From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C749822661B21 for ; Tue, 3 Apr 2018 07:52:10 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1F1F06166F; Tue, 3 Apr 2018 14:52:10 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-185.rdu2.redhat.com [10.10.120.185]) by smtp.corp.redhat.com (Postfix) with ESMTP id A15E72026E0E; Tue, 3 Apr 2018 14:52:08 +0000 (UTC) From: Laszlo Ersek To: edk2-devel-01 Cc: Jiaxin Wu , Qin Long , Siyuan Fu , Ting Ye Date: Tue, 3 Apr 2018 16:51:44 +0200 Message-Id: <20180403145149.8925-9-lersek@redhat.com> In-Reply-To: <20180403145149.8925-1-lersek@redhat.com> References: <20180403145149.8925-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Tue, 03 Apr 2018 14:52:10 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Tue, 03 Apr 2018 14:52:10 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: [PATCH 08/13] CryptoPkg/TlsLib: add the "TlsMappingTable.sh" POSIX shell script X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2018 14:52:11 -0000 Add a shell script that will help us keep "TlsCipherMappingTable" in "TlsConfig.c" up-to-date. Cc: Jiaxin Wu Cc: Qin Long Cc: Siyuan Fu Cc: Ting Ye Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek --- CryptoPkg/Library/TlsLib/TlsLib.inf | 2 + CryptoPkg/Library/TlsLib/TlsMappingTable.sh | 140 ++++++++++++++++++++ 2 files changed, 142 insertions(+) diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf b/CryptoPkg/Library/TlsLib/TlsLib.inf index a3f93e7165cb..dc7f3a5dbd23 100644 --- a/CryptoPkg/Library/TlsLib/TlsLib.inf +++ b/CryptoPkg/Library/TlsLib/TlsLib.inf @@ -52,6 +52,8 @@ [BuildOptions] # # suppress the following warnings so we do not break the build with warnings-as-errors: # C4090: 'function' : different 'const' qualifiers # MSFT:*_*_*_CC_FLAGS = /wd4090 +[UserExtensions.TianoCore."ExtraFiles"] + TlsMappingTable.sh diff --git a/CryptoPkg/Library/TlsLib/TlsMappingTable.sh b/CryptoPkg/Library/TlsLib/TlsMappingTable.sh new file mode 100644 index 000000000000..0cb4a4faa597 --- /dev/null +++ b/CryptoPkg/Library/TlsLib/TlsMappingTable.sh @@ -0,0 +1,140 @@ +## @file +# +# POSIX shell script to refresh "TlsCipherMappingTable" in "TlsConfig.c". +# +# Note: the output of this script is not meant to blindly replace the current +# contents of "TlsCipherMappingTable". It only helps with the composition and +# formatting of candidate lines. +# +# Copyright (C) 2018, Red Hat, Inc. +# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT +# WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +# Exit on error, treat unset variables as errors, don't overwrite existing +# files with the ">" output redirection operator. +set -e -u -C + +# This script uses a few utilities that are not defined by POSIX. Check if they +# are available. +if ( ! command -v mktemp || + ! command -v openssl || + ! command -v curl || + ! command -v column ) >/dev/null +then + BASENAME=$(basename -- "$0") + { + printf -- '%s: please install the following utilities first:\n' "$BASENAME" + printf -- '%s: mktemp openssl curl column\n' "$BASENAME" + } >&2 + exit 1 +fi + +# Create a temporary file for saving the OpenSSL output. +OPENSSL_LIST=$(mktemp) +trap 'rm -f -- "$OPENSSL_LIST"' EXIT + +# Create a temporary file for saving the IANA TLS Cipher Suite Registry. +IANA_LIST=$(mktemp) +trap 'rm -f -- "$OPENSSL_LIST" "$IANA_LIST"' EXIT + +# Sorting, and range expressions in regular expressions, depend on the locale. +# Use a well-defined locale. +LC_ALL=C +export LC_ALL + +# Get OPENSSL_LIST. +{ + # List cipher suite codes and names from OpenSSL. + openssl ciphers -V ALL + + # This produces a line format like: + # 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD + # (sequences of space characters squeezed for brevity). +} | +{ + # Project the list to UINT16 hex codes (network byte order interpretation) + # and OpenSSL cipher suite names. + sed -r -n -e 's/^ *0x([0-9A-F]{2}),0x([0-9A-F]{2}) - ([^ ]+) .*$/\1\2 \3/p' + + # This produces a line format like: + # C030 ECDHE-RSA-AES256-GCM-SHA384 +} | +{ + # Sort the output so we can later join it on the UINT16 hex code as key. + sort +} >>"$OPENSSL_LIST" + +# Get IANA_LIST. +{ + # Download the CSV file from the IANA website. + curl -s https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv + + # This produces a line format like: + # Value,Description,DTLS-OK,Reference + # "0x00,0x00",TLS_NULL_WITH_NULL_NULL,Y,[RFC5246] +} | +{ + # Project the list to UINT16 hex codes (network byte order interpretation) + # and Descriptions (TLS_xxx macros). + sed -r -n \ + -e 's/^"0x([0-9A-F]{2}),0x([0-9A-F]{2})",([A-Za-z0-9_]+).*$/\1\2 \3/p' + + # This produces a line format like: + # 0000 TLS_NULL_WITH_NULL_NULL +} | +{ + # Sort the output so we can later join it on the UINT16 hex code as key. + sort +} >>"$IANA_LIST" + +# Produce the C source code on stdout. +{ + # Join the two lists first. Elements that are in exactly one input file are + # dropped. + join -- "$OPENSSL_LIST" "$IANA_LIST" + + # This produces a line format like: + # 0004 RC4-MD5 TLS_RSA_WITH_RC4_128_MD5 + # And the output remains sorted by UINT16 hex key. +} | +{ + # Produce a valid C language line. Be careful that only one space character + # is preserved, for the next step. + sed -r -n -e 's!^([0-9A-F]{4}) ([^ ]+) ([^ ]+)$!{0x\1,"\2"}, ///\3!p' + + # This produces a line format like: + # {0x0004,"RC4-MD5"}, ///TLS_RSA_WITH_RC4_128_MD5 +} | +{ + # Align the rightmost column nicely (the TLS_xxx macros). The "column" + # command will expand the space character as necessary. + column -t + + # This produces a line format like: + # {0x0004,"RC4-MD5"}, ///TLS_RSA_WITH_RC4_128_MD5 +} | +{ + # Final touches: + # - replace the opening brace "{" with " MAP ( ", + # - insert one space character after the first comma "," + # - replace the closing brace "}" with " )", + # - remove one space character after the second comma "," (because the + # "column" utility pads space characters to at least two), + # - insert one space character after the comment marker "///" + sed \ + -e 's/^{/ MAP ( /' \ + -e 's/,/, /' \ + -e 's/}, / ),/' \ + -e 's!///!/// !' + + # This produces a line format like: + # MAP ( 0x0004, "RC4-MD5" ), /// TLS_RSA_WITH_RC4_128_MD5 +} -- 2.14.1.3.gb7cf6e02401b