subject:"Re\: \[edk2\-devel\] \[PATCH 3\/3\] CryptoPkg\: Add new Tls APIs to DXE and protocol"

Re: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

2022-09-29 Thread Li, Yi

Thanks, next patch set will fix it.

-Original Message-
From: Kinney, Michael D  
Sent: Friday, September 30, 2022 1:09 PM
To: devel@edk2.groups.io; Li, Yi1 ; Kinney, Michael D 

Cc: Yao, Jiewen ; Wang, Jian J ; 
Lu, Xiaoyu1 ; Jiang, Guomin 
Subject: RE: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and 
protocol

I see one issue with adding new bits to the crypto services structured PCD.

Comment below.

Mike

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Li, Yi
> Sent: Sunday, September 25, 2022 11:27 PM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 ; Yao, Jiewen ; 
> Wang, Jian J ; Lu, Xiaoyu1 
> ; Jiang, Guomin 
> Subject: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE 
> and protocol
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892
> 
> The implementation provides new Tls library functions for Crypto EFI 
> Driver and Protocol.
> 
> Cc: Jiewen Yao 
> Cc: Jian J Wang 
> Cc: Xiaoyu Lu 
> Cc: Guomin Jiang 
> Signed-off-by: Yi Li 
> ---
>  CryptoPkg/Driver/Crypto.c | 155 +-
>  .../Pcd/PcdCryptoServiceFamilyEnable.h|   5 +
>  .../BaseCryptLibOnProtocolPpi/CryptLib.c  | 146 -
>  CryptoPkg/Private/Protocol/Crypto.h   | 136 ++-
>  4 files changed, 435 insertions(+), 7 deletions(-)
> 
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c 
> index 7a8266aaba..f1ff77855c 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -4238,6 +4238,28 @@ CryptoServiceTlsWrite (
>return CALL_BASECRYPTLIB (Tls.Services.Write, TlsWrite, (Tls, 
> Buffer, BufferSize), 0);  }
> 
> +/**
> +  Shutdown a TLS connection.
> +
> +  Shutdown the TLS connection without releasing the resources, 
> + meaning a new  connection can be started without calling TlsNew() 
> + and without setting  certificates etc.
> +
> +  @param[in]   TlsPointer to the TLS object to shutdown.
> +
> +  @retval EFI_SUCCESS The TLS is shutdown successfully.
> +  @retval EFI_INVALID_PARAMETER   Tls is NULL.
> +  @retval EFI_PROTOCOL_ERROR  Some other error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +CryptoServiceTlsShutdown (
> +  IN VOID  *Tls
> +  )
> +{
> +  return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, 
> +(Tls), EFI_UNSUPPORTED); }
> +
>  /**
>Set a new TLS/SSL method for a particular TLS object.
> 
> @@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert (
>  /**
>Adds the local private key to the specified TLS object.
> 
> -  This function adds the local private key (PEM-encoded RSA or PKCS#8 
> private
> +  This function adds the local private key (DER-encoded or 
> + PEM-encoded or PKCS#8 private
> +  key) into the specified TLS object for TLS negotiation.
> +
> +  @param[in]  Tls Pointer to the TLS object.
> +  @param[in]  DataPointer to the data buffer of a DER-encoded or 
> PEM-encoded
> +  or PKCS#8 private key.
> +  @param[in]  DataSizeThe size of data buffer in bytes.
> +  @param[in]  PasswordPointer to NULL-terminated private key password, 
> set it to NULL
> +  if private key not encrypted.
> +
> +  @retval  EFI_SUCCESS The operation succeeded.
> +  @retval  EFI_UNSUPPORTED This function is not supported.
> +  @retval  EFI_ABORTED Invalid private key data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CryptoServiceTlsSetHostPrivateKeyEx (
> +  IN VOID   *Tls,
> +  IN VOID   *Data,
> +  IN UINTN  DataSize,
> +  IN VOID   *Password  OPTIONAL
> +  )
> +{
> +  return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, 
> +TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password),
> EFI_UNSUPPORTED);
> +}
> +
> +/**
> +  Adds the local private key to the specified TLS object.
> +
> +  This function adds the local private key (DER-encoded or 
> + PEM-encoded or PKCS#8 private
>key) into the specified TLS object for TLS negotiation.
> 
>@param[in]  Tls Pointer to the TLS object.
> -  @param[in]  DataPointer to the data buffer of a PEM-encoded RSA
> +  @param[in]  DataPointer to the data buffer of a DER-encoded or 
> PEM-encoded
>or PKCS#8 private key.
>@param[in]  DataSizeThe size of data buffer in bytes.
> 
> @@ -4511,6 +4563,59 @@ CryptoServiceTlsSetCertRevocationList (
>return CALL_BASECRYPTLIB (TlsSet.Services.CertRevocationList, 
> TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);  }
> 
> +/**
> +  Set the signature algorithm list to used by the TLS object.
> +
&

Re: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

2022-09-29 Thread Michael D Kinney

I see one issue with adding new bits to the crypto services structured PCD.

Comment below.

Mike

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Li, Yi
> Sent: Sunday, September 25, 2022 11:27 PM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 ; Yao, Jiewen ; Wang, 
> Jian J ; Lu, Xiaoyu1
> ; Jiang, Guomin 
> Subject: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and 
> protocol
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892
> 
> The implementation provides new Tls library functions
> for Crypto EFI Driver and Protocol.
> 
> Cc: Jiewen Yao 
> Cc: Jian J Wang 
> Cc: Xiaoyu Lu 
> Cc: Guomin Jiang 
> Signed-off-by: Yi Li 
> ---
>  CryptoPkg/Driver/Crypto.c | 155 +-
>  .../Pcd/PcdCryptoServiceFamilyEnable.h|   5 +
>  .../BaseCryptLibOnProtocolPpi/CryptLib.c  | 146 -
>  CryptoPkg/Private/Protocol/Crypto.h   | 136 ++-
>  4 files changed, 435 insertions(+), 7 deletions(-)
> 
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> index 7a8266aaba..f1ff77855c 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -4238,6 +4238,28 @@ CryptoServiceTlsWrite (
>return CALL_BASECRYPTLIB (Tls.Services.Write, TlsWrite, (Tls, Buffer, 
> BufferSize), 0);
>  }
> 
> +/**
> +  Shutdown a TLS connection.
> +
> +  Shutdown the TLS connection without releasing the resources, meaning a new
> +  connection can be started without calling TlsNew() and without setting
> +  certificates etc.
> +
> +  @param[in]   TlsPointer to the TLS object to shutdown.
> +
> +  @retval EFI_SUCCESS The TLS is shutdown successfully.
> +  @retval EFI_INVALID_PARAMETER   Tls is NULL.
> +  @retval EFI_PROTOCOL_ERROR  Some other error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +CryptoServiceTlsShutdown (
> +  IN VOID  *Tls
> +  )
> +{
> +  return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, (Tls), 
> EFI_UNSUPPORTED);
> +}
> +
>  /**
>Set a new TLS/SSL method for a particular TLS object.
> 
> @@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert (
>  /**
>Adds the local private key to the specified TLS object.
> 
> -  This function adds the local private key (PEM-encoded RSA or PKCS#8 private
> +  This function adds the local private key (DER-encoded or PEM-encoded or 
> PKCS#8 private
> +  key) into the specified TLS object for TLS negotiation.
> +
> +  @param[in]  Tls Pointer to the TLS object.
> +  @param[in]  DataPointer to the data buffer of a DER-encoded or 
> PEM-encoded
> +  or PKCS#8 private key.
> +  @param[in]  DataSizeThe size of data buffer in bytes.
> +  @param[in]  PasswordPointer to NULL-terminated private key password, 
> set it to NULL
> +  if private key not encrypted.
> +
> +  @retval  EFI_SUCCESS The operation succeeded.
> +  @retval  EFI_UNSUPPORTED This function is not supported.
> +  @retval  EFI_ABORTED Invalid private key data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +CryptoServiceTlsSetHostPrivateKeyEx (
> +  IN VOID   *Tls,
> +  IN VOID   *Data,
> +  IN UINTN  DataSize,
> +  IN VOID   *Password  OPTIONAL
> +  )
> +{
> +  return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, 
> TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password),
> EFI_UNSUPPORTED);
> +}
> +
> +/**
> +  Adds the local private key to the specified TLS object.
> +
> +  This function adds the local private key (DER-encoded or PEM-encoded or 
> PKCS#8 private
>key) into the specified TLS object for TLS negotiation.
> 
>@param[in]  Tls Pointer to the TLS object.
> -  @param[in]  DataPointer to the data buffer of a PEM-encoded RSA
> +  @param[in]  DataPointer to the data buffer of a DER-encoded or 
> PEM-encoded
>or PKCS#8 private key.
>@param[in]  DataSizeThe size of data buffer in bytes.
> 
> @@ -4511,6 +4563,59 @@ CryptoServiceTlsSetCertRevocationList (
>return CALL_BASECRYPTLIB (TlsSet.Services.CertRevocationList, 
> TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
>  }
> 
> +/**
> +  Set the signature algorithm list to used by the TLS object.
> +
> +  This function sets the signature algorithms for use by a specified TLS 
> object.
> +
> +  @param[in]  TlsPointer to a TLS object.
> +  @param[in]  Data   Array of UINT8 of signature algorithms. The 
> array consists of
> + pairs of the hash algorithm and the 
> signature algorithm as defined
> + in RFC 5246
> +  @param[in]  DataSize   The length the SignatureAlgoList. Must be 
> divisible by 2.
> +
> +  @retval  EFI_SUCCESS   The signature algorithm list was set 
> successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameters are invalid.
> +  @retval  EFI_UNSUPPORTED   No supported TLS s

Re: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

Re: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

2 matches

Site Navigation

Mail list logo

Footer information