From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0725.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe46::725]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id ACFFE1A1E2E for ; Fri, 29 Jul 2016 15:03:51 -0700 (PDT) Received: from CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM (10.162.189.30) by CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM (10.162.189.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.15; Fri, 29 Jul 2016 22:03:48 +0000 Received: from CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM ([10.162.189.30]) by CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM ([10.162.189.30]) with mapi id 15.01.0549.016; Fri, 29 Jul 2016 22:03:48 +0000 From: "Palmer, Thomas" To: Jiaxin Wu , "edk2-devel@lists.01.org" CC: Ye Ting , Fu Siyuan Thread-Topic: [staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize TlsCaCertificate name and guid Thread-Index: AQHR1l5UHcLzzqtDpkOFlmL0jqLSGaAwHVgw Date: Fri, 29 Jul 2016 22:03:48 +0000 Message-ID: References: <1467682863-17332-1-git-send-email-jiaxin.wu@intel.com> In-Reply-To: <1467682863-17332-1-git-send-email-jiaxin.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.palmer@hpe.com; x-originating-ip: [15.203.227.4] x-ms-office365-filtering-correlation-id: 4e06fb63-959d-4493-ddfb-08d3b7fc37db x-microsoft-exchange-diagnostics: 1; CS1PR84MB0151; 6:Q/2YJfv6lpS3yHcCTwPCAfrUnFRrgFa8xXjxsHDC8T1Q5dLDmF1KmsQ29ZHgKCzefOcaI9wMQUz4xwyFnkiIj/EkecoJtn/48Ppi6P5u2XLDGFzrQnULyyLGYLjF8fuvjIbkdcpjkFwm0TWTOoMDN8OHwQ8lEglO9dfWKa0O1U8vv42cQK1dTduRUq8KHieSqH8gyXOY08Y+8JJqB1+6yLW4hrrA/9seNBksIJ71QT3GVuCc5lBjDpjrVZ7uZOz+m0sE3DGle1qaTDpTr7/CaUM66tfZeMeEdkMLOXxbhisOuuu0SYTBu+p3tMPNPUoAHV036LIb3QkrbKr+zLuDxQ==; 5:T3j7L/BZOgJTBEl98iFeS0tLDCVMSupphu8VKDZMSbXDVRdRm96V/sceDlh56r5wlChhgC8cSVCrT6R9giXysMKr+e3+RaO4eVgXomL3bAX9wRhCBbHNLYzBRiSW+Dwh99YJkY+oxhifnum+VkZQyw==; 24:lzJsPwiWeQ0UhYOE5vCszgy6bwUZ/RxIBSCf3Apr5aWmPEt8fHdPkpvA6xYRMaIGFEKlDa2eqiCW3ObbHguDWhWEtOtZObin9namx7J3WYM=; 7:MANnknSdDMxPyE39R/JjD2JPzqqbxqeCf0qUrpad3iLElJqZNGZlmEafnkzYVWPPBTliRW+CAPEfd/nS7TemdGrH7ucyOyA1KYUqrlUshV7ec/B2VXQSch9NenPerYYNZv3CDrMMILoCkyB+oRzDvL137BBPxo29tfNrIn8Nsqp5YtDhi6h5rA3Hz4Uz7w7/gzGufKowKOMGm4l9vwxmPN2mUqpR+pk46jQswwpvpH3Sm2vedO+uoWAkYqqd6e0b x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CS1PR84MB0151; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(227479698468861)(162533806227266)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:CS1PR84MB0151; BCL:0; PCL:0; RULEID:; SRVR:CS1PR84MB0151; x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6029001)(6009001)(7916002)(199003)(377454003)(189002)(13464003)(7846002)(9686002)(122556002)(19580405001)(50986999)(101416001)(11100500001)(33656002)(76176999)(106356001)(15395725005)(19580395003)(305945005)(87936001)(106116001)(54356999)(7696003)(2900100001)(586003)(66066001)(2950100001)(7736002)(74316002)(4326007)(15975445007)(6116002)(3660700001)(68736007)(81166006)(189998001)(102836003)(8936002)(5002640100001)(77096005)(99286002)(5001770100001)(81156014)(97736004)(105586002)(2906002)(575784001)(86362001)(3280700002)(92566002)(8676002)(2501003)(3846002)(10400500002)(44824005)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:CS1PR84MB0151; H:CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: hpe.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: hpe.com X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2016 22:03:48.5118 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR84MB0151 Subject: Re: [staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize TlsCaCertificate name and guid X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2016 22:03:52 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed by Thomas Palmer -----Original Message----- From: Jiaxin Wu [mailto:jiaxin.wu@intel.com]=20 Sent: Monday, July 4, 2016 8:41 PM To: edk2-devel@lists.01.org Cc: Palmer, Thomas ; Ye Ting ; Fu= Siyuan Subject: [staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize TlsCaCertificate= name and guid This patch is used to centralize TlsCaCertificate name and guid