From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7FCEF822E0 for ; Wed, 21 Dec 2016 18:52:08 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga103.fm.intel.com with ESMTP; 21 Dec 2016 18:52:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,386,1477983600"; d="scan'208";a="801103092" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by FMSMGA003.fm.intel.com with ESMTP; 21 Dec 2016 18:52:07 -0800 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 21 Dec 2016 18:52:07 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 21 Dec 2016 18:52:06 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.20]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.132]) with mapi id 14.03.0248.002; Thu, 22 Dec 2016 10:52:04 +0800 From: "Ye, Ting" To: "Fu, Siyuan" , "Wu, Jiaxin" , "edk2-devel@lists.01.org" CC: "Zhang, Lubo" , "Long, Qin" , Thomas Palmer Thread-Topic: [Patch 06/10] NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS auth configuration Thread-Index: AQHSVdyJFW5WptWyN0yA2W/ab7NPv6EHwkmAgAuLevA= Date: Thu, 22 Dec 2016 02:52:03 +0000 Message-ID: References: <1481700859-76060-1-git-send-email-jiaxin.wu@intel.com> <1481700859-76060-7-git-send-email-jiaxin.wu@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch 06/10] NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS auth configuration X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 02:52:08 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable I agree. Adding new StringToGuid and GuidToString to common library seems a= good idea if we don't have existing APIs. =20 In GuidToString, the comment indicates that SPrint will NULL terminate the = string, so use Size -1 to skip the NULL. However, I see UnicodeSPrint in Md= ePkg returns the number of Unicode characters in the produced output buffer= , not including the Null-terminator. It looks inconsistent to me. Please check that. Others are good to me. Reviewed-by: Ye Ting Best Regards, Ting -----Original Message----- From: Fu, Siyuan=20 Sent: Thursday, December 15, 2016 10:22 AM To: Wu, Jiaxin ; edk2-devel@lists.01.org Cc: Ye, Ting ; Zhang, Lubo ; Long,= Qin ; Thomas Palmer Subject: RE: [Patch 06/10] NetworkPkg/TlsAuthConfigDxe: Provide the UI to s= upport TLS auth configuration Hi, Jiaxin PrintLib support "%g" to print a GUID so you don't need to use "%08x-%04x-%= 04x-%02x%02x-%02x%02x%02x%02x%02x%02x" in GuidToString().=20 Beside of that, I do see a lot of drivers has similar internal function Str= ingToGuid() or StrToGuid(), do we have a common library interface for this?= if not I think it may worth to create one. Other parts are good with me. Reviewed-by: Fu Siyuan Best Regards Siyuan -----Original Message----- From: Wu, Jiaxin=20 Sent: 2016=1B$BG/=1B(B12=1B$B7n=1B(B14=1B$BF|=1B(B 15:34 To: edk2-devel@lists.01.org Cc: Ye, Ting ; Fu, Siyuan ; Zhang, = Lubo ; Long, Qin ; Thomas Palmer = ; Wu, Jiaxin Subject: [Patch 06/10] NetworkPkg/TlsAuthConfigDxe: Provide the UI to suppo= rt TLS auth configuration This patch provides the UI to support TLS auth configuration. * EFI_SIGNATURE_LIST format is used for 'TlsCaCertificate' variable. So, TLS supports multiple certificate configuration. * The variable attribute is BS with NV, which only target at preventing runtime phase attack. Cc: Ye Ting Cc: Fu Siyuan Cc: Zhang Lubo Cc: Long Qin Cc: Thomas Palmer Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin --- NetworkPkg/Include/Guid/TlsAuthConfigHii.h | 25 + NetworkPkg/Include/Guid/TlsAuthentication.h | 29 + NetworkPkg/NetworkPkg.dec | 7 + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c | 135 ++ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 73 + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni | 21 + .../TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni | 19 + .../TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni | 39 + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 1841 ++++++++++++++++= ++++ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 282 +++ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h | 49 + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr | 152 ++ 12 files changed, 2672 insertions(+) create mode 100644 NetworkPkg/Include/Guid/TlsAuthConfigHii.h create mode 100644 NetworkPkg/Include/Guid/TlsAuthentication.h create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h create mode 100644 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr diff --git a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h b/NetworkPkg/Includ= e/Guid/TlsAuthConfigHii.h new file mode 100644 index 0000000..9d21426 --- /dev/null +++ b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h @@ -0,0 +1,25 @@ +/** @file + GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe = driver.=20 + =20 +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made availabl= e under=20 +the terms and conditions of the BSD License that accompanies this distribu= tion. =20 +The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. = =20 + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = =20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__ +#define __TLS_AUTH_CONFIG_HII_GUID_H__ + +#define TLS_AUTH_CONFIG_GUID \ + { \ + 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65,= 0xdf } \ + } + +extern EFI_GUID gTlsAuthConfigGuid; + +#endif diff --git a/NetworkPkg/Include/Guid/TlsAuthentication.h b/NetworkPkg/Inclu= de/Guid/TlsAuthentication.h new file mode 100644 index 0000000..2e800dc --- /dev/null +++ b/NetworkPkg/Include/Guid/TlsAuthentication.h @@ -0,0 +1,29 @@ +/** @file + This file defines TlsCaCertificate variable. + =20 +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made availabl= e under=20 +the terms and conditions of the BSD License that accompanies this distribu= tion. =20 +The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. = =20 + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = =20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __TLS_AUTHENTICATION_H__ +#define __TLS_AUTHENTICATION_H__ + +// Private variable for CA Certificate configuration +// +#define EFI_TLS_CA_CERTIFICATE_GUID \ + { \ + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e= , 0xae } \ + } + +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" + +extern EFI_GUID gEfiTlsCaCertificateGuid; + +#endif diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index 268188a..24d45f4 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -38,10 +38,17 @@ gIScsiConfigGuid =3D { 0x4b47d616, 0xa8d6, 0x4552, { 0x9d, = 0x44, 0xcc, 0xad, 0x2e, 0xf, 0x4c, 0xf9}} =20 # Include/Guid/HttpBootConfigHii.h gHttpBootConfigGuid =3D { 0x4d20583a, 0x7765, 0x4e7a, { 0x8a, = 0x67, 0xdc, 0xde, 0x74, 0xee, 0x3e, 0xc5 }} =20 + # Include/Guid/TlsAuthConfigHii.h + gTlsAuthConfigGuid =3D { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, = 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} + =20 + # Include/Guid/TlsAuthentication.h + gEfiTlsCaCertificateGuid =3D { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, = 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }} + =20 + [PcdsFeatureFlag] ## Indicates if the IPsec IKEv2 Certificate Authentication feature is en= abled or not.

# TRUE - Certificate Authentication feature is enabled.
# FALSE - Does not support Certificate Authentication.
# @Prompt Enable IPsec IKEv2 Certificate Authentication. diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c b/NetworkPkg/Tl= sAuthConfigDxe/TlsAuthConfigDxe.c new file mode 100644 index 0000000..647bc2f --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c @@ -0,0 +1,135 @@ +/** @file + The DriverEntryPoint for TlsAuthConfigDxe driver. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "TlsAuthConfigImpl.h" + +/** + Unloads an image. + + @param ImageHandle Handle that identifies the image to be unl= oaded. + + @retval EFI_SUCCESS The image has been unloaded. + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle. + +**/ +EFI_STATUS=20 +EFIAPI +TlsAuthConfigDxeUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData; + + Status =3D gBS->HandleProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + (VOID **) &PrivateData + ); =20 + if (EFI_ERROR (Status)) { + return Status; =20 + } + =20 + ASSERT (PrivateData->Signature =3D=3D TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNA= TURE); + + gBS->UninstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + =20 + TlsAuthConfigFormUnload (PrivateData); + + return EFI_SUCCESS; +} + +/** + This is the declaration of an EFI image entry point. This entry point is + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers includ= ing + both device drivers and bus drivers. + + @param ImageHandle The firmware allocated handle for the UEFI= image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The operation completed successfully. + @retval Others An unexpected error occurred. +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigDxeDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData; + + PrivateData =3D NULL; + =20 + // + // If already started, return. + // + Status =3D gBS->OpenProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + NULL, + ImageHandle, + ImageHandle, + EFI_OPEN_PROTOCOL_TEST_PROTOCOL + ); + if (!EFI_ERROR (Status)) { + return EFI_ALREADY_STARTED; + } + + // + // Initialize the private data structure. + // + PrivateData =3D AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA))= ; + if (PrivateData =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Initialize the HII configuration form. + // + Status =3D TlsAuthConfigFormInit (PrivateData); + if (EFI_ERROR (Status)) { + goto ON_ERROR; + } + + // + // Install private GUID. + // =20 + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + if (EFI_ERROR (Status)) { + goto ON_ERROR; + } + =20 + return EFI_SUCCESS; + +ON_ERROR: + TlsAuthConfigFormUnload (PrivateData); + FreePool (PrivateData); + + return Status; +} + diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf b/NetworkPkg/= TlsAuthConfigDxe/TlsAuthConfigDxe.inf new file mode 100644 index 0000000..19f095e --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf @@ -0,0 +1,73 @@ +## @file +# Provides the capability to configure Tls Authentication in a setup brow= ser +# By this module, user may change the content of TlsCaCertificate. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BS= D License +# which accompanies this distribution. The full text of the license may be= found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TlsAuthConfigDxe + MODULE_UNI_FILE =3D TlsAuthConfigDxe.uni + FILE_GUID =3D 7ca1024f-eb17-11e5-9dba-28d2447c4829 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D TlsAuthConfigDxeDriverEntryPoint + UNLOAD_IMAGE =3D TlsAuthConfigDxeUnload + +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + =20 +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + NetworkPkg/NetworkPkg.dec + +[Sources] + TlsAuthConfigImpl.c + TlsAuthConfigImpl.h + TlsAuthConfigNvData.h + TlsAuthConfigDxe.c + TlsAuthConfigDxeStrings.uni + TlsAuthConfigVfr.vfr + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + DebugLib + HiiLib + DevicePathLib + UefiHiiServicesLib + FileExplorerLib + PrintLib + =20 +[Protocols] + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + gTlsAuthConfigGuid ## PRODUCES ## GUID + gEfiCertX509Guid ## CONSUMES ## GUID # In= dicate the cert type + gEfiIfrTianoGuid ## CONSUMES ## HII + gEfiTlsCaCertificateGuid ## PRODUCES ## GUID + +[Depex] + gEfiHiiConfigRoutingProtocolGuid AND + gEfiHiiDatabaseProtocolGuid + =20 +[UserExtensions.TianoCore."ExtraFiles"] + TlsAuthConfigDxeExtra.uni diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni b/NetworkPkg/= TlsAuthConfigDxe/TlsAuthConfigDxe.uni new file mode 100644 index 0000000..f99a14f --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni @@ -0,0 +1,21 @@ +// /** @file +// Provides the capability to configure Tls Authentication in a setup brow= ser +// +// By this module, user may change the content of TlsCaCertificate. +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the B= SD License +// which accompanies this distribution. The full text of the license may b= e found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides the capa= bility to configure Tls Authentication in a setup browser" + +#string STR_MODULE_DESCRIPTION #language en-US "By this module, u= ser may change the content of TlsCaCertificate." + diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni b/Networ= kPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni new file mode 100644 index 0000000..ee4c49f --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni @@ -0,0 +1,19 @@ +// /** @file +// TlsAuthConfigDxe Localized Strings and Content +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the B= SD License +// which accompanies this distribution. The full text of the license may b= e found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME=20 +#language en-US=20 +"TLS Auth Config DXE" + + diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni b/Netw= orkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni new file mode 100644 index 0000000..a8f7e43 --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni @@ -0,0 +1,39 @@ +/** @file + String definitions for Tls Authentication Configuration form. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#langdef en-US "English" + +#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls = Auth Configuration" +#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Pres= s to select Tls Auth Configuration." + +#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server C= A Configuration" +#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press to configure Server CA." +#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client = Cert Configuration" +#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client = cert configuration is unsupported currently." + +#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enro= ll Cert" =20 +#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Pres= s to enroll cert." +#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Dele= te Cert" =20 +#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Pres= s to delete cert." + +#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enro= ll Cert Using File" + +#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert= GUID" +#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Inpu= t digit character in 11111111-2222-3333-4444-1234567890ab format." +#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Comm= it Changes and Exit" +#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Disc= ard Changes and Exit" + +#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID= for CERT" + +#string STR_NULL #language en-US "" \ No newline at end of file diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/T= lsAuthConfigDxe/TlsAuthConfigImpl.c new file mode 100644 index 0000000..1132cac --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c @@ -0,0 +1,1841 @@ +/** @file + The Miscellaneous Routines for TlsAuthConfigDxe driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include "TlsAuthConfigImpl.h" + +VOID *mStartOpCodeHandle =3D NULL; +VOID *mEndOpCodeHandle =3D NULL; +EFI_IFR_GUID_LABEL *mStartLabel =3D NULL; +EFI_IFR_GUID_LABEL *mEndLabel =3D NULL; + + +CHAR16 mTlsAuthConfigStorageName[] =3D L"TLS_AUTH_CONFIG_= IFR_NVDATA"; + +TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData =3D NULL; + +HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath =3D { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + TLS_AUTH_CONFIG_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +// +// Possible DER-encoded certificate file suffixes, end with NULL pointer. +// +CHAR16* mDerPemEncodedSuffix[] =3D { + L".cer", + L".der", + L".crt", + L".pem", + NULL +}; + +/** + This code checks if the FileSuffix is one of the possible DER/PEM-encode= d certificate suffix. + + @param[in] FileSuffix The suffix of the input certificate fil= e + + @retval TRUE It's a DER/PEM-encoded certificate. + @retval FALSE It's NOT a DER/PEM-encoded certificate. + +**/ +BOOLEAN +IsDerPemEncodeCertificate ( + IN CONST CHAR16 *FileSuffix +) +{ + UINTN Index; + for (Index =3D 0; mDerPemEncodedSuffix[Index] !=3D NULL; Index++) { + if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) =3D=3D 0) { + return TRUE; + } + } + return FALSE; +} + +/** + Worker function that prints an EFI_GUID into specified Buffer. + + @param[in] Guid Pointer to GUID to print. + @param[in] Buffer Buffer to print Guid into. + @param[in] BufferSize Size of Buffer. + =20 + @retval Number of characters printed. + +**/ +UINTN +GuidToString ( + IN EFI_GUID *Guid, + IN CHAR16 *Buffer, + IN UINTN BufferSize + ) +{ + UINTN Size; + + Size =3D UnicodeSPrint ( + Buffer, + BufferSize,=20 + L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + (UINTN)Guid->Data1, =20 + (UINTN)Guid->Data2, + (UINTN)Guid->Data3, + (UINTN)Guid->Data4[0], + (UINTN)Guid->Data4[1], + (UINTN)Guid->Data4[2], + (UINTN)Guid->Data4[3], + (UINTN)Guid->Data4[4], + (UINTN)Guid->Data4[5], + (UINTN)Guid->Data4[6], + (UINTN)Guid->Data4[7] + ); + + // + // SPrint will null terminate the string. The -1 skips the null + // + return Size - 1; +} + +/** + Convert a String to Guid Value. + + @param[in] Str Specifies the String to be converted. + @param[in] StrLen Number of Unicode Characters of String (exclusiv= e \0) + @param[out] Guid Return the result Guid value. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval EFI_NOT_FOUND Invalid string. + +**/ +EFI_STATUS +StringToGuid ( + IN CHAR16 *Str,=20 + IN UINTN StrLen,=20 + OUT EFI_GUID *Guid + ) +{ + CHAR16 *PtrBuffer; + CHAR16 *PtrPosition; + UINT16 *Buffer; + UINTN Data; + UINTN Index; + UINT16 Digits[3]; + + Buffer =3D (CHAR16 *) AllocateZeroPool (sizeof (CHAR16) * (StrLen + 1)); + if (Buffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + StrCpyS (Buffer, (StrLen + 1), Str); + + // + // Data1 + // + PtrBuffer =3D Buffer; + PtrPosition =3D PtrBuffer;=20 + while (*PtrBuffer !=3D L'\0') { + if (*PtrBuffer =3D=3D L'-') { + break; + } + PtrBuffer++; + } + if (*PtrBuffer =3D=3D L'\0') { + FreePool (Buffer); + return EFI_NOT_FOUND; + } + + *PtrBuffer =3D L'\0'; + Data =3D StrHexToUintn (PtrPosition); + Guid->Data1 =3D (UINT32)Data; + + // + // Data2 + // + PtrBuffer++; + PtrPosition =3D PtrBuffer; + while (*PtrBuffer !=3D L'\0') { + if (*PtrBuffer =3D=3D L'-') { + break; + } + PtrBuffer++; + } + if (*PtrBuffer =3D=3D L'\0') { + FreePool (Buffer); + return EFI_NOT_FOUND; + } + *PtrBuffer =3D L'\0'; + Data =3D StrHexToUintn (PtrPosition); + Guid->Data2 =3D (UINT16)Data; + + // + // Data3 + // + PtrBuffer++; + PtrPosition =3D PtrBuffer; + while (*PtrBuffer !=3D L'\0') { + if (*PtrBuffer =3D=3D L'-') { + break; + } + PtrBuffer++; + } + if (*PtrBuffer =3D=3D L'\0') { + FreePool (Buffer); + return EFI_NOT_FOUND; + } + *PtrBuffer =3D L'\0'; + Data =3D StrHexToUintn (PtrPosition); + Guid->Data3 =3D (UINT16)Data; + + // + // Data4[0..1] + // + for ( Index =3D 0 ; Index < 2 ; Index++) { + PtrBuffer++; + if ((*PtrBuffer =3D=3D L'\0') || ( *(PtrBuffer + 1) =3D=3D L'\0')) { + FreePool (Buffer); + return EFI_NOT_FOUND; + } + Digits[0] =3D *PtrBuffer; + PtrBuffer++; + Digits[1] =3D *PtrBuffer; + Digits[2] =3D L'\0'; + Data =3D StrHexToUintn (Digits); + Guid->Data4[Index] =3D (UINT8)Data; + } + + // + // skip the '-' + // + PtrBuffer++; + if ((*PtrBuffer !=3D L'-' ) || ( *PtrBuffer =3D=3D L'\0')) { + return EFI_NOT_FOUND; + } + + // + // Data4[2..7] + // + for ( ; Index < 8; Index++) { + PtrBuffer++; + if ((*PtrBuffer =3D=3D L'\0') || ( *(PtrBuffer + 1) =3D=3D L'\0')) { + FreePool (Buffer); + return EFI_NOT_FOUND; + } + Digits[0] =3D *PtrBuffer; + PtrBuffer++; + Digits[1] =3D *PtrBuffer; + Digits[2] =3D L'\0'; + Data =3D StrHexToUintn (Digits); + Guid->Data4[Index] =3D (UINT8)Data; + } + + FreePool (Buffer); + =20 + return EFI_SUCCESS; +} + + +/** + List all cert in specified database by GUID in the page=20 + for user to select and delete as needed. + + @param[in] PrivateData Module's private data. + @param[in] VariableName The variable name of the vendor's sign= ature database. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] LabelNumber Label number to insert opcodes. + @param[in] FormId Form ID of current page. + @param[in] QuestionIdBase Base question id of the signature list= . + + @retval EFI_SUCCESS Success to update the signature list p= age + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. + +**/ +EFI_STATUS +UpdateDeletePage ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 LabelNumber, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase + ) +{ + EFI_STATUS Status; + UINT32 Index; + UINTN CertCount; + UINTN GuidIndex; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + UINTN DataSize; + UINT8 *Data; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINT32 ItemDataSize; + CHAR16 *GuidStr; + EFI_STRING_ID GuidID; + EFI_STRING_ID Help; + + Data =3D NULL; + CertList =3D NULL; + Cert =3D NULL; + GuidStr =3D NULL; + StartOpCodeHandle =3D NULL; + EndOpCodeHandle =3D NULL; + + // + // Initialize the container for dynamic opcodes. + // + StartOpCodeHandle =3D HiiAllocateOpCodeHandle (); + if (StartOpCodeHandle =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + EndOpCodeHandle =3D HiiAllocateOpCodeHandle (); + if (EndOpCodeHandle =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Create Hii Extend Label OpCode. + // + StartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + StartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + StartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number =3D LabelNumber; + + EndLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + EndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + EndLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number =3D LABEL_END; + + // + // Read Variable. + // + DataSize =3D 0; + Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, = Data); + if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + Data =3D (UINT8 *) AllocateZeroPool (DataSize); + if (Data =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, = Data); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + GuidStr =3D AllocateZeroPool (100); + if (GuidStr =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Enumerate all data. + // + ItemDataSize =3D (UINT32) DataSize; + CertList =3D (EFI_SIGNATURE_LIST *) Data; + GuidIndex =3D 0; + + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureListS= ize)) { + + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + Help =3D STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID); + } else { + // + // The signature type is not supported in current implementation. + // + ItemDataSize -=3D CertList->SignatureListSize; + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->= SignatureListSize); + continue; + } + + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LI= ST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index =3D 0; Index < CertCount; Index++) { + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + + sizeof (EFI_SIGNATURE_LIST= ) + + CertList->SignatureHeaderS= ize + + Index * CertList->Signatur= eSize); + // + // Display GUID and help + // + GuidToString (&Cert->SignatureOwner, GuidStr, 100); + GuidID =3D HiiSetString (Private->RegisteredHandle, 0, GuidStr, NUL= L); + HiiCreateCheckBoxOpCode ( + StartOpCodeHandle, + (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++), + 0, + 0, + GuidID, + Help, + EFI_IFR_FLAG_CALLBACK, + 0, + NULL + ); + } + + ItemDataSize -=3D CertList->SignatureListSize; + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->Si= gnatureListSize); + } + +ON_EXIT: + HiiUpdateForm ( + Private->RegisteredHandle, + &gTlsAuthConfigGuid, + FormId, + StartOpCodeHandle, + EndOpCodeHandle + ); + + if (StartOpCodeHandle !=3D NULL) { + HiiFreeOpCodeHandle (StartOpCodeHandle); + } + + if (EndOpCodeHandle !=3D NULL) { + HiiFreeOpCodeHandle (EndOpCodeHandle); + } + + if (Data !=3D NULL) { + FreePool (Data); + } + + if (GuidStr !=3D NULL) { + FreePool (GuidStr); + } + + return EFI_SUCCESS; +} + +/** + Delete one entry from cert database. + + @param[in] PrivateData Module's private data. + @param[in] VariableName The variable name of the database. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] LabelNumber Label number to insert opcodes. + @param[in] FormId Form ID of current page. + @param[in] QuestionIdBase Base question id of the cert list. + @param[in] DeleteIndex Cert index to delete. + + @retval EFI_SUCCESS Delete siganture successfully. + @retval EFI_NOT_FOUND Can't find the signature item, + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. +**/ +EFI_STATUS +DeleteCert ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 LabelNumber, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase, + IN UINTN DeleteIndex + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT8 *Data; + UINT8 *OldData; + UINT32 Attr; + UINT32 Index; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + UINT32 Offset; + BOOLEAN IsItemFound; + UINT32 ItemDataSize; + UINTN GuidIndex; + + Data =3D NULL; + OldData =3D NULL; + CertList =3D NULL; + Cert =3D NULL; + Attr =3D 0; + + // + // Get original signature list data. + // + DataSize =3D 0; + Status =3D gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, = NULL); + if (EFI_ERROR (Status) && Status !=3D EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + OldData =3D (UINT8 *) AllocateZeroPool (DataSize); + if (OldData =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + Status =3D gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize,= OldData); + if (EFI_ERROR(Status)) { + goto ON_EXIT; + } + + // + // Allocate space for new variable. + // + Data =3D (UINT8*) AllocateZeroPool (DataSize); + if (Data =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Enumerate all data and erasing the target item. + // + IsItemFound =3D FALSE; + ItemDataSize =3D (UINT32) DataSize; + CertList =3D (EFI_SIGNATURE_LIST *) OldData; + Offset =3D 0; + GuidIndex =3D 0; + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureListS= ize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + // + // Copy EFI_SIGNATURE_LIST header then calculate the signature count= in this list. + // + CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + Cert= List->SignatureHeaderSize)); + NewCertList =3D (EFI_SIGNATURE_LIST*) (Data + Offset); + Offset +=3D (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderS= ize); + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (E= FI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_= LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index =3D 0; Index < CertCount; Index++) { + if (GuidIndex =3D=3D DeleteIndex) { + // + // Find it! Skip it! + // + NewCertList->SignatureListSize -=3D CertList->SignatureSize; + IsItemFound =3D TRUE; + } else { + // + // This item doesn't match. Copy it to the Data buffer. + // + CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize)= ; + Offset +=3D CertList->SignatureSize; + } + GuidIndex++; + Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->Signat= ureSize); + } + } else { + // + // This List doesn't match. Just copy it to the Data buffer. + // + CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListS= ize); + Offset +=3D CertList->SignatureListSize; + } + + ItemDataSize -=3D CertList->SignatureListSize; + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->Si= gnatureListSize); + } + + if (!IsItemFound) { + // + // Doesn't find the signature Item! + // + Status =3D EFI_NOT_FOUND; + goto ON_EXIT; + } + + // + // Delete the EFI_SIGNATURE_LIST header if there is no signature in the = list. + // + ItemDataSize =3D Offset; + CertList =3D (EFI_SIGNATURE_LIST *) Data; + Offset =3D 0; + ZeroMem (OldData, ItemDataSize); + while ((ItemDataSize > 0) && (ItemDataSize >=3D CertList->SignatureListS= ize)) { + CertCount =3D (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LI= ST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + DEBUG ((DEBUG_INFO, " CertCount =3D %x\n", CertCount)); + if (CertCount !=3D 0) { + CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureLi= stSize); + Offset +=3D CertList->SignatureListSize; + } + ItemDataSize -=3D CertList->SignatureListSize; + CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->Si= gnatureListSize); + } + + DataSize =3D Offset; + + Status =3D gRT->SetVariable( + VariableName, + VendorGuid, + Attr, + DataSize, + OldData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to set variable, Status =3D %r\n", Status= )); + goto ON_EXIT; + } + +ON_EXIT: + if (Data !=3D NULL) { + FreePool(Data); + } + + if (OldData !=3D NULL) { + FreePool(OldData); + } + + return UpdateDeletePage ( + Private, + VariableName, + VendorGuid, + LabelNumber, + FormId, + QuestionIdBase + ); +} + + +/** + Close an open file handle. + + @param[in] FileHandle The file handle to close. + =20 +**/ +VOID +CloseFile ( + IN EFI_FILE_HANDLE FileHandle + ) +{ + if (FileHandle !=3D NULL) { + FileHandle->Close (FileHandle); =20 + } +} + +/** + Read file content into BufferPtr, the size of the allocate buffer=20 + is *FileSize plus AddtionAllocateSize. + + @param[in] FileHandle The file to be read. + @param[in, out] BufferPtr Pointers to the pointer of alloca= ted buffer. + @param[out] FileSize Size of input file + @param[in] AddtionAllocateSize Addtion size the buffer need to b= e allocated.=20 + In case the buffer need to contai= n others besides the file content. + =20 + @retval EFI_SUCCESS The file was read into the buffer= . + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_OUT_OF_RESOURCES A memory allocation failed. + @retval others Unexpected error. + +**/ +EFI_STATUS +ReadFileContent ( + IN EFI_FILE_HANDLE FileHandle, + IN OUT VOID **BufferPtr, + OUT UINTN *FileSize, + IN UINTN AddtionAllocateSize + ) + +{ + UINTN BufferSize; + UINT64 SourceFileSize; + VOID *Buffer; + EFI_STATUS Status; + + if ((FileHandle =3D=3D NULL) || (FileSize =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + Buffer =3D NULL; + + // + // Get the file size + // + Status =3D FileHandle->SetPosition (FileHandle, (UINT64) -1); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + Status =3D FileHandle->GetPosition (FileHandle, &SourceFileSize); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + =20 + Status =3D FileHandle->SetPosition (FileHandle, 0); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + BufferSize =3D (UINTN) SourceFileSize + AddtionAllocateSize; + Buffer =3D AllocateZeroPool(BufferSize); + if (Buffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + BufferSize =3D (UINTN) SourceFileSize; + *FileSize =3D BufferSize; + + Status =3D FileHandle->Read (FileHandle, &BufferSize, Buffer); + if (EFI_ERROR (Status) || BufferSize !=3D *FileSize) { + FreePool (Buffer); + Buffer =3D NULL; + Status =3D EFI_BAD_BUFFER_SIZE; + goto ON_EXIT; + } + +ON_EXIT: + =20 + *BufferPtr =3D Buffer; + return Status; +} + +/** + This function will open a file or directory referenced by DevicePath. + + This function opens a file with the open mode according to the file path= . The + Attributes is valid only for EFI_FILE_MODE_CREATE. + + @param[in, out] FilePath On input, the device path to the file. + On output, the remaining device path. + @param[out] FileHandle Pointer to the file handle. + @param[in] OpenMode The mode to open the file with. + @param[in] Attributes The file's file attributes. + + @retval EFI_SUCCESS The information was set. + @retval EFI_INVALID_PARAMETER One of the parameters has an invalid va= lue. + @retval EFI_UNSUPPORTED Could not open the file path. + @retval EFI_NOT_FOUND The specified file could not be found o= n the + device or the file system could not be = found on + the device. + @retval EFI_NO_MEDIA The device has no medium. + @retval EFI_MEDIA_CHANGED The device has a different medium in it= or the + medium is no longer supported. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_VOLUME_CORRUPTED The file system structures are corrupte= d. + @retval EFI_WRITE_PROTECTED The file or medium is write protected. + @retval EFI_ACCESS_DENIED The file was opened read only. + @retval EFI_OUT_OF_RESOURCES Not enough resources were available to = open the + file. + @retval EFI_VOLUME_FULL The volume is full. +**/ +EFI_STATUS +EFIAPI +OpenFileByDevicePath ( + IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath, + OUT EFI_FILE_HANDLE *FileHandle, + IN UINT64 OpenMode, + IN UINT64 Attributes + ) +{ + EFI_STATUS Status; + EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol; + EFI_FILE_PROTOCOL *Handle1; + EFI_FILE_PROTOCOL *Handle2; + EFI_HANDLE DeviceHandle; + + if ((FilePath =3D=3D NULL || FileHandle =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status =3D gBS->LocateDevicePath ( + &gEfiSimpleFileSystemProtocolGuid, + FilePath, + &DeviceHandle + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status =3D gBS->OpenProtocol( + DeviceHandle, + &gEfiSimpleFileSystemProtocolGuid, + (VOID**)&EfiSimpleFileSystemProtocol, + gImageHandle, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status =3D EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemPr= otocol, &Handle1); + if (EFI_ERROR (Status)) { + FileHandle =3D NULL; + return Status; + } + + // + // go down directories one node at a time. + // + while (!IsDevicePathEnd (*FilePath)) { + // + // For file system access each node should be a file path component + // + if (DevicePathType (*FilePath) !=3D MEDIA_DEVICE_PATH || + DevicePathSubType (*FilePath) !=3D MEDIA_FILEPATH_DP + ) { + FileHandle =3D NULL; + return (EFI_INVALID_PARAMETER); + } + // + // Open this file path node + // + Handle2 =3D Handle1; + Handle1 =3D NULL; + + // + // Try to test opening an existing file + // + Status =3D Handle2->Open ( + Handle2, + &Handle1, + ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, + OpenMode &~EFI_FILE_MODE_CREATE, + 0 + ); + + // + // see if the error was that it needs to be created + // + if ((EFI_ERROR (Status)) && (OpenMode !=3D (OpenMode &~EFI_FILE_MODE_C= REATE))) { + Status =3D Handle2->Open ( + Handle2, + &Handle1, + ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName, + OpenMode, + Attributes + ); + } + // + // Close the last node + // + Handle2->Close (Handle2); + + if (EFI_ERROR(Status)) { + return (Status); + } + + // + // Get the next node + // + *FilePath =3D NextDevicePathNode (*FilePath); + } + + // + // This is a weak spot since if the undefined SHELL_FILE_HANDLE format c= hanges this must change also! + // + *FileHandle =3D (VOID*)Handle1; + return EFI_SUCCESS; +} + +/** + This function converts an input device structure to a Unicode string. + + @param[in] DevPath A pointer to the device path structu= re. + + @return A new allocated Unicode string that represents the device path. + +**/ +CHAR16 * +EFIAPI +DevicePathToStr ( + IN EFI_DEVICE_PATH_PROTOCOL *DevPath + ) +{ + return ConvertDevicePathToText ( + DevPath, + FALSE, + TRUE + ); +} + + +/** + Extract filename from device path. The returned buffer is allocated usin= g AllocateCopyPool. + The caller is responsible for freeing the allocated buffer using FreePoo= l(). If return NULL + means not enough memory resource. + + @param DevicePath Device path. + + @retval NULL Not enough memory resourece for AllocateCopyPool= . + @retval Other A new allocated string that represents the file = name. + +**/ +CHAR16 * +ExtractFileNameFromDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath + ) +{ + CHAR16 *String; + CHAR16 *MatchString; + CHAR16 *LastMatch; + CHAR16 *FileName; + UINTN Length; + + ASSERT(DevicePath !=3D NULL); + + String =3D DevicePathToStr(DevicePath); + MatchString =3D String; + LastMatch =3D String; + FileName =3D NULL; + + while(MatchString !=3D NULL){ + LastMatch =3D MatchString + 1; + MatchString =3D StrStr(LastMatch,L"\\"); + } + + Length =3D StrLen(LastMatch); + FileName =3D AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch)= ; + if (FileName !=3D NULL) { + *(FileName + Length) =3D 0; + } + + FreePool(String); + + return FileName; +} + +/** + Enroll a new X509 certificate into Variable. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of CA database. + + @retval EFI_SUCCESS New X509 is enrolled successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollX509toVariable ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + EFI_SIGNATURE_LIST *CACert; + EFI_SIGNATURE_DATA *CACertData; + VOID *Data; + UINTN DataSize; + UINTN SigDataSize; + UINT32 Attr; + + X509DataSize =3D 0; + SigDataSize =3D 0; + DataSize =3D 0; + X509Data =3D NULL; + CACert =3D NULL; + CACertData =3D NULL; + Data =3D NULL; + + Status =3D ReadFileContent ( + Private->FileContext->FHandle, + &X509Data, + &X509DataSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (X509Data !=3D NULL); + + SigDataSize =3D sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) = - 1 + X509DataSize; + + Data =3D AllocateZeroPool (SigDataSize); + if (Data =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Fill Certificate Database parameters. + // + CACert =3D (EFI_SIGNATURE_LIST*) Data; + CACert->SignatureListSize =3D (UINT32) SigDataSize; + CACert->SignatureHeaderSize =3D 0; + CACert->SignatureSize =3D (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X50= 9DataSize); + CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid); + + CACertData =3D (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIG= NATURE_LIST)); + CopyGuid (&CACertData->SignatureOwner, Private->CertGuid); + CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize); + + // + // Check if signature database entry has been already existed. + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the + // new signature data to original variable + // + Attr =3D TLS_AUTH_CONFIG_VAR_BASE_ATTR; + + Status =3D gRT->GetVariable( + VariableName, + &gEfiTlsCaCertificateGuid, + NULL, + &DataSize, + NULL + ); + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { + Attr |=3D EFI_VARIABLE_APPEND_WRITE; + } else if (Status !=3D EFI_NOT_FOUND) { + goto ON_EXIT; + } + + Status =3D gRT->SetVariable( + VariableName, + &gEfiTlsCaCertificateGuid, + Attr, + SigDataSize, + Data + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + +ON_EXIT: + + CloseFile (Private->FileContext->FHandle); + if (Private->FileContext->FileName !=3D NULL) { + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName =3D NULL; + } + + Private->FileContext->FHandle =3D NULL; + + if (Private->CertGuid !=3D NULL) { + FreePool (Private->CertGuid); + Private->CertGuid =3D NULL; + } + + if (Data !=3D NULL) { + FreePool (Data); + } + + if (X509Data !=3D NULL) { + FreePool (X509Data); + } + + return Status; +} + +/** + Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of signature database. + + @retval EFI_SUCCESS New Cert enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED The Cert file is unsupported type. + @retval others Fail to enroll Cert data. + +**/ +EFI_STATUS +EnrollCertDatabase ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + UINT16* FilePostFix; + UINTN NameLength; + + if ((Private->FileContext->FileName =3D=3D NULL) || (Private->FileContex= t->FHandle =3D=3D NULL) || (Private->CertGuid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Parse the file's postfix. + // + NameLength =3D StrLen (Private->FileContext->FileName); + if (NameLength <=3D 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix =3D Private->FileContext->FileName + NameLength - 4; + + if (IsDerPemEncodeCertificate (FilePostFix)) { + // + // Supports DER-encoded X509 certificate. + // + return EnrollX509toVariable (Private, VariableName); + } + + return EFI_UNSUPPORTED; +} + +/** + Refresh the global UpdateData structure. + +**/ +VOID +RefreshUpdateData ( + VOID + ) +{ + // + // Free current updated date + // + if (mStartOpCodeHandle !=3D NULL) { + HiiFreeOpCodeHandle (mStartOpCodeHandle); + } + + // + // Create new OpCode Handle + // + mStartOpCodeHandle =3D HiiAllocateOpCodeHandle (); + + // + // Create Hii Extend Label OpCode as the start opcode + // + mStartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + mStartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; +} + +/** + Clean up the dynamic opcode at label and form specified by both LabelId. + + @param[in] LabelId It is both the Form ID and Label ID for opcod= e deletion. + @param[in] PrivateData Module private data. + +**/ +VOID +CleanUpPage ( + IN UINT16 LabelId, + IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + RefreshUpdateData (); + + // + // Remove all op-codes from dynamic page + // + mStartLabel->Number =3D LabelId; + HiiUpdateForm ( + PrivateData->RegisteredHandle, + &gTlsAuthConfigGuid, + LabelId, + mStartOpCodeHandle, // Label LabelId + mEndOpCodeHandle // LABEL_END + ); +} + +/** + Update the form base on the selected file. + + @param FilePath Point to the file path. + @param FormId The form need to display. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. + +**/ +BOOLEAN +UpdatePage( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath, + IN EFI_FORM_ID FormId + ) +{ + CHAR16 *FileName; + EFI_STRING_ID StringToken; + + FileName =3D NULL; + + if (FilePath !=3D NULL) { + FileName =3D ExtractFileNameFromDevicePath(FilePath); + } + if (FileName =3D=3D NULL) { + // + // FileName =3D NULL has two case: + // 1. FilePath =3D=3D NULL, not select file. + // 2. FilePath !=3D NULL, but ExtractFileNameFromDevicePath return NUL= L not enough memory resource. + // In these two case, no need to update the form, and exit the caller = function. + // + return TRUE; + } + StringToken =3D HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0,= FileName, NULL); + + mTlsAuthPrivateData->FileContext->FileName =3D FileName; + + OpenFileByDevicePath ( + &FilePath, + &mTlsAuthPrivateData->FileContext->FHandle, + EFI_FILE_MODE_READ, + 0 + ); + // + // Create Subtitle op-code for the display string of the option. + // + RefreshUpdateData (); + mStartLabel->Number =3D FormId; + + HiiCreateSubTitleOpCode ( + mStartOpCodeHandle, + StringToken, + 0, + 0, + 0 + ); + + HiiUpdateForm ( + mTlsAuthPrivateData->RegisteredHandle, + &gTlsAuthConfigGuid, + FormId, + mStartOpCodeHandle, /// Label FormId + mEndOpCodeHandle /// LABEL_END + ); + + return TRUE; +} + +/** + Update the form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +UpdateCAFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM); +} + +/** + Unload the configuration form, this includes: delete all the configurati= on + entries, uninstall the form callback protocol, and free the resources us= ed. + + @param[in] Private Pointer to the driver private data. + + @retval EFI_SUCCESS The configuration form is unloaded. + @retval Others Failed to unload the form. + +**/ +EFI_STATUS +TlsAuthConfigFormUnload ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private + ) +{ + if (Private->DriverHandle !=3D NULL) { + // + // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL + // + gBS->UninstallMultipleProtocolInterfaces ( + Private->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTlsAuthConfigHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &Private->ConfigAccess, + NULL + ); + Private->DriverHandle =3D NULL; + } + + if (Private->RegisteredHandle !=3D NULL) { + // + // Remove HII package list + // + HiiRemovePackages (Private->RegisteredHandle); + Private->RegisteredHandle =3D NULL; + } + + if (Private->CertGuid !=3D NULL) { + FreePool (Private->CertGuid); + } + + if (Private->FileContext !=3D NULL) { + FreePool (Private->FileContext); + } + + FreePool (Private); + + if (mStartOpCodeHandle !=3D NULL) { + HiiFreeOpCodeHandle (mStartOpCodeHandle); + } + + if (mEndOpCodeHandle !=3D NULL) { + HiiFreeOpCodeHandle (mEndOpCodeHandle); + } + + return EFI_SUCCESS; +} + + +/** + Initialize the configuration form. + + @param[in] Private Pointer to the driver private data. + + @retval EFI_SUCCESS The configuration form is initialized. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + +**/ +EFI_STATUS +TlsAuthConfigFormInit ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private + ) +{ + EFI_STATUS Status; + + Private->Signature =3D TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE; + =20 + Private->ConfigAccess.ExtractConfig =3D TlsAuthConfigAccessExtractConfig= ; + Private->ConfigAccess.RouteConfig =3D TlsAuthConfigAccessRouteConfig; + Private->ConfigAccess.Callback =3D TlsAuthConfigAccessCallback; + + // + // Install Device Path Protocol and Config Access protocol to driver han= dle. + // + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &Private->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTlsAuthConfigHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &Private->ConfigAccess, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + =20 + // + // Publish our HII data. + // + Private->RegisteredHandle =3D HiiAddPackages ( + &gTlsAuthConfigGuid, + Private->DriverHandle, + TlsAuthConfigDxeStrings, + TlsAuthConfigVfrBin, + NULL + ); + if (Private->RegisteredHandle =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Error; + } + + Private->FileContext =3D AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_= CONTEXT)); + if (Private->FileContext =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Error; + } + + // + // Init OpCode Handle and Allocate space for creation of Buffer + // + mStartOpCodeHandle =3D HiiAllocateOpCodeHandle (); + if (mStartOpCodeHandle =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Error; + } + + mEndOpCodeHandle =3D HiiAllocateOpCodeHandle (); + if (mEndOpCodeHandle =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Error; + } + + // + // Create Hii Extend Label OpCode as the start opcode + // + mStartLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + mStartLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; + + // + // Create Hii Extend Label OpCode as the end opcode + // + mEndLabel =3D (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mEndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + mEndLabel->ExtendOpCode =3D EFI_IFR_EXTEND_OP_LABEL; + mEndLabel->Number =3D LABEL_END; + + return EFI_SUCCESS; + =20 +Error: + TlsAuthConfigFormUnload (Private); + return Status; +} + +/** + =20 + This function allows the caller to request the current + configuration for one or more named elements. The resulting + string is in format. Any and all alternative + configuration strings shall also be appended to the end of the + current configuration string. If they are, they must appear + after the current configuration. They must contain the same + routing (GUID, NAME, PATH) as the current configuration string. + They must have an additional description indicating the type of + alternative configuration the string represents, + "ALTCFG=3D". That (when + converted from Hex UNICODE to binary) is a reference to a + string in the associated string pack. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + + @param Request A null-terminated Unicode string in + format. Note that this + includes the routing information as well as + the configurable name / value pairs. It is + invalid for this string to be in + format.=20 + If a NULL is passed in for the Request field,=20 + all of the settings being abstracted by this function= =20 + will be returned in the Results field. In addition,=20 + if a ConfigHdr is passed in with no request elements,= =20 + all of the settings being abstracted for that particul= ar=20 + ConfigHdr reference will be returned in the Results Fi= eld. + + @param Progress On return, points to a character in the + Request string. Points to the string's null + terminator if request was successful. Points + to the most recent "&" before the first + failing name / value pair (or the beginning + of the string if the failure is in the first + name / value pair) if the request was not + successful. + + @param Results A null-terminated Unicode string in + format which has all values + filled in for the names in the Request string. + String to be allocated by the called function. + + @retval EFI_SUCCESS The Results string is filled with the + values corresponding to all requested + names. + + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the + parts of the results that must be + stored awaiting possible future + protocols. + + @retval EFI_NOT_FOUND Routing data doesn't match any + known driver. Progress set to the + first character in the routing header. + Note: There is no requirement that the + driver validate the routing data. It + must skip the in order to + process the names. + + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set + to most recent "&" before the + error or the beginning of the + string. + + @retval EFI_INVALID_PARAMETER Unknown name. Progress points + to the & before the name in + question. + +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigAccessExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + UINTN Size; + EFI_STRING ConfigRequest; + EFI_STRING ConfigRequestHdr; + TLS_AUTH_CONFIG_PRIVATE_DATA *Private; + BOOLEAN AllocatedRequest; + + if (Progress =3D=3D NULL || Results =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + AllocatedRequest =3D FALSE; + ConfigRequestHdr =3D NULL; + ConfigRequest =3D NULL; + Size =3D 0; + + Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); + + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); + ZeroMem (&Private->TlsAuthConfigNvData, BufferSize); + =20 + *Progress =3D Request; + + if ((Request !=3D NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfi= gGuid, mTlsAuthConfigStorageName)) { + return EFI_NOT_FOUND; + } + =20 + ConfigRequest =3D Request; + if ((Request =3D=3D NULL) || (StrStr (Request, L"OFFSET") =3D=3D NULL)) = { + // + // Request is set to NULL or OFFSET is NULL, construct full request st= ring. + // + // Allocate and fill a buffer large enough to hold the tem= plate + // followed by "&OFFSET=3D0&WIDTH=3DWWWWWWWWWWWWWWWW" followed by a Nu= ll-terminator + // + ConfigRequestHdr =3D HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsA= uthConfigStorageName, Private->DriverHandle); + Size =3D (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest =3D AllocateZeroPool (Size); + ASSERT (ConfigRequest !=3D NULL); + AllocatedRequest =3D TRUE; + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=3D0&WIDTH=3D%016LX", C= onfigRequestHdr, (UINT64)BufferSize); + FreePool (ConfigRequestHdr); + ConfigRequestHdr =3D NULL; + } + + Status =3D gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (UINT8 *) &Private->TlsAuthConfigNvData, + BufferSize, + Results, + Progress + ); + + // + // Free the allocated config request string. + // + if (AllocatedRequest) { + FreePool (ConfigRequest); + } + + // + // Set Progress string to the original request string. + // + if (Request =3D=3D NULL) { + *Progress =3D NULL; + } else if (StrStr (Request, L"OFFSET") =3D=3D NULL) { + *Progress =3D Request + StrLen (Request); + } + + return Status; +} + +/** + =20 + This function applies changes in a driver's configuration. + Input is a Configuration, which has the routing data for this + driver followed by name / value configuration pairs. The driver + must apply those pairs to its configurable storage. If the + driver's configuration is stored in a linear block of data + and the driver's name / value pairs are in + format, it may use the ConfigToBlock helper function (above) to + simplify the job. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + + @param Configuration A null-terminated Unicode string in + format.=20 + =20 + @param Progress A pointer to a string filled in with the + offset of the most recent '&' before the + first failing name / value pair (or the + beginn ing of the string if the failure + is in the first name / value pair) or + the terminating NULL if all was + successful. + + @retval EFI_SUCCESS The results have been distributed or are + awaiting distribution. + =20 + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the + parts of the results that must be + stored awaiting possible future + protocols. + =20 + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the + Results parameter would result + in this type of error. + =20 + @retval EFI_NOT_FOUND Target for the specified routing data + was not found + +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigAccessRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + TLS_AUTH_CONFIG_PRIVATE_DATA *Private; + + if (Progress =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + *Progress =3D Configuration; + + if (Configuration =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Check routing data in . + // Note: there is no name for Name/Value storage, only GUID will be chec= ked + // + if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthCo= nfigStorageName)) { + return EFI_NOT_FOUND; + } + + Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); + =20 + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); + ZeroMem (&Private->TlsAuthConfigNvData, BufferSize); + + Status =3D gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *) &Private->TlsAuthConfigNvData, + &BufferSize, + Progress + ); + if (EFI_ERROR (Status)) { + return Status; + } + + return Status; +} =20 + +/** + =20 + This function is called to provide results data to the driver. + This data consists of a unique key that is used to identify + which data is either being passed back or being asked for. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. + @param Action Specifies the type of action taken by the= browser. + @param QuestionId A unique value which is sent to the origi= nal + exporting driver so that it can identify = the type + of data to expect. The format of the data= tends to=20 + vary based on the opcode that generated t= he callback. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the o= riginal + exporting driver. + @param ActionRequest On return, points to the action requested= by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the act= ion. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold t= he + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by = the + callback. +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigAccessCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN OUT EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + EFI_INPUT_KEY Key; + EFI_STATUS Status; + TLS_AUTH_CONFIG_PRIVATE_DATA *Private; + UINTN BufferSize; + TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData; + UINT16 LabelId; + EFI_DEVICE_PATH_PROTOCOL *File; + + Status =3D EFI_SUCCESS; + File =3D NULL; + + if ((This =3D=3D NULL) || (Value =3D=3D NULL) || (ActionRequest =3D=3D N= ULL)) { + return EFI_INVALID_PARAMETER; + } + =20 + Private =3D TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This); + + mTlsAuthPrivateData =3D Private; + + // + // Retrieve uncommitted data from Browser + // + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); + IfrNvData =3D AllocateZeroPool (BufferSize); + if (IfrNvData =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Buffe= rSize, (UINT8 *) IfrNvData); + + if ((Action !=3D EFI_BROWSER_ACTION_CHANGED) && + (Action !=3D EFI_BROWSER_ACTION_CHANGING)) { + Status =3D EFI_UNSUPPORTED; + goto EXIT; + } + + if (Action =3D=3D EFI_BROWSER_ACTION_CHANGING) { + switch (QuestionId) { + case KEY_TLS_AUTH_CONFIG_CLIENT_CERT: + case KEY_TLS_AUTH_CONFIG_SERVER_CA: + // + // Clear Cert GUID. + // + ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid)); + if (Private->CertGuid =3D=3D NULL) { + Private->CertGuid =3D (EFI_GUID *) AllocateZeroPool (sizeof (EFI_G= UID)); + if (Private->CertGuid =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + } + if (QuestionId =3D=3D KEY_TLS_AUTH_CONFIG_CLIENT_CERT) { + LabelId =3D TLS_AUTH_CONFIG_FORMID3_FORM; + } else if (QuestionId =3D=3D KEY_TLS_AUTH_CONFIG_SERVER_CA) { + LabelId =3D TLS_AUTH_CONFIG_FORMID4_FORM; + } + + // + // Refresh selected file. + // + CleanUpPage (LabelId, Private); + break; + case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE: + ChooseFile( NULL, NULL, (CHOOSE_HANDLER) UpdateCAFromFile, &File); + break; + + case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT: + Status =3D EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIA= BLE); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Enroll Cert Failure!", + NULL + ); + } + break; + + case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT: + if (Private->FileContext->FHandle !=3D NULL) { + CloseFile (Private->FileContext->FHandle); + Private->FileContext->FHandle =3D NULL; + if (Private->FileContext->FileName!=3D NULL){ + FreePool(Private->FileContext->FileName); + Private->FileContext->FileName =3D NULL; + } + } + + if (Private->CertGuid!=3D NULL) { + FreePool (Private->CertGuid); + Private->CertGuid =3D NULL; + } + break; + + case KEY_TLS_AUTH_CONFIG_DELETE_CERT: + UpdateDeletePage ( + Private, + EFI_TLS_CA_CERTIFICATE_VARIABLE, + &gEfiTlsCaCertificateGuid, + LABEL_CA_DELETE, + TLS_AUTH_CONFIG_FORMID5_FORM, + OPTION_DEL_CA_ESTION_ID + ); + break; + =20 + default: + if ((QuestionId >=3D OPTION_DEL_CA_ESTION_ID) && + (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RA= NGE))) { + DeleteCert ( + Private, + EFI_TLS_CA_CERTIFICATE_VARIABLE, + &gEfiTlsCaCertificateGuid, + LABEL_CA_DELETE, + TLS_AUTH_CONFIG_FORMID5_FORM, + OPTION_DEL_CA_ESTION_ID, + QuestionId - OPTION_DEL_CA_ESTION_ID + ); + } + break; + } + } else if (Action =3D=3D EFI_BROWSER_ACTION_CHANGED) { + switch (QuestionId) { + case KEY_TLS_AUTH_CONFIG_CERT_GUID: + ASSERT (Private->CertGuid !=3D NULL); + Status =3D StringToGuid ( + IfrNvData->CertGuid, + StrLen (IfrNvData->CertGuid), + Private->CertGuid + ); + if (EFI_ERROR (Status)) { + break; + } + + *ActionRequest =3D EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + break; + default: + break; + } + } + =20 +EXIT: + + if (!EFI_ERROR (Status)) { + BufferSize =3D sizeof (TLS_AUTH_CONFIG_IFR_NVDATA); + HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Buf= ferSize, (UINT8*) IfrNvData, NULL); + } + + FreePool (IfrNvData); + + if (File !=3D NULL){ + FreePool(File); + File =3D NULL; + } + + return EFI_SUCCESS; + +} diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h b/NetworkPkg/T= lsAuthConfigDxe/TlsAuthConfigImpl.h new file mode 100644 index 0000000..398f7b6 --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h @@ -0,0 +1,282 @@ +/** @file + Header file of Miscellaneous Routines for TlsAuthConfigDxe driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __TLS_AUTH_CONFIG_IMPL_H__ +#define __TLS_AUTH_CONFIG_IMPL_H__ + +#include + +#include +#include + +// +// Libraries +// +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + + +// +// Include files with function prototypes +// +#include "TlsAuthConfigNvData.h" + +extern UINT8 TlsAuthConfigDxeStrings[]; +extern UINT8 TlsAuthConfigVfrBin[]; + +#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', = 'C', 'D') +#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_P= RIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE) + +#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VA= RIABLE_BOOTSERVICE_ACCESS) + +typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_= DATA; +typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CON= TEXT; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +struct _TLS_AUTH_CONFIG_FILE_CONTEXT { + EFI_FILE_HANDLE FHandle; + UINT16 *FileName; +}; + +struct _TLS_AUTH_CONFIG_PRIVATE_DATA { + UINTN Signature; + + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE RegisteredHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData; + + TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext; + + EFI_GUID *CertGuid; +}; + +/** + Unload the configuration form, this includes: delete all the configurati= on + entries, uninstall the form callback protocol, and free the resources us= ed. + The form will only be unload completely when both IP4 and IP6 stack are = stopped. + + @param[in] Private Pointer to the driver private data. + + @retval EFI_SUCCESS The configuration form is unloaded. + @retval Others Failed to unload the form. + +**/ +EFI_STATUS +TlsAuthConfigFormUnload ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private + ); + +/** + Initialize the configuration form. + + @param[in] Private Pointer to the driver private data. + + @retval EFI_SUCCESS The configuration form is initialized. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + +**/ +EFI_STATUS +TlsAuthConfigFormInit ( + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private + ); + +/** + =20 + This function allows the caller to request the current + configuration for one or more named elements. The resulting + string is in format. Any and all alternative + configuration strings shall also be appended to the end of the + current configuration string. If they are, they must appear + after the current configuration. They must contain the same + routing (GUID, NAME, PATH) as the current configuration string. + They must have an additional description indicating the type of + alternative configuration the string represents, + "ALTCFG=3D". That (when + converted from Hex UNICODE to binary) is a reference to a + string in the associated string pack. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + + @param Request A null-terminated Unicode string in + format. Note that this + includes the routing information as well as + the configurable name / value pairs. It is + invalid for this string to be in + format.=20 + If a NULL is passed in for the Request field,=20 + all of the settings being abstracted by this function= =20 + will be returned in the Results field. In addition,=20 + if a ConfigHdr is passed in with no request elements,= =20 + all of the settings being abstracted for that particul= ar=20 + ConfigHdr reference will be returned in the Results Fi= eld. + + @param Progress On return, points to a character in the + Request string. Points to the string's null + terminator if request was successful. Points + to the most recent "&" before the first + failing name / value pair (or the beginning + of the string if the failure is in the first + name / value pair) if the request was not + successful. + + @param Results A null-terminated Unicode string in + format which has all values + filled in for the names in the Request string. + String to be allocated by the called function. + + @retval EFI_SUCCESS The Results string is filled with the + values corresponding to all requested + names. + + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the + parts of the results that must be + stored awaiting possible future + protocols. + + @retval EFI_NOT_FOUND Routing data doesn't match any + known driver. Progress set to the + first character in the routing header. + Note: There is no requirement that the + driver validate the routing data. It + must skip the in order to + process the names. + + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set + to most recent "&" before the + error or the beginning of the + string. + + @retval EFI_INVALID_PARAMETER Unknown name. Progress points + to the & before the name in + question. + +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigAccessExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ); + +/** + =20 + This function applies changes in a driver's configuration. + Input is a Configuration, which has the routing data for this + driver followed by name / value configuration pairs. The driver + must apply those pairs to its configurable storage. If the + driver's configuration is stored in a linear block of data + and the driver's name / value pairs are in + format, it may use the ConfigToBlock helper function (above) to + simplify the job. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + + @param Configuration A null-terminated Unicode string in + format.=20 + =20 + @param Progress A pointer to a string filled in with the + offset of the most recent '&' before the + first failing name / value pair (or the + beginn ing of the string if the failure + is in the first name / value pair) or + the terminating NULL if all was + successful. + + @retval EFI_SUCCESS The results have been distributed or are + awaiting distribution. + =20 + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the + parts of the results that must be + stored awaiting possible future + protocols. + =20 + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the + Results parameter would result + in this type of error. + =20 + @retval EFI_NOT_FOUND Target for the specified routing data + was not found + +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigAccessRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ); =20 + +/** + =20 + This function is called to provide results data to the driver. + This data consists of a unique key that is used to identify + which data is either being passed back or being asked for. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTO= COL. + @param Action Specifies the type of action taken by the= browser. + @param QuestionId A unique value which is sent to the origi= nal + exporting driver so that it can identify = the type + of data to expect. The format of the data= tends to=20 + vary based on the opcode that generated t= he callback. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the o= riginal + exporting driver. + @param ActionRequest On return, points to the action requested= by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the act= ion. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold t= he + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by = the + callback. +**/ +EFI_STATUS +EFIAPI +TlsAuthConfigAccessCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN OUT EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ); + +#endif + diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h b/NetworkPkg= /TlsAuthConfigDxe/TlsAuthConfigNvData.h new file mode 100644 index 0000000..f453201 --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h @@ -0,0 +1,49 @@ +/** @file + Header file for NV data structure definition. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__ +#define __TLS_AUTH_CONFIG_NV_DATA_H__ + +#include + +#define TLS_AUTH_CONFIG_GUID_SIZE 36 +#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37 + +#define TLS_AUTH_CONFIG_FORMID1_FORM 1 +#define TLS_AUTH_CONFIG_FORMID2_FORM 2 +#define TLS_AUTH_CONFIG_FORMID3_FORM 3 +#define TLS_AUTH_CONFIG_FORMID4_FORM 4 +#define TLS_AUTH_CONFIG_FORMID5_FORM 5 + + +#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000 +#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001 +#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002 +#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003 +#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004 +#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005 +#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006 +#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007 + +#define OPTION_DEL_CA_ESTION_ID 0x2000 +#define OPTION_CONFIG_RANGE 0x1000 + +#define LABEL_CA_DELETE 0x1101 +#define LABEL_END 0xffff + +typedef struct { + CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE]; +} TLS_AUTH_CONFIG_IFR_NVDATA; + +#endif diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr b/NetworkPkg/= TlsAuthConfigDxe/TlsAuthConfigVfr.vfr new file mode 100644 index 0000000..fb130d9 --- /dev/null +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr @@ -0,0 +1,152 @@ +/** @file + VFR file used by TlsAuthConfigDxe driver. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BS= D License + which accompanies this distribution. The full text of the license may b= e found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include "TlsAuthConfigNvData.h" + +formset + guid =3D TLS_AUTH_CONFIG_GUID, + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP), + + varstore TLS_AUTH_CONFIG_IFR_NVDATA, + name =3D TLS_AUTH_CONFIG_IFR_NVDATA, + guid =3D TLS_AUTH_CONFIG_GUID; + + // + // ##1 Form1: Main form for Tls Auth configration + // + form formid =3D TLS_AUTH_CONFIG_FORMID1_FORM, + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE); + + subtitle text =3D STRING_TOKEN(STR_NULL); + =20 + // + // Display Server CA configration + // + goto TLS_AUTH_CONFIG_FORMID2_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_SERVER_CA; + + subtitle text =3D STRING_TOKEN(STR_NULL); + + // + // Display Client cert configration + // + grayoutif TRUE; /// Current unsupported. + goto TLS_AUTH_CONFIG_FORMID3_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_CLIENT_CERT; + endif; + endform;=20 + + // + // ##2 Form2: CA configuration + // + form formid =3D TLS_AUTH_CONFIG_FORMID2_FORM, + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA); + + subtitle text =3D STRING_TOKEN(STR_NULL); + + goto TLS_AUTH_CONFIG_FORMID4_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_ENROLL_CERT; + + subtitle text =3D STRING_TOKEN(STR_NULL); + + goto TLS_AUTH_CONFIG_FORMID5_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_DELETE_CERT; + endform; + + // + // ##3 Form3 : Client cert configuration + // + form formid =3D TLS_AUTH_CONFIG_FORMID3_FORM, + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT); + =20 + subtitle text =3D STRING_TOKEN(STR_NULL); + + // + // TODO... + // + endform; + + // + // ##4 Form4: Enroll cert for CA + // + form formid =3D TLS_AUTH_CONFIG_FORMID4_FORM, + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT); + =20 + subtitle text =3D STRING_TOKEN(STR_NULL); + + goto TLS_AUTH_CONFIG_FORMID4_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE; + + subtitle text =3D STRING_TOKEN(STR_NULL); + label TLS_AUTH_CONFIG_FORMID4_FORM; + label LABEL_END; + subtitle text =3D STRING_TOKEN(STR_NULL); + + string varid =3D TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_CERT_GUID, + minsize =3D TLS_AUTH_CONFIG_GUID_SIZE, + maxsize =3D TLS_AUTH_CONFIG_GUID_SIZE, + endstring; + + subtitle text =3D STRING_TOKEN(STR_NULL); + subtitle text =3D STRING_TOKEN(STR_NULL); + + goto TLS_AUTH_CONFIG_FORMID1_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT; + + goto TLS_AUTH_CONFIG_FORMID1_FORM, + prompt =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT), + help =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT), + flags =3D INTERACTIVE, + key =3D KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT; + =20 + endform; + + // + // ##5 Form5: Delete cert for CA + // + form formid =3D TLS_AUTH_CONFIG_FORMID5_FORM, + title =3D STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT); + + label LABEL_CA_DELETE; + label LABEL_END; + =20 + subtitle text =3D STRING_TOKEN(STR_NULL); + + endform; + =20 +endformset; --=20 1.9.5.msysgit.1