From nobody Mon Dec 23 15:27:29 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1518148789453418.558345483318; Thu, 8 Feb 2018 19:59:49 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 70619223972C5; Thu, 8 Feb 2018 19:54:02 -0800 (PST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3AB8422361E4C for ; Thu, 8 Feb 2018 19:54:01 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Feb 2018 19:59:46 -0800 Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.95]) by fmsmga001.fm.intel.com with ESMTP; 08 Feb 2018 19:59:44 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,481,1511856000"; d="scan'208";a="29382222" From: Jiaxin Wu To: edk2-devel@lists.01.org Date: Fri, 9 Feb 2018 11:59:37 +0800 Message-Id: <1518148778-14300-2-git-send-email-jiaxin.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.1 In-Reply-To: <1518148778-14300-1-git-send-email-jiaxin.wu@intel.com> References: <1518148778-14300-1-git-send-email-jiaxin.wu@intel.com> Subject: [edk2] [Patch 1/2] NetworkPkg: Define one private variable for TLS CipherList configuration. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Zimmer Vincent , Ye Ting , Wu Jiaxin , Yao Jiewen , Kinney Michael D , Fu Siyuan , Laszlo Ersek MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This variable can be set by any platform that want to control its own prefe= rred TlsCipherList for the later HTTPS session. The valid contents of variable must follow the TLS CipherList format defined in RFC 5246. The valid length of variable must be an integral multiple of 2. For example, if below cipher suites are preferred: CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 =3D {0x00,0x3C} CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 =3D {0x00,0x3D} Then, the contents of variable should be: {0x00,0x3C,0x00,0x3D} Cc: Laszlo Ersek Cc: Kinney Michael D Cc: Zimmer Vincent Cc: Yao Jiewen Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin --- NetworkPkg/Include/Guid/TlsCipherList.h | 38 +++++++++++++++++++++++++++++= ++++ NetworkPkg/NetworkPkg.dec | 3 +++ 2 files changed, 41 insertions(+) create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h diff --git a/NetworkPkg/Include/Guid/TlsCipherList.h b/NetworkPkg/Include/G= uid/TlsCipherList.h new file mode 100644 index 0000000..e31b7bf --- /dev/null +++ b/NetworkPkg/Include/Guid/TlsCipherList.h @@ -0,0 +1,38 @@ +/** @file + This file defines the TlsCipherList variable for HTTPS to configure Tls = Cipher List. + +Copyright (c) 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made availabl= e under +the terms and conditions of the BSD License that accompanies this distribu= tion. +The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#ifndef __TLS_CIPHER_LIST_H__ +#define __TLS_CIPHER_LIST_H__ + +// +// Private Variable for HTTPS to configure Tls Cipher List. +// The valid contents of variable must follow the TLS CipherList format de= fined in RFC 5246.=20 +// The valid length of variable must be an integral multiple of 2. +// For example, if below cipher suites are preferred: +// CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 =3D {0x00,0x3C} +// CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 =3D {0x00,0x3D} +// Then, the contents of variable should be: +// {0x00,0x3C,0x00,0x3D} +// +#define EDKII_TLS_CIPHER_LIST_GUID \ + { \ + 0x46ddb415, 0x5244, 0x49c7, { 0x93, 0x74, 0xf0, 0xe2, 0x98, 0xe7, 0xd3= , 0x86 } \ + } + =20 +#define EDKII_TLS_CIPHER_LIST_VARIABLE L"TlsCipherList" + +extern EFI_GUID gTlsCipherListGuid; + +#endif + diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index 902df37..bdf8361 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -44,10 +44,13 @@ gTlsAuthConfigGuid =3D { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, = 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }} =20 # Include/Guid/TlsAuthentication.h gEfiTlsCaCertificateGuid =3D { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, = 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }} =20 + # Include/Guid/TlsCipherList.h + gTlsCipherListGuid =3D { 0x46ddb415, 0x5244, 0x49c7, { 0x93, 0x74,= 0xf0, 0xe2, 0x98, 0xe7, 0xd3, 0x86 }} + [PcdsFixedAtBuild] ## The max attempt number will be created by iSCSI driver. # @Prompt Max attempt number. gEfiNetworkPkgTokenSpaceGuid.PcdMaxIScsiAttemptNumber|0x08|UINT8|0x00000= 00D =20 --=20 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel