* [edk2-devel] [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild function
2023-12-30 11:29 [edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol Chang, Abner via groups.io
@ 2023-12-30 11:29 ` Chang, Abner via groups.io
2024-01-01 22:09 ` Michael Brown
2023-12-30 11:29 ` [edk2-devel] [PATCH 2/5] NetworkPkg: Introduce HttpsTlsConfigDataProtocol Chang, Abner via groups.io
` (3 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Chang, Abner via groups.io @ 2023-12-30 11:29 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
- Use HTTP instance as the parameter for TlsCreateChild function.
- Install TLS protocol on the HTTP instance that creates TLS child.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/HttpDxe/HttpsSupport.h | 17 +++----
NetworkPkg/HttpDxe/HttpImpl.c | 20 ++-------
NetworkPkg/HttpDxe/HttpsSupport.c | 75 +++++++++++++++++--------------
3 files changed, 52 insertions(+), 60 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index 3c70825e8c3..326a4e50120 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -30,21 +30,18 @@ IsHttpsUrl (
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsSb Pointer to the TLS SERVICE_BINDING_PROTOCOL.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
+ with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ EFI_DEVICE_ERROR TLS service binding protocol is not found.
+ Otherwise Fail to create TLS chile handle.
**/
-EFI_HANDLE
+EFI_STATUS
EFIAPI
TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_SERVICE_BINDING_PROTOCOL **TlsSb,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ IN HTTP_PROTOCOL *HttpInstance
);
/**
diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
index 7c5c925cf78..aa4efedbf6b 100644
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -248,7 +248,6 @@ EfiHttpRequest (
HTTP_TOKEN_WRAP *Wrap;
CHAR8 *FileUrl;
UINTN RequestMsgSize;
- EFI_HANDLE ImageHandle;
//
// Initializations
@@ -372,22 +371,9 @@ EfiHttpRequest (
// Check whether we need to create Tls child and open the TLS protocol.
//
if (HttpInstance->UseHttps && (HttpInstance->TlsChildHandle == NULL)) {
- //
- // Use TlsSb to create Tls child and open the TLS protocol.
- //
- if (HttpInstance->LocalAddressIsIPv6) {
- ImageHandle = HttpInstance->Service->Ip6DriverBindingHandle;
- } else {
- ImageHandle = HttpInstance->Service->Ip4DriverBindingHandle;
- }
-
- HttpInstance->TlsChildHandle = TlsCreateChild (
- ImageHandle,
- &(HttpInstance->TlsSb),
- &(HttpInstance->Tls),
- &(HttpInstance->TlsConfiguration)
- );
- if (HttpInstance->TlsChildHandle == NULL) {
+ // Create TLS child for this HTTP instance.
+ Status = TlsCreateChild (HttpInstance);
+ if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index 7330be42c00..fb7c1ea59f2 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -134,27 +134,31 @@ IsHttpsUrl (
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsSb Pointer to the TLS SERVICE_BINDING_PROTOCOL.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
+ with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ EFI_DEVICE_ERROR TLS service binding protocol is not found.
+ Otherwise Fail to create TLS chile handle.
**/
-EFI_HANDLE
+EFI_STATUS
EFIAPI
TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_SERVICE_BINDING_PROTOCOL **TlsSb,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ IN HTTP_PROTOCOL *HttpInstance
)
{
+ EFI_HANDLE ImageHandle;
EFI_STATUS Status;
- EFI_HANDLE TlsChildHandle;
- TlsChildHandle = 0;
+ //
+ // Use TlsSb to create Tls child and open the TLS protocol.
+ //
+ if (HttpInstance->LocalAddressIsIPv6) {
+ ImageHandle = HttpInstance->Service->Ip6DriverBindingHandle;
+ } else {
+ ImageHandle = HttpInstance->Service->Ip4DriverBindingHandle;
+ }
//
// Locate TlsServiceBinding protocol.
@@ -162,44 +166,49 @@ TlsCreateChild (
gBS->LocateProtocol (
&gEfiTlsServiceBindingProtocolGuid,
NULL,
- (VOID **)TlsSb
+ (VOID **)&HttpInstance->TlsSb
);
- if (*TlsSb == NULL) {
- return NULL;
+ if (HttpInstance->TlsSb == NULL) {
+ return EFI_DEVICE_ERROR;
}
- Status = (*TlsSb)->CreateChild (*TlsSb, &TlsChildHandle);
+ //
+ // Create TLS protocol on HTTP handle, this creates the association between HTTP and TLS
+ // for HTTP driver external usages.
+ //
+ Status = HttpInstance->TlsSb->CreateChild (HttpInstance->TlsSb, &HttpInstance->Handle);
if (EFI_ERROR (Status)) {
- return NULL;
+ return Status;
}
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **)TlsProto,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
+ HttpInstance->TlsChildHandle = HttpInstance->Handle;
+ Status = gBS->OpenProtocol (
+ HttpInstance->TlsChildHandle,
+ &gEfiTlsProtocolGuid,
+ (VOID **)&HttpInstance->Tls,
+ ImageHandle,
+ HttpInstance->TlsChildHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
if (EFI_ERROR (Status)) {
- (*TlsSb)->DestroyChild (*TlsSb, TlsChildHandle);
- return NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->TlsChildHandle);
+ return Status;
}
Status = gBS->OpenProtocol (
- TlsChildHandle,
+ HttpInstance->TlsChildHandle,
&gEfiTlsConfigurationProtocolGuid,
- (VOID **)TlsConfiguration,
+ (VOID **)&HttpInstance->TlsConfiguration,
ImageHandle,
- TlsChildHandle,
+ HttpInstance->TlsChildHandle,
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (EFI_ERROR (Status)) {
- (*TlsSb)->DestroyChild (*TlsSb, TlsChildHandle);
- return NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->TlsChildHandle);
+ return Status;
}
- return TlsChildHandle;
+ return EFI_SUCCESS;
}
/**
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113005): https://edk2.groups.io/g/devel/message/113005
Mute This Topic: https://groups.io/mt/103430430/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [edk2-devel] [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild function
2023-12-30 11:29 ` [edk2-devel] [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild function Chang, Abner via groups.io
@ 2024-01-01 22:09 ` Michael Brown
2024-01-02 2:55 ` Chang, Abner via groups.io
0 siblings, 1 reply; 8+ messages in thread
From: Michael Brown @ 2024-01-01 22:09 UTC (permalink / raw)
To: abner.chang, devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
On 30/12/2023 11:29, abner.chang@amd.com wrote:
> + @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
> + with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
All looks good to me, but do we need to retain
HttpInstance->TlsChildHandle as a separate EFI_HANDLE field? Now that
EFI_TLS_PROTOCOL is installed on the same handle, it seems to function
solely as a flag to indicate that we have already called
TlsCreateChild(), in which case an EFI_BOOLEAN might be clearer?
With or without the above suggestion, I'm happy to add
Reviewed-by: Michael Brown <mcb30@ipxe.org>
for this patch.
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113014): https://edk2.groups.io/g/devel/message/113014
Mute This Topic: https://groups.io/mt/103430430/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [edk2-devel] [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild function
2024-01-01 22:09 ` Michael Brown
@ 2024-01-02 2:55 ` Chang, Abner via groups.io
0 siblings, 0 replies; 8+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-02 2:55 UTC (permalink / raw)
To: Michael Brown, devel@edk2.groups.io
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
[AMD Official Use Only - General]
> -----Original Message-----
> From: Michael Brown <mcb30@ipxe.org>
> Sent: Tuesday, January 2, 2024 6:10 AM
> To: Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>; Zachary Clark-williams
> <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>; Igor
> Kulchytskyy <igork@ami.com>
> Subject: Re: [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild
> function
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On 30/12/2023 11:29, abner.chang@amd.com wrote:
> > + @return EFI_SUCCESS TLS child handle is returned in HttpInstance-
> >TlsChildHandle
> > + with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
>
> All looks good to me, but do we need to retain
> HttpInstance->TlsChildHandle as a separate EFI_HANDLE field? Now that
> EFI_TLS_PROTOCOL is installed on the same handle, it seems to function
> solely as a flag to indicate that we have already called
> TlsCreateChild(), in which case an EFI_BOOLEAN might be clearer?
>
> With or without the above suggestion, I'm happy to add
That is no problem Michael, I also want to remove TlsChildHandle. Will send out V2 for this change.
>
> Reviewed-by: Michael Brown <mcb30@ipxe.org>
Thanks
Abner
>
> for this patch.
>
> Thanks,
>
> Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113021): https://edk2.groups.io/g/devel/message/113021
Mute This Topic: https://groups.io/mt/103430430/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 8+ messages in thread
* [edk2-devel] [PATCH 2/5] NetworkPkg: Introduce HttpsTlsConfigDataProtocol
2023-12-30 11:29 [edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild function Chang, Abner via groups.io
@ 2023-12-30 11:29 ` Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 3/5] NetworkPkg/HttpDxe: Use HttpsTlsConfigDataProtocol Chang, Abner via groups.io
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Chang, Abner via groups.io @ 2023-12-30 11:29 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: abnchang <abnchang@amd.com>
Introduce HttpsTlsConfigDataProtocol the HTTP application
can install it on the HTTP protocol handle to provide its
own TLS configuration data.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/NetworkPkg.dec | 3 ++
.../Protocol/HttpsTlsConfigDataProtocol.h | 48 +++++++++++++++++++
2 files changed, 51 insertions(+)
create mode 100644 NetworkPkg/Include/Protocol/HttpsTlsConfigDataProtocol.h
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e7747..17473464d1e 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -94,6 +94,9 @@
## Include/Protocol/WiFiProfileSyncProtocol.h
gEdkiiWiFiProfileSyncProtocolGuid = {0x399a2b8a, 0xc267, 0x44aa, {0x9a, 0xb4, 0x30, 0x58, 0x8c, 0xd2, 0x2d, 0xcc}}
+ ## Include/Protocol/HttpsTlsConfigDataProtocol.h
+ gEdkiiHttpsTlsConfigDataProtocolGuid = {0xbfe8e3e3, 0xb884, 0x4a6f, {0xae, 0xd3, 0xb8, 0xdb, 0xeb, 0xc5, 0x58, 0xc0}}
+
[PcdsFixedAtBuild]
## The max attempt number will be created by iSCSI driver.
# @Prompt Max attempt number.
diff --git a/NetworkPkg/Include/Protocol/HttpsTlsConfigDataProtocol.h b/NetworkPkg/Include/Protocol/HttpsTlsConfigDataProtocol.h
new file mode 100644
index 00000000000..ec429d9ed38
--- /dev/null
+++ b/NetworkPkg/Include/Protocol/HttpsTlsConfigDataProtocol.h
@@ -0,0 +1,48 @@
+/** @file
+ This file defines the EDKII HTTPS TLS Config Data Protocol
+
+ Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL_H_
+#define EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL_H_
+
+#include <Protocol/Http.h>
+#include <Protocol/Tls.h>
+
+#define EEDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL_GUID \
+ { \
+ 0xbfe8e3e3, 0xb884, 0x4a6f, {0xae, 0xd3, 0xb8, 0xdb, 0xeb, 0xc5, 0x58, 0xc0} \
+ }
+
+///
+/// HTTP TLS configuration structure version that manages
+/// structure format of EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL.
+///
+typedef struct {
+ UINT8 Major;
+ UINT8 Minor;
+} EDKII_HTTPS_TLS_CONFIG_DATA_VERSION;
+
+///
+/// HTTPS TLS configuration data structure.
+///
+typedef struct {
+ EFI_TLS_VERSION Version;
+ EFI_TLS_CONNECTION_END ConnectionEnd;
+ EFI_TLS_VERIFY VerifyMethod;
+ EFI_TLS_VERIFY_HOST VerifyHost;
+ EFI_TLS_SESSION_STATE SessionState;
+} HTTPS_TLS_CONFIG_DATA;
+
+typedef struct {
+ EDKII_HTTPS_TLS_CONFIG_DATA_VERSION Version;
+ ///
+ /// EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA_VERSION V1.0
+ ///
+ HTTPS_TLS_CONFIG_DATA HttpsTlsConfigData;
+} EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL;
+
+extern EFI_GUID gEdkiiHttpsTlsConfigDataProtocolGuid;
+#endif // EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL_H_
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113006): https://edk2.groups.io/g/devel/message/113006
Mute This Topic: https://groups.io/mt/103430431/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 8+ messages in thread* [edk2-devel] [PATCH 3/5] NetworkPkg/HttpDxe: Use HttpsTlsConfigDataProtocol
2023-12-30 11:29 [edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 1/5] NetworkPkg/HttpDxe: Refactor TlsCreateChild function Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 2/5] NetworkPkg: Introduce HttpsTlsConfigDataProtocol Chang, Abner via groups.io
@ 2023-12-30 11:29 ` Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 4/5] RedfishPkg/RedfishRestExDxe: Produce EdkiiHttpsTlsConfigData protocol Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 5/5] RedfishPkg/RedfishRestExDxe: Update the Supported function Chang, Abner via groups.io
4 siblings, 0 replies; 8+ messages in thread
From: Chang, Abner via groups.io @ 2023-12-30 11:29 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: abnchang <abnchang@amd.com>
Consume HttpsTlsConfigDataProtocol protocol installed
on the HTTP protocol handle to override the default TLS
configuration data.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/HttpDxe/HttpDxe.inf | 1 +
NetworkPkg/HttpDxe/HttpDriver.h | 1 +
NetworkPkg/HttpDxe/HttpProto.h | 10 +---
NetworkPkg/HttpDxe/HttpsSupport.c | 97 ++++++++++++++++++++++++-------
4 files changed, 80 insertions(+), 29 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf
index c9502d0bb6d..ec58677c3f1 100644
--- a/NetworkPkg/HttpDxe/HttpDxe.inf
+++ b/NetworkPkg/HttpDxe/HttpDxe.inf
@@ -66,6 +66,7 @@
gEfiTlsProtocolGuid ## SOMETIMES_CONSUMES
gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES
gEdkiiHttpCallbackProtocolGuid ## SOMETIMES_CONSUMES
+ gEdkiiHttpsTlsConfigDataProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
gEfiTlsCaCertificateGuid ## SOMETIMES_CONSUMES ## Variable:L"TlsCaCertificate"
diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDriver.h
index 01a6bb7f4b7..66c924e3030 100644
--- a/NetworkPkg/HttpDxe/HttpDriver.h
+++ b/NetworkPkg/HttpDxe/HttpDriver.h
@@ -48,6 +48,7 @@
#include <Protocol/Tls.h>
#include <Protocol/TlsConfig.h>
#include <Protocol/HttpCallback.h>
+#include <Protocol/HttpsTlsConfigDataProtocol.h>
#include <Guid/ImageAuthentication.h>
//
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index 012f1f4b467..fbccffa8e71 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -76,14 +76,6 @@ typedef struct {
EFI_HTTP_METHOD Method;
} HTTP_TCP_TOKEN_WRAP;
-typedef struct {
- EFI_TLS_VERSION Version;
- EFI_TLS_CONNECTION_END ConnectionEnd;
- EFI_TLS_VERIFY VerifyMethod;
- EFI_TLS_VERIFY_HOST VerifyHost;
- EFI_TLS_SESSION_STATE SessionState;
-} TLS_CONFIG_DATA;
-
//
// Callback data for HTTP_PARSER_CALLBACK()
//
@@ -172,7 +164,7 @@ typedef struct _HTTP_PROTOCOL {
EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
EFI_HANDLE TlsChildHandle; /// Tls ChildHandle
- TLS_CONFIG_DATA TlsConfigData;
+ HTTPS_TLS_CONFIG_DATA TlsConfigData;
EFI_TLS_PROTOCOL *Tls;
EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfiguration;
EFI_TLS_SESSION_STATE TlsSessionState;
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index fb7c1ea59f2..96ecdd1d848 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -131,6 +131,58 @@ IsHttpsUrl (
return FALSE;
}
+/**
+ Get application HTTP TLS configuration data from HTTP handle.
