This patch is used to centralize TlsCaCertificate name and guid to TlsAuthentication.h
Cc: Palmer Thomas <thomas.pal...@hpe.com> Cc: Ye Ting <ting...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> --- NetworkPkg/HttpDxe/HttpDriver.h | 2 ++ NetworkPkg/HttpDxe/HttpDxe.inf | 4 ++++ NetworkPkg/HttpDxe/HttpsSupport.c | 7 ++---- NetworkPkg/HttpDxe/HttpsSupport.h | 10 -------- NetworkPkg/Include/Guid/TlsAuthentication.h | 29 ++++++++++++++++++++++++ NetworkPkg/NetworkPkg.dec | 5 +++- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 1 + NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 14 +++++------- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 12 ++-------- 9 files changed, 50 insertions(+), 34 deletions(-) create mode 100644 NetworkPkg/Include/Guid/TlsAuthentication.h diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDriver.h index 3c30c12..73c211a 100644 --- a/NetworkPkg/HttpDxe/HttpDriver.h +++ b/NetworkPkg/HttpDxe/HttpDriver.h @@ -58,10 +58,12 @@ // // Produced Protocols // #include <Protocol/Http.h> +#include <Guid/TlsAuthentication.h> + // // Driver Version // #define HTTP_DRIVER_VERSION 0xa diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf index a228c3d..1118181 100644 --- a/NetworkPkg/HttpDxe/HttpDxe.inf +++ b/NetworkPkg/HttpDxe/HttpDxe.inf @@ -24,10 +24,11 @@ MODULE_UNI_FILE = HttpDxe.uni [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + NetworkPkg/NetworkPkg.dec [Sources] ComponentName.h ComponentName.c HttpDns.h @@ -69,7 +70,10 @@ gEfiIp6ConfigProtocolGuid ## SOMETIMES_CONSUMES gEfiTlsServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiTlsProtocolGuid ## SOMETIMES_CONSUMES gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES +[Guids] + gEfiTlsCaCertificateGuid ## CONSUMES ## GUID + [UserExtensions.TianoCore."ExtraFiles"] HttpDxeExtra.uni \ No newline at end of file diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c index 09aaa46..36f658c 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -12,12 +12,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include "HttpDriver.h" -EFI_GUID mEfiTlsCaCertificateGuid = EFI_TLS_CA_CERTIFICATE_GUID; - /** Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-terminated ASCII string and ignore case during the search process. This function scans the contents of the ASCII string specified by String @@ -395,11 +393,11 @@ TlsConfigCertificate ( // Try to read the TlsCaCertificate variable. // CACertSize = 0; Status = gRT->GetVariable ( EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, NULL, &CACertSize, NULL ); @@ -412,11 +410,11 @@ TlsConfigCertificate ( return EFI_OUT_OF_RESOURCES; } Status = gRT->GetVariable ( EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, NULL, &CACertSize, CACert ); if (EFI_ERROR (Status)) { @@ -453,11 +451,10 @@ TlsConfigCertificate ( } Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); } - ItemDataSize -= CertList->SignatureListSize; CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); } return Status; diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h index 682a6b6..05b6e69 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.h +++ b/NetworkPkg/HttpDxe/HttpsSupport.h @@ -20,20 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define HTTPS_DEFAULT_PORT 443 #define HTTPS_FLAG "https" // -// Private variable for CA Certificate configuration -// -#define EFI_TLS_CA_CERTIFICATE_GUID \ - { \ - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \ - } - -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" - -// // TLS Version // #define TLS10_PROTOCOL_VERSION_MAJOR 0x03 #define TLS10_PROTOCOL_VERSION_MINOR 0x01 #define TLS11_PROTOCOL_VERSION_MAJOR 0x03 diff --git a/NetworkPkg/Include/Guid/TlsAuthentication.h b/NetworkPkg/Include/Guid/TlsAuthentication.h new file mode 100644 index 0000000..2e800dc --- /dev/null +++ b/NetworkPkg/Include/Guid/TlsAuthentication.h @@ -0,0 +1,29 @@ +/** @file + This file defines TlsCaCertificate variable. + +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +This program and the accompanying materials are licensed and made available under +the terms and conditions of the BSD License that accompanies this distribution. +The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __TLS_AUTHENTICATION_H__ +#define __TLS_AUTHENTICATION_H__ + +// Private variable for CA Certificate configuration +// +#define EFI_TLS_CA_CERTIFICATE_GUID \ + { \ + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \ + } + +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" + +extern