CryptoPkg: Add new Tls APIs to DXE and protocol

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892

The implementation provides new Tls library functions
for Crypto EFI Driver and Protocol.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

4 files changed, 435 insertions, 7 deletions

diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 7a8266aaba..f1ff77855c 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -4239,6 +4239,28 @@ CryptoServiceTlsWrite (
 }

 

 /**

+  Shutdown a TLS connection.

+

+  Shutdown the TLS connection without releasing the resources, meaning a new

+  connection can be started without calling TlsNew() and without setting

+  certificates etc.

+

+  @param[in]       Tls            Pointer to the TLS object to shutdown.

+

+  @retval EFI_SUCCESS             The TLS is shutdown successfully.

+  @retval EFI_INVALID_PARAMETER   Tls is NULL.

+  @retval EFI_PROTOCOL_ERROR      Some other error occurred.

+**/

+EFI_STATUS

+EFIAPI

+CryptoServiceTlsShutdown (

+  IN     VOID  *Tls

+  )

+{

+  return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, (Tls), EFI_UNSUPPORTED);

+}

+

+/**

   Set a new TLS/SSL method for a particular TLS object.

 

   This function sets a new TLS/SSL method for a particular TLS object.

@@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert (
 /**

   Adds the local private key to the specified TLS object.

 

-  This function adds the local private key (PEM-encoded RSA or PKCS#8 private

+  This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private

+  key) into the specified TLS object for TLS negotiation.

+

+  @param[in]  Tls         Pointer to the TLS object.

+  @param[in]  Data        Pointer to the data buffer of a DER-encoded or PEM-encoded

+                          or PKCS#8 private key.

+  @param[in]  DataSize    The size of data buffer in bytes.

+  @param[in]  Password    Pointer to NULL-terminated private key password, set it to NULL

+                          if private key not encrypted.

+

+  @retval  EFI_SUCCESS     The operation succeeded.

+  @retval  EFI_UNSUPPORTED This function is not supported.

+  @retval  EFI_ABORTED     Invalid private key data.

+

+**/

+EFI_STATUS

+EFIAPI

+CryptoServiceTlsSetHostPrivateKeyEx (

+  IN     VOID   *Tls,

+  IN     VOID   *Data,

+  IN     UINTN  DataSize,

+  IN     VOID   *Password  OPTIONAL

+  )

+{

+  return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);

+}

+

+/**

+  Adds the local private key to the specified TLS object.

+

+  This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private

   key) into the specified TLS object for TLS negotiation.

 

   @param[in]  Tls         Pointer to the TLS object.

-  @param[in]  Data        Pointer to the data buffer of a PEM-encoded RSA

+  @param[in]  Data        Pointer to the data buffer of a DER-encoded or PEM-encoded

                           or PKCS#8 private key.

   @param[in]  DataSize    The size of data buffer in bytes.

 

@@ -4512,6 +4564,59 @@ CryptoServiceTlsSetCertRevocationList (
 }

 

 /**

+  Set the signature algorithm list to used by the TLS object.

+

+  This function sets the signature algorithms for use by a specified TLS object.

+

+  @param[in]  Tls                Pointer to a TLS object.

+  @param[in]  Data               Array of UINT8 of signature algorithms. The array consists of

+                                 pairs of the hash algorithm and the signature algorithm as defined

+                                 in RFC 5246

+  @param[in]  DataSize           The length the SignatureAlgoList. Must be divisible by 2.

+

+  @retval  EFI_SUCCESS           The signature algorithm list was set successfully.

+  @retval  EFI_INVALID_PARAMETER The parameters are invalid.

+  @retval  EFI_UNSUPPORTED       No supported TLS signature algorithm was found in SignatureAlgoList

+  @retval  EFI_OUT_OF_RESOURCES  Memory allocation failed.

+

+**/

+EFI_STATUS

+EFIAPI

+CryptoServiceTlsSetSignatureAlgoList (

+  IN     VOID   *Tls,

+  IN     UINT8  *Data,

+  IN     UINTN  DataSize

+  )

+{

+  return CALL_BASECRYPTLIB (TlsSet.Services.SignatureAlgoList, TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);

+}

+

+/**

+  Set the EC curve to be used for TLS flows

+

+  This function sets the EC curve to be used for TLS flows.

+

+  @param[in]  Tls                Pointer to a TLS object.

+  @param[in]  Data               An EC named curve as defined in section 5.1.1 of RFC 4492.

+  @param[in]  DataSize           Size of Data, it should be sizeof (UINT32)

+

+  @retval  EFI_SUCCESS           The EC curve was set successfully.

+  @retval  EFI_INVALID_PARAMETER The parameters are invalid.

+  @retval  EFI_UNSUPPORTED       The requested TLS EC curve is not supported

+

+**/

+EFI_STATUS

+EFIAPI

+CryptoServiceTlsSetEcCurve (

+  IN     VOID   *Tls,

+  IN     UINT8  *Data,

+  IN     UINTN  DataSize

+  )

+{

+  return CALL_BASECRYPTLIB (TlsSet.Services.EcCurve, TlsSetEcCurve, (Tls, Data, DataSize), EFI_UNSUPPORTED);

+}

+

+/**

   Gets the protocol version used by the specified TLS connection.

 

   This function returns the protocol version used by the specified TLS

@@ -4827,6 +4932,44 @@ CryptoServiceTlsGetCertRevocationList (
 }

 

 /**

+  Derive keying material from a TLS connection.

+

+  This function exports keying material using the mechanism described in RFC

+  5705.

+

+  @param[in]      Tls          Pointer to the TLS object

+  @param[in]      Label        Description of the key for the PRF function

+  @param[in]      Context      Optional context

+  @param[in]      ContextLen   The length of the context value in bytes

+  @param[out]     KeyBuffer    Buffer to hold the output of the TLS-PRF

+  @param[in]      KeyBufferLen The length of the KeyBuffer

+

+  @retval  EFI_SUCCESS             The operation succeeded.

+  @retval  EFI_INVALID_PARAMETER   The TLS object is invalid.

+  @retval  EFI_PROTOCOL_ERROR      Some other error occurred.

+

+**/

+EFI_STATUS

+EFIAPI

+CryptoServiceTlsGetExportKey (

+  IN     VOID        *Tls,

+  IN     CONST VOID  *Label,

+  IN     CONST VOID  *Context,

+  IN     UINTN       ContextLen,

+  OUT    VOID        *KeyBuffer,

+  IN     UINTN       KeyBufferLen

+  )

+{

+  return CALL_BASECRYPTLIB (

+           TlsGet.Services.ExportKey,

+           TlsGetExportKey,

+           (Tls, Label, Context, ContextLen,

+            KeyBuffer, KeyBufferLen),

+           EFI_UNSUPPORTED

+           );

+}

+

+/**

   Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.

 

   This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in

@@ -6266,4 +6409,12 @@ const EDKII_CRYPTO_PROTOCOL  mEdkiiCrypto = {
   CryptoServiceEcGenerateKey,

   CryptoServiceEcGetPubKey,

   CryptoServiceEcDhComputeKey,

+  /// TLS (continued)

+  CryptoServiceTlsShutdown,

+  /// TLS Set (continued)

+  CryptoServiceTlsSetHostPrivateKeyEx,

+  CryptoServiceTlsSetSignatureAlgoList,

+  CryptoServiceTlsSetEcCurve,

+  /// TLS Get (continued)

+  CryptoServiceTlsGetExportKey

 };

diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 45bafc2161..4740589417 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -269,6 +269,7 @@ typedef struct {
       UINT8    CtrlTrafficIn  : 1;

       UINT8    Read           : 1;

       UINT8    Write          : 1;

+      UINT8    Shutdown       : 1;

     } Services;

     UINT32    Family;

   } Tls;

@@ -285,6 +286,9 @@ typedef struct {
       UINT8    HostPublicCert     : 1;

       UINT8    HostPrivateKey     : 1;

       UINT8    CertRevocationList : 1;

+      UINT8    HostPrivateKeyEx   : 1;

+      UINT8    SignatureAlgoList  : 1;

+      UINT8    EcCurve            : 1;

     } Services;

     UINT32    Family;

   } TlsSet;

@@ -303,6 +307,7 @@ typedef struct {
       UINT8    HostPublicCert       : 1;

       UINT8    HostPrivateKey       : 1;

       UINT8    CertRevocationList   : 1;

+      UINT8    ExportKey            : 1;

     } Services;

     UINT32    Family;

   } TlsGet;

diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 791e2ef599..52b934a545 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -3475,6 +3475,28 @@ TlsWrite (
 }

 

 /**

+  Shutdown a TLS connection.

