From: "Li, Yi" <yi1.li@intel.com>
To: devel@edk2.groups.io
Cc: Yi Li <yi1.li@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>
Subject: [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol
Date: Mon, 26 Sep 2022 14:27:10 +0800 [thread overview]
Message-ID: <b0b3dfe5f7645ae36d3e6387a39757df2b43acfa.1664172690.git.yi1.li@intel.com> (raw)
In-Reply-To: <cover.1664172690.git.yi1.li@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892
The implementation provides new Tls library functions
for Crypto EFI Driver and Protocol.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
CryptoPkg/Driver/Crypto.c | 155 +++++++++++++++++-
.../Pcd/PcdCryptoServiceFamilyEnable.h | 5 +
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 146 ++++++++++++++++-
CryptoPkg/Private/Protocol/Crypto.h | 136 ++++++++++++++-
4 files changed, 435 insertions(+), 7 deletions(-)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 7a8266aaba..f1ff77855c 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -4238,6 +4238,28 @@ CryptoServiceTlsWrite (
return CALL_BASECRYPTLIB (Tls.Services.Write, TlsWrite, (Tls, Buffer, BufferSize), 0);
}
+/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] Tls Pointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsShutdown (
+ IN VOID *Tls
+ )
+{
+ return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, (Tls), EFI_UNSUPPORTED);
+}
+
/**
Set a new TLS/SSL method for a particular TLS object.
@@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert (
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetHostPrivateKeyEx (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -4511,6 +4563,59 @@ CryptoServiceTlsSetCertRevocationList (
return CALL_BASECRYPTLIB (TlsSet.Services.CertRevocationList, TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of
+ pairs of the hash algorithm and the signature algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetSignatureAlgoList (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.SignatureAlgoList, TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)
+
+ @retval EFI_SUCCESS The EC curve was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsSetEcCurve (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (TlsSet.Services.EcCurve, TlsSetEcCurve, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
/**
Gets the protocol version used by the specified TLS connection.
@@ -4826,6 +4931,44 @@ CryptoServiceTlsGetCertRevocationList (
return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+/**
+ Derive keying material from a TLS connection.
+
+ This function exports keying material using the mechanism described in RFC
+ 5705.
+
+ @param[in] Tls Pointer to the TLS object
+ @param[in] Label Description of the key for the PRF function
+ @param[in] Context Optional context
+ @param[in] ContextLen The length of the context value in bytes
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
+ @param[in] KeyBufferLen The length of the KeyBuffer
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+
+**/
+EFI_STATUS
+EFIAPI
+CryptoServiceTlsGetExportKey (
+ IN VOID *Tls,
+ IN CONST VOID *Label,
+ IN CONST VOID *Context,
+ IN UINTN ContextLen,
+ OUT VOID *KeyBuffer,
+ IN UINTN KeyBufferLen
+ )
+{
+ return CALL_BASECRYPTLIB (
+ TlsGet.Services.ExportKey,
+ TlsGetExportKey,
+ (Tls, Label, Context, ContextLen,
+ KeyBuffer, KeyBufferLen),
+ EFI_UNSUPPORTED
+ );
+}
+
/**
Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.
@@ -6266,4 +6409,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceEcGenerateKey,
CryptoServiceEcGetPubKey,
CryptoServiceEcDhComputeKey,
+ /// TLS (continued)
+ CryptoServiceTlsShutdown,
+ /// TLS Set (continued)
+ CryptoServiceTlsSetHostPrivateKeyEx,
+ CryptoServiceTlsSetSignatureAlgoList,
+ CryptoServiceTlsSetEcCurve,
+ /// TLS Get (continued)
+ CryptoServiceTlsGetExportKey
};
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 45bafc2161..70caa2122b 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -269,6 +269,7 @@ typedef struct {
UINT8 CtrlTrafficIn : 1;
UINT8 Read : 1;
UINT8 Write : 1;
+ UINT8 Shutdown : 1;
} Services;
UINT32 Family;
} Tls;
@@ -283,8 +284,11 @@ typedef struct {
UINT8 SessionId : 1;
UINT8 CaCertificate : 1;
UINT8 HostPublicCert : 1;
+ UINT8 HostPrivateKeyEx : 1;
UINT8 HostPrivateKey : 1;
UINT8 CertRevocationList : 1;
+ UINT8 SignatureAlgoList : 1;
+ UINT8 EcCurve : 1;
} Services;
UINT32 Family;
} TlsSet;
@@ -303,6 +307,7 @@ typedef struct {
UINT8 HostPublicCert : 1;
UINT8 HostPrivateKey : 1;
UINT8 CertRevocationList : 1;
+ UINT8 ExportKey : 1;
} Services;
UINT32 Family;
} TlsGet;
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 791e2ef599..52b934a545 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -3474,6 +3474,28 @@ TlsWrite (
CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0);
}
+/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] Tls Pointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+EFI_STATUS
+EFIAPI
+TlsShutdown (
+ IN VOID *Tls
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED);
+}
+
/**
Set a new TLS/SSL method for a particular TLS object.
@@ -3699,11 +3721,41 @@ TlsSetHostPublicCert (
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPrivateKeyEx (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -3747,6 +3799,59 @@ TlsSetCertRevocationList (
CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of
+ pairs of the hash algorithm and the signature algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSignatureAlgoList (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)
+
+ @retval EFI_SUCCESS The EC curve was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetEcCurve (
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
+}
+
/**
Gets the protocol version used by the specified TLS connection.
@@ -4062,6 +4167,43 @@ TlsGetCertRevocationList (
CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+/**
+ Derive keying material from a TLS connection.
+
+ This function exports keying material using the mechanism described in RFC
+ 5705.
+
+ @param[in] Tls Pointer to the TLS object
+ @param[in] Label Description of the key for the PRF function
+ @param[in] Context Optional context
+ @param[in] ContextLen The length of the context value in bytes
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
+ @param[in] KeyBufferLen The length of the KeyBuffer
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetExportKey (
+ IN VOID *Tls,
+ IN CONST VOID *Label,
+ IN CONST VOID *Context,
+ IN UINTN ContextLen,
+ OUT VOID *KeyBuffer,
+ IN UINTN KeyBufferLen
+ )
+{
+ CALL_CRYPTO_SERVICE (
+ TlsGetExportKey,
+ (Tls, Label, Context, ContextLen,
+ KeyBuffer, KeyBufferLen),
+ EFI_UNSUPPORTED
+ );
+}
+
// =====================================================================================
// Big number primitive
// =====================================================================================
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index 2f267c7f55..6293efa36b 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -21,7 +21,7 @@
/// the EDK II Crypto Protocol is extended, this version define must be
/// increased.
///
-#define EDKII_CRYPTO_VERSION 13
+#define EDKII_CRYPTO_VERSION 14
///
/// EDK II Crypto Protocol forward declaration
@@ -3186,6 +3186,25 @@ INTN
IN UINTN BufferSize
);
+/**
+ Shutdown a TLS connection.
+
+ Shutdown the TLS connection without releasing the resources, meaning a new
+ connection can be started without calling TlsNew() and without setting
+ certificates etc.
+
+ @param[in] Tls Pointer to the TLS object to shutdown.
+
+ @retval EFI_SUCCESS The TLS is shutdown successfully.
+ @retval EFI_INVALID_PARAMETER Tls is NULL.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SHUTDOWN)(
+ IN VOID *Tls
+ );
+
/**
Set a new TLS/SSL method for a particular TLS object.
@@ -3384,11 +3403,38 @@ EFI_STATUS
/**
Adds the local private key to the specified TLS object.
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+ @param[in] Password Pointer to NULL-terminated private key password, set it to NULL
+ if private key not encrypted.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX)(
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN VOID *Password OPTIONAL
+ );
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ @param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -3680,6 +3726,82 @@ EFI_STATUS
IN OUT UINTN *DataSize
);
+/**
+ Set the signature algorithm list to used by the TLS object.
+
+ This function sets the signature algorithms for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data Array of UINT8 of signature algorithms. The array consists of
+ pairs of the hash algorithm and the signature algorithm as defined
+ in RFC 5246
+ @param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
+
+ @retval EFI_SUCCESS The signature algorithm list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST)(
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Set the EC curve to be used for TLS flows
+
+ This function sets the EC curve to be used for TLS flows.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
+ @param[in] DataSize Size of Data, it should be sizeof (UINT32)
+
+ @retval EFI_SUCCESS The EC curve was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.
+ @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_SET_EC_CURVE)(
+ IN VOID *Tls,
+ IN UINT8 *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Derive keying material from a TLS connection.
+
+ This function exports keying material using the mechanism described in RFC
+ 5705.
+
+ @param[in] Tls Pointer to the TLS object
+ @param[in] Label Description of the key for the PRF function
+ @param[in] Context Optional context
+ @param[in] ContextLen The length of the context value in bytes
+ @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
+ @param[in] KeyBufferLen The length of the KeyBuffer
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The TLS object is invalid.
+ @retval EFI_PROTOCOL_ERROR Some other error occurred.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_CRYPTO_TLS_GET_EXPORT_KEY)(
+ IN VOID *Tls,
+ IN CONST VOID *Label,
+ IN CONST VOID *Context,
+ IN UINTN ContextLen,
+ OUT VOID *KeyBuffer,
+ IN UINTN KeyBufferLen
+ );
+
/**
Gets the CA-supplied certificate revocation list data set in the specified
TLS object.
@@ -4954,6 +5076,14 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_EC_GENERATE_KEY EcGenerateKey;
EDKII_CRYPTO_EC_GET_PUB_KEY EcGetPubKey;
EDKII_CRYPTO_EC_DH_COMPUTE_KEY EcDhComputeKey;
+ /// TLS (continued)
+ EDKII_CRYPTO_TLS_SHUTDOWN TlsShutdown;
+ /// TLS Set (continued)
+ EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX TlsSetHostPrivateKeyEx;
+ EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST TlsSetSignatureAlgoList;
+ EDKII_CRYPTO_TLS_SET_EC_CURVE TlsSetEcCurve;
+ /// TLS Get (continued)
+ EDKII_CRYPTO_TLS_GET_EXPORT_KEY TlsGetExportKey;
};
extern GUID gEdkiiCryptoProtocolGuid;
--
2.31.1.windows.1
next prev parent reply other threads:[~2022-09-26 6:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1664172690.git.yi1.li@intel.com>
2022-09-26 6:27 ` [PATCH 1/3] MdePkg: Add Tls configuration related define Li, Yi
2022-09-26 6:27 ` [PATCH 2/3] CryptoPkg: Extend Tls function library Li, Yi
2022-09-26 6:27 ` Li, Yi [this message]
2022-09-30 5:08 ` [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol Michael D Kinney
2022-09-30 5:28 ` Li, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b0b3dfe5f7645ae36d3e6387a39757df2b43acfa.1664172690.git.yi1.li@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox