From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web08.25275.1664173646788797018 for ; Sun, 25 Sep 2022 23:27:27 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jqgH9nwr; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664173647; x=1695709647; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ShroG0M23eMDreROFjzpb4paRIevjuUq8IaLR8itUw0=; b=jqgH9nwrq+/dDIC4GYYj1A6/doI7c2Pea/oAXJNJcFwaIZ2nijTKN9wQ DkkgKWvJqbbaozOd2068JaNf7qsd6hypaaoctYEzy2HSC5+D7tjQwU90d UYBuiyymGwkