MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
In the patch, we add the new data type named "EfiTlsVerifyHost" and
the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP)
to enable the host name check so as to avoid the potential
Man-In-The-Middle attack.

Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
index bf1b6727a1e9b77e6cb0cb12a0acb024f124a02f..af524ae2a60ec2441782e261e58613e4447dd1de 100644 (file)
--- a/MdePkg/Include/Protocol/Tls.h
+++ b/MdePkg/Include/Protocol/Tls.h
@@ -41,10 +41,6 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
 /// EFI_TLS_SESSION_DATA_TYPE\r
 ///\r
 typedef enum {\r
-  ///\r
-  /// Session Configuration\r
-  ///\r
-\r
   ///\r
   /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.\r
   ///\r
@@ -86,11 +82,6 @@ typedef enum {
   /// The corresponding Data is of type EFI_TLS_SESSION_STATE.\r
   ///\r
   EfiTlsSessionState,\r
-\r
-  ///\r
-  /// Session information\r
-  ///\r
-\r
   ///\r
   /// TLS session data client random.\r
   /// The corresponding Data is of type EFI_TLS_RANDOM.\r
@@ -106,9 +97,15 @@ typedef enum {
   /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.\r
   ///\r
   EfiTlsKeyMaterial,\r
+  ///\r
+  /// TLS session hostname for validation which is used to verify whether the name\r
+  /// within the peer certificate matches a given host name.\r
+  /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE.\r
+  /// The corresponding Data is of type EFI_TLS_VERIFY_HOST.\r
+  ///\r
+  EfiTlsVerifyHost,\r
 \r
   EfiTlsSessionDataTypeMaximum\r
-\r
 } EFI_TLS_SESSION_DATA_TYPE;\r
 \r
 ///\r
@@ -178,7 +175,8 @@ typedef UINT32  EFI_TLS_VERIFY;
 ///\r
 #define EFI_TLS_VERIFY_PEER                  0x1\r
 ///\r
-/// TLS session will fail peer certificate is absent.\r
+/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode.\r
+/// TLS session will fail if client certificate is absent.\r
 ///\r
 #define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT  0x2\r
 ///\r
@@ -187,6 +185,54 @@ typedef UINT32  EFI_TLS_VERIFY;
 ///\r
 #define EFI_TLS_VERIFY_CLIENT_ONCE           0x4\r
 \r
+///\r
+/// EFI_TLS_VERIFY_HOST_FLAG\r
+///\r
+typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG;\r
+///\r
+/// There is no additional flags set for hostname validation.\r
+/// Wildcards are supported and they match only in the left-most label.\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_NONE                    0x00\r
+///\r
+/// Always check the Subject Distinguished Name (DN) in the peer certificate even if the\r
+/// certificate contains Subject Alternative Name (SAN).\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT    0x01\r
+///\r
+/// Disable the match of all wildcards.\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS            0x02\r
+///\r
+/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www").\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS    0x04\r
+///\r
+/// Allow the "*" to match more than one labels. Otherwise, only matches a single label.\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS   0x08\r
+///\r
+/// Restrict to only match direct child sub-domains which start with ".".\r
+/// For example, a name of ".example.com" would match "www.example.com" with this flag,\r
+/// but would not match "www.sub.example.com".\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10\r
+///\r
+/// Never check the Subject Distinguished Name (DN) even there is no\r
+/// Subject Alternative Name (SAN) in the certificate.\r
+///\r
+#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT     0x20\r
+\r
+///\r
+/// EFI_TLS_VERIFY_HOST\r
+///\r
+#pragma pack (1)\r
+typedef struct {\r
+  EFI_TLS_VERIFY_HOST_FLAG Flags;\r
+  CHAR8                    *HostName;\r
+} EFI_TLS_VERIFY_HOST;\r
+#pragma pack ()\r
+\r
 ///\r
 /// EFI_TLS_RANDOM\r
 /// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.\r