CryptoPkg: Add new Tls APIs to DXE and protocol
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
@@ -3474,6 +3474,28 @@ TlsWrite (
|
||||
CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0);
|
||||
}
|
||||
|
||||
/**
|
||||
Shutdown a TLS connection.
|
||||
|
||||
Shutdown the TLS connection without releasing the resources, meaning a new
|
||||
connection can be started without calling TlsNew() and without setting
|
||||
certificates etc.
|
||||
|
||||
@param[in] Tls Pointer to the TLS object to shutdown.
|
||||
|
||||
@retval EFI_SUCCESS The TLS is shutdown successfully.
|
||||
@retval EFI_INVALID_PARAMETER Tls is NULL.
|
||||
@retval EFI_PROTOCOL_ERROR Some other error occurred.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TlsShutdown (
|
||||
IN VOID *Tls
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED);
|
||||
}
|
||||
|
||||
/**
|
||||
Set a new TLS/SSL method for a particular TLS object.
|
||||
|
||||
@@ -3699,11 +3721,41 @@ TlsSetHostPublicCert (
|
||||
/**
|
||||
Adds the local private key to the specified TLS object.
|
||||
|
||||
This function adds the local private key (PEM-encoded RSA or PKCS#8 private
|
||||
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
|
||||
key) into the specified TLS object for TLS negotiation.
|
||||
|
||||
@param[in] Tls Pointer to the TLS object.
|
||||
@param[in] Data Pointer to the data buffer of a PEM-encoded RSA
|
||||
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
|
||||
or PKCS#8 private key.
|
||||
@param[in] DataSize The size of data buffer in bytes.
|
||||
@param[in] Password Pointer to NULL-terminated private key password, set it to NULL
|
||||
if private key not encrypted.
|
||||
|
||||
@retval EFI_SUCCESS The operation succeeded.
|
||||
@retval EFI_UNSUPPORTED This function is not supported.
|
||||
@retval EFI_ABORTED Invalid private key data.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TlsSetHostPrivateKeyEx (
|
||||
IN VOID *Tls,
|
||||
IN VOID *Data,
|
||||
IN UINTN DataSize,
|
||||
IN VOID *Password OPTIONAL
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), EFI_UNSUPPORTED);
|
||||
}
|
||||
|
||||
/**
|
||||
Adds the local private key to the specified TLS object.
|
||||
|
||||
This function adds the local private key (DER-encoded or PEM-encoded or PKCS#8 private
|
||||
key) into the specified TLS object for TLS negotiation.
|
||||
|
||||
@param[in] Tls Pointer to the TLS object.
|
||||
@param[in] Data Pointer to the data buffer of a DER-encoded or PEM-encoded
|
||||
or PKCS#8 private key.
|
||||
@param[in] DataSize The size of data buffer in bytes.
|
||||
|
||||
@@ -3747,6 +3799,59 @@ TlsSetCertRevocationList (
|
||||
CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
|
||||
}
|
||||
|
||||
/**
|
||||
Set the signature algorithm list to used by the TLS object.
|
||||
|
||||
This function sets the signature algorithms for use by a specified TLS object.
|
||||
|
||||
@param[in] Tls Pointer to a TLS object.
|
||||
@param[in] Data Array of UINT8 of signature algorithms. The array consists of
|
||||
pairs of the hash algorithm and the signature algorithm as defined
|
||||
in RFC 5246
|
||||
@param[in] DataSize The length the SignatureAlgoList. Must be divisible by 2.
|
||||
|
||||
@retval EFI_SUCCESS The signature algorithm list was set successfully.
|
||||
@retval EFI_INVALID_PARAMETER The parameters are invalid.
|
||||
@retval EFI_UNSUPPORTED No supported TLS signature algorithm was found in SignatureAlgoList
|
||||
@retval EFI_OUT_OF_RESOURCES Memory allocation failed.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TlsSetSignatureAlgoList (
|
||||
IN VOID *Tls,
|
||||
IN UINT8 *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
|
||||
}
|
||||
|
||||
/**
|
||||
Set the EC curve to be used for TLS flows
|
||||
|
||||
This function sets the EC curve to be used for TLS flows.
|
||||
|
||||
@param[in] Tls Pointer to a TLS object.
|
||||
@param[in] Data An EC named curve as defined in section 5.1.1 of RFC 4492.
|
||||
@param[in] DataSize Size of Data, it should be sizeof (UINT32)
|
||||
|
||||
@retval EFI_SUCCESS The EC curve was set successfully.
|
||||
@retval EFI_INVALID_PARAMETER The parameters are invalid.
|
||||
@retval EFI_UNSUPPORTED The requested TLS EC curve is not supported
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TlsSetEcCurve (
|
||||
IN VOID *Tls,
|
||||
IN UINT8 *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED);
|
||||
}
|
||||
|
||||
/**
|
||||
Gets the protocol version used by the specified TLS connection.
|
||||
|
||||
@@ -4062,6 +4167,43 @@ TlsGetCertRevocationList (
|
||||
CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
|
||||
}
|
||||
|
||||
/**
|
||||
Derive keying material from a TLS connection.
|
||||
|
||||
This function exports keying material using the mechanism described in RFC
|
||||
5705.
|
||||
|
||||
@param[in] Tls Pointer to the TLS object
|
||||
@param[in] Label Description of the key for the PRF function
|
||||
@param[in] Context Optional context
|
||||
@param[in] ContextLen The length of the context value in bytes
|
||||
@param[out] KeyBuffer Buffer to hold the output of the TLS-PRF
|
||||
@param[in] KeyBufferLen The length of the KeyBuffer
|
||||
|
||||
@retval EFI_SUCCESS The operation succeeded.
|
||||
@retval EFI_INVALID_PARAMETER The TLS object is invalid.
|
||||
@retval EFI_PROTOCOL_ERROR Some other error occurred.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TlsGetExportKey (
|
||||
IN VOID *Tls,
|
||||
IN CONST VOID *Label,
|
||||
IN CONST VOID *Context,
|
||||
IN UINTN ContextLen,
|
||||
OUT VOID *KeyBuffer,
|
||||
IN UINTN KeyBufferLen
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (
|
||||
TlsGetExportKey,
|
||||
(Tls, Label, Context, ContextLen,
|
||||
KeyBuffer, KeyBufferLen),
|
||||
EFI_UNSUPPORTED
|
||||
);
|
||||
}
|
||||
|
||||
// =====================================================================================
|
||||
// Big number primitive
|
||||
// =====================================================================================
|
||||
|
Reference in New Issue
Block a user