+
+ @param[in] HttpInstance The HTTP protocol handle instance.
+
+ @retval EFI_SUCCESS Application HTTP TLS configuration data is
+ loaded in HttpInstance->TlsConfigData.
+ @retval EFI_UNSUPPORTED No application HTTP TLS configuration data
+
+**/
+EFI_STATUS
+GetHttpsTlsConfigData (
+ IN HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+ EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL *HttpsTlsConfigData;
+
+ Status = gBS->HandleProtocol (
+ HttpInstance->Handle,
+ &gEdkiiHttpsTlsConfigDataProtocolGuid,
+ (VOID **)&HttpsTlsConfigData
+ );
+ if (EFI_ERROR (Status)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (HttpsTlsConfigData->Version.Major >= 1) {
+ HttpInstance->TlsConfigData.ConnectionEnd = HttpsTlsConfigData->HttpsTlsConfigData.ConnectionEnd;
+ HttpInstance->TlsConfigData.SessionState = HttpsTlsConfigData->HttpsTlsConfigData.SessionState;
+ HttpInstance->TlsConfigData.VerifyHost = HttpsTlsConfigData->HttpsTlsConfigData.VerifyHost;
+ HttpInstance->TlsConfigData.VerifyMethod = HttpsTlsConfigData->HttpsTlsConfigData.VerifyMethod;
+ } else {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Unsupported version of EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL - %d.%d.\n",
+ __func__,
+ HttpsTlsConfigData->Version.Major,
+ HttpsTlsConfigData->Version.Minor
+ ));
+ return EFI_UNSUPPORTED;
+ }
+
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "%a: There is a EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL installed on HTTP handle:0x%x.\n",
+ __func__,
+ HttpInstance->Handle
+ ));
+ return EFI_SUCCESS;
+}
+
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
@@ -208,6 +260,13 @@ TlsCreateChild (
return Status;
}
+ // Initial default TLS configuration data.
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
+ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+
return EFI_SUCCESS;
}
@@ -650,14 +709,8 @@ TlsConfigureSession (
{
EFI_STATUS Status;
- //
- // TlsConfigData initialization
- //
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
- HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
- HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+ // Get applciation TLS configuration data.
+ GetHttpsTlsConfigData (HttpInstance);
//
// EfiTlsConnectionEnd,
@@ -685,14 +738,16 @@ TlsConfigureSession (
return Status;
}
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsVerifyHost,
- &HttpInstance->TlsConfigData.VerifyHost,
- sizeof (EFI_TLS_VERIFY_HOST)
- );
- if (EFI_ERROR (Status)) {
- return Status;
+ if (HttpInstance->TlsConfigData.VerifyMethod != EFI_TLS_VERIFY_NONE) {
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsVerifyHost,
+ &HttpInstance->TlsConfigData.VerifyHost,
+ sizeof (EFI_TLS_VERIFY_HOST)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
}
Status = HttpInstance->Tls->SetSessionData (
@@ -717,10 +772,12 @@ TlsConfigureSession (
//
// Tls Config Certificate
//
- Status = TlsConfigCertificate (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
- return Status;
+ if (HttpInstance->TlsConfigData.VerifyMethod != EFI_TLS_VERIFY_NONE) {
+ Status = TlsConfigCertificate (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+ return Status;
+ }
}
//
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113007): https://edk2.groups.io/g/devel/message/113007
Mute This Topic: https://groups.io/mt/103430432/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 8+ messages in thread* [edk2-devel] [PATCH 4/5] RedfishPkg/RedfishRestExDxe: Produce EdkiiHttpsTlsConfigData protocol
2023-12-30 11:29 [edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol Chang, Abner via groups.io
` (2 preceding siblings ...)
