CryptoPkg: Add new Tls APIs to DXE and protocol

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892

The implementation provides new Tls library functions
for Crypto EFI Driver and Protocol.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Yi Li
2022-09-26 00:13:05 +08:00
committed by mergify[bot]
parent bb78d969b7
commit 8db4e9f9a0
4 changed files with 435 additions and 7 deletions

View File

@@ -3474,6 +3474,28 @@ TlsWrite (
CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0);
}
/**
Shutdown a TLS connection.
Shutdown the TLS connection without releasing the resources, meaning a new
connection can be started without calling TlsNew() and without setting
certificates etc.
@param[in] Tls Pointer to the TLS object to shutdown.
@retval EFI_SUCCESS The TLS is shutdown successfully.
@retval EFI_INVALID_PARAMETER Tls is NULL.
@retval EFI_PROTOCOL_ERROR Some other error occurred.
**/
EFI_STATUS
EFIAPI
TlsShutdown (
IN VOID *Tls
)
{
CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED);
}
/**
Set a new TLS/SSL method for a particular TLS object.
@@ -3699,11 +3721,41 @@ TlsSetHostPublicCert (
/**
Adds the local private key to the specified TLS object.
This function adds the local private key (PEM-encoded RSA or PKCS#8 private
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
@param[in] Data Pointer to the data buffer of a PEM-encoded RSA
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@param[in] Password Pointer to NULL-terminated private key password, set it to NULL
if private key not encrypted.
@retval EFI_SUCCESS The operation succeeded.
@retval EFI_UNSUPPORTED This function is not supported.
@retval EFI_ABORTED Invalid private key data.
**/
EFI_STATUS
EFIAPI
TlsSetHostPrivateKeyEx (
IN VOID *Tls,
IN VOID *Data,
IN UINTN DataSize,
IN VOID *Password OPTIONAL
)
{
CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
}
/**
Adds the local private key to the specified TLS object.
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
key) into the specified TLS object for TLS negotiation.
@param[in] Tls Pointer to the TLS object.
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
or PKCS#8 private key.
@param[in] DataSize The size of data buffer in bytes.
@@ -3747,6 +3799,59 @@ TlsSetCertRevocationList (
CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
/**
Set the signature algorithm list to used by the TLS object.
This function sets the signature algorithms for use by a specified TLS object.
@param[in] Tls Pointer to a TLS object.
@param[in] Data Array of UINT8 of signature algorithms. The array consists of
pairs of the hash algorithm and the signature algorithm as defined
in RFC 5246
@param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
@retval EFI_SUCCESS The signature algorithm list was set successfully.
@retval EFI_INVALID_PARAMETER The parameters are invalid.
@retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
@retval EFI_OUT_OF_RESOURCES Memory allocation failed.
**/
EFI_STATUS
EFIAPI
TlsSetSignatureAlgoList (
IN VOID *Tls,
IN UINT8 *Data,
IN UINTN DataSize
)
{
CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
}
/**
Set the EC curve to be used for TLS flows
This function sets the EC curve to be used for TLS flows.
@param[in] Tls Pointer to a TLS object.
@param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
@param[in] DataSize Size of Data, it should be sizeof (UINT32)
@retval EFI_SUCCESS The EC curve was set successfully.
@retval EFI_INVALID_PARAMETER The parameters are invalid.
@retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
**/
EFI_STATUS
EFIAPI
TlsSetEcCurve (
IN VOID *Tls,
IN UINT8 *Data,
IN UINTN DataSize
)
{
CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
}
/**
Gets the protocol version used by the specified TLS connection.
@@ -4062,6 +4167,43 @@ TlsGetCertRevocationList (
CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
/**
Derive keying material from a TLS connection.
This function exports keying material using the mechanism described in RFC
5705.
@param[in] Tls Pointer to the TLS object
@param[in] Label Description of the key for the PRF function
@param[in] Context Optional context
@param[in] ContextLen The length of the context value in bytes
@param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
@param[in] KeyBufferLen The length of the KeyBuffer
@retval EFI_SUCCESS The operation succeeded.
@retval EFI_INVALID_PARAMETER The TLS object is invalid.
@retval EFI_PROTOCOL_ERROR Some other error occurred.
**/
EFI_STATUS
EFIAPI
TlsGetExportKey (
IN VOID *Tls,
IN CONST VOID *Label,
IN CONST VOID *Context,
IN UINTN ContextLen,
OUT VOID *KeyBuffer,
IN UINTN KeyBufferLen
)
{
CALL_CRYPTO_SERVICE (
TlsGetExportKey,
(Tls, Label, Context, ContextLen,
KeyBuffer, KeyBufferLen),
EFI_UNSUPPORTED
);
}
// =====================================================================================
// Big number primitive
// =====================================================================================