Reviewed-by: Samer El-Haj-Mahmoud <smahm...@lenovo.com>
-----Original Message----- From: Wu, Jiaxin [jiaxin...@intel.com] Received: Monday, 04 Jul 2016, 9:45PM To: Palmer, Thomas [thomas.pal...@hpe.com]; Wu, Jiaxin [jiaxin...@intel.com]; edk2-devel@lists.01.org [edk2-devel@lists.01.org] CC: Ye, Ting [ting...@intel.com]; Fu, Siyuan [siyuan...@intel.com] Subject: Re: [edk2] [staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize TlsCaCertificate name and guid It should be "[edk2-staging/HTTPS-TLS][PATCH]". Sorry for incorrect subject-prefix. Jiaxin > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jiaxin Wu > Sent: Tuesday, July 5, 2016 9:41 AM > To: edk2-devel@lists.01.org > Cc: Ye, Ting <ting...@intel.com>; Fu, Siyuan <siyuan...@intel.com> > Subject: [edk2] [staging/HTTPS-TLS][PATCH] NetworkPkg: Centralize > TlsCaCertificate name and guid > > This patch is used to centralize TlsCaCertificate name and guid to > TlsAuthentication.h > > Cc: Palmer Thomas <thomas.pal...@hpe.com> > Cc: Ye Ting <ting...@intel.com> > Cc: Fu Siyuan <siyuan...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> > --- > NetworkPkg/HttpDxe/HttpDriver.h | 2 ++ > NetworkPkg/HttpDxe/HttpDxe.inf | 4 ++++ > NetworkPkg/HttpDxe/HttpsSupport.c | 7 ++---- > NetworkPkg/HttpDxe/HttpsSupport.h | 10 -------- > NetworkPkg/Include/Guid/TlsAuthentication.h | 29 > ++++++++++++++++++++++++ > NetworkPkg/NetworkPkg.dec | 5 +++- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 1 + > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 14 +++++------- > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 12 ++-------- > 9 files changed, 50 insertions(+), 34 deletions(-) create mode 100644 > NetworkPkg/Include/Guid/TlsAuthentication.h > > diff --git a/NetworkPkg/HttpDxe/HttpDriver.h > b/NetworkPkg/HttpDxe/HttpDriver.h index 3c30c12..73c211a 100644 > --- a/NetworkPkg/HttpDxe/HttpDriver.h > +++ b/NetworkPkg/HttpDxe/HttpDriver.h > @@ -58,10 +58,12 @@ > // > // Produced Protocols > // > #include <Protocol/Http.h> > > +#include <Guid/TlsAuthentication.h> > + > // > // Driver Version > // > #define HTTP_DRIVER_VERSION 0xa > > diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf > b/NetworkPkg/HttpDxe/HttpDxe.inf index a228c3d..1118181 100644 > --- a/NetworkPkg/HttpDxe/HttpDxe.inf > +++ b/NetworkPkg/HttpDxe/HttpDxe.inf > @@ -24,10 +24,11 @@ > MODULE_UNI_FILE = HttpDxe.uni > > [Packages] > MdePkg/MdePkg.dec > MdeModulePkg/MdeModulePkg.dec > + NetworkPkg/NetworkPkg.dec > > [Sources] > ComponentName.h > ComponentName.c > HttpDns.h > @@ -69,7 +70,10 @@ > gEfiIp6ConfigProtocolGuid ## SOMETIMES_CONSUMES > gEfiTlsServiceBindingProtocolGuid ## SOMETIMES_CONSUMES > gEfiTlsProtocolGuid ## SOMETIMES_CONSUMES > gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES > > +[Guids] > + gEfiTlsCaCertificateGuid ## CONSUMES ## GUID > + > [UserExtensions.TianoCore."ExtraFiles"] > HttpDxeExtra.uni > \ No newline at end of file > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c > b/NetworkPkg/HttpDxe/HttpsSupport.c > index 09aaa46..36f658c 100644 > --- a/NetworkPkg/HttpDxe/HttpsSupport.c > +++ b/NetworkPkg/HttpDxe/HttpsSupport.c > @@ -12,12 +12,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > > **/ > > #include "HttpDriver.h" > > -EFI_GUID mEfiTlsCaCertificateGuid = EFI_TLS_CA_CERTIFICATE_GUID; > - > /** > Returns the first occurrence of a Null-terminated ASCII sub-string in a > Null- > terminated > ASCII string and ignore case during the search process. > > This function scans the contents of the ASCII string specified by String > @@ - > 395,11 +393,11 @@ TlsConfigCertificate ( > // Try to read the TlsCaCertificate variable. > // > CACertSize = 0; > Status = gRT->GetVariable ( > EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &mEfiTlsCaCertificateGuid, > + &gEfiTlsCaCertificateGuid, > NULL, > &CACertSize, > NULL > ); > > @@ -412,11 +410,11 @@ TlsConfigCertificate ( > return EFI_OUT_OF_RESOURCES; > } > > Status = gRT->GetVariable ( > EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &mEfiTlsCaCertificateGuid, > + &gEfiTlsCaCertificateGuid, > NULL, > &CACertSize, > CACert > ); > if (EFI_ERROR (Status)) { > @@ -453,11 +451,10 @@ TlsConfigCertificate ( > } > > Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList- > >SignatureSize); > } > > - > ItemDataSize -= CertList->SignatureListSize; > CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList- > >SignatureListSize); > } > > return Status; > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h > b/NetworkPkg/HttpDxe/HttpsSupport.h > index 682a6b6..05b6e69 100644 > --- a/NetworkPkg/HttpDxe/HttpsSupport.h > +++ b/NetworkPkg/HttpDxe/HttpsSupport.h > @@ -20,20 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #define HTTPS_DEFAULT_PORT 443 > > #define HTTPS_FLAG "https" > > // > -// Private variable for CA Certificate configuration -// -#define > EFI_TLS_CA_CERTIFICATE_GUID \ > - { \ > - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, > 0xae } \ > - } > - > -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" > - > -// > // TLS Version > // > #define TLS10_PROTOCOL_VERSION_MAJOR 0x03 #define > TLS10_PROTOCOL_VERSION_MINOR 0x01 #define > TLS11_PROTOCOL_VERSION_MAJOR 0x03 diff --git > a/NetworkPkg/Include/Guid/TlsAuthentication.h > b/NetworkPkg/Include/Guid/TlsAuthentication.h > new file mode 100644 > index 0000000..2e800dc > --- /dev/null > +++ b/NetworkPkg/Include/Guid/TlsAuthentication.h > @@ -0,0 +1,29 @@ > +/** @file > + This file defines TlsCaCertificate variable. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License that accompanies this > distribution. > +The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php. > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef __TLS_AUTHENTICATION_H__ > +#define __TLS_AUTHENTICATION_H__ > + > +// Private variable for CA Certificate configuration // #define > +EFI_TLS_CA_CERTIFICATE_GUID \ > + { \ > + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, > +0x8e, 0xae } \ > + } > + > +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" > + > +extern EFI_GUID gEfiTlsCaCertificateGuid; > + > +#endif > diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec > index 065b603..24d45f4 100644 > --- a/NetworkPkg/NetworkPkg.dec > +++ b/NetworkPkg/NetworkPkg.dec > @@ -39,11 +39,14 @@ > > # Include/Guid/HttpBootConfigHii.h > gHttpBootConfigGuid = { 0x4d20583a, 0x7765, 0x4e7a, { 0x8a, 0x67, > 0xdc, 0xde, 0x74, 0xee, 0x3e, 0xc5 }} > > # Include/Guid/TlsAuthConfigHii.h > - gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, > 0x79, > 0x3d, 0xaa, 0xf, 0x65, 0xdf }} > + gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, > 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} > + > + # Include/Guid/TlsAuthentication.h > + gEfiTlsCaCertificateGuid = { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, > 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }} > > > [PcdsFeatureFlag] > ## Indicates if the IPsec IKEv2 Certificate Authentication feature is > enabled > or not.<BR><BR> > # TRUE - Certificate Authentication feature is enabled.