePkg/Include/Protocol/Tls.h create mode 100644 > MdePkg/Include/Protocol/TlsConfig.h >=20 > diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.= h > new file mode 100644 index 0000000..51a3cda > --- /dev/null > +++ b/MdePkg/Include/Protocol/Tls.h > @@ -0,0 +1,460 @@ > +/** @file > + EFI TLS Protocols as defined in UEFI 2.5. > + > + The EFI TLS Service Binding Protocol is used to locate EFI TLS > + Protocol drivers to create and destroy child of the driver to > + communicate with other host using TLS protocol. > + The EFI TLS Protocol provides the ability to manage TLS session. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
This > + program and the accompanying materials are licensed and made > + available under the terms and conditions of the BSD License which > + accompanies this distribution. The full text of the license may be > + found at http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > + @par Revision Reference: > + This Protocol is introduced in UEFI Specification 2.5 > + > +**/ > + > +#ifndef __EFI_TLS_PROTOCOL_H__ > +#define __EFI_TLS_PROTOCOL_H__ > + > +/// > +/// The EFI TLS Service Binding Protocol is used to locate EFI TLS > +Protocol drivers to /// create and destroy child of the driver to > +communicate with other host using TLS /// protocol. > +/// > +#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ > + { \ > + 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, > +0xab, 0x8d } \ > + } > + > +/// > +/// The EFI TLS protocol provides the ability to manage TLS session. > +/// > +#define EFI_TLS_PROTOCOL_GUID \ > + { \ > + 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, > +0x43, 0x90 } \ > + } > + > +typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; > + > +/// > +/// EFI_TLS_SESSION_DATA_TYPE > +/// > +typedef enum { > + /// > + /// Session Configuration > + /// > + > + /// > + /// TLS session Version. The corresponding Data is of type > EFI_TLS_VERSION. > + /// > + EfiTlsVersion, > + /// > + /// TLS session as client or as server. The corresponding Data is of > + /// EFI_TLS_CONNECTION_END. > + /// > + EfiTlsConnectionEnd, > + /// > + /// A priority list of preferred algorithms for the TLS session. > + /// The corresponding Data is a list of EFI_TLS_CIPHER. > + /// > + EfiTlsCipherList, > + /// > + /// TLS session compression method. > + /// The corresponding Data is of type EFI_TLS_COMPRESSION. > + /// > + EfiTlsCompressionMethod, > + /// > + /// TLS session extension data. > + /// The corresponding Data is a list of type EFI_TLS_EXTENDION. > + /// > + EfiTlsExtensionData, > + /// > + /// TLS session verify method. > + /// The corresponding Data is of type EFI_TLS_VERIFY. > + /// > + EfiTlsVerifyMethod, > + /// > + /// TLS session data session ID. > + /// For SetSessionData(), it is TLS session ID used for session resump= tion. > + /// For GetSessionData(), it is the TLS session ID used for current se= ssion. > + /// The corresponding Data is of type EFI_TLS_SESSION_ID. > + /// > + EfiTlsSessionID, > + /// > + /// TLS session data session state. > + /// The corresponding Data is of type EFI_TLS_SESSION_STATE. > + /// > + EfiTlsSessionState, > + > + /// > + /// Session information > + /// > + > + /// > + /// TLS session data client random. > + /// The corresponding Data is of type EFI_TLS_RANDOM. > + /// > + EfiTlsClientRandom, > + /// > + /// TLS session data server random. > + /// The corresponding Data is of type EFI_TLS_RANDOM. > + /// > + EfiTlsServerRandom, > + /// > + /// TLS session data key material. > + /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. > + /// > + EfiTlsKeyMaterial, > + > + EfiTlsSessionDataTypeMaximum > + > +} EFI_TLS_SESSION_DATA_TYPE; > + > +/// > +/// EFI_TLS_VERSION > +/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e= .g. 1.2). > +/// SSL2.0 is obsolete and should not be used. > +/// > +typedef struct { > + UINT8 Major; > + UINT8 Minor; > +} EFI_TLS_VERSION; > + > +/// > +/// EFI_TLS_CONNECTION_END to define TLS session as client or server. > +/// > +typedef enum { > + EfiTlsClient, > + EfiTlsServer, > +} EFI_TLS_CONNECTION_END; > + > +/// > +/// EFI_TLS_CIPHER > +/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, > A.4.1. > +/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Ciphe= r > +/// Suite Registry of IANA. > +/// > +typedef struct { > + UINT8 Data1; > + UINT8 Data2; > +} EFI_TLS_CIPHER; > + > +/// > +/// EFI_TLS_COMPRESSION > +/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749"= . > +/// > +typedef UINT8 EFI_TLS_COMPRESSION; > + > +/// > +/// EFI_TLS_EXTENSION > +/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1. > +/// Hello Messages". > +/// > +typedef struct { > + UINT16 ExtensionType; > + UINT16 Length; > + UINT8 Data[1]; > +} EFI_TLS_EXTENSION; > + > +/// > +/// EFI_TLS_VERIFY > +/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two > +options /// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired. > +/// > +typedef UINT32 EFI_TLS_VERIFY; > +/// > +/// No certificates will be sent or the TLS/SSLhandshake will be > +continued regardless /// of the certificate verification result. > +/// > +#define EFI_TLS_VERIFY_NONE 0x0 > +/// > +/// The TLS/SSL handshake is immediately terminated with an alert > +message containing /// the reason for the certificate verification failu= re. > +/// > +#define EFI_TLS_VERIFY_PEER 0x1 > +/// > +/// TLS session will fail peer certificate is absent. > +/// > +#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 /// /// TLS session > +only verify client once, and doesn't request cerfificate during /// > +re-negotiation. > +/// > +#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 > + > +/// > +/// EFI_TLS_RANDOM > +/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. > +/// Hello Messages". > +/// > +typedef struct { > + UINT32 GmtUnixTime; > + UINT8 RandomBytes[28]; > +} EFI_TLS_RANDOM; > + > +/// > +/// EFI_TLS_MASTER_SECRET > +/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1. > +/// Computing the Master Secret". > +/// > +typedef struct { > + UINT8 Data[48]; > +} EFI_TLS_MASTER_SECRET; > + > +/// > +/// EFI_TLS_SESSION_ID > +/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. > Hello Messages". > +/// > +#define MAX_TLS_SESSION_ID_LENGTH 32 > +typedef struct { > + UINT16 Length; > + UINT8 Data[MAX_TLS_SESSION_ID_LENGTH]; > +} EFI_TLS_SESSION_ID; > + > +/// > +/// EFI_TLS_SESSION_STATE > +/// > +typedef enum { > + /// > + /// When a new child of TLS protocol is created, the initial state of > +TLS session > + /// is EfiTlsSessionNotStarted. > + /// > + EfiTlsSessionNotStarted, > + /// > + /// The consumer can call BuildResponsePacket() with NULL to get > +ClientHello to > + /// start the TLS session. Then the status is EfiTlsSessionHandShaking= . > + /// > + EfiTlsSessionHandShaking, > + /// > + /// During handshake, the consumer need call BuildResponsePacket() > +with input > + /// data from peer, then get response packet and send to peer. After > +handshake > + /// finish, the TLS session status becomes > +EfiTlsSessionDataTransferring, and > + /// consumer can use ProcessPacket() for data transferring. > + /// > + EfiTlsSessionDataTransferring, > + /// > + /// Finally, if consumer wants to active close TLS session, consumer > +need > + /// call SetSessionData to set TLS session state to > +EfiTlsSessionClosing, and > + /// call BuildResponsePacket() with NULL to get CloseNotify alert > +message, > + /// and sent it out. > + /// > + EfiTlsSessionClosing, > + /// > + /// If any error happen during parsing ApplicationData content type, > +EFI_ABORT > + /// will be returned by ProcessPacket(), and TLS session state will > +become > + /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() > +with > + /// NULL to get alert message and sent it out. > + /// > + EfiTlsSessionError, > + > + EfiTlsSessionStateMaximum > + > +} EFI_TLS_SESSION_STATE; > + > +/// > +/// EFI_TLS_FRAGMENT_DATA > +/// > +typedef struct { > + /// > + /// Length of data buffer in the fragment. > + /// > + UINT32 FragmentLength; > + /// > + /// Pointer to the data buffer in the fragment. > + /// > + VOID *FragmentBuffer; > +} EFI_TLS_FRAGMENT_DATA; > + > +/// > +/// EFI_TLS_CRYPT_MODE > +/// > +typedef enum { > + /// > + /// Encrypt data provided in the fragment buffers. > + /// > + EfiTlsEncrypt, > + /// > + /// Decrypt data provided in the fragment buffers. > + /// > + EfiTlsDecrypt, > +} EFI_TLS_CRYPT_MODE; > + > +/** > + Set TLS session data. > + > + The SetSessionData() function set data for a new TLS session. All > + session data should be set before BuildResponsePacket() invoked. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] DataType TLS session data type. > + @param[in] Data Pointer to session data. > + @param[in] DataSize Total size of session data. > + > + @retval EFI_SUCCESS The TLS session data is set successful= ly. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + Data is NULL. > + DataSize is 0. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_ACCESS_DENIED If the DataType is one of below: > + EfiTlsClientRandom > + EfiTlsServerRandom > + EfiTlsKeyMaterial > + @retval EFI_NOT_READY Current TLS session state is NOT > + EfiTlsSessionStateNotStarted. > + @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TLS_SET_SESSION_DATA) ( > + IN EFI_TLS_PROTOCOL *This, > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > + IN VOID *Data, > + IN UINTN DataSize > + ); > + > +/** > + Get TLS session data. > + > + The GetSessionData() function return the TLS session information. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] DataType TLS session data type. > + @param[in, out] Data Pointer to session data. > + @param[in, out] DataSize Total size of session data. On input, = it means > + the size of Data buffer. On output, it= means the size > + of copied Data buffer if EFI_SUCCESS, = and means the > + size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > + > + @retval EFI_SUCCESS The TLS session data is got successful= ly. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + DataSize is NULL. > + Data is NULL if *DataSize is not zero. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_NOT_FOUND The TLS session data is not found. > + @retval EFI_NOT_READY The DataType is not ready in current s= ession > state. > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TLS_GET_SESSION_DATA) ( > + IN EFI_TLS_PROTOCOL *This, > + IN EFI_TLS_SESSION_DATA_TYPE DataType, > + IN OUT VOID *Data, OPTIONAL > + IN OUT UINTN *DataSize > + ); > + > +/** > + Build response packet according to TLS state machine. This function > +is only valid for > + alert, handshake and change_cipher_spec content type. > + > + The BuildResponsePacket() function builds TLS response packet in > + response to the TLS request packet specified by RequestBuffer and > + RequestSize. If RequestBuffer is NULL and RequestSize is 0, and TLS > + session status is EfiTlsSessionNotStarted, the TLS session will be > + initiated and the response packet needs to be ClientHello. If > + RequestBuffer is NULL and RequestSize is 0, and TLS session status is > + EfiTlsSessionClosing, the TLS session will be closed and response > + packet needs to be CloseNotify. If RequestBuffer is NULL and > + RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS > session has errors and the response packet needs to be Alert message base= d > on error type. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in] RequestBuffer Pointer to the most recently received = TLS > packet. NULL > + means TLS need initiate the TLS sessio= n and response > + packet need to be ClientHello. > + @param[in] RequestSize Packet size in bytes for the most rece= ntly > received TLS > + packet. 0 is only valid when RequestBu= ffer is NULL. > + @param[out] Buffer Pointer to the buffer to hold the buil= t packet. > + @param[in, out] BufferSize Pointer to the buffer size in bytes. O= n input, > it is > + the buffer size provided by the caller= . On output, it > + is the buffer size in fact needed to c= ontain the > + packet. > + > + @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + RequestBuffer is NULL but RequestSize = is NOT 0. > + RequestSize is 0 but RequestBuffer is = NOT NULL. > + BufferSize is NULL. > + Buffer is NULL if *BufferSize is not z= ero. > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > response packet. > + @retval EFI_NOT_READY Current TLS session state is NOT ready= to > build > + ResponsePacket. > + @retval EFI_ABORTED Something wrong build response packet. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) ( > + IN EFI_TLS_PROTOCOL *This, > + IN UINT8 *RequestBuffer, OPTIONAL > + IN UINTN RequestSize, OPTIONAL > + OUT UINT8 *Buffer, OPTIONAL > + IN OUT UINTN *BufferSize > + ); > + > +/** > + Decrypt or encrypt TLS packet during session. This function is only > +valid after > + session connected and for application_data content type. > + > + The ProcessPacket () function process each inbound or outbound TLS APP > packet. > + > + @param[in] This Pointer to the EFI_TLS_PROTOCOL instan= ce. > + @param[in, out] FragmentTable Pointer to a list of fragment. The cal= ler > will take > + responsible to handle the original Fra= gmentTable while > + it may be reallocated in TLS driver. I= f CryptMode is > + EfiTlsEncrypt, on input these fragment= s contain the TLS > + header and plain text TLS APP payload;= on output these > + fragments contain the TLS header and c= ypher text TLS > + APP payload. If CryptMode is EfiTlsDec= rypt, on input > + these fragments contain the TLS header= and cypher text > + TLS APP payload; on output these fragm= ents contain the > + TLS header and plain text TLS APP payl= oad. > + @param[in] FragmentCount Number of fragment. > + @param[in] CryptMode Crypt mode. > + > + @retval EFI_SUCCESS The operation completed successfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + FragmentTable is NULL. > + FragmentCount is NULL. > + CryptoMode is invalid. > + @retval EFI_NOT_READY Current TLS session state is NOT > + EfiTlsSessionDataTransferring. > + @retval EFI_ABORTED Something wrong decryption the message= . > TLS session > + status will become EfiTlsSessionError.= The caller need > + call BuildResponsePacket() to generate= Error Alert > + message and send it out. > + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the > operation. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TLS_PROCESS_PACKET) ( > + IN EFI_TLS_PROTOCOL *This, > + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, > + IN UINT32 *FragmentCount, > + IN EFI_TLS_CRYPT_MODE CryptMode > + ); > + > +/// > +/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS > session. > +/// For detail of TLS, please refer to TLS related RFC. > +/// > +struct _EFI_TLS_PROTOCOL { > + EFI_TLS_SET_SESSION_DATA SetSessionData; > + EFI_TLS_GET_SESSION_DATA GetSessionData; > + EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket; > + EFI_TLS_PROCESS_PACKET ProcessPacket; > +}; > + > +extern EFI_GUID gEfiTlsServiceBindingProtocolGuid; > +extern EFI_GUID gEfiTlsProtocolGuid; > + > +#endif // __EFI_TLS_PROTOCOL_H__ > diff --git a/MdePkg/Include/Protocol/TlsConfig.h > b/MdePkg/Include/Protocol/TlsConfig.h > new file mode 100644 > index 0000000..4b62bf5 > --- /dev/null > +++ b/MdePkg/Include/Protocol/TlsConfig.h > @@ -0,0 +1,132 @@ > +/** @file > + EFI TLS Configuration Protocol as defined in UEFI 2.5. > + The EFI TLS Configuration Protocol provides a way to set and get TLS > configuration. > + > + Copyright (c) 2016, Intel Corporation. All rights reserved.
This > + program and the accompanying materials are licensed and made > + available under the terms and conditions of the BSD License which > + accompanies this distribution. The full text of the license may be > + found at http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > + @par Revision Reference: > + This Protocol is introduced in UEFI Specification 2.5 > + > +**/ > +#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__ > +#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__ > + > +/// > +/// The EFI Configuration protocol provides a way to set and get TLS > configuration. > +/// > +#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \ > + { \ > + 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, > +0x92, 0x2d } \ > + } > + > +typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL > +EFI_TLS_CONFIGURATION_PROTOCOL; > + > +/// > +/// EFI_TLS_CONFIG_DATA_TYPE > +/// > +typedef enum { > + /// > + /// Local host configuration data: public certificate data. > + /// This data should be DER-encoded binaryX.509 certificate > + /// or PEMencoded X.509 certificate. > + /// > + EfiTlsConfigDataTypeHostPublicCert, > + /// > + /// Local host configuration data: private key data. > + /// > + EfiTlsConfigDataTypeHostPrivateKey, > + /// > + /// CA certificate to verify peer. This data should be PEM-encoded > + /// RSA or PKCS#8 private key. > + /// > + EfiTlsConfigDataTypeCACertificate, > + /// > + /// CA-supplied Certificate Revocation List data. This data should > + /// be DER-encoded CRL data. > + /// > + EfiTlsConfigDataTypeCertRevocationList, > + > + EfiTlsConfigDataTypeMaximum > + > +} EFI_TLS_CONFIG_DATA_TYPE; > + > +/** > + Set TLS configuration data. > + > + The SetData() function sets TLS configuration to non-volatile storage > + or volatile storage. > + > + @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + @param[in] DataType Configuration data type. > + @param[in] Data Pointer to configuration data. > + @param[in] DataSize Total size of configuration data. > + > + @retval EFI_SUCCESS The TLS configuration data is set succ= essfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + Data is NULL. > + DataSize is 0. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_OUT_OF_RESOURCES Required system resources could not > be allocated. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)( > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > + IN VOID *Data, > + IN UINTN DataSize > + ); > + > +/** > + Get TLS configuration data. > + > + The GetData() function gets TLS configuration. > + > + @param[in] This Pointer to the > EFI_TLS_CONFIGURATION_PROTOCOL instance. > + @param[in] DataType Configuration data type. > + @param[in, out] Data Pointer to configuration data. > + @param[in, out] DataSize Total size of configuration data. On i= nput, it > means > + the size of Data buffer. On output, it= means the size > + of copied Data buffer if EFI_SUCCESS, = and means the > + size of desired Data buffer if EFI_BUF= FER_TOO_SMALL. > + > + @retval EFI_SUCCESS The TLS configuration data is got succ= essfully. > + @retval EFI_INVALID_PARAMETER One or more of the following > conditions is TRUE: > + This is NULL. > + DataSize is NULL. > + Data is NULL if *DataSize is not zero. > + @retval EFI_UNSUPPORTED The DataType is unsupported. > + @retval EFI_NOT_FOUND The TLS configuration data is not foun= d. > + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the da= ta. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)( > + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, > + IN EFI_TLS_CONFIG_DATA_TYPE DataType, > + IN OUT VOID *Data, OPTIONAL > + IN OUT UINTN *DataSize > + ); > + > +/// > +/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way > to > +set and get /// TLS configuration, such as Certificate, private key data= . > +/// > +struct _EFI_TLS_CONFIGURATION_PROTOCOL { > + EFI_TLS_CONFIGURATION_SET_DATA SetData; > + EFI_TLS_CONFIGURATION_GET_DATA GetData; > +}; > + > +extern EFI_GUID gEfiTlsConfigurationProtocolGuid; > + > +#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__ > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index > 3e08bed..f2bdb30 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -1607,10 +1607,19 @@ > gEfiHttpProtocolGuid =3D { 0x7a59b29b, 0x910b, 0x4171,= {0x82, 0x42, > 0xa8, 0x5a, 0x0d, 0xf2, 0x5b, 0x5b }} >=20 > ## Include/Protocol/HttpUtilities.h > gEfiHttpUtilitiesProtocolGuid =3D { 0x3e35c163, 0x4074, 0x45dd,= {0x43, > 0x1e, 0x23, 0x98, 0x9d, 0xd8, 0x6b, 0x32 }} >=20 > + ## Include/Protocol/Tls.h > + gEfiTlsServiceBindingProtocolGuid =3D { 0x952cb795, 0xff36, 0x48cf, = {0xa2, > 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d }} > + > + ## Include/Protocol/Tls.h > + gEfiTlsProtocolGuid =3D { 0xca959f, 0x6cfa, 0x4db1, {0= x95, 0xbc, 0xe4, > 0x6c, 0x47, 0x51, 0x43, 0x90 }} > + > + ## Include/Protocol/TlsConfig.h > + gEfiTlsConfigurationProtocolGuid =3D { 0x1682fe44, 0xbd7a, 0x4407, = { 0xb7, > 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d }} > + > ## Include/Protocol/Rest.h > gEfiRestProtocolGuid =3D { 0x0db48a36, 0x4e54, 0xea9c= , {0x9b, 0x09, > 0x1e, 0xa5, 0xbe, 0x3a, 0x66, 0x0b }} >=20 > ## Include/Protocol/Supplicant.h > gEfiSupplicantServiceBindingProtocolGuid =3D { 0x45bcd98e, 0x59ad, 0x= 4174, > { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 }} > -- > 1.9.5.msysgit.1