tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS auth configuration 

This patch provides the UI to support TLS auth configuration.
* EFI_SIGNATURE_LIST format is used for 'TlsCaCertificate'
variable. So, TLS supports multiple certificate configuration.
* The variable attribute is BS with NV, which only target at
preventing runtime phase attack.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu 2016-12-14 10:54:32 +08:00
parent 7e1f2209b0
commit 9d0fa533dd
12 changed files with 2655 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
NetworkPkg/Include/Guid/TlsAuthConfigHii.h Normal file
View File

@ -0,0 +1,25 @@
/** @file
GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
#define __TLS_AUTH_CONFIG_HII_GUID_H__
#define TLS_AUTH_CONFIG_GUID \
{ \
0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \
}
extern EFI_GUID gTlsAuthConfigGuid;
#endif

29
NetworkPkg/Include/Guid/TlsAuthentication.h Normal file
View File

@ -0,0 +1,29 @@
/** @file
This file defines TlsCaCertificate variable.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTHENTICATION_H__
#define __TLS_AUTHENTICATION_H__
// Private variable for CA Certificate configuration
//
#define EFI_TLS_CA_CERTIFICATE_GUID \
{ \
0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
}
#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
extern EFI_GUID gEfiTlsCaCertificateGuid;
#endif

7
NetworkPkg/NetworkPkg.dec
View File

@ -40,6 +40,13 @@
# Include/Guid/HttpBootConfigHii.h
gHttpBootConfigGuid = { 0x4d20583a, 0x7765, 0x4e7a, { 0x8a, 0x67, 0xdc, 0xde, 0x74, 0xee, 0x3e, 0xc5 }}
# Include/Guid/TlsAuthConfigHii.h
gTlsAuthConfigGuid = { 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }}
# Include/Guid/TlsAuthentication.h
gEfiTlsCaCertificateGuid = { 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae }}
[PcdsFeatureFlag]
## Indicates if the IPsec IKEv2 Certificate Authentication feature is enabled or not.<BR><BR>
# TRUE - Certificate Authentication feature is enabled.<BR>

135
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c Normal file
View File

@ -0,0 +1,135 @@
/** @file
The DriverEntryPoint for TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsAuthConfigImpl.h"
/**
Unloads an image.
@param ImageHandle Handle that identifies the image to be unloaded.
@retval EFI_SUCCESS The image has been unloaded.
@retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigDxeUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
Status = gBS->HandleProtocol (
ImageHandle,
&gEfiCallerIdGuid,
(VOID **) &PrivateData
);
if (EFI_ERROR (Status)) {
return Status;
}
ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
gBS->UninstallMultipleProtocolInterfaces (
&ImageHandle,
&gEfiCallerIdGuid,
PrivateData,
NULL
);
TlsAuthConfigFormUnload (PrivateData);
return EFI_SUCCESS;
}
/**
This is the declaration of an EFI image entry point. This entry point is
the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
both device drivers and bus drivers.
@param ImageHandle The firmware allocated handle for the UEFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The operation completed successfully.
@retval Others An unexpected error occurred.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigDxeDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
PrivateData = NULL;
//
// If already started, return.
//
Status = gBS->OpenProtocol (
ImageHandle,
&gEfiCallerIdGuid,
NULL,
ImageHandle,
ImageHandle,
EFI_OPEN_PROTOCOL_TEST_PROTOCOL
);
if (!EFI_ERROR (Status)) {
return EFI_ALREADY_STARTED;
}
//
// Initialize the private data structure.
//
PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));
if (PrivateData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Initialize the HII configuration form.
//
Status = TlsAuthConfigFormInit (PrivateData);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Install private GUID.
//
Status = gBS->InstallMultipleProtocolInterfaces (
&ImageHandle,
&gEfiCallerIdGuid,
PrivateData,
NULL
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
return EFI_SUCCESS;
ON_ERROR:
TlsAuthConfigFormUnload (PrivateData);
FreePool (PrivateData);
return Status;
}