<BR> > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > index dd480a4..19f095e 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf > @@ -61,10 +61,11 @@ > > [Guids] > gTlsAuthConfigGuid ## PRODUCES ## GUID > gEfiCertX509Guid ## CONSUMES ## GUID # > Indicate the > cert type > gEfiIfrTianoGuid ## CONSUMES ## HII > + gEfiTlsCaCertificateGuid ## PRODUCES ## GUID > > [Depex] > gEfiHiiConfigRoutingProtocolGuid AND > gEfiHiiDatabaseProtocolGuid > > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > index bdf7963..f265b42 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > @@ -18,11 +18,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > VOID *mStartOpCodeHandle = NULL; > VOID *mEndOpCodeHandle = NULL; > EFI_IFR_GUID_LABEL *mStartLabel = NULL; > EFI_IFR_GUID_LABEL *mEndLabel = NULL; > > -EFI_GUID mEfiTlsCaCertificateGuid = > EFI_TLS_CA_CERTIFICATE_GUID; > > CHAR16 mTlsAuthConfigStorageName[] = > L"TLS_AUTH_CONFIG_IFR_NVDATA"; > > TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL; > > @@ -1004,11 +1003,11 @@ EnrollX509toVariable ( > // > Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | > EFI_VARIABLE_BOOTSERVICE_ACCESS; > > Status = gRT->GetVariable( > VariableName, > - &mEfiTlsCaCertificateGuid, > + &gEfiTlsCaCertificateGuid, > NULL, > &DataSize, > NULL > ); > if (Status == EFI_BUFFER_TOO_SMALL) { @@ -1017,11 +1016,11 @@ > EnrollX509toVariable ( > goto ON_EXIT; > } > > Status = gRT->SetVariable( > VariableName, > - &mEfiTlsCaCertificateGuid, > + &gEfiTlsCaCertificateGuid, > Attr, > SigDataSize, > Data > ); > if (EFI_ERROR (Status)) { > @@ -1218,12 +1217,12 @@ UpdatePage( > > HiiUpdateForm ( > mTlsAuthPrivateData->RegisteredHandle, > &gTlsAuthConfigGuid, > FormId, > - mStartOpCodeHandle, // Label FormId > - mEndOpCodeHandle // LABEL_END > + mStartOpCodeHandle, /// Label FormId > + mEndOpCodeHandle /// LABEL_END > ); > > return TRUE; > } > > @@ -1256,11 +1255,10 @@ UpdateCAFromFile ( EFI_STATUS > TlsAuthConfigFormUnload ( > IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private > ) > { > - > if (Private->DriverHandle != NULL) { > // > // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL > // > gBS->UninstallMultipleProtocolInterfaces ( @@ -1780,11 +1778,11 @@ > TlsAuthConfigAccessCallback ( > > case KEY_TLS_AUTH_CONFIG_DELETE_CERT: > UpdateDeletePage ( > Private, > EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &mEfiTlsCaCertificateGuid, > + &gEfiTlsCaCertificateGuid, > LABEL_CA_DELETE, > TLS_AUTH_CONFIG_FORMID5_FORM, > OPTION_DEL_CA_ESTION_ID > ); > break; > @@ -1793,11 +1791,11 @@ TlsAuthConfigAccessCallback ( > if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) && > (QuestionId < (OPTION_DEL_CA_ESTION_ID + > OPTION_CONFIG_RANGE))) { > DeleteCert ( > Private, > EFI_TLS_CA_CERTIFICATE_VARIABLE, > - &mEfiTlsCaCertificateGuid, > + &gEfiTlsCaCertificateGuid, > LABEL_CA_DELETE, > TLS_AUTH_CONFIG_FORMID5_FORM, > OPTION_DEL_CA_ESTION_ID, > QuestionId - OPTION_DEL_CA_ESTION_ID > ); > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > index d08eb16..dea3cda 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h > @@ -37,10 +37,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #include <Library/FileExplorerLib.h> > #include <Library/PrintLib.h> > > #include <Guid/MdeModuleHii.h> > #include <Guid/ImageAuthentication.h> > +#include <Guid/TlsAuthentication.h> > + > > // > // Include files with function prototypes // #include > "TlsAuthConfigNvData.h" > @@ -78,20 +80,10 @@ struct _TLS_AUTH_CONFIG_PRIVATE_DATA { > TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext; > > EFI_GUID *CertGuid; > }; > > -// > -// Private variable for CA Certificate configuration -// -#define > EFI_TLS_CA_CERTIFICATE_GUID \ > - { \ > - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, > 0xae } \ > - } > - > -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" > - > /** > Unload the configuration form, this includes: delete all the configuration > entries, uninstall the form callback protocol, and free the resources used. > The form will only be unload completely when both IP4 and IP6 stack are > stopped. > > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