2023-12-30 11:29 ` [edk2-devel] [PATCH 3/5] NetworkPkg/HttpDxe: Use HttpsTlsConfigDataProtocol Chang, Abner via groups.io
@ 2023-12-30 11:29 ` Chang, Abner via groups.io
2023-12-30 11:29 ` [edk2-devel] [PATCH 5/5] RedfishPkg/RedfishRestExDxe: Update the Supported function Chang, Abner via groups.io
4 siblings, 0 replies; 8+ messages in thread
From: Chang, Abner via groups.io @ 2023-12-30 11:29 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: abnchang <abnchang@amd.com>
Produce EdkiiHttpsTlsConfigData protocol to provide Redfish
REST EX TLS configuration data.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
RedfishPkg/RedfishPkg.dec | 5 ++
.../RedfishRestExDxe/RedfishRestExDxe.inf | 2 +
.../RedfishRestExDxe/RedfishRestExDriver.h | 23 +++++-
.../RedfishRestExDxe/RedfishRestExDriver.c | 79 ++++++++++++++++++-
4 files changed, 104 insertions(+), 5 deletions(-)
diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
index 3ea9ff3ef7f..e4aa8b634c8 100644
--- a/RedfishPkg/RedfishPkg.dec
+++ b/RedfishPkg/RedfishPkg.dec
@@ -154,3 +154,8 @@
# set to EFI_REST_EX_PROTOCOL.
#
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishSendReceiveTimeout|5000|UINT32|0x00001009
+ #
+ # This PCD declares whether to provide EDKII_HTTPS_CONFIG_DATA_PROTOCOL
+ # for Resfish REXT EX HTTPS TLS configuration data.
+ #
+ gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExHttpsTlsConfigData|TRUE|BOOLEAN|0x00001010
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
index 64e6343bfbf..e75f5a87985 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
@@ -57,11 +57,13 @@
gEfiHttpServiceBindingProtocolGuid ## TO_START
gEfiHttpProtocolGuid ## TO_START
gEfiDevicePathProtocolGuid ## TO_START
+ gEdkiiHttpsTlsConfigDataProtocolGuid ## PRODUCED
[Pcd]
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExServiceAccessModeInBand ## CONSUMES
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExChunkRequestMode ## CONSUMES
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExAddingExpect ## CONSUMES
+ gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExHttpsTlsConfigData ## CONSUMES
[UserExtensions.TianoCore."ExtraFiles"]
RedfishRestExDxeExtra.uni
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
index 6b94e5814c4..c3a15f1a976 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
@@ -30,8 +30,10 @@
/// UEFI Driver Model Protocols
///
#include <Protocol/DriverBinding.h>
+#include <Protocol/HttpsTlsConfigDataProtocol.h>
#include <Protocol/RestEx.h>
#include <Protocol/ServiceBinding.h>
+#include <Protocol/Tls.h>
///
/// Protocol instances
@@ -53,13 +55,19 @@ typedef struct _RESTEX_SERVICE RESTEX_SERVICE;
///
typedef struct _RESTEX_INSTANCE RESTEX_INSTANCE;
+///
+/// RestEx HTTP context
+///
+typedef struct _RESTEX_HTTPS_CONTEXT RESTEX_HTTPS_CONTEXT;
+
///
/// Driver Version
///
#define REDFISH_RESTEX_DRIVER_VERSION 0x0100
-#define RESTEX_SERVICE_SIGNATURE SIGNATURE_32 ('R', 'E', 'S', 'S')
-#define RESTEX_INSTANCE_SIGNATURE SIGNATURE_32 ('R', 'E', 'I', 'S')
+#define RESTEX_SERVICE_SIGNATURE SIGNATURE_32 ('R', 'E', 'S', 'S')
+#define RESTEX_INSTANCE_SIGNATURE SIGNATURE_32 ('R', 'E', 'I', 'S')
+#define RESTEX_HTTPS_CONTEXT_SIGNATURE SIGNATURE_32 ('R', 'H', 'C', 'S')
#define RESTEX_SERVICE_FROM_THIS(a) \
CR (a, RESTEX_SERVICE, ServiceBinding, RESTEX_SERVICE_SIGNATURE)
@@ -67,6 +75,9 @@ typedef struct _RESTEX_INSTANCE RESTEX_INSTANCE;
#define RESTEX_INSTANCE_FROM_THIS(a) \
CR (a, RESTEX_INSTANCE, RestEx, RESTEX_INSTANCE_SIGNATURE)
+#define REDFISH_HTTPS_CONTEXT_FROM_THIS(a) \
+ CR (a, RESTEX_HTTPS_CONTEXT, TlsConfigDataProtocol, RESTEX_HTTPS_CONTEXT_SIGNATURE)
+
#define RESTEX_STATE_UNCONFIGED 0
#define RESTEX_STATE_CONFIGED 1
@@ -93,6 +104,12 @@ struct _RESTEX_SERVICE {
#define RESTEX_INSTANCE_FLAGS_TLS_RETRY 0x00000001
#define RESTEX_INSTANCE_FLAGS_TCP_ERROR_RETRY 0x00000002
+struct _RESTEX_HTTPS_CONTEXT {
+ UINT32 Signature;
+ EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL TlsConfigDataProtocol;
+ BOOLEAN TlsConfigDataProtocolInstalled;
+};
+
struct _RESTEX_INSTANCE {
UINT32 Signature;
LIST_ENTRY Link;
@@ -107,6 +124,8 @@ struct _RESTEX_INSTANCE {
EFI_REST_EX_CONFIG_DATA ConfigData;
+ RESTEX_HTTPS_CONTEXT *RestExHttpsContext;
+
//
// HTTP_IO to access the HTTP service
//
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index 7036aed4268..f897248fc44 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -76,8 +76,26 @@ RestExDestroyInstance (
IN RESTEX_INSTANCE *Instance
)
{
- HttpIoDestroyIo (&(Instance->HttpIo));
+ EFI_STATUS Status;
+ if ((Instance != NULL) &&
+ (Instance->RestExHttpsContext != NULL) &&
+ (Instance->RestExHttpsContext->TlsConfigDataProtocolInstalled)
+ )
+ {
+ Status = gBS->UninstallProtocolInterface (
+ Instance->HttpIo.Handle,
+ &gEdkiiHttpsTlsConfigDataProtocolGuid,
+ (VOID *)&Instance->RestExHttpsContext->TlsConfigDataProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: Fail to uninstall gEdkiiHttpsTlsConfigDataProtocolGuid.\n", __func__));
+ }
+
+ FreePool (Instance->RestExHttpsContext);
+ }
+
+ HttpIoDestroyIo (&(Instance->HttpIo));
FreePool (Instance);
}
@@ -266,6 +284,56 @@ RestExCreateService (
return Status;
}
+/**
+ Initial EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL for Redfish REST EX TLS.
+
+ @param[in] Instance REST EX internal structure instance.
+
+**/
+VOID
+RedfishHttpsTlsConfigData (
+ IN RESTEX_INSTANCE *Instance
+ )
+{
+ EFI_STATUS Status;
+ RESTEX_HTTPS_CONTEXT *RestExHttpsContext;
+
+ RestExHttpsContext = AllocateZeroPool (sizeof (RESTEX_HTTPS_CONTEXT));
+ if (RestExHttpsContext == NULL) {
+ DEBUG ((DEBUG_ERROR, "%a: Allocate memory fail for RESTEX_HTTPS_CONTEXT\n", __func__));
+ return;
+ }
+
+ if (Instance->HttpIo.Handle == NULL) {
+ DEBUG ((DEBUG_ERROR, "%a: Invalid HTTP handle.\n", __func__));
+ return;
+ }
+
+ RestExHttpsContext->Signature = RESTEX_HTTPS_CONTEXT_SIGNATURE;
+ RestExHttpsContext->TlsConfigDataProtocol.Version.Major = 1;
+ RestExHttpsContext->TlsConfigDataProtocol.Version.Minor = 0;
+ RestExHttpsContext->TlsConfigDataProtocol.HttpsTlsConfigData.ConnectionEnd = EfiTlsClient;
+ RestExHttpsContext->TlsConfigDataProtocol.HttpsTlsConfigData.VerifyMethod = EFI_TLS_VERIFY_NONE;
+ RestExHttpsContext->TlsConfigDataProtocol.HttpsTlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE;
+ RestExHttpsContext->TlsConfigDataProtocol.HttpsTlsConfigData.VerifyHost.HostName = "Redfish Service";
+
+ // Install EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL;
+ Status = gBS->InstallProtocolInterface (
+ &Instance->HttpIo.Handle,
+ &gEdkiiHttpsTlsConfigDataProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ (VOID *)&RestExHttpsContext->TlsConfigDataProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ FreePool (RestExHttpsContext);
+ DEBUG ((DEBUG_ERROR, "%a: Fail to install EDKII_HTTPS_TLS_CONFIG_DATA_PROTOCOL.\n", __func__));
+ return;
+ }
+
+ RestExHttpsContext->TlsConfigDataProtocolInstalled = TRUE;
+ Instance->RestExHttpsContext = RestExHttpsContext;
+}
+
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
@@ -286,8 +354,6 @@ RedfishRestExDriverEntryPoint (
{
EFI_STATUS Status;
- Status = EFI_SUCCESS;
-
//
// Install the RestEx Driver Binding Protocol.
//
@@ -699,6 +765,13 @@ RedfishRestExServiceBindingCreateChild (
goto ON_ERROR;
}
+ //
+ // Set Redfish HTTPS TLS configuration data.
+ //
+ if (FixedPcdGetBool (PcdRedfishRestExHttpsTlsConfigData)) {
+ RedfishHttpsTlsConfigData (Instance);
+ }
+
//
// Add it to the parent's child list.
//
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113008): https://edk2.groups.io/g/devel/message/113008
Mute This Topic: https://groups.io/mt/103430433/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 8+ messages in thread* [edk2-devel] [PATCH 5/5] RedfishPkg/RedfishRestExDxe: Update the Supported function
2023-12-30 11:29 [edk2-devel] [PATCH 0/5] Support HTTP application TLS configuration protocol Chang, Abner via groups.io
` (3 preceding siblings ...)
2023-12-30 11:29 ` [edk2-devel] [PATCH 4/5] RedfishPkg/RedfishRestExDxe: Produce EdkiiHttpsTlsConfigData protocol Chang, Abner via groups.io
@ 2023-12-30 11:29 ` Chang, Abner via groups.io
4 siblings, 0 replies; 8+ messages in thread
From: Chang, Abner via groups.io @ 2023-12-30 11:29 UTC (permalink / raw)
To: devel; +Cc: Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
Update the Supported function to check if the given
controller handle is already started.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index f897248fc44..1ac2ea6bcd3 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -422,6 +422,21 @@ RedfishRestExDriverBindingSupported (
IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL
)
{
+ EFI_STATUS Status;
+ UINT32 *Id;
+
+ Status = gBS->OpenProtocol (
+ ControllerHandle,
+ &gEfiCallerIdGuid,
+ (VOID **)&Id,
+ This->DriverBindingHandle,
+ ControllerHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (!EFI_ERROR (Status)) {
+ return EFI_ALREADY_STARTED;
+ }
+
//
// Test for the HttpServiceBinding Protocol.
//
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113009): https://edk2.groups.io/g/devel/message/113009
Mute This Topic: https://groups.io/mt/103430434/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 8+ messages in thread