+

+  Shutdown the TLS connection without releasing the resources, meaning a new

+  connection can be started without calling TlsNew() and without setting

+  certificates etc.

+

+  @param[in]       Tls            Pointer to the TLS object to shutdown.

+

+  @retval EFI_SUCCESS             The TLS is shutdown successfully.

+  @retval EFI_INVALID_PARAMETER   Tls is NULL.

+  @retval EFI_PROTOCOL_ERROR      Some other error occurred.

+**/

+EFI_STATUS

+EFIAPI

+TlsShutdown (

+  IN     VOID  *Tls

+  )

+{

+  CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED);

+}

+

+/**

   Set a new TLS/SSL method for a particular TLS object.

 

   This function sets a new TLS/SSL method for a particular TLS object.

@@ -3699,11 +3721,41 @@ TlsSetHostPublicCert (
 /**

   Adds the local private key to the specified TLS object.

 

-  This function adds the local private key (PEM-encoded RSA or PKCS#8 private

+  This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private

   key) into the specified TLS object for TLS negotiation.

 

   @param[in]  Tls         Pointer to the TLS object.

-  @param[in]  Data        Pointer to the data buffer of a PEM-encoded RSA

+  @param[in]  Data        Pointer to the data buffer of a DER-encoded or PEM-encoded

+                          or PKCS#8 private key.

+  @param[in]  DataSize    The size of data buffer in bytes.

+  @param[in]  Password    Pointer to NULL-terminated private key password, set it to NULL

+                          if private key not encrypted.

+

+  @retval  EFI_SUCCESS     The operation succeeded.

+  @retval  EFI_UNSUPPORTED This function is not supported.

+  @retval  EFI_ABORTED     Invalid private key data.

+

+**/

+EFI_STATUS

+EFIAPI

+TlsSetHostPrivateKeyEx (

+  IN     VOID   *Tls,

+  IN     VOID   *Data,

+  IN     UINTN  DataSize,

+  IN     VOID   *Password  OPTIONAL

+  )

+{

+  CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);

+}

+

+/**

+  Adds the local private key to the specified TLS object.

+

+  This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private

+  key) into the specified TLS object for TLS negotiation.

+

+  @param[in]  Tls         Pointer to the TLS object.

+  @param[in]  Data        Pointer to the data buffer of a DER-encoded or PEM-encoded

                           or PKCS#8 private key.

   @param[in]  DataSize    The size of data buffer in bytes.

 

@@ -3748,6 +3800,59 @@ TlsSetCertRevocationList (
 }

 

 /**

+  Set the signature algorithm list to used by the TLS object.

+

+  This function sets the signature algorithms for use by a specified TLS object.

+

+  @param[in]  Tls                Pointer to a TLS object.

+  @param[in]  Data               Array of UINT8 of signature algorithms. The array consists of

+                                 pairs of the hash algorithm and the signature algorithm as defined

+                                 in RFC 5246

+  @param[in]  DataSize           The length the SignatureAlgoList. Must be divisible by 2.

+

+  @retval  EFI_SUCCESS           The signature algorithm list was set successfully.

+  @retval  EFI_INVALID_PARAMETER The parameters are invalid.

+  @retval  EFI_UNSUPPORTED       No supported TLS signature algorithm was found in SignatureAlgoList

+  @retval  EFI_OUT_OF_RESOURCES  Memory allocation failed.

+

+**/

+EFI_STATUS

+EFIAPI

+TlsSetSignatureAlgoList (

+  IN     VOID   *Tls,

+  IN     UINT8  *Data,

+  IN     UINTN  DataSize

+  )

+{

+  CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);

+}

+

+/**

+  Set the EC curve to be used for TLS flows

+

+  This function sets the EC curve to be used for TLS flows.

+

+  @param[in]  Tls                Pointer to a TLS object.

+  @param[in]  Data               An EC named curve as defined in section 5.1.1 of RFC 4492.

+  @param[in]  DataSize           Size of Data, it should be sizeof (UINT32)

+

+  @retval  EFI_SUCCESS           The EC curve was set successfully.

+  @retval  EFI_INVALID_PARAMETER The parameters are invalid.

+  @retval  EFI_UNSUPPORTED       The requested TLS EC curve is not supported

+

+**/

+EFI_STATUS

+EFIAPI

+TlsSetEcCurve (

+  IN     VOID   *Tls,

+  IN     UINT8  *Data,

+  IN     UINTN  DataSize

+  )

+{

+  CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);

+}

+

+/**

   Gets the protocol version used by the specified TLS connection.

