public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Jiaxin Wu <jiaxin.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Laszlo Ersek <lersek@redhat.com>,
	Kinney Michael D <michael.d.kinney@intel.com>,
	Zimmer Vincent <vincent.zimmer@intel.com>,
	Yao Jiewen <jiewen.yao@intel.com>, Ye Ting <ting.ye@intel.com>,
	Fu Siyuan <siyuan.fu@intel.com>, Wu Jiaxin <jiaxin.wu@intel.com>
Subject: [Patch 1/2] NetworkPkg: Define one private variable for TLS CipherList configuration.
Date: Fri,  9 Feb 2018 11:59:37 +0800	[thread overview]
Message-ID: <1518148778-14300-2-git-send-email-jiaxin.wu@intel.com> (raw)
In-Reply-To: <1518148778-14300-1-git-send-email-jiaxin.wu@intel.com>

This variable can be set by any platform that want to control its own preferred
TlsCipherList for the later HTTPS session.

The valid contents of variable must follow the TLS CipherList format defined
in RFC 5246. The valid length of variable must be an integral multiple of 2.
For example, if below cipher suites are preferred:
    CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = {0x00,0x3C}
    CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = {0x00,0x3D}
Then, the contents of variable should be:
    {0x00,0x3C,0x00,0x3D}

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Cc: Zimmer Vincent <vincent.zimmer@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 NetworkPkg/Include/Guid/TlsCipherList.h | 38 +++++++++++++++++++++++++++++++++
 NetworkPkg/NetworkPkg.dec               |  3 +++
 2 files changed, 41 insertions(+)
 create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h

diff --git a/NetworkPkg/Include/Guid/TlsCipherList.h b/NetworkPkg/Include/Guid/TlsCipherList.h
new file mode 100644
index 0000000..e31b7bf
--- /dev/null
+++ b/NetworkPkg/Include/Guid/TlsCipherList.h
@@ -0,0 +1,38 @@
+/** @file
+  This file defines the TlsCipherList variable for HTTPS to configure Tls Cipher List.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_CIPHER_LIST_H__
+#define __TLS_CIPHER_LIST_H__
+
+//
+// Private Variable for HTTPS to configure Tls Cipher List.
+// The valid contents of variable must follow the TLS CipherList format defined in RFC 5246. 
+// The valid length of variable must be an integral multiple of 2.
+// For example, if below cipher suites are preferred:
+// 	 CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = {0x00,0x3C}
+//   CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = {0x00,0x3D}
+// Then, the contents of variable should be:
+//   {0x00,0x3C,0x00,0x3D}
+//
+#define EDKII_TLS_CIPHER_LIST_GUID \
+  { \
+    0x46ddb415, 0x5244, 0x49c7, { 0x93, 0x74, 0xf0, 0xe2, 0x98, 0xe7, 0xd3, 0x86 } \
+  }
+  
+#define EDKII_TLS_CIPHER_LIST_VARIABLE       L"TlsCipherList"
+
+extern EFI_GUID gTlsCipherListGuid;
+
+#endif
+
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index 902df37..bdf8361 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -44,10 +44,13 @@
   gTlsAuthConfigGuid            = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }}
   
   # Include/Guid/TlsAuthentication.h
   gEfiTlsCaCertificateGuid      = { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }}
 
+  # Include/Guid/TlsCipherList.h
+  gTlsCipherListGuid       = { 0x46ddb415, 0x5244, 0x49c7, { 0x93, 0x74, 0xf0, 0xe2, 0x98, 0xe7, 0xd3, 0x86 }}
+
 [PcdsFixedAtBuild]
   ## The max attempt number will be created by iSCSI driver.
   # @Prompt Max attempt number.
   gEfiNetworkPkgTokenSpaceGuid.PcdMaxIScsiAttemptNumber|0x08|UINT8|0x0000000D
 
-- 
1.9.5.msysgit.1



  reply	other threads:[~2018-02-09  3:54 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-09  3:59 [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList Jiaxin Wu
2018-02-09  3:59 ` Jiaxin Wu [this message]
2018-02-09  3:59 ` [Patch 2/2] NetworkPkg: Read TlsCipherList variable and configure it for HTTPS session Jiaxin Wu
2018-02-09 10:16   ` Laszlo Ersek
2018-02-11  2:45     ` Wu, Jiaxin
2018-02-09  5:22 ` [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList Fu, Siyuan
2018-02-09  5:25   ` Wu, Jiaxin
2018-02-09  7:08   ` Li, Ruth
2018-02-09  7:10     ` Wu, Jiaxin
2018-02-09 10:11   ` Laszlo Ersek
2018-02-11  2:33     ` Wu, Jiaxin
2018-02-12 18:53       ` Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1518148778-14300-2-git-send-email-jiaxin.wu@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox