Thanks, next patch set will fix it. -----Original Message----- From: Kinney, Michael D <michael.d.kin...@intel.com> Sent: Friday, September 30, 2022 1:09 PM To: devel@edk2.groups.io; Li, Yi1 <yi1...@intel.com>; Kinney, Michael D <michael.d.kin...@intel.com> Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J <jian.j.w...@intel.com>; Lu, Xiaoyu1 <xiaoyu1...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com> Subject: RE: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol
I see one issue with adding new bits to the crypto services structured PCD. Comment below. Mike > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Yi > Sent: Sunday, September 25, 2022 11:27 PM > To: devel@edk2.groups.io > Cc: Li, Yi1 <yi1...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; > Wang, Jian J <jian.j.w...@intel.com>; Lu, Xiaoyu1 > <xiaoyu1...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com> > Subject: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE > and protocol > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 > > The implementation provides new Tls library functions for Crypto EFI > Driver and Protocol. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyu1...@intel.com> > Cc: Guomin Jiang <guomin.ji...@intel.com> > Signed-off-by: Yi Li <yi1...@intel.com> > --- > CryptoPkg/Driver/Crypto.c | 155 +++++++++++++++++- > .../Pcd/PcdCryptoServiceFamilyEnable.h | 5 + > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 146 ++++++++++++++++- > CryptoPkg/Private/Protocol/Crypto.h | 136 ++++++++++++++- > 4 files changed, 435 insertions(+), 7 deletions(-) > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 7a8266aaba..f1ff77855c 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -4238,6 +4238,28 @@ CryptoServiceTlsWrite ( > return CALL_BASECRYPTLIB (Tls.Services.Write, TlsWrite, (Tls, > Buffer, BufferSize), 0); } > > +/** > + Shutdown a TLS connection. > + > + Shutdown the TLS connection without releasing the resources, > + meaning a new connection can be started without calling TlsNew() > + and without setting certificates etc. > + > + @param[in] Tls Pointer to the TLS object to shutdown. > + > + @retval EFI_SUCCESS The TLS is shutdown successfully. > + @retval EFI_INVALID_PARAMETER Tls is NULL. > + @retval EFI_PROTOCOL_ERROR Some other error occurred. > +**/ > +EFI_STATUS > +EFIAPI > +CryptoServiceTlsShutdown ( > + IN VOID *Tls > + ) > +{ > + return CALL_BASECRYPTLIB (Tls.Services.Shutdown, TlsShutdown, > +(Tls), EFI_UNSUPPORTED); } > + > /** > Set a new TLS/SSL method for a particular TLS object. > > @@ -4463,11 +4485,41 @@ CryptoServiceTlsSetHostPublicCert ( > /** > Adds the local private key to the specified TLS object. > > - This function adds the local private key (PEM-encoded RSA or PKCS#8 > private > + This function adds the local private key (DER-encoded or > + PEM-encoded or PKCS#8 private > + key) into the specified TLS object for TLS negotiation. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Data Pointer to the data buffer of a DER-encoded or > PEM-encoded > + or PKCS#8 private key. > + @param[in] DataSize The size of data buffer in bytes. > + @param[in] Password Pointer to NULL-terminated private key password, > set it to NULL > + if private key not encrypted. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_ABORTED Invalid private key data. > + > +**/ > +EFI_STATUS > +EFIAPI > +CryptoServiceTlsSetHostPrivateKeyEx ( > + IN VOID *Tls, > + IN VOID *Data, > + IN UINTN DataSize, > + IN VOID *Password OPTIONAL > + ) > +{ > + return CALL_BASECRYPTLIB (TlsSet.Services.HostPrivateKeyEx, > +TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, Password), > EFI_UNSUPPORTED); > +} > + > +/** > + Adds the local private key to the specified TLS object. > + > + This function adds the local private key (DER-encoded or > + PEM-encoded or PKCS#8 private > key) into the specified TLS object for TLS negotiation. > > @param[in] Tls Pointer to the TLS object. > - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA > + @param[in] Data Pointer to the data buffer of a DER-encoded or > PEM-encoded > or PKCS#8 private key. > @param[in] DataSize The size of data buffer in bytes. > > @@ -4511,6 +4563,59 @@ CryptoServiceTlsSetCertRevocationList ( > return CALL_BASECRYPTLIB (TlsSet.Services.CertRevocationList, > TlsSetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } > > +/** > + Set the signature algorithm list to used by the TLS object. > + > + This function sets the signature algorithms for use by a specified TLS > object. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] Data Array of UINT8 of signature algorithms. The > array consists of > + pairs of the hash algorithm and the > signature algorithm as defined > + in RFC 5246 > + @param[in] DataSize The length the SignatureAlgoList. Must be > divisible by 2. > + > + @retval EFI_SUCCESS The signature algorithm list was set > successfully. > + @retval EFI_INVALID_PARAMETER The parameters are invalid. > + @retval EFI_UNSUPPORTED No supported TLS signature algorithm was > found in SignatureAlgoList > + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. > + > +**/ > +EFI_STATUS > +EFIAPI > +CryptoServiceTlsSetSignatureAlgoList ( > + IN VOID *Tls, > + IN UINT8 *Data, > + IN UINTN DataSize > + ) > +{ > + return CALL_BASECRYPTLIB (TlsSet.Services.SignatureAlgoList, > +TlsSetSignatureAlgoList, (Tls, Data, DataSize), EFI_UNSUPPORTED); } > + > +/** > + Set the EC curve to be used for TLS flows > + > + This function sets the EC curve to be used for TLS flows. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] Data An EC named curve as defined in section > 5.1.1 of RFC 4492. > + @param[in] DataSize Size of Data, it should be sizeof (UINT32) > + > + @retval EFI_SUCCESS The EC curve was set successfully. > + @retval EFI_INVALID_PARAMETER The parameters are invalid. > + @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported > + > +**/ > +EFI_STATUS > +EFIAPI > +CryptoServiceTlsSetEcCurve ( > + IN VOID *Tls, > + IN UINT8 *Data, > + IN UINTN DataSize > + ) > +{ > + return CALL_BASECRYPTLIB (TlsSet.Services.EcCurve, TlsSetEcCurve, > +(Tls, Data, DataSize), EFI_UNSUPPORTED); } > + > /** > Gets the protocol version used by the specified TLS connection. > > @@ -4826,6 +4931,44 @@ CryptoServiceTlsGetCertRevocationList ( > return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, > TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } > > +/** > + Derive keying material from a TLS connection. > + > + This function exports keying material using the mechanism described > + in RFC 5705. > + > + @param[in] Tls Pointer to the TLS object > + @param[in] Label Description of the key for the PRF function > + @param[in] Context Optional context > + @param[in] ContextLen The length of the context value in bytes > + @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF > + @param[in] KeyBufferLen The length of the KeyBuffer > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_INVALID_PARAMETER The TLS object is invalid. > + @retval EFI_PROTOCOL_ERROR Some other error occurred. > + > +**/ > +EFI_STATUS > +EFIAPI > +CryptoServiceTlsGetExportKey ( > + IN VOID *Tls, > + IN CONST VOID *Label, > + IN CONST VOID *Context, > + IN UINTN ContextLen, > + OUT VOID *KeyBuffer, > + IN UINTN KeyBufferLen > + ) > +{ > + return CALL_BASECRYPTLIB ( > + TlsGet.Services.ExportKey, > + TlsGetExportKey, > + (Tls, Label, Context, ContextLen, > + KeyBuffer, KeyBufferLen), > + EFI_UNSUPPORTED > + ); > +} > + > /** > Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. > > @@ -6266,4 +6409,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { > CryptoServiceEcGenerateKey, > CryptoServiceEcGetPubKey, > CryptoServiceEcDhComputeKey, > + /// TLS (continued) > + CryptoServiceTlsShutdown, > + /// TLS Set (continued) > + CryptoServiceTlsSetHostPrivateKeyEx, > + CryptoServiceTlsSetSignatureAlgoList, > + CryptoServiceTlsSetEcCurve, > + /// TLS Get (continued) > + CryptoServiceTlsGetExportKey > }; > diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h > b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h > index 45bafc2161..70caa2122b 100644 > --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h > +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h > @@ -269,6 +269,7 @@ typedef struct { > UINT8 CtrlTrafficIn : 1; > UINT8 Read : 1; > UINT8 Write : 1; > + UINT8 Shutdown : 1; > } Services; > UINT32 Family; > } Tls; > @@ -283,8 +284,11 @@ typedef struct { > UINT8 SessionId : 1; > UINT8 CaCertificate : 1; > UINT8 HostPublicCert : 1; > + UINT8 HostPrivateKeyEx : 1; New bits must be added to the end of the Services struct. Move after EcCurve. > UINT8 HostPrivateKey : 1; > UINT8 CertRevocationList : 1; > + UINT8 SignatureAlgoList : 1; > + UINT8 EcCurve : 1; > } Services; > UINT32 Family; > } TlsSet; > @@ -303,6 +307,7 @@ typedef struct { > UINT8 HostPublicCert : 1; > UINT8 HostPrivateKey : 1; > UINT8 CertRevocationList : 1; > + UINT8 ExportKey : 1; > } Services; > UINT32 Family; > } TlsGet; > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 791e2ef599..52b934a545 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -3474,6 +3474,28 @@ TlsWrite ( > CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, BufferSize), 0); } > > +/** > + Shutdown a TLS connection. > + > + Shutdown the TLS connection without releasing the resources, > + meaning a new connection can be started without calling TlsNew() > + and without setting certificates etc. > + > + @param[in] Tls Pointer to the TLS object to shutdown. > + > + @retval EFI_SUCCESS The TLS is shutdown successfully. > + @retval EFI_INVALID_PARAMETER Tls is NULL. > + @retval EFI_PROTOCOL_ERROR Some other error occurred. > +**/ > +EFI_STATUS > +EFIAPI > +TlsShutdown ( > + IN VOID *Tls > + ) > +{ > + CALL_CRYPTO_SERVICE (TlsShutdown, (Tls), EFI_UNSUPPORTED); } > + > /** > Set a new TLS/SSL method for a particular TLS object. > > @@ -3699,11 +3721,41 @@ TlsSetHostPublicCert ( > /** > Adds the local private key to the specified TLS object. > > - This function adds the local private key (PEM-encoded RSA or PKCS#8 > private > + This function adds the local private key (DER-encoded or > + PEM-encoded or PKCS#8 private > key) into the specified TLS object for TLS negotiation. > > @param[in] Tls Pointer to the TLS object. > - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA > + @param[in] Data Pointer to the data buffer of a DER-encoded or > PEM-encoded > + or PKCS#8 private key. > + @param[in] DataSize The size of data buffer in bytes. > + @param[in] Password Pointer to NULL-terminated private key password, > set it to NULL > + if private key not encrypted. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_ABORTED Invalid private key data. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetHostPrivateKeyEx ( > + IN VOID *Tls, > + IN VOID *Data, > + IN UINTN DataSize, > + IN VOID *Password OPTIONAL > + ) > +{ > + CALL_CRYPTO_SERVICE (TlsSetHostPrivateKeyEx, (Tls, Data, DataSize, > +Password), EFI_UNSUPPORTED); } > + > +/** > + Adds the local private key to the specified TLS object. > + > + This function adds the local private key (DER-encoded or > + PEM-encoded or PKCS#8 private > + key) into the specified TLS object for TLS negotiation. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Data Pointer to the data buffer of a DER-encoded or > PEM-encoded > or PKCS#8 private key. > @param[in] DataSize The size of data buffer in bytes. > > @@ -3747,6 +3799,59 @@ TlsSetCertRevocationList ( > CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, (Data, DataSize), > EFI_UNSUPPORTED); } > > +/** > + Set the signature algorithm list to used by the TLS object. > + > + This function sets the signature algorithms for use by a specified TLS > object. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] Data Array of UINT8 of signature algorithms. The > array consists of > + pairs of the hash algorithm and the > signature algorithm as defined > + in RFC 5246 > + @param[in] DataSize The length the SignatureAlgoList. Must be > divisible by 2. > + > + @retval EFI_SUCCESS The signature algorithm list was set > successfully. > + @retval EFI_INVALID_PARAMETER The parameters are invalid. > + @retval EFI_UNSUPPORTED No supported TLS signature algorithm was > found in SignatureAlgoList > + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetSignatureAlgoList ( > + IN VOID *Tls, > + IN UINT8 *Data, > + IN UINTN DataSize > + ) > +{ > + CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, > +DataSize), EFI_UNSUPPORTED); } > + > +/** > + Set the EC curve to be used for TLS flows > + > + This function sets the EC curve to be used for TLS flows. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] Data An EC named curve as defined in section > 5.1.1 of RFC 4492. > + @param[in] DataSize Size of Data, it should be sizeof (UINT32) > + > + @retval EFI_SUCCESS The EC curve was set successfully. > + @retval EFI_INVALID_PARAMETER The parameters are invalid. > + @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetEcCurve ( > + IN VOID *Tls, > + IN UINT8 *Data, > + IN UINTN DataSize > + ) > +{ > + CALL_CRYPTO_SERVICE (TlsSetSignatureAlgoList, (Tls, Data, > +DataSize), EFI_UNSUPPORTED); } > + > /** > Gets the protocol version used by the specified TLS connection. > > @@ -4062,6 +4167,43 @@ TlsGetCertRevocationList ( > CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), > EFI_UNSUPPORTED); } > > +/** > + Derive keying material from a TLS connection. > + > + This function exports keying material using the mechanism described > + in RFC 5705. > + > + @param[in] Tls Pointer to the TLS object > + @param[in] Label Description of the key for the PRF function > + @param[in] Context Optional context > + @param[in] ContextLen The length of the context value in bytes > + @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF > + @param[in] KeyBufferLen The length of the KeyBuffer > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_INVALID_PARAMETER The TLS object is invalid. > + @retval EFI_PROTOCOL_ERROR Some other error occurred. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetExportKey ( > + IN VOID *Tls, > + IN CONST VOID *Label, > + IN CONST VOID *Context, > + IN UINTN ContextLen, > + OUT VOID *KeyBuffer, > + IN UINTN KeyBufferLen > + ) > +{ > + CALL_CRYPTO_SERVICE ( > + TlsGetExportKey, > + (Tls, Label, Context, ContextLen, > + KeyBuffer, KeyBufferLen), > + EFI_UNSUPPORTED > + ); > +} > + > // > ===================================================================================== > // Big number primitive > // > ====================================================================== > =============== diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index 2f267c7f55..6293efa36b 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -21,7 +21,7 @@ > /// the EDK II Crypto Protocol is extended, this version define must > be /// increased. > /// > -#define EDKII_CRYPTO_VERSION 13 > +#define EDKII_CRYPTO_VERSION 14 > > /// > /// EDK II Crypto Protocol forward declaration @@ -3186,6 +3186,25 @@ > INTN > IN UINTN BufferSize > ); > > +/** > + Shutdown a TLS connection. > + > + Shutdown the TLS connection without releasing the resources, > + meaning a new connection can be started without calling TlsNew() > + and without setting certificates etc. > + > + @param[in] Tls Pointer to the TLS object to shutdown. > + > + @retval EFI_SUCCESS The TLS is shutdown successfully. > + @retval EFI_INVALID_PARAMETER Tls is NULL. > + @retval EFI_PROTOCOL_ERROR Some other error occurred. > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EDKII_CRYPTO_TLS_SHUTDOWN)( > + IN VOID *Tls > + ); > + > /** > Set a new TLS/SSL method for a particular TLS object. > > @@ -3384,11 +3403,38 @@ EFI_STATUS > /** > Adds the local private key to the specified TLS object. > > - This function adds the local private key (PEM-encoded RSA or PKCS#8 > private > + This function adds the local private key (DER-encoded or > + PEM-encoded or PKCS#8 private > + key) into the specified TLS object for TLS negotiation. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Data Pointer to the data buffer of a DER-encoded or > PEM-encoded > + or PKCS#8 private key. > + @param[in] DataSize The size of data buffer in bytes. > + @param[in] Password Pointer to NULL-terminated private key password, > set it to NULL > + if private key not encrypted. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_ABORTED Invalid private key data. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX)( > + IN VOID *Tls, > + IN VOID *Data, > + IN UINTN DataSize, > + IN VOID *Password OPTIONAL > + ); > + > +/** > + Adds the local private key to the specified TLS object. > + > + This function adds the local private key (DER-encoded or > + PEM-encoded or PKCS#8 private > key) into the specified TLS object for TLS negotiation. > > @param[in] Tls Pointer to the TLS object. > - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA > + @param[in] Data Pointer to the data buffer of a DER-encoded or > PEM-encoded > or PKCS#8 private key. > @param[in] DataSize The size of data buffer in bytes. > > @@ -3680,6 +3726,82 @@ EFI_STATUS > IN OUT UINTN *DataSize > ); > > +/** > + Set the signature algorithm list to used by the TLS object. > + > + This function sets the signature algorithms for use by a specified TLS > object. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] Data Array of UINT8 of signature algorithms. The > array consists of > + pairs of the hash algorithm and the > signature algorithm as defined > + in RFC 5246 > + @param[in] DataSize The length the SignatureAlgoList. Must be > divisible by 2. > + > + @retval EFI_SUCCESS The signature algorithm list was set > successfully. > + @retval EFI_INVALID_PARAMETER The parameters are invalid. > + @retval EFI_UNSUPPORTED No supported TLS signature algorithm was > found in SignatureAlgoList > + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST)( > + IN VOID *Tls, > + IN UINT8 *Data, > + IN UINTN DataSize > + ); > + > +/** > + Set the EC curve to be used for TLS flows > + > + This function sets the EC curve to be used for TLS flows. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] Data An EC named curve as defined in section > 5.1.1 of RFC 4492. > + @param[in] DataSize Size of Data, it should be sizeof (UINT32) > + > + @retval EFI_SUCCESS The EC curve was set successfully. > + @retval EFI_INVALID_PARAMETER The parameters are invalid. > + @retval EFI_UNSUPPORTED The requested TLS EC curve is not supported > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EDKII_CRYPTO_TLS_SET_EC_CURVE)( > + IN VOID *Tls, > + IN UINT8 *Data, > + IN UINTN DataSize > + ); > + > +/** > + Derive keying material from a TLS connection. > + > + This function exports keying material using the mechanism described > + in RFC 5705. > + > + @param[in] Tls Pointer to the TLS object > + @param[in] Label Description of the key for the PRF function > + @param[in] Context Optional context > + @param[in] ContextLen The length of the context value in bytes > + @param[out] KeyBuffer Buffer to hold the output of the TLS-PRF > + @param[in] KeyBufferLen The length of the KeyBuffer > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_INVALID_PARAMETER The TLS object is invalid. > + @retval EFI_PROTOCOL_ERROR Some other error occurred. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *EDKII_CRYPTO_TLS_GET_EXPORT_KEY)( > + IN VOID *Tls, > + IN CONST VOID *Label, > + IN CONST VOID *Context, > + IN UINTN ContextLen, > + OUT VOID *KeyBuffer, > + IN UINTN KeyBufferLen > + ); > + > /** > Gets the CA-supplied certificate revocation list data set in the specified > TLS object. > @@ -4954,6 +5076,14 @@ struct _EDKII_CRYPTO_PROTOCOL { > EDKII_CRYPTO_EC_GENERATE_KEY EcGenerateKey; > EDKII_CRYPTO_EC_GET_PUB_KEY EcGetPubKey; > EDKII_CRYPTO_EC_DH_COMPUTE_KEY EcDhComputeKey; > + /// TLS (continued) > + EDKII_CRYPTO_TLS_SHUTDOWN TlsShutdown; > + /// TLS Set (continued) > + EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY_EX TlsSetHostPrivateKeyEx; > + EDKII_CRYPTO_TLS_SET_SIGNATURE_ALGO_LIST > TlsSetSignatureAlgoList; > + EDKII_CRYPTO_TLS_SET_EC_CURVE TlsSetEcCurve; > + /// TLS Get (continued) > + EDKII_CRYPTO_TLS_GET_EXPORT_KEY TlsGetExportKey; > }; > > extern GUID gEdkiiCryptoProtocolGuid; > -- > 2.31.1.windows.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94561): https://edk2.groups.io/g/devel/message/94561 Mute This Topic: https://groups.io/mt/93921700/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