73
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf Normal file
View File

@ -0,0 +1,73 @@
## @file
# Provides the capability to configure Tls Authentication in a setup browser
# By this module, user may change the content of TlsCaCertificate.
#
# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TlsAuthConfigDxe
MODULE_UNI_FILE = TlsAuthConfigDxe.uni
FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
UNLOAD_IMAGE = TlsAuthConfigDxeUnload
#
# VALID_ARCHITECTURES = IA32 X64
#
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
NetworkPkg/NetworkPkg.dec
[Sources]
TlsAuthConfigImpl.c
TlsAuthConfigImpl.h
TlsAuthConfigNvData.h
TlsAuthConfigDxe.c
TlsAuthConfigDxeStrings.uni
TlsAuthConfigVfr.vfr
[LibraryClasses]
BaseLib
BaseMemoryLib
MemoryAllocationLib
UefiLib
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
UefiDriverEntryPoint
DebugLib
HiiLib
DevicePathLib
UefiHiiServicesLib
FileExplorerLib
PrintLib
[Protocols]
gEfiDevicePathProtocolGuid ## PRODUCES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
gTlsAuthConfigGuid ## PRODUCES ## GUID
gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
gEfiIfrTianoGuid ## CONSUMES ## HII
gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
[Depex]
gEfiHiiConfigRoutingProtocolGuid AND
gEfiHiiDatabaseProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
TlsAuthConfigDxeExtra.uni

21
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni Normal file
View File

@ -0,0 +1,21 @@
// /** @file
// Provides the capability to configure Tls Authentication in a setup browser
//
// By this module, user may change the content of TlsCaCertificate.
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"
#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."

19
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni Normal file
View File

@ -0,0 +1,19 @@
// /** @file
// TlsAuthConfigDxe Localized Strings and Content
//
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"TLS Auth Config DXE"

39
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni Normal file
View File

@ -0,0 +1,39 @@
/** @file
String definitions for Tls Authentication Configuration form.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"
#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."
#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"
#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."
#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"
#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."
#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"
#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."
#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"
#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."
#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"
#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"
#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"
#string STR_NULL #language en-US ""

1824
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c Normal file
View File

File diff suppressed because it is too large Load Diff

282
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h Normal file
View File

@ -0,0 +1,282 @@
/** @file
Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_IMPL_H__
#define __TLS_AUTH_CONFIG_IMPL_H__
#include <Uefi.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/SimpleFileSystem.h>
//
// Libraries
//
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/DevicePathLib.h>
#include <Library/HiiLib.h>
#include <Library/UefiHiiServicesLib.h>
#include <Library/FileExplorerLib.h>
#include <Library/PrintLib.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/TlsAuthentication.h>
//
// Include files with function prototypes
//
#include "TlsAuthConfigNvData.h"
extern UINT8 TlsAuthConfigDxeStrings[];
extern UINT8 TlsAuthConfigVfrBin[];
#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')
#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;
typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
EFI_FILE_HANDLE FHandle;
UINT16 *FileName;
};
struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE RegisteredHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
EFI_GUID *CertGuid;
};
/**
Unload the configuration form, this includes: delete all the configuration
entries, uninstall the form callback protocol, and free the resources used.
The form will only be unload completely when both IP4 and IP6 stack are stopped.
@param[in] Private Pointer to the driver private data.
@retval EFI_SUCCESS The configuration form is unloaded.
@retval Others Failed to unload the form.
**/
EFI_STATUS
TlsAuthConfigFormUnload (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
);
/**
Initialize the configuration form.
@param[in] Private Pointer to the driver private data.
@retval EFI_SUCCESS The configuration form is initialized.
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
**/
EFI_STATUS
TlsAuthConfigFormInit (
IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
);
/**
This function allows the caller to request the current
configuration for one or more named elements. The resulting
string is in <ConfigAltResp> format. Any and all alternative
configuration strings shall also be appended to the end of the
current configuration string. If they are, they must appear
after the current configuration. They must contain the same
routing (GUID, NAME, PATH) as the current configuration string.
They must have an additional description indicating the type of
alternative configuration the string represents,
"ALTCFG=<StringToken>". That <StringToken> (when
converted from Hex UNICODE to binary) is a reference to a
string in the associated string pack.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Request A null-terminated Unicode string in
<ConfigRequest> format. Note that this
includes the routing information as well as
the configurable name / value pairs. It is
invalid for this string to be in
<MultiConfigRequest> format.
If a NULL is passed in for the Request field,
all of the settings being abstracted by this function
will be returned in the Results field. In addition,
if a ConfigHdr is passed in with no request elements,
all of the settings being abstracted for that particular
ConfigHdr reference will be returned in the Results Field.
@param Progress On return, points to a character in the
Request string. Points to the string's null
terminator if request was successful. Points
to the most recent "&" before the first
failing name / value pair (or the beginning
of the string if the failure is in the first
name / value pair) if the request was not
successful.
@param Results A null-terminated Unicode string in
<MultiConfigAltResp> format which has all values
filled in for the names in the Request string.
String to be allocated by the called function.
@retval EFI_SUCCESS The Results string is filled with the
values corresponding to all requested
names.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the
parts of the results that must be
stored awaiting possible future
protocols.
@retval EFI_NOT_FOUND Routing data doesn't match any
known driver. Progress set to the
first character in the routing header.
Note: There is no requirement that the
driver validate the routing data. It
must skip the <ConfigHdr> in order to
process the names.
@retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
to most recent "&" before the
error or the beginning of the
string.
@retval EFI_INVALID_PARAMETER Unknown name. Progress points
to the & before the name in
question.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
);
/**
This function applies changes in a driver's configuration.
Input is a Configuration, which has the routing data for this
driver followed by name / value configuration pairs. The driver
must apply those pairs to its configurable storage. If the
driver's configuration is stored in a linear block of data
and the driver's name / value pairs are in <BlockConfig>
format, it may use the ConfigToBlock helper function (above) to
simplify the job.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Configuration A null-terminated Unicode string in
<ConfigString> format.
@param Progress A pointer to a string filled in with the
offset of the most recent '&' before the
first failing name / value pair (or the
beginn ing of the string if the failure
is in the first name / value pair) or
the terminating NULL if all was
successful.
@retval EFI_SUCCESS The results have been distributed or are
awaiting distribution.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the
parts of the results that must be
stored awaiting possible future
protocols.
@retval EFI_INVALID_PARAMETERS Passing in a NULL for the
Results parameter would result
in this type of error.
@retval EFI_NOT_FOUND Target for the specified routing data
was not found
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
);
/**
This function is called to provide results data to the driver.
This data consists of a unique key that is used to identify
which data is either being passed back or being asked for.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Action Specifies the type of action taken by the browser.
@param QuestionId A unique value which is sent to the original
exporting driver so that it can identify the type
of data to expect. The format of the data tends to
vary based on the opcode that generated the callback.
@param Type The type of value for the question.
@param Value A pointer to the data being sent to the original
exporting driver.
@param ActionRequest On return, points to the action requested by the
callback function.
@retval EFI_SUCCESS The callback successfully handled the action.
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
variable and its data.
@retval EFI_DEVICE_ERROR The variable could not be saved.
@retval EFI_UNSUPPORTED The specified Action is not supported by the
callback.
**/
EFI_STATUS
EFIAPI
TlsAuthConfigAccessCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN OUT EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
#endif

49
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h Normal file
View File

@ -0,0 +1,49 @@
/** @file
Header file for NV data structure definition.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
#define __TLS_AUTH_CONFIG_NV_DATA_H__
#include <Guid/TlsAuthConfigHii.h>
#define TLS_AUTH_CONFIG_GUID_SIZE 36
#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
#define TLS_AUTH_CONFIG_FORMID1_FORM 1
#define TLS_AUTH_CONFIG_FORMID2_FORM 2
#define TLS_AUTH_CONFIG_FORMID3_FORM 3
#define TLS_AUTH_CONFIG_FORMID4_FORM 4
#define TLS_AUTH_CONFIG_FORMID5_FORM 5
#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
#define OPTION_DEL_CA_ESTION_ID 0x2000
#define OPTION_CONFIG_RANGE 0x1000
#define LABEL_CA_DELETE 0x1101
#define LABEL_END 0xffff
typedef struct {
CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
} TLS_AUTH_CONFIG_IFR_NVDATA;
#endif

152
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr Normal file
View File

@ -0,0 +1,152 @@
/** @file
VFR file used by TlsAuthConfigDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "TlsAuthConfigNvData.h"
formset
guid = TLS_AUTH_CONFIG_GUID,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
varstore TLS_AUTH_CONFIG_IFR_NVDATA,
name = TLS_AUTH_CONFIG_IFR_NVDATA,
guid = TLS_AUTH_CONFIG_GUID;
//
// ##1 Form1: Main form for Tls Auth configration
//
form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display Server CA configration
//
goto TLS_AUTH_CONFIG_FORMID2_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display Client cert configration
//
grayoutif TRUE; /// Current unsupported.
goto TLS_AUTH_CONFIG_FORMID3_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
endif;
endform;
//
// ##2 Form2: CA configuration
//
form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID4_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID5_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
endform;
//
// ##3 Form3 : Client cert configuration
//
form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
subtitle text = STRING_TOKEN(STR_NULL);
//
// TODO...
//
endform;
//
// ##4 Form4: Enroll cert for CA
//
form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID4_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
subtitle text = STRING_TOKEN(STR_NULL);
label TLS_AUTH_CONFIG_FORMID4_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
minsize = TLS_AUTH_CONFIG_GUID_SIZE,
maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto TLS_AUTH_CONFIG_FORMID1_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
goto TLS_AUTH_CONFIG_FORMID1_FORM,
prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
endform;
//
// ##5 Form5: Delete cert for CA
//
form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
label LABEL_CA_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
endformset;