NetworkPkg/TlsAuthConfigDxe: Provide the UI to support TLS auth configuration

This patch provides the UI to support TLS auth configuration. * EFI_SIGNATURE_LIST format is used for 'TlsCaCertificate' variable. So, TLS supports multiple certificate configuration. * The variable attribute is BS with NV, which only target at preventing runtime phase attack. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Thomas Palmer <thomas.palmer@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-12-14 10:54:32 +08:00
parent 7e1f2209b0
commit 9d0fa533dd
12 changed files with 2655 additions and 0 deletions
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
@@ -0,0 +1,49 @@
+/** @file
+  Header file for NV data structure definition.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
+#define __TLS_AUTH_CONFIG_NV_DATA_H__
+
+#include <Guid/TlsAuthConfigHii.h>
+
+#define TLS_AUTH_CONFIG_GUID_SIZE                 36
+#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE         37
+
+#define TLS_AUTH_CONFIG_FORMID1_FORM              1
+#define TLS_AUTH_CONFIG_FORMID2_FORM              2
+#define TLS_AUTH_CONFIG_FORMID3_FORM              3
+#define TLS_AUTH_CONFIG_FORMID4_FORM              4
+#define TLS_AUTH_CONFIG_FORMID5_FORM              5
+
+
+#define KEY_TLS_AUTH_CONFIG_SERVER_CA                  0x1000
+#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT                0x1001
+#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT                0x1002
+#define KEY_TLS_AUTH_CONFIG_DELETE_CERT                0x1003
+#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE      0x1004
+#define KEY_TLS_AUTH_CONFIG_CERT_GUID                  0x1005
+#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT        0x1006
+#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT     0x1007
+
+#define OPTION_DEL_CA_ESTION_ID                        0x2000
+#define OPTION_CONFIG_RANGE                            0x1000
+
+#define LABEL_CA_DELETE                                0x1101
+#define LABEL_END                                      0xffff
+
+typedef struct {
+  CHAR16    CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
+} TLS_AUTH_CONFIG_IFR_NVDATA;
+
+#endif