[staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize TlsCaCertificate name and guid


Palmer, Thomas <thomas.palmer@...>
 

Reviewed by Thomas Palmer <thomas.palmer@hpe.com>

-----Original Message-----
From: Jiaxin Wu [mailto:jiaxin.wu@intel.com]
Sent: Monday, July 4, 2016 8:41 PM
To: edk2-devel@lists.01.org
Cc: Palmer, Thomas <thomas.palmer@hpe.com>; Ye Ting <ting.ye@intel.com>; Fu Siyuan <siyuan.fu@intel.com>
Subject: [staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize TlsCaCertificate name and guid

This patch is used to centralize TlsCaCertificate name and guid to TlsAuthentication.h

Cc: Palmer Thomas <thomas.palmer@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
NetworkPkg/HttpDxe/HttpDriver.h | 2 ++
NetworkPkg/HttpDxe/HttpDxe.inf | 4 ++++
NetworkPkg/HttpDxe/HttpsSupport.c | 7 ++----
NetworkPkg/HttpDxe/HttpsSupport.h | 10 --------
NetworkPkg/Include/Guid/TlsAuthentication.h | 29 ++++++++++++++++++++++++
NetworkPkg/NetworkPkg.dec | 5 +++-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 1 + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 14 +++++------- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 12 ++--------
9 files changed, 50 insertions(+), 34 deletions(-) create mode 100644 NetworkPkg/Include/Guid/TlsAuthentication.h

diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDriver.h index 3c30c12..73c211a 100644
--- a/NetworkPkg/HttpDxe/HttpDriver.h
+++ b/NetworkPkg/HttpDxe/HttpDriver.h
@@ -58,10 +58,12 @@
//
// Produced Protocols
//
#include <Protocol/Http.h>

+#include <Guid/TlsAuthentication.h>
+
//
// Driver Version
//
#define HTTP_DRIVER_VERSION 0xa

diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf index a228c3d..1118181 100644
--- a/NetworkPkg/HttpDxe/HttpDxe.inf
+++ b/NetworkPkg/HttpDxe/HttpDxe.inf
@@ -24,10 +24,11 @@
MODULE_UNI_FILE = HttpDxe.uni

[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ NetworkPkg/NetworkPkg.dec

[Sources]
ComponentName.h
ComponentName.c
HttpDns.h
@@ -69,7 +70,10 @@
gEfiIp6ConfigProtocolGuid ## SOMETIMES_CONSUMES
gEfiTlsServiceBindingProtocolGuid ## SOMETIMES_CONSUMES
gEfiTlsProtocolGuid ## SOMETIMES_CONSUMES
gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES

+[Guids]
+ gEfiTlsCaCertificateGuid ## CONSUMES ## GUID
+
[UserExtensions.TianoCore."ExtraFiles"]
HttpDxeExtra.uni
\ No newline at end of file
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index 09aaa46..36f658c 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -12,12 +12,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

#include "HttpDriver.h"

-EFI_GUID mEfiTlsCaCertificateGuid = EFI_TLS_CA_CERTIFICATE_GUID;
-
/**
Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-terminated
ASCII string and ignore case during the search process.

This function scans the contents of the ASCII string specified by String @@ -395,11 +393,11 @@ TlsConfigCertificate (
// Try to read the TlsCaCertificate variable.
//
CACertSize = 0;
Status = gRT->GetVariable (
EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &mEfiTlsCaCertificateGuid,
+ &gEfiTlsCaCertificateGuid,
NULL,
&CACertSize,
NULL
);

@@ -412,11 +410,11 @@ TlsConfigCertificate (
return EFI_OUT_OF_RESOURCES;
}

Status = gRT->GetVariable (
EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &mEfiTlsCaCertificateGuid,
+ &gEfiTlsCaCertificateGuid,
NULL,
&CACertSize,
CACert
);
if (EFI_ERROR (Status)) {
@@ -453,11 +451,10 @@ TlsConfigCertificate (
}

Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
}

-
ItemDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
}

return Status;
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index 682a6b6..05b6e69 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -20,20 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define HTTPS_DEFAULT_PORT 443

#define HTTPS_FLAG "https"

//
-// Private variable for CA Certificate configuration -// -#define EFI_TLS_CA_CERTIFICATE_GUID \
- { \
- 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
- }
-
-#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
-
-//
// TLS Version
//
#define TLS10_PROTOCOL_VERSION_MAJOR 0x03 #define TLS10_PROTOCOL_VERSION_MINOR 0x01 #define TLS11_PROTOCOL_VERSION_MAJOR 0x03 diff --git a/NetworkPkg/Include/Guid/TlsAuthentication.h b/NetworkPkg/Include/Guid/TlsAuthentication.h
new file mode 100644
index 0000000..2e800dc
--- /dev/null
+++ b/NetworkPkg/Include/Guid/TlsAuthentication.h
@@ -0,0 +1,29 @@
+/** @file
+ This file defines TlsCaCertificate variable.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> This
+program and the accompanying materials are licensed and made available
+under the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_AUTHENTICATION_H__
+#define __TLS_AUTHENTICATION_H__
+
+// Private variable for CA Certificate configuration // #define
+EFI_TLS_CA_CERTIFICATE_GUID \
+ { \
+ 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4,
+0x8e, 0xae } \
+ }
+
+#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
+
+extern EFI_GUID gEfiTlsCaCertificateGuid;
+
+#endif
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index 065b603..24d45f4 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -39,11 +39,14 @@

# Include/Guid/HttpBootConfigHii.h
gHttpBootConfigGuid = { 0x4d20583a, 0x7765, 0x4e7a, { 0x8a, 0x67, 0xdc, 0xde, 0x74, 0xee, 0x3e, 0xc5 }}

# Include/Guid/TlsAuthConfigHii.h
- gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }}
+ gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }}
+
+ # Include/Guid/TlsAuthentication.h
+ gEfiTlsCaCertificateGuid = { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }}


[PcdsFeatureFlag]
## Indicates if the IPsec IKEv2 Certificate Authentication feature is enabled or not.<BR><BR>
# TRUE - Certificate Authentication feature is enabled.<BR>
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
index dd480a4..19f095e 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
@@ -61,10 +61,11 @@

[Guids]
gTlsAuthConfigGuid ## PRODUCES ## GUID
gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
gEfiIfrTianoGuid ## CONSUMES ## HII
+ gEfiTlsCaCertificateGuid ## PRODUCES ## GUID

[Depex]
gEfiHiiConfigRoutingProtocolGuid AND
gEfiHiiDatabaseProtocolGuid

diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index bdf7963..f265b42 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -18,11 +18,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
VOID *mStartOpCodeHandle = NULL;
VOID *mEndOpCodeHandle = NULL;
EFI_IFR_GUID_LABEL *mStartLabel = NULL;
EFI_IFR_GUID_LABEL *mEndLabel = NULL;

-EFI_GUID mEfiTlsCaCertificateGuid = EFI_TLS_CA_CERTIFICATE_GUID;

CHAR16 mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";

TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;

@@ -1004,11 +1003,11 @@ EnrollX509toVariable (
//
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS;

Status = gRT->GetVariable(
VariableName,
- &mEfiTlsCaCertificateGuid,
+ &gEfiTlsCaCertificateGuid,
NULL,
&DataSize,
NULL
);
if (Status == EFI_BUFFER_TOO_SMALL) { @@ -1017,11 +1016,11 @@ EnrollX509toVariable (
goto ON_EXIT;
}

Status = gRT->SetVariable(
VariableName,
- &mEfiTlsCaCertificateGuid,
+ &gEfiTlsCaCertificateGuid,
Attr,
SigDataSize,
Data
);
if (EFI_ERROR (Status)) {
@@ -1218,12 +1217,12 @@ UpdatePage(

HiiUpdateForm (
mTlsAuthPrivateData->RegisteredHandle,
&gTlsAuthConfigGuid,
FormId,
- mStartOpCodeHandle, // Label FormId
- mEndOpCodeHandle // LABEL_END
+ mStartOpCodeHandle, /// Label FormId
+ mEndOpCodeHandle /// LABEL_END
);

return TRUE;
}

@@ -1256,11 +1255,10 @@ UpdateCAFromFile ( EFI_STATUS TlsAuthConfigFormUnload (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
)
{
-
if (Private->DriverHandle != NULL) {
//
// Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
//
gBS->UninstallMultipleProtocolInterfaces ( @@ -1780,11 +1778,11 @@ TlsAuthConfigAccessCallback (

case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
UpdateDeletePage (
Private,
EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &mEfiTlsCaCertificateGuid,
+ &gEfiTlsCaCertificateGuid,
LABEL_CA_DELETE,
TLS_AUTH_CONFIG_FORMID5_FORM,
OPTION_DEL_CA_ESTION_ID
);
break;
@@ -1793,11 +1791,11 @@ TlsAuthConfigAccessCallback (
if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
(QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE))) {
DeleteCert (
Private,
EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &mEfiTlsCaCertificateGuid,
+ &gEfiTlsCaCertificateGuid,
LABEL_CA_DELETE,
TLS_AUTH_CONFIG_FORMID5_FORM,
OPTION_DEL_CA_ESTION_ID,
QuestionId - OPTION_DEL_CA_ESTION_ID
);
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
index d08eb16..dea3cda 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
@@ -37,10 +37,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/FileExplorerLib.h>
#include <Library/PrintLib.h>

#include <Guid/MdeModuleHii.h>
#include <Guid/ImageAuthentication.h>
+#include <Guid/TlsAuthentication.h>
+

//
// Include files with function prototypes // #include "TlsAuthConfigNvData.h"
@@ -78,20 +80,10 @@ struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;

EFI_GUID *CertGuid;
};

-//
-// Private variable for CA Certificate configuration -// -#define EFI_TLS_CA_CERTIFICATE_GUID \
- { \
- 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
- }
-
-#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
-
/**
Unload the configuration form, this includes: delete all the configuration
entries, uninstall the form callback protocol, and free the resources used.
The form will only be unload completely when both IP4 and IP6 stack are stopped.

--
1.9.5.msysgit.1