to TlsAuthe= ntication.h Cc: Palmer Thomas Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/HttpDxe/HttpDriver.h | 2 ++ NetworkPkg/HttpDxe/HttpDxe.inf | 4 ++++ NetworkPkg/HttpDxe/HttpsSupport.c | 7 ++---- NetworkPkg/HttpDxe/HttpsSupport.h | 10 -------- NetworkPkg/Include/Guid/TlsAuthentication.h | 29 ++++++++++++++++++++= ++++ NetworkPkg/NetworkPkg.dec | 5 +++- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 1 + NetworkPkg/TlsAut= hConfigDxe/TlsAuthConfigImpl.c | 14 +++++------- NetworkPkg/TlsAuthConfig= Dxe/TlsAuthConfigImpl.h | 12 ++-------- 9 files changed, 50 insertions(+), 34 deletions(-) create mode 100644 Net= workPkg/Include/Guid/TlsAuthentication.h diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDrive= r.h index 3c30c12..73c211a 100644 --- a/NetworkPkg/HttpDxe/HttpDriver.h +++ b/NetworkPkg/HttpDxe/HttpDriver.h @@ -58,10 +58,12 @@ // // Produced Protocols // #include =20 +#include + // // Driver Version // #define HTTP_DRIVER_VERSION 0xa =20 diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.in= f index a228c3d..1118181 100644 --- a/NetworkPkg/HttpDxe/HttpDxe.inf +++ b/NetworkPkg/HttpDxe/HttpDxe.inf @@ -24,10 +24,11 @@ MODULE_UNI_FILE =3D HttpDxe.uni =20 [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + NetworkPkg/NetworkPkg.dec =20 [Sources] ComponentName.h ComponentName.c HttpDns.h @@ -69,7 +70,10 @@ gEfiIp6ConfigProtocolGuid ## SOMETIMES_CONSUMES gEfiTlsServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiTlsProtocolGuid ## SOMETIMES_CONSUMES gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES =20 +[Guids] + gEfiTlsCaCertificateGuid ## CONSUMES ## GUID + [UserExtensions.TianoCore."ExtraFiles"] HttpDxeExtra.uni \ No newline at end of file diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index 09aaa46..36f658c 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -12,12 +12,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. =20 **/ =20 #include "HttpDriver.h" =20 -EFI_GUID mEfiTlsCaCertificateGuid =3D EFI_TLS_CA_CERTIFICATE_GUID; - /** Returns the first occurrence of a Null-terminated ASCII sub-string in a = Null-terminated=20 ASCII string and ignore case during the search process. =20 This function scans the contents of the ASCII string specified by String= @@ -395,11 +393,11 @@ TlsConfigCertificate ( // Try to read the TlsCaCertificate variable. // CACertSize =3D 0; Status =3D gRT->GetVariable ( EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, NULL, &CACertSize, NULL ); =20 @@ -412,11 +410,11 @@ TlsConfigCertificate ( return EFI_OUT_OF_RESOURCES; } =20 Status =3D gRT->GetVariable ( EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, NULL, &CACertSize, CACert ); if (EFI_ERROR (Status)) { @@ -453,11 +451,10 @@ TlsConfigCertificate ( } =20 Cert =3D (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->Signatur= eSize); } =20 - ItemDataSize -=3D CertList->SignatureListSize; CertList =3D (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->Si= gnatureListSize); } =20 return Status; diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSu= pport.h index 682a6b6..05b6e69 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.h +++ b/NetworkPkg/HttpDxe/HttpsSupport.h @@ -20,20 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. #define HTTPS_DEFAULT_PORT 443 =20 #define HTTPS_FLAG "https" =20 // -// Private variable for CA Certificate configuration -// -#define EFI_TLS_= CA_CERTIFICATE_GUID \ - { \ - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e= , 0xae } \ - } - -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" - -// // TLS Version // #define TLS10_PROTOCOL_VERSION_MAJOR 0x03 #define TLS10_PROTOCOL_VERSION= _MINOR 0x01 #define TLS11_PROTOCOL_VERSION_MAJOR 0x03 diff --git a/Netwo= rkPkg/Include/Guid/TlsAuthentication.h b/NetworkPkg/Include/Guid/TlsAuthent= ication.h new file mode 100644 index 0000000..2e800dc --- /dev/null +++ b/NetworkPkg/Include/Guid/TlsAuthentication.h @@ -0,0 +1,29 @@ +/** @file + This file defines TlsCaCertificate variable. + =20 +Copyright (c) 2016, Intel Corporation. All rights reserved.
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License that accompanies this di= stribution. +The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. = =20 + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = =20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __TLS_AUTHENTICATION_H__ +#define __TLS_AUTHENTICATION_H__ + +// Private variable for CA Certificate configuration // #define=20 +EFI_TLS_CA_CERTIFICATE_GUID \ + { \ + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4,=20 +0x8e, 0xae } \ + } + +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" + +extern EFI_GUID gEfiTlsCaCertificateGuid; + +#endif diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index 06= 5b603..24d45f4 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -39,11 +39,14 @@ =20 # Include/Guid/HttpBootConfigHii.h gHttpBootConfigGuid =3D { 0x4d20583a, 0x7765, 0x4e7a, { 0x8a, = 0x67, 0xdc, 0xde, 0x74, 0xee, 0x3e, 0xc5 }} =20 # Include/Guid/TlsAuthConfigHii.h - gTlsAuthConfigGuid =3D { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x= 48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} + gTlsAuthConfigGuid =3D { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, = 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} + =20 + # Include/Guid/TlsAuthentication.h + gEfiTlsCaCertificateGuid =3D { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, = 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }} =20 =20 [PcdsFeatureFlag] ## Indicates if the IPsec IKEv2 Certificate Authentication feature is en= abled or not.

# TRUE - Certificate Authentication feature is enabled.
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf b/NetworkPkg/= TlsAuthConfigDxe/TlsAuthConfigDxe.inf index dd480a4..19f095e 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf @@ -61,10 +61,11 @@ =20 [Guids] gTlsAuthConfigGuid ## PRODUCES ## GUID gEfiCertX509Guid ## CONSUMES ## GUID # In= dicate the cert type gEfiIfrTianoGuid ## CONSUMES ## HII + gEfiTlsCaCertificateGuid ## PRODUCES ## GUID =20 [Depex] gEfiHiiConfigRoutingProtocolGuid AND gEfiHiiDatabaseProtocolGuid =20 diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/T= lsAuthConfigDxe/TlsAuthConfigImpl.c index bdf7963..f265b42 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c @@ -18,11 +18,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. VOID *mStartOpCodeHandle =3D NULL; VOID *mEndOpCodeHandle =3D NULL; EFI_IFR_GUID_LABEL *mStartLabel =3D NULL; EFI_IFR_GUID_LABEL *mEndLabel =3D NULL; =20 -EFI_GUID mEfiTlsCaCertificateGuid =3D EFI_TLS_CA_CERTIFICAT= E_GUID; =20 CHAR16 mTlsAuthConfigStorageName[] =3D L"TLS_AUTH_CONFIG_= IFR_NVDATA"; =20 TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData =3D NULL; =20 @@ -1004,11 +1003,11 @@ EnrollX509toVariable ( // Attr =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_V= ARIABLE_BOOTSERVICE_ACCESS; =20 Status =3D gRT->GetVariable( VariableName, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, NULL, &DataSize, NULL ); if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { @@ -1017,11 +1016,11 @@ Enroll= X509toVariable ( goto ON_EXIT; } =20 Status =3D gRT->SetVariable( VariableName, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, Attr, SigDataSize, Data ); if (EFI_ERROR (Status)) { @@ -1218,12 +1217,12 @@ UpdatePage( =20 HiiUpdateForm ( mTlsAuthPrivateData->RegisteredHandle, &gTlsAuthConfigGuid, FormId, - mStartOpCodeHandle, // Label FormId - mEndOpCodeHandle // LABEL_END + mStartOpCodeHandle, /// Label FormId + mEndOpCodeHandle /// LABEL_END ); =20 return TRUE; } =20 @@ -1256,11 +1255,10 @@ UpdateCAFromFile ( EFI_STATUS TlsAuthConfigFormUn= load ( IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private ) { - if (Private->DriverHandle !=3D NULL) { // // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL // gBS->UninstallMultipleProtocolInterfaces ( @@ -1780,11 +1778,11 @@ Tls= AuthConfigAccessCallback ( =20 case KEY_TLS_AUTH_CONFIG_DELETE_CERT: UpdateDeletePage ( Private, EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, LABEL_CA_DELETE, TLS_AUTH_CONFIG_FORMID5_FORM, OPTION_DEL_CA_ESTION_ID ); break; @@ -1793,11 +1791,11 @@ TlsAuthConfigAccessCallback ( if ((QuestionId >=3D OPTION_DEL_CA_ESTION_ID) && (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RA= NGE))) { DeleteCert ( Private, EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, LABEL_CA_DELETE, TLS_AUTH_CONFIG_FORMID5_FORM, OPTION_DEL_CA_ESTION_ID, QuestionId - OPTION_DEL_CA_ESTION_ID ); diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h b/NetworkPkg/T= lsAuthConfigDxe/TlsAuthConfigImpl.h index d08eb16..dea3cda 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h @@ -37,10 +37,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. #include #include =20 #include #include +#include + =20 // // Include files with function prototypes // #include "TlsAuthConfigNvDa= ta.h" @@ -78,20 +80,10 @@ struct _TLS_AUTH_CONFIG_PRIVATE_DATA { TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext; =20 EFI_GUID *CertGuid; }; =20 -// -// Private variable for CA Certificate configuration -// -#define EFI_TLS_= CA_CERTIFICATE_GUID \ - { \ - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e= , 0xae } \ - } - -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" - /** Unload the configuration form, this includes: delete all the configurati= on entries, uninstall the form callback protocol, and free the resources us= ed. The form will only be unload completely when both IP4 and IP6 stack are = stopped. =20 -- 1.9.5.msysgit.1