From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiaxin.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7AE2122361E40
 for <edk2-devel@lists.01.org>; Sat, 10 Feb 2018 19:09:33 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 10 Feb 2018 19:15:21 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,493,1511856000"; d="scan'208";a="203071653"
Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.51])
 by fmsmga005.fm.intel.com with ESMTP; 10 Feb 2018 19:15:19 -0800
From: Jiaxin Wu <jiaxin.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Laszlo Ersek <lersek@redhat.com>,
 Kinney Michael D <michael.d.kinney@intel.com>,
 Zimmer Vincent <vincent.zimmer@intel.com>,
 Yao Jiewen <jiewen.yao@intel.com>, Ye Ting <ting.ye@intel.com>,
 Fu Siyuan <siyuan.fu@intel.com>, Wu Jiaxin <jiaxin.wu@intel.com>
Date: Sun, 11 Feb 2018 11:15:15 +0800
Message-Id: <1518318916-12816-2-git-send-email-jiaxin.wu@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.1
In-Reply-To: <1518318916-12816-1-git-send-email-jiaxin.wu@intel.com>
References: <1518318916-12816-1-git-send-email-jiaxin.wu@intel.com>
Subject: [PATCH v2 1/2] NetworkPkg: Define one private variable for HTTPS to set Tls CipherList.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Feb 2018 03:09:33 -0000

v2:
* Rename the file/variable name.

This variable (HttpTlsCipherList) can be set by any platform that want to
control its own preferred Tls CipherList for the later HTTPS session.

The valid contents of variable must follow the TLS CipherList format defined
in RFC 5246. The valid length of variable must be an integral multiple of 2.
For example, if below cipher suites are preferred:
    CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = {0x00,0x3C}
    CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = {0x00,0x3D}
Then, the contents of variable should be:
    {0x00,0x3C,0x00,0x3D}

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Cc: Zimmer Vincent <vincent.zimmer@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 NetworkPkg/Include/Guid/HttpTlsCipherList.h | 38 +++++++++++++++++++++++++++++
 NetworkPkg/NetworkPkg.dec                   |  3 +++
 2 files changed, 41 insertions(+)
 create mode 100644 NetworkPkg/Include/Guid/HttpTlsCipherList.h

diff --git a/NetworkPkg/Include/Guid/HttpTlsCipherList.h b/NetworkPkg/Include/Guid/HttpTlsCipherList.h
new file mode 100644
index 0000000..c2e3e65
--- /dev/null
+++ b/NetworkPkg/Include/Guid/HttpTlsCipherList.h
@@ -0,0 +1,38 @@
+/** @file
+  This file defines the HttpTlsCipherList variable for HTTPS to configure Tls Cipher List.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __HTTP_TLS_CIPHER_LIST_H__
+#define __HTTP_TLS_CIPHER_LIST_H__
+
+//
+// Private Variable for HTTPS to configure Tls Cipher List.
+// The valid contents of variable must follow the TLS CipherList format defined in RFC 5246. 
+// The valid length of variable must be an integral multiple of 2.
+// For example, if below cipher suites are preferred:
+// 	 CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = {0x00,0x3C}
+//   CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = {0x00,0x3D}
+// Then, the contents of variable should be:
+//   {0x00,0x3C,0x00,0x3D}
+//
+#define EDKII_HTTP_TLS_CIPHER_LIST_GUID \
+  { \
+    0x46ddb415, 0x5244, 0x49c7, { 0x93, 0x74, 0xf0, 0xe2, 0x98, 0xe7, 0xd3, 0x86 } \
+  }
+  
+#define EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE       L"HttpTlsCipherList"
+
+extern EFI_GUID gHttpTlsCipherListGuid;
+
+#endif
+
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index 902df37..9742ad5 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -44,10 +44,13 @@
   gTlsAuthConfigGuid            = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }}
   
   # Include/Guid/TlsAuthentication.h
   gEfiTlsCaCertificateGuid      = { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }}
 
+  # Include/Guid/HttpTlsCipherList.h
+  gHttpTlsCipherListGuid        = { 0x46ddb415, 0x5244, 0x49c7, { 0x93, 0x74, 0xf0, 0xe2, 0x98, 0xe7, 0xd3, 0x86 }}
+
 [PcdsFixedAtBuild]
   ## The max attempt number will be created by iSCSI driver.
   # @Prompt Max attempt number.
   gEfiNetworkPkgTokenSpaceGuid.PcdMaxIScsiAttemptNumber|0x08|UINT8|0x0000000D
 
-- 
1.9.5.msysgit.1