From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.84900.1670008354257768666 for ; Fri, 02 Dec 2022 11:12:40 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=EFnNJ6up; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: saloni.kasbekar@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1670008360; x=1701544360; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NaJKlQ2FROWcdstOdtgkHVmttA5wvNJvmXm/vZqcSLw=; b=EFnNJ6upby557ZJhj/yYEytxdCctT+8viiQLnTSm6y6au64TATw+2nxN IrU2Ro9N6vjMyqBms8OBU32Kg5Phiu1WNgdsse9ZrDmDqu+fipa6LDOtr OZqQRaQO2pttvGTkAEvpFjA5YJfiDiA0+uAZPSuD/AK8q/Pv+1KNLASVd 7vMQTTYNkPtPyVCkFzkI6Pd2axZFOQOwFtEtdv4VzzzMYgbrV9lXkSnJN WLaNjyCtG/2HfgtRJjDEvaH5pjVoj7Yc/zIuWbXr8ZQ+hkPt+nyWlLljR hWWWPZ2g/tTKKcX/zbRR9rh520VrvOLHH0hBZveTAZAPw6wIBbeB+vKyM A==; X-IronPort-AV: E=McAfee;i="6500,9779,10549"; a="296382625" X-IronPort-AV: E=Sophos;i="5.96,213,1665471600"; d="scan'208";a="296382625" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Dec 2022 11:12:39 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10549"; a="733916713" X-IronPort-AV: E=Sophos;i="5.96,213,1665471600"; d="scan'208";a="733916713" Received: from fmbiosdev02.amr.corp.intel.com ([10.80.127.10]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Dec 2022 11:12:39 -0800 From: "Saloni Kasbekar" To: devel@edk2.groups.io Cc: Saloni Kasbekar , Maciej Rabeda , Wu Jiaxin , Siyuan Fu Subject: [edk2-staging/HttpProxy PATCH v3 6/7] NetworkPkg/HttpDxe: Support HTTPS EndPoint server with Proxy Date: Fri, 2 Dec 2022 11:12:25 -0800 Message-Id: <4f06d6837febe6d4d02c10cf182a7e43275d94c0.1670008048.git.saloni.kasbekar@intel.com> X-Mailer: git-send-email 2.36.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3951 Add support for Proxy server to connect to a HTTPS EndPoint server. TLS Connection to be created during GET/HEAD after CONNECT method. Cc: Maciej Rabeda Cc: Wu Jiaxin Cc: Siyuan Fu Signed-off-by: Saloni Kasbekar --- NetworkPkg/HttpDxe/HttpImpl.c | 9 +++---- NetworkPkg/HttpDxe/HttpProto.c | 40 ++++++++++++++++++------------- NetworkPkg/HttpDxe/HttpProto.h | 8 +++++-- NetworkPkg/HttpDxe/HttpsSupport.c | 16 +++++++++---- 4 files changed, 46 insertions(+), 27 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index 2a305e0864..f7d6a4c8f6 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -511,9 +511,10 @@ EfiHttpRequest ( if ((HttpInstance->ConnectionClose == FALSE) && (HttpInstance->RemotePort == RemotePort) && (AsciiStrCmp (HttpInstance->RemoteHost, HostName) == 0) && - (!HttpInstance->UseHttps || (HttpInstance->UseHttps && - !TlsConfigure && - (HttpInstance->TlsSessionState == EfiTlsSessionDataTransferring)))) + (!HttpInstance->UseHttps || + HttpInstance->ProxyConnected || (HttpInstance->UseHttps && + !TlsConfigure && + (HttpInstance->TlsSessionState == EfiTlsSessionDataTransferring)))) { // // Host Name and port number of the request URL are the same with previous call to Request(). @@ -666,7 +667,7 @@ EfiHttpRequest ( goto Error2; } - if (!Configure && !ReConfigure && !TlsConfigure) { + if ((!Configure && !ReConfigure) && ((HttpInstance->ProxyConnected && TlsConfigure) || (!TlsConfigure))) { // // For the new HTTP token, create TX TCP token events. // diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index 6767d90c7d..cc69401943 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -1222,6 +1222,7 @@ HttpConfigureTcp6 ( connect one TLS session if required. @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new Tls session. @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP4 protocol child is not created or configured. @@ -1230,7 +1231,8 @@ HttpConfigureTcp6 ( **/ EFI_STATUS HttpConnectTcp4 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ) { EFI_STATUS Status; @@ -1253,16 +1255,18 @@ HttpConnectTcp4 ( return Status; } - if (Tcp4State == Tcp4StateEstablished) { + if ((Tcp4State == Tcp4StateEstablished) && (!HttpInstance->ProxyConnected || !TlsConfigure)) { return EFI_SUCCESS; - } else if (Tcp4State > Tcp4StateEstablished ) { + } else if (Tcp4State > Tcp4StateEstablished) { HttpCloseConnection (HttpInstance); } - Status = HttpCreateConnection (HttpInstance); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status)); - return Status; + if (!HttpInstance->ProxyConnected) { + Status = HttpCreateConnection (HttpInstance); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcp4 Connection fail - %x\n", Status)); + return Status; + } } // @@ -1314,6 +1318,7 @@ HttpConnectTcp4 ( connect one TLS session if required. @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new Tls session. @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP6 protocol child is not created or configured. @@ -1322,7 +1327,8 @@ HttpConnectTcp4 ( **/ EFI_STATUS HttpConnectTcp6 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ) { EFI_STATUS Status; @@ -1346,16 +1352,18 @@ HttpConnectTcp6 ( return Status; } - if (Tcp6State == Tcp6StateEstablished) { + if ((Tcp6State == Tcp6StateEstablished) && (!HttpInstance->ProxyConnected || !TlsConfigure)) { return EFI_SUCCESS; - } else if (Tcp6State > Tcp6StateEstablished ) { + } else if (Tcp6State > Tcp6StateEstablished) { HttpCloseConnection (HttpInstance); } - Status = HttpCreateConnection (HttpInstance); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status)); - return Status; + if (!HttpInstance->ProxyConnected) { + Status = HttpCreateConnection (HttpInstance); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcp6 Connection fail - %x\n", Status)); + return Status; + } } // @@ -1450,7 +1458,7 @@ HttpInitSession ( // // Connect TCP. // - Status = HttpConnectTcp4 (HttpInstance); + Status = HttpConnectTcp4 (HttpInstance, TlsConfigure); if (EFI_ERROR (Status)) { return Status; } @@ -1468,7 +1476,7 @@ HttpInitSession ( // // Connect TCP. // - Status = HttpConnectTcp6 (HttpInstance); + Status = HttpConnectTcp6 (HttpInstance, TlsConfigure); if (EFI_ERROR (Status)) { return Status; } diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h index 3e4e86dad9..6fd2082e1b 100644 --- a/NetworkPkg/HttpDxe/HttpProto.h +++ b/NetworkPkg/HttpDxe/HttpProto.h @@ -407,6 +407,7 @@ HttpConfigureTcp6 ( connect one TLS session if required. @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new Tls session. @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP4 protocol child is not created or configured. @@ -415,7 +416,8 @@ HttpConfigureTcp6 ( **/ EFI_STATUS HttpConnectTcp4 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ); /** @@ -423,6 +425,7 @@ HttpConnectTcp4 ( connect one TLS session if required. @param[in] HttpInstance The HTTP instance private data. + @param[in] TlsConfigure The Flag indicates whether it's the new Tls session. @retval EFI_SUCCESS The TCP connection is established. @retval EFI_NOT_READY TCP6 protocol child is not created or configured. @@ -431,7 +434,8 @@ HttpConnectTcp4 ( **/ EFI_STATUS HttpConnectTcp6 ( - IN HTTP_PROTOCOL *HttpInstance + IN HTTP_PROTOCOL *HttpInstance, + IN BOOLEAN TlsConfigure ); /** diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c index ad611e7c38..81c65758d3 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -644,11 +644,17 @@ TlsConfigureSession ( // // TlsConfigData initialization // - HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; - HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; - HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE; - HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost; - HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; + HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; + HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; + HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE; + HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; + + if (HttpInstance->ProxyConnected) { + ASSERT (HttpInstance->EndPointHostName != NULL); + HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->EndPointHostName; + } else { + HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost; + } // // EfiTlsConnectionEnd, -- 2.36.1.windows.1