 

   This function returns the protocol version used by the specified TLS

@@ -4062,6 +4167,43 @@ TlsGetCertRevocationList (
   CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);

 }

 

+/**

+  Derive keying material from a TLS connection.

+

+  This function exports keying material using the mechanism described in RFC

+  5705.

+

+  @param[in]      Tls          Pointer to the TLS object

+  @param[in]      Label        Description of the key for the PRF function

+  @param[in]      Context      Optional context

+  @param[in]      ContextLen   The length of the context value in bytes

+  @param[out]     KeyBuffer    Buffer to hold the output of the TLS-PRF

+  @param[in]      KeyBufferLen The length of the KeyBuffer

+

+  @retval  EFI_SUCCESS             The operation succeeded.

+  @retval  EFI_INVALID_PARAMETER   The TLS object is invalid.

+  @retval  EFI_PROTOCOL_ERROR      Some other error occurred.

+

+**/

+EFI_STATUS

+EFIAPI

+TlsGetExportKey (

+  IN     VOID        *Tls,

+  IN     CONST VOID  *Label,

+  IN     CONST VOID  *Context,

+  IN     UINTN       ContextLen,

+  OUT    VOID        *KeyBuffer,

+  IN     UINTN       KeyBufferLen

+  )

+{

+  CALL_CRYPTO_SERVICE (

+    TlsGetExportKey,

+    (Tls, Label, Context, ContextLen,

+     KeyBuffer, KeyBufferLen),

+    EFI_UNSUPPORTED

+    );

+}

+

 // =====================================================================================

 //    Big number primitive

 // =====================================================================================

diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index 2f267c7f55..6293efa36b 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -21,7 +21,7 @@
 /// the EDK II Crypto Protocol is extended, this version define must be

 /// increased.

 ///

-#define EDKII_CRYPTO_VERSION  13

+#define EDKII_CRYPTO_VERSION  14

 

 ///

 /// EDK II Crypto Protocol forward declaration

@@ -3187,6 +3187,25 @@ INTN
   );

 

 /**

+  Shutdown a TLS connection.

+

+  Shutdown the TLS connection without releasing the resources, meaning a new

+  connection can be started without calling TlsNew() and without setting

+  certificates etc.

+

+  @param[in]       Tls            Pointer to the TLS object to shutdown.

+

+  @retval EFI_SUCCESS             The TLS is shutdown successfully.

+  @retval EFI_INVALID_PARAMETER   Tls is NULL.

+  @retval EFI_PROTOCOL_ERROR      Some other error occurred.

+**/

+typedef

+EFI_STATUS

+(EFIAPI *EDKII_CRYPTO_TLS_SHUTDOWN)(

+  IN     VOID                     *Tls

+  );

+

+/**

   Set a new TLS/SSL method for a particular TLS object.

 

   This function sets a new TLS/SSL method for a particular TLS object.

@@ -3384,11 +3403,38 @@ EFI_STATUS
 /**

   Adds the local private key to the specified TLS object.

 

-  This function adds the local private key (PEM-encoded RSA or PKCS#8 private

+  This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private

+  key) into the specified TLS object for TLS negotiation.

+

+  @param[in]  Tls         Pointer to the TLS object.

+  @param[in]  Data        Pointer to the data buffer of a DER-encoded or PEM-encoded

+                          or PKCS#8 private key.

+  @param[in]  DataSize    The size of data buffer in bytes.

+  @param[in]  Password    Pointer to NULL-terminated private key password, set it to NULL

+                          if private key not encrypted.

+

+  @retval  EFI_SUCCESS     The operation succeeded.

+  @retval  EFI_UNSUPPORTED This function is not supported.

+  @retval  EFI_ABORTED     Invalid private key data.

+

+**/

+typedef

+EFI_STATUS

+(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX)(

+  IN     VOID                     *Tls,

+  IN     VOID                     *Data,

+  IN     UINTN                    DataSize,

+  IN     VOID                     *Password  OPTIONAL

+  );

+

+/**

+  Adds the local private key to the specified TLS object.

+

+  This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private

   key) into the specified TLS object for TLS negotiation.

 

   @param[in]  Tls         Pointer to the TLS object.

-  @param[in]  Data        Pointer to the data buffer of a PEM-encoded RSA

+  @param[in]  Data        Pointer to the data buffer of a DER-encoded or PEM-encoded

                           or PKCS#8 private key.

   @param[in]  DataSize    The size of data buffer in bytes.

 

@@ -3681,6 +3727,82 @@ EFI_STATUS
   );

 

 /**

+  Set the signature algorithm list to used by the TLS object.

+

+  This function sets the signature algorithms for use by a specified TLS object.

+

+  @param[in]  Tls                Pointer to a TLS object.

+  @param[in]  Data               Array of UINT8 of signature algorithms. The array consists of

+                                 pairs of the hash algorithm and the signature algorithm as defined

+                                 in RFC 5246

+  @param[in]  DataSize           The length the SignatureAlgoList. Must be divisible by 2.

+

+  @retval  EFI_SUCCESS           The signature algorithm list was set successfully.

+  @retval  EFI_INVALID_PARAMETER The parameters are invalid.

+  @retval  EFI_UNSUPPORTED       No supported TLS signature algorithm was found in SignatureAlgoList

+  @retval  EFI_OUT_OF_RESOURCES  Memory allocation failed.

+

+**/

+typedef

+EFI_STATUS

+(EFIAPI *EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST)(

+  IN     VOID   *Tls,

+  IN     UINT8  *Data,

+  IN     UINTN  DataSize

+  );

+

+/**

+  Set the EC curve to be used for TLS flows

+

+  This function sets the EC curve to be used for TLS flows.

+

+  @param[in]  Tls                Pointer to a TLS object.

+  @param[in]  Data               An EC named curve as defined in section 5.1.1 of RFC 4492.

+  @param[in]  DataSize           Size of Data, it should be sizeof (UINT32)

+

+  @retval  EFI_SUCCESS           The EC curve was set successfully.

+  @retval  EFI_INVALID_PARAMETER The parameters are invalid.

+  @retval  EFI_UNSUPPORTED       The requested TLS EC curve is not supported

+

+**/

+typedef

+EFI_STATUS

+(EFIAPI *EDKII_CRYPTO_TLS_SET_EC_CURVE)(

+  IN     VOID   *Tls,

+  IN     UINT8  *Data,

+  IN     UINTN  DataSize

+  );

+

+/**

+  Derive keying material from a TLS connection.

+

+  This function exports keying material using the mechanism described in RFC

+  5705.

+

+  @param[in]      Tls          Pointer to the TLS object

+  @param[in]      Label        Description of the key for the PRF function

+  @param[in]      Context      Optional context

+  @param[in]      ContextLen   The length of the context value in bytes

+  @param[out]     KeyBuffer    Buffer to hold the output of the TLS-PRF

+  @param[in]      KeyBufferLen The length of the KeyBuffer

+

+  @retval  EFI_SUCCESS             The operation succeeded.

+  @retval  EFI_INVALID_PARAMETER   The TLS object is invalid.

+  @retval  EFI_PROTOCOL_ERROR      Some other error occurred.

+

+**/

+typedef

+EFI_STATUS

+(EFIAPI *EDKII_CRYPTO_TLS_GET_EXPORT_KEY)(

+  IN     VOID                     *Tls,

+  IN     CONST VOID              *Label,

+  IN     CONST VOID               *Context,

+  IN     UINTN                    ContextLen,

+  OUT    VOID                     *KeyBuffer,

+  IN     UINTN                    KeyBufferLen

+  );

+

+/**

   Gets the CA-supplied certificate revocation list data set in the specified

   TLS object.

 

@@ -4954,6 +5076,14 @@ struct _EDKII_CRYPTO_PROTOCOL {
   EDKII_CRYPTO_EC_GENERATE_KEY                        EcGenerateKey;

   EDKII_CRYPTO_EC_GET_PUB_KEY                         EcGetPubKey;

   EDKII_CRYPTO_EC_DH_COMPUTE_KEY                      EcDhComputeKey;

+  /// TLS (continued)

+  EDKII_CRYPTO_TLS_SHUTDOWN                           TlsShutdown;

+  /// TLS Set (continued)

+  EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX            TlsSetHostPrivateKeyEx;

+  EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST            TlsSetSignatureAlgoList;

+  EDKII_CRYPTO_TLS_SET_EC_CURVE                       TlsSetEcCurve;

+  /// TLS Get (continued)

+  EDKII_CRYPTO_TLS_GET_EXPORT_KEY                     TlsGetExportKey;

 };

 

 extern GUID  gEdkiiCryptoProtocolGuid;