EFI_GUID gEfiTlsCaCertificateGuid; + +#endif diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index 065b603..24d45f4 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -39,11 +39,14 @@ # Include/Guid/HttpBootConfigHii.h gHttpBootConfigGuid = { 0x4d20583a, 0x7765, 0x4e7a, { 0x8a, 0x67, 0xdc, 0xde, 0x74, 0xee, 0x3e, 0xc5 }} # Include/Guid/TlsAuthConfigHii.h - gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} + gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} + + # Include/Guid/TlsAuthentication.h + gEfiTlsCaCertificateGuid = { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }} [PcdsFeatureFlag] ## Indicates if the IPsec IKEv2 Certificate Authentication feature is enabled or not.<BR><BR> # TRUE - Certificate Authentication feature is enabled.<BR> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf index dd480a4..19f095e 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf @@ -61,10 +61,11 @@ [Guids] gTlsAuthConfigGuid ## PRODUCES ## GUID gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type gEfiIfrTianoGuid ## CONSUMES ## HII + gEfiTlsCaCertificateGuid ## PRODUCES ## GUID [Depex] gEfiHiiConfigRoutingProtocolGuid AND gEfiHiiDatabaseProtocolGuid diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c index bdf7963..f265b42 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c @@ -18,11 +18,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. VOID *mStartOpCodeHandle = NULL; VOID *mEndOpCodeHandle = NULL; EFI_IFR_GUID_LABEL *mStartLabel = NULL; EFI_IFR_GUID_LABEL *mEndLabel = NULL; -EFI_GUID mEfiTlsCaCertificateGuid = EFI_TLS_CA_CERTIFICATE_GUID; CHAR16 mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA"; TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL; @@ -1004,11 +1003,11 @@ EnrollX509toVariable ( // Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS; Status = gRT->GetVariable( VariableName, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, NULL, &DataSize, NULL ); if (Status == EFI_BUFFER_TOO_SMALL) { @@ -1017,11 +1016,11 @@ EnrollX509toVariable ( goto ON_EXIT; } Status = gRT->SetVariable( VariableName, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, Attr, SigDataSize, Data ); if (EFI_ERROR (Status)) { @@ -1218,12 +1217,12 @@ UpdatePage( HiiUpdateForm ( mTlsAuthPrivateData->RegisteredHandle, &gTlsAuthConfigGuid, FormId, - mStartOpCodeHandle, // Label FormId - mEndOpCodeHandle // LABEL_END + mStartOpCodeHandle, /// Label FormId + mEndOpCodeHandle /// LABEL_END ); return TRUE; } @@ -1256,11 +1255,10 @@ UpdateCAFromFile ( EFI_STATUS TlsAuthConfigFormUnload ( IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private ) { - if (Private->DriverHandle != NULL) { // // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL // gBS->UninstallMultipleProtocolInterfaces ( @@ -1780,11 +1778,11 @@ TlsAuthConfigAccessCallback ( case KEY_TLS_AUTH_CONFIG_DELETE_CERT: UpdateDeletePage ( Private, EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, LABEL_CA_DELETE, TLS_AUTH_CONFIG_FORMID5_FORM, OPTION_DEL_CA_ESTION_ID ); break; @@ -1793,11 +1791,11 @@ TlsAuthConfigAccessCallback ( if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) && (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE))) { DeleteCert ( Private, EFI_TLS_CA_CERTIFICATE_VARIABLE, - &mEfiTlsCaCertificateGuid, + &gEfiTlsCaCertificateGuid, LABEL_CA_DELETE, TLS_AUTH_CONFIG_FORMID5_FORM, OPTION_DEL_CA_ESTION_ID, QuestionId - OPTION_DEL_CA_ESTION_ID ); diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h index d08eb16..dea3cda 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h @@ -37,10 +37,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/FileExplorerLib.h> #include <Library/PrintLib.h> #include <Guid/MdeModuleHii.h> #include <Guid/ImageAuthentication.h> +#include <Guid/TlsAuthentication.h> + // // Include files with function prototypes // #include "TlsAuthConfigNvData.h" @@ -78,20 +80,10 @@ struct _TLS_AUTH_CONFIG_PRIVATE_DATA { TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext; EFI_GUID *CertGuid; }; -// -// Private variable for CA Certificate configuration -// -#define EFI_TLS_CA_CERTIFICATE_GUID \ - { \ - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \ - } - -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" - /** Unload the configuration form, this includes: delete all the configuration entries, uninstall the form callback protocol, and free the resources used. The form will only be unload completely when both IP4 and IP6 stack are stopped. -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel