From 973f8862f2b44a16b028f5afabbc8a0042029a29 Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Thu, 6 Apr 2017 10:05:54 +0800 Subject: MdePkg: Convert files to CRLF line ending Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Reviewed-by: Liming Gao --- MdePkg/Include/IndustryStandard/Tls1.h | 186 +++---- MdePkg/Include/Protocol/Tls.h | 921 +++++++++++++++++---------------- MdePkg/Include/Protocol/TlsConfig.h | 265 +++++----- MdePkg/Library/BaseLib/SafeString.c | 39 +- 4 files changed, 707 insertions(+), 704 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h index 019ff617de..9009291ee3 100644 --- a/MdePkg/Include/IndustryStandard/Tls1.h +++ b/MdePkg/Include/IndustryStandard/Tls1.h @@ -1,93 +1,93 @@ -/** @file - Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from RFC 2246/4346/5246 - - This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346/5246 - - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at - http://opensource.org/licenses/bsd-license.php - - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -**/ - -#ifndef __TLS_1_H__ -#define __TLS_1_H__ - -#pragma pack(1) - -/// -/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. -/// -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} - -/// -/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. -/// -#define TLS10_PROTOCOL_VERSION_MAJOR 0x03 -#define TLS10_PROTOCOL_VERSION_MINOR 0x01 -#define TLS11_PROTOCOL_VERSION_MAJOR 0x03 -#define TLS11_PROTOCOL_VERSION_MINOR 0x02 -#define TLS12_PROTOCOL_VERSION_MAJOR 0x03 -#define TLS12_PROTOCOL_VERSION_MINOR 0x03 - -/// -/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. -/// -typedef enum { - TlsContentTypeChangeCipherSpec = 20, - TlsContentTypeAlert = 21, - TlsContentTypeHandshake = 22, - TlsContentTypeApplicationData = 23, -} TLS_CONTENT_TYPE; - -/// -/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. -/// -typedef struct { - UINT8 ContentType; - EFI_TLS_VERSION Version; - UINT16 Length; -} TLS_RECORD_HEADER; - -#pragma pack() - -#endif - +/** @file + Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from RFC 2246/4346/5246 + + This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346/5246 + + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +**/ + +#ifndef __TLS_1_H__ +#define __TLS_1_H__ + +#pragma pack(1) + +/// +/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. +/// +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} + +/// +/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. +/// +#define TLS10_PROTOCOL_VERSION_MAJOR 0x03 +#define TLS10_PROTOCOL_VERSION_MINOR 0x01 +#define TLS11_PROTOCOL_VERSION_MAJOR 0x03 +#define TLS11_PROTOCOL_VERSION_MINOR 0x02 +#define TLS12_PROTOCOL_VERSION_MAJOR 0x03 +#define TLS12_PROTOCOL_VERSION_MINOR 0x03 + +/// +/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. +/// +typedef enum { + TlsContentTypeChangeCipherSpec = 20, + TlsContentTypeAlert = 21, + TlsContentTypeHandshake = 22, + TlsContentTypeApplicationData = 23, +} TLS_CONTENT_TYPE; + +/// +/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. +/// +typedef struct { + UINT8 ContentType; + EFI_TLS_VERSION Version; + UINT16 Length; +} TLS_RECORD_HEADER; + +#pragma pack() + +#endif + diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h index f3cfccc953..2119f33c0f 100644 --- a/MdePkg/Include/Protocol/Tls.h +++ b/MdePkg/Include/Protocol/Tls.h @@ -1,460 +1,461 @@ -/** @file - EFI TLS Protocols as defined in UEFI 2.5. - - The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers - to create and destroy child of the driver to communicate with other host using - TLS protocol. - The EFI TLS Protocol provides the ability to manage TLS session. - - Copyright (c) 2016, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at - http://opensource.org/licenses/bsd-license.php - - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - @par Revision Reference: - This Protocol is introduced in UEFI Specification 2.5 - -**/ - -#ifndef __EFI_TLS_PROTOCOL_H__ -#define __EFI_TLS_PROTOCOL_H__ - -/// -/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers to -/// create and destroy child of the driver to communicate with other host using TLS -/// protocol. -/// -#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ - { \ - 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d } \ - } - -/// -/// The EFI TLS protocol provides the ability to manage TLS session. -/// -#define EFI_TLS_PROTOCOL_GUID \ - { \ - 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \ - } - -typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; - -/// -/// EFI_TLS_SESSION_DATA_TYPE -/// -typedef enum { - /// - /// Session Configuration - /// - - /// - /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION. - /// - EfiTlsVersion, - /// - /// TLS session as client or as server. The corresponding Data is of - /// EFI_TLS_CONNECTION_END. - /// - EfiTlsConnectionEnd, - /// - /// A priority list of preferred algorithms for the TLS session. - /// The corresponding Data is a list of EFI_TLS_CIPHER. - /// - EfiTlsCipherList, - /// - /// TLS session compression method. - /// The corresponding Data is of type EFI_TLS_COMPRESSION. - /// - EfiTlsCompressionMethod, - /// - /// TLS session extension data. - /// The corresponding Data is a list of type EFI_TLS_EXTENSION . - /// - EfiTlsExtensionData, - /// - /// TLS session verify method. - /// The corresponding Data is of type EFI_TLS_VERIFY. - /// - EfiTlsVerifyMethod, - /// - /// TLS session data session ID. - /// For SetSessionData(), it is TLS session ID used for session resumption. - /// For GetSessionData(), it is the TLS session ID used for current session. - /// The corresponding Data is of type EFI_TLS_SESSION_ID. - /// - EfiTlsSessionID, - /// - /// TLS session data session state. - /// The corresponding Data is of type EFI_TLS_SESSION_STATE. - /// - EfiTlsSessionState, - - /// - /// Session information - /// - - /// - /// TLS session data client random. - /// The corresponding Data is of type EFI_TLS_RANDOM. - /// - EfiTlsClientRandom, - /// - /// TLS session data server random. - /// The corresponding Data is of type EFI_TLS_RANDOM. - /// - EfiTlsServerRandom, - /// - /// TLS session data key material. - /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. - /// - EfiTlsKeyMaterial, - - EfiTlsSessionDataTypeMaximum - -} EFI_TLS_SESSION_DATA_TYPE; - -/// -/// EFI_TLS_VERSION -/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2). -/// SSL2.0 is obsolete and should not be used. -/// -typedef struct { - UINT8 Major; - UINT8 Minor; -} EFI_TLS_VERSION; - -/// -/// EFI_TLS_CONNECTION_END to define TLS session as client or server. -/// -typedef enum { - EfiTlsClient, - EfiTlsServer, -} EFI_TLS_CONNECTION_END; - -/// -/// EFI_TLS_CIPHER -/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1. -/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher -/// Suite Registry of IANA. -/// -typedef struct { - UINT8 Data1; - UINT8 Data2; -} EFI_TLS_CIPHER; - -/// -/// EFI_TLS_COMPRESSION -/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749". -/// -typedef UINT8 EFI_TLS_COMPRESSION; - -/// -/// EFI_TLS_EXTENSION -/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1. -/// Hello Messages". -/// -typedef struct { - UINT16 ExtensionType; - UINT16 Length; - UINT8 Data[1]; -} EFI_TLS_EXTENSION; - -/// -/// EFI_TLS_VERIFY -/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two options -/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired. -/// -typedef UINT32 EFI_TLS_VERIFY; -/// -/// No certificates will be sent or the TLS/SSL handshake will be continued regardless -/// of the certificate verification result. -/// -#define EFI_TLS_VERIFY_NONE 0x0 -/// -/// The TLS/SSL handshake is immediately terminated with an alert message containing -/// the reason for the certificate verification failure. -/// -#define EFI_TLS_VERIFY_PEER 0x1 -/// -/// TLS session will fail peer certificate is absent. -/// -#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 -/// -/// TLS session only verify client once, and doesn't request certificate during -/// re-negotiation. -/// -#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 - -/// -/// EFI_TLS_RANDOM -/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. -/// Hello Messages". -/// -typedef struct { - UINT32 GmtUnixTime; - UINT8 RandomBytes[28]; -} EFI_TLS_RANDOM; - -/// -/// EFI_TLS_MASTER_SECRET -/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1. -/// Computing the Master Secret". -/// -typedef struct { - UINT8 Data[48]; -} EFI_TLS_MASTER_SECRET; - -/// -/// EFI_TLS_SESSION_ID -/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. Hello Messages". -/// -#define MAX_TLS_SESSION_ID_LENGTH 32 -typedef struct { - UINT16 Length; - UINT8 Data[MAX_TLS_SESSION_ID_LENGTH]; -} EFI_TLS_SESSION_ID; - -/// -/// EFI_TLS_SESSION_STATE -/// -typedef enum { - /// - /// When a new child of TLS protocol is created, the initial state of TLS session - /// is EfiTlsSessionNotStarted. - /// - EfiTlsSessionNotStarted, - /// - /// The consumer can call BuildResponsePacket() with NULL to get ClientHello to - /// start the TLS session. Then the status is EfiTlsSessionHandShaking. - /// - EfiTlsSessionHandShaking, - /// - /// During handshake, the consumer need call BuildResponsePacket() with input - /// data from peer, then get response packet and send to peer. After handshake - /// finish, the TLS session status becomes EfiTlsSessionDataTransferring, and - /// consumer can use ProcessPacket() for data transferring. - /// - EfiTlsSessionDataTransferring, - /// - /// Finally, if consumer wants to active close TLS session, consumer need - /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and - /// call BuildResponsePacket() with NULL to get CloseNotify alert message, - /// and sent it out. - /// - EfiTlsSessionClosing, - /// - /// If any error happen during parsing ApplicationData content type, EFI_ABORT - /// will be returned by ProcessPacket(), and TLS session state will become - /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with - /// NULL to get alert message and sent it out. - /// - EfiTlsSessionError, - - EfiTlsSessionStateMaximum - -} EFI_TLS_SESSION_STATE; - -/// -/// EFI_TLS_FRAGMENT_DATA -/// -typedef struct { - /// - /// Length of data buffer in the fragment. - /// - UINT32 FragmentLength; - /// - /// Pointer to the data buffer in the fragment. - /// - VOID *FragmentBuffer; -} EFI_TLS_FRAGMENT_DATA; - -/// -/// EFI_TLS_CRYPT_MODE -/// -typedef enum { - /// - /// Encrypt data provided in the fragment buffers. - /// - EfiTlsEncrypt, - /// - /// Decrypt data provided in the fragment buffers. - /// - EfiTlsDecrypt, -} EFI_TLS_CRYPT_MODE; - -/** - Set TLS session data. - - The SetSessionData() function set data for a new TLS session. All session data should - be set before BuildResponsePacket() invoked. - - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. - @param[in] DataType TLS session data type. - @param[in] Data Pointer to session data. - @param[in] DataSize Total size of session data. - - @retval EFI_SUCCESS The TLS session data is set successfully. - @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: - This is NULL. - Data is NULL. - DataSize is 0. - @retval EFI_UNSUPPORTED The DataType is unsupported. - @retval EFI_ACCESS_DENIED If the DataType is one of below: - EfiTlsClientRandom - EfiTlsServerRandom - EfiTlsKeyMaterial - @retval EFI_NOT_READY Current TLS session state is NOT - EfiTlsSessionStateNotStarted. - @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_TLS_SET_SESSION_DATA) ( - IN EFI_TLS_PROTOCOL *This, - IN EFI_TLS_SESSION_DATA_TYPE DataType, - IN VOID *Data, - IN UINTN DataSize - ); - -/** - Get TLS session data. - - The GetSessionData() function return the TLS session information. - - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. - @param[in] DataType TLS session data type. - @param[in, out] Data Pointer to session data. - @param[in, out] DataSize Total size of session data. On input, it means - the size of Data buffer. On output, it means the size - of copied Data buffer if EFI_SUCCESS, and means the - size of desired Data buffer if EFI_BUFFER_TOO_SMALL. - - @retval EFI_SUCCESS The TLS session data is got successfully. - @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: - This is NULL. - DataSize is NULL. - Data is NULL if *DataSize is not zero. - @retval EFI_UNSUPPORTED The DataType is unsupported. - @retval EFI_NOT_FOUND The TLS session data is not found. - @retval EFI_NOT_READY The DataType is not ready in current session state. - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_TLS_GET_SESSION_DATA) ( - IN EFI_TLS_PROTOCOL *This, - IN EFI_TLS_SESSION_DATA_TYPE DataType, - IN OUT VOID *Data, OPTIONAL - IN OUT UINTN *DataSize - ); - -/** - Build response packet according to TLS state machine. This function is only valid for - alert, handshake and change_cipher_spec content type. - - The BuildResponsePacket() function builds TLS response packet in response to the TLS - request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and - RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session - will be initiated and the response packet needs to be ClientHello. If RequestBuffer is - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS - session will be closed and response packet needs to be CloseNotify. If RequestBuffer is - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS - session has errors and the response packet needs to be Alert message based on error - type. - - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. - @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL - means TLS need initiate the TLS session and response - packet need to be ClientHello. - @param[in] RequestSize Packet size in bytes for the most recently received TLS - packet. 0 is only valid when RequestBuffer is NULL. - @param[out] Buffer Pointer to the buffer to hold the built packet. - @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is - the buffer size provided by the caller. On output, it - is the buffer size in fact needed to contain the - packet. - - @retval EFI_SUCCESS The required TLS packet is built successfully. - @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: - This is NULL. - RequestBuffer is NULL but RequestSize is NOT 0. - RequestSize is 0 but RequestBuffer is NOT NULL. - BufferSize is NULL. - Buffer is NULL if *BufferSize is not zero. - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet. - @retval EFI_NOT_READY Current TLS session state is NOT ready to build - ResponsePacket. - @retval EFI_ABORTED Something wrong build response packet. -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) ( - IN EFI_TLS_PROTOCOL *This, - IN UINT8 *RequestBuffer, OPTIONAL - IN UINTN RequestSize, OPTIONAL - OUT UINT8 *Buffer, OPTIONAL - IN OUT UINTN *BufferSize - ); - -/** - Decrypt or encrypt TLS packet during session. This function is only valid after - session connected and for application_data content type. - - The ProcessPacket () function process each inbound or outbound TLS APP packet. - - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. - @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take - responsible to handle the original FragmentTable while - it may be reallocated in TLS driver. If CryptMode is - EfiTlsEncrypt, on input these fragments contain the TLS - header and plain text TLS APP payload; on output these - fragments contain the TLS header and cipher text TLS - APP payload. If CryptMode is EfiTlsDecrypt, on input - these fragments contain the TLS header and cipher text - TLS APP payload; on output these fragments contain the - TLS header and plain text TLS APP payload. - @param[in] FragmentCount Number of fragment. - @param[in] CryptMode Crypt mode. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: - This is NULL. - FragmentTable is NULL. - FragmentCount is NULL. - CryptoMode is invalid. - @retval EFI_NOT_READY Current TLS session state is NOT - EfiTlsSessionDataTransferring. - @retval EFI_ABORTED Something wrong decryption the message. TLS session - status will become EfiTlsSessionError. The caller need - call BuildResponsePacket() to generate Error Alert - message and send it out. - @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation. -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_TLS_PROCESS_PACKET) ( - IN EFI_TLS_PROTOCOL *This, - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, - IN UINT32 *FragmentCount, - IN EFI_TLS_CRYPT_MODE CryptMode - ); - -/// -/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS session. -/// For detail of TLS, please refer to TLS related RFC. -/// -struct _EFI_TLS_PROTOCOL { - EFI_TLS_SET_SESSION_DATA SetSessionData; - EFI_TLS_GET_SESSION_DATA GetSessionData; - EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket; - EFI_TLS_PROCESS_PACKET ProcessPacket; -}; - -extern EFI_GUID gEfiTlsServiceBindingProtocolGuid; -extern EFI_GUID gEfiTlsProtocolGuid; - -#endif // __EFI_TLS_PROTOCOL_H__ +/** @file + EFI TLS Protocols as defined in UEFI 2.5. + + The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers + to create and destroy child of the driver to communicate with other host using + TLS protocol. + The EFI TLS Protocol provides the ability to manage TLS session. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.5 + +**/ + +#ifndef __EFI_TLS_PROTOCOL_H__ +#define __EFI_TLS_PROTOCOL_H__ + +/// +/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers to +/// create and destroy child of the driver to communicate with other host using TLS +/// protocol. +/// +#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d } \ + } + +/// +/// The EFI TLS protocol provides the ability to manage TLS session. +/// +#define EFI_TLS_PROTOCOL_GUID \ + { \ + 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \ + } + +typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; + +/// +/// EFI_TLS_SESSION_DATA_TYPE +/// +typedef enum { + /// + /// Session Configuration + /// + + /// + /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION. + /// + EfiTlsVersion, + /// + /// TLS session as client or as server. The corresponding Data is of + /// EFI_TLS_CONNECTION_END. + /// + EfiTlsConnectionEnd, + /// + /// A priority list of preferred algorithms for the TLS session. + /// The corresponding Data is a list of EFI_TLS_CIPHER. + /// + EfiTlsCipherList, + /// + /// TLS session compression method. + /// The corresponding Data is of type EFI_TLS_COMPRESSION. + /// + EfiTlsCompressionMethod, + /// + /// TLS session extension data. + /// The corresponding Data is a list of type EFI_TLS_EXTENSION . + /// + EfiTlsExtensionData, + /// + /// TLS session verify method. + /// The corresponding Data is of type EFI_TLS_VERIFY. + /// + EfiTlsVerifyMethod, + /// + /// TLS session data session ID. + /// For SetSessionData(), it is TLS session ID used for session resumption. + /// For GetSessionData(), it is the TLS session ID used for current session. + /// The corresponding Data is of type EFI_TLS_SESSION_ID. + /// + EfiTlsSessionID, + /// + /// TLS session data session state. + /// The corresponding Data is of type EFI_TLS_SESSION_STATE. + /// + EfiTlsSessionState, + + /// + /// Session information + /// + + /// + /// TLS session data client random. + /// The corresponding Data is of type EFI_TLS_RANDOM. + /// + EfiTlsClientRandom, + /// + /// TLS session data server random. + /// The corresponding Data is of type EFI_TLS_RANDOM. + /// + EfiTlsServerRandom, + /// + /// TLS session data key material. + /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. + /// + EfiTlsKeyMaterial, + + EfiTlsSessionDataTypeMaximum + +} EFI_TLS_SESSION_DATA_TYPE; + +/// +/// EFI_TLS_VERSION +/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2). +/// SSL2.0 is obsolete and should not be used. +/// +typedef struct { + UINT8 Major; + UINT8 Minor; +} EFI_TLS_VERSION; + +/// +/// EFI_TLS_CONNECTION_END to define TLS session as client or server. +/// +typedef enum { + EfiTlsClient, + EfiTlsServer, +} EFI_TLS_CONNECTION_END; + +/// +/// EFI_TLS_CIPHER +/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1. +/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher +/// Suite Registry of IANA. +/// +typedef struct { + UINT8 Data1; + UINT8 Data2; +} EFI_TLS_CIPHER; + +/// +/// EFI_TLS_COMPRESSION +/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749". +/// +typedef UINT8 EFI_TLS_COMPRESSION; + +/// +/// EFI_TLS_EXTENSION +/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1. +/// Hello Messages". +/// +typedef struct { + UINT16 ExtensionType; + UINT16 Length; + UINT8 Data[1]; +} EFI_TLS_EXTENSION; + +/// +/// EFI_TLS_VERIFY +/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two options +/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired. +/// +typedef UINT32 EFI_TLS_VERIFY; +/// +/// No certificates will be sent or the TLS/SSL handshake will be continued regardless +/// of the certificate verification result. +/// +#define EFI_TLS_VERIFY_NONE 0x0 +/// +/// The TLS/SSL handshake is immediately terminated with an alert message containing +/// the reason for the certificate verification failure. +/// +#define EFI_TLS_VERIFY_PEER 0x1 +/// +/// TLS session will fail peer certificate is absent. +/// +#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 +/// +/// TLS session only verify client once, and doesn't request certificate during +/// re-negotiation. +/// +#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 + +/// +/// EFI_TLS_RANDOM +/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. +/// Hello Messages". +/// +typedef struct { + UINT32 GmtUnixTime; + UINT8 RandomBytes[28]; +} EFI_TLS_RANDOM; + +/// +/// EFI_TLS_MASTER_SECRET +/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1. +/// Computing the Master Secret". +/// +typedef struct { + UINT8 Data[48]; +} EFI_TLS_MASTER_SECRET; + +/// +/// EFI_TLS_SESSION_ID +/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. Hello Messages". +/// +#define MAX_TLS_SESSION_ID_LENGTH 32 +typedef struct { + UINT16 Length; + UINT8 Data[MAX_TLS_SESSION_ID_LENGTH]; +} EFI_TLS_SESSION_ID; + +/// +/// EFI_TLS_SESSION_STATE +/// +typedef enum { + /// + /// When a new child of TLS protocol is created, the initial state of TLS session + /// is EfiTlsSessionNotStarted. + /// + EfiTlsSessionNotStarted, + /// + /// The consumer can call BuildResponsePacket() with NULL to get ClientHello to + /// start the TLS session. Then the status is EfiTlsSessionHandShaking. + /// + EfiTlsSessionHandShaking, + /// + /// During handshake, the consumer need call BuildResponsePacket() with input + /// data from peer, then get response packet and send to peer. After handshake + /// finish, the TLS session status becomes EfiTlsSessionDataTransferring, and + /// consumer can use ProcessPacket() for data transferring. + /// + EfiTlsSessionDataTransferring, + /// + /// Finally, if consumer wants to active close TLS session, consumer need + /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and + /// call BuildResponsePacket() with NULL to get CloseNotify alert message, + /// and sent it out. + /// + EfiTlsSessionClosing, + /// + /// If any error happen during parsing ApplicationData content type, EFI_ABORT + /// will be returned by ProcessPacket(), and TLS session state will become + /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with + /// NULL to get alert message and sent it out. + /// + EfiTlsSessionError, + + EfiTlsSessionStateMaximum + +} EFI_TLS_SESSION_STATE; + +/// +/// EFI_TLS_FRAGMENT_DATA +/// +typedef struct { + /// + /// Length of data buffer in the fragment. + /// + UINT32 FragmentLength; + /// + /// Pointer to the data buffer in the fragment. + /// + VOID *FragmentBuffer; +} EFI_TLS_FRAGMENT_DATA; + +/// +/// EFI_TLS_CRYPT_MODE +/// +typedef enum { + /// + /// Encrypt data provided in the fragment buffers. + /// + EfiTlsEncrypt, + /// + /// Decrypt data provided in the fragment buffers. + /// + EfiTlsDecrypt, +} EFI_TLS_CRYPT_MODE; + +/** + Set TLS session data. + + The SetSessionData() function set data for a new TLS session. All session data should + be set before BuildResponsePacket() invoked. + + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. + @param[in] DataType TLS session data type. + @param[in] Data Pointer to session data. + @param[in] DataSize Total size of session data. + + @retval EFI_SUCCESS The TLS session data is set successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + This is NULL. + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_ACCESS_DENIED If the DataType is one of below: + EfiTlsClientRandom + EfiTlsServerRandom + EfiTlsKeyMaterial + @retval EFI_NOT_READY Current TLS session state is NOT + EfiTlsSessionStateNotStarted. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TLS_SET_SESSION_DATA) ( + IN EFI_TLS_PROTOCOL *This, + IN EFI_TLS_SESSION_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get TLS session data. + + The GetSessionData() function return the TLS session information. + + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. + @param[in] DataType TLS session data type. + @param[in, out] Data Pointer to session data. + @param[in, out] DataSize Total size of session data. On input, it means + the size of Data buffer. On output, it means the size + of copied Data buffer if EFI_SUCCESS, and means the + size of desired Data buffer if EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The TLS session data is got successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + This is NULL. + DataSize is NULL. + Data is NULL if *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The TLS session data is not found. + @retval EFI_NOT_READY The DataType is not ready in current session state. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TLS_GET_SESSION_DATA) ( + IN EFI_TLS_PROTOCOL *This, + IN EFI_TLS_SESSION_DATA_TYPE DataType, + IN OUT VOID *Data, OPTIONAL + IN OUT UINTN *DataSize + ); + +/** + Build response packet according to TLS state machine. This function is only valid for + alert, handshake and change_cipher_spec content type. + + The BuildResponsePacket() function builds TLS response packet in response to the TLS + request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and + RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session + will be initiated and the response packet needs to be ClientHello. If RequestBuffer is + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS + session will be closed and response packet needs to be CloseNotify. If RequestBuffer is + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS + session has errors and the response packet needs to be Alert message based on error + type. + + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. + @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL + means TLS need initiate the TLS session and response + packet need to be ClientHello. + @param[in] RequestSize Packet size in bytes for the most recently received TLS + packet. 0 is only valid when RequestBuffer is NULL. + @param[out] Buffer Pointer to the buffer to hold the built packet. + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is + the buffer size provided by the caller. On output, it + is the buffer size in fact needed to contain the + packet. + + @retval EFI_SUCCESS The required TLS packet is built successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + This is NULL. + RequestBuffer is NULL but RequestSize is NOT 0. + RequestSize is 0 but RequestBuffer is NOT NULL. + BufferSize is NULL. + Buffer is NULL if *BufferSize is not zero. + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet. + @retval EFI_NOT_READY Current TLS session state is NOT ready to build + ResponsePacket. + @retval EFI_ABORTED Something wrong build response packet. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) ( + IN EFI_TLS_PROTOCOL *This, + IN UINT8 *RequestBuffer, OPTIONAL + IN UINTN RequestSize, OPTIONAL + OUT UINT8 *Buffer, OPTIONAL + IN OUT UINTN *BufferSize + ); + +/** + Decrypt or encrypt TLS packet during session. This function is only valid after + session connected and for application_data content type. + + The ProcessPacket () function process each inbound or outbound TLS APP packet. + + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance. + @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take + responsible to handle the original FragmentTable while + it may be reallocated in TLS driver. If CryptMode is + EfiTlsEncrypt, on input these fragments contain the TLS + header and plain text TLS APP payload; on output these + fragments contain the TLS header and cipher text TLS + APP payload. If CryptMode is EfiTlsDecrypt, on input + these fragments contain the TLS header and cipher text + TLS APP payload; on output these fragments contain the + TLS header and plain text TLS APP payload. + @param[in] FragmentCount Number of fragment. + @param[in] CryptMode Crypt mode. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + This is NULL. + FragmentTable is NULL. + FragmentCount is NULL. + CryptoMode is invalid. + @retval EFI_NOT_READY Current TLS session state is NOT + EfiTlsSessionDataTransferring. + @retval EFI_ABORTED Something wrong decryption the message. TLS session + status will become EfiTlsSessionError. The caller need + call BuildResponsePacket() to generate Error Alert + message and send it out. + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TLS_PROCESS_PACKET) ( + IN EFI_TLS_PROTOCOL *This, + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable, + IN UINT32 *FragmentCount, + IN EFI_TLS_CRYPT_MODE CryptMode + ); + +/// +/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS session. +/// For detail of TLS, please refer to TLS related RFC. +/// +struct _EFI_TLS_PROTOCOL { + EFI_TLS_SET_SESSION_DATA SetSessionData; + EFI_TLS_GET_SESSION_DATA GetSessionData; + EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket; + EFI_TLS_PROCESS_PACKET ProcessPacket; +}; + +extern EFI_GUID gEfiTlsServiceBindingProtocolGuid; +extern EFI_GUID gEfiTlsProtocolGuid; + +#endif // __EFI_TLS_PROTOCOL_H__ + diff --git a/MdePkg/Include/Protocol/TlsConfig.h b/MdePkg/Include/Protocol/TlsConfig.h index 012f4ce75e..3e5916cb9d 100644 --- a/MdePkg/Include/Protocol/TlsConfig.h +++ b/MdePkg/Include/Protocol/TlsConfig.h @@ -1,132 +1,133 @@ -/** @file - EFI TLS Configuration Protocol as defined in UEFI 2.5. - The EFI TLS Configuration Protocol provides a way to set and get TLS configuration. - - Copyright (c) 2016, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at - http://opensource.org/licenses/bsd-license.php - - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - @par Revision Reference: - This Protocol is introduced in UEFI Specification 2.5 - -**/ -#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__ -#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__ - -/// -/// The EFI Configuration protocol provides a way to set and get TLS configuration. -/// -#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \ - { \ - 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d } \ - } - -typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL EFI_TLS_CONFIGURATION_PROTOCOL; - -/// -/// EFI_TLS_CONFIG_DATA_TYPE -/// -typedef enum { - /// - /// Local host configuration data: public certificate data. - /// This data should be DER-encoded binary X.509 certificate - /// or PEM-encoded X.509 certificate. - /// - EfiTlsConfigDataTypeHostPublicCert, - /// - /// Local host configuration data: private key data. - /// - EfiTlsConfigDataTypeHostPrivateKey, - /// - /// CA certificate to verify peer. This data should be PEM-encoded - /// RSA or PKCS#8 private key. - /// - EfiTlsConfigDataTypeCACertificate, - /// - /// CA-supplied Certificate Revocation List data. This data should - /// be DER-encoded CRL data. - /// - EfiTlsConfigDataTypeCertRevocationList, - - EfiTlsConfigDataTypeMaximum - -} EFI_TLS_CONFIG_DATA_TYPE; - -/** - Set TLS configuration data. - - The SetData() function sets TLS configuration to non-volatile storage or volatile - storage. - - @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance. - @param[in] DataType Configuration data type. - @param[in] Data Pointer to configuration data. - @param[in] DataSize Total size of configuration data. - - @retval EFI_SUCCESS The TLS configuration data is set successfully. - @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: - This is NULL. - Data is NULL. - DataSize is 0. - @retval EFI_UNSUPPORTED The DataType is unsupported. - @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)( - IN EFI_TLS_CONFIGURATION_PROTOCOL *This, - IN EFI_TLS_CONFIG_DATA_TYPE DataType, - IN VOID *Data, - IN UINTN DataSize - ); - -/** - Get TLS configuration data. - - The GetData() function gets TLS configuration. - - @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance. - @param[in] DataType Configuration data type. - @param[in, out] Data Pointer to configuration data. - @param[in, out] DataSize Total size of configuration data. On input, it means - the size of Data buffer. On output, it means the size - of copied Data buffer if EFI_SUCCESS, and means the - size of desired Data buffer if EFI_BUFFER_TOO_SMALL. - - @retval EFI_SUCCESS The TLS configuration data is got successfully. - @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: - This is NULL. - DataSize is NULL. - Data is NULL if *DataSize is not zero. - @retval EFI_UNSUPPORTED The DataType is unsupported. - @retval EFI_NOT_FOUND The TLS configuration data is not found. - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)( - IN EFI_TLS_CONFIGURATION_PROTOCOL *This, - IN EFI_TLS_CONFIG_DATA_TYPE DataType, - IN OUT VOID *Data, OPTIONAL - IN OUT UINTN *DataSize - ); - -/// -/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way to set and get -/// TLS configuration, such as Certificate, private key data. -/// -struct _EFI_TLS_CONFIGURATION_PROTOCOL { - EFI_TLS_CONFIGURATION_SET_DATA SetData; - EFI_TLS_CONFIGURATION_GET_DATA GetData; -}; - -extern EFI_GUID gEfiTlsConfigurationProtocolGuid; - -#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__ +/** @file + EFI TLS Configuration Protocol as defined in UEFI 2.5. + The EFI TLS Configuration Protocol provides a way to set and get TLS configuration. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.5 + +**/ +#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__ +#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__ + +/// +/// The EFI Configuration protocol provides a way to set and get TLS configuration. +/// +#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \ + { \ + 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d } \ + } + +typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL EFI_TLS_CONFIGURATION_PROTOCOL; + +/// +/// EFI_TLS_CONFIG_DATA_TYPE +/// +typedef enum { + /// + /// Local host configuration data: public certificate data. + /// This data should be DER-encoded binary X.509 certificate + /// or PEM-encoded X.509 certificate. + /// + EfiTlsConfigDataTypeHostPublicCert, + /// + /// Local host configuration data: private key data. + /// + EfiTlsConfigDataTypeHostPrivateKey, + /// + /// CA certificate to verify peer. This data should be PEM-encoded + /// RSA or PKCS#8 private key. + /// + EfiTlsConfigDataTypeCACertificate, + /// + /// CA-supplied Certificate Revocation List data. This data should + /// be DER-encoded CRL data. + /// + EfiTlsConfigDataTypeCertRevocationList, + + EfiTlsConfigDataTypeMaximum + +} EFI_TLS_CONFIG_DATA_TYPE; + +/** + Set TLS configuration data. + + The SetData() function sets TLS configuration to non-volatile storage or volatile + storage. + + @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance. + @param[in] DataType Configuration data type. + @param[in] Data Pointer to configuration data. + @param[in] DataSize Total size of configuration data. + + @retval EFI_SUCCESS The TLS configuration data is set successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + This is NULL. + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)( + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, + IN EFI_TLS_CONFIG_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get TLS configuration data. + + The GetData() function gets TLS configuration. + + @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance. + @param[in] DataType Configuration data type. + @param[in, out] Data Pointer to configuration data. + @param[in, out] DataSize Total size of configuration data. On input, it means + the size of Data buffer. On output, it means the size + of copied Data buffer if EFI_SUCCESS, and means the + size of desired Data buffer if EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The TLS configuration data is got successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + This is NULL. + DataSize is NULL. + Data is NULL if *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The TLS configuration data is not found. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)( + IN EFI_TLS_CONFIGURATION_PROTOCOL *This, + IN EFI_TLS_CONFIG_DATA_TYPE DataType, + IN OUT VOID *Data, OPTIONAL + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way to set and get +/// TLS configuration, such as Certificate, private key data. +/// +struct _EFI_TLS_CONFIGURATION_PROTOCOL { + EFI_TLS_CONFIGURATION_SET_DATA SetData; + EFI_TLS_CONFIGURATION_GET_DATA GetData; +}; + +extern EFI_GUID gEfiTlsConfigurationProtocolGuid; + +#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__ + diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c index 249fe477b4..68c33e9b7b 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -217,7 +217,7 @@ StrnSizeS ( @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumUnicodeStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumUnicodeStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -231,7 +231,7 @@ StrCpyS ( ) { UINTN SourceLen; - + ASSERT (((UINTN) Destination & BIT0) == 0); ASSERT (((UINTN) Source & BIT0) == 0); @@ -296,12 +296,12 @@ StrCpyS ( @param Length The maximum number of Unicode characters to copy. @retval RETURN_SUCCESS String is copied. - @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than + @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than MIN(StrLen(Source), Length). @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumUnicodeStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumUnicodeStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -388,14 +388,14 @@ StrnCpyS ( @param Source A pointer to a Null-terminated Unicode string. @retval RETURN_SUCCESS String is appended. - @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than + @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than StrLen(Destination). @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT greater than StrLen(Source). @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumUnicodeStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumUnicodeStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -411,7 +411,7 @@ StrCatS ( UINTN DestLen; UINTN CopyLen; UINTN SourceLen; - + ASSERT (((UINTN) Destination & BIT0) == 0); ASSERT (((UINTN) Source & BIT0) == 0); @@ -497,7 +497,7 @@ StrCatS ( @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumUnicodeStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumUnicodeStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -514,7 +514,7 @@ StrnCatS ( UINTN DestLen; UINTN CopyLen; UINTN SourceLen; - + ASSERT (((UINTN) Destination & BIT0) == 0); ASSERT (((UINTN) Source & BIT0) == 0); @@ -1799,7 +1799,7 @@ AsciiStrnSizeS ( @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumAsciiStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumAsciiStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -1813,7 +1813,7 @@ AsciiStrCpyS ( ) { UINTN SourceLen; - + // // 1. Neither Destination nor Source shall be a null pointer. // @@ -1873,12 +1873,12 @@ AsciiStrCpyS ( @param Length The maximum number of Ascii characters to copy. @retval RETURN_SUCCESS String is copied. - @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than + @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than MIN(StrLen(Source), Length). @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumAsciiStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumAsciiStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -1960,14 +1960,14 @@ AsciiStrnCpyS ( @param Source A pointer to a Null-terminated Ascii string. @retval RETURN_SUCCESS String is appended. - @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than + @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than StrLen(Destination). @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT greater than StrLen(Source). @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumAsciiStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumAsciiStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -1983,7 +1983,7 @@ AsciiStrCatS ( UINTN DestLen; UINTN CopyLen; UINTN SourceLen; - + // // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS. // @@ -2064,7 +2064,7 @@ AsciiStrCatS ( @retval RETURN_INVALID_PARAMETER If Destination is NULL. If Source is NULL. If PcdMaximumAsciiStringLength is not zero, - and DestMax is greater than + and DestMax is greater than PcdMaximumAsciiStringLength. If DestMax is 0. @retval RETURN_ACCESS_DENIED If Source and Destination overlap. @@ -2081,7 +2081,7 @@ AsciiStrnCatS ( UINTN DestLen; UINTN CopyLen; UINTN SourceLen; - + // // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS. // @@ -3265,7 +3265,8 @@ AsciiStrToIpv6Address ( &Address->Addr[CompressStart + ARRAY_SIZE (Address->Addr) - AddressIndex], &LocalAddress.Addr[CompressStart], AddressIndex - CompressStart - ); + ); + } if (PrefixLength != NULL) { -- cgit v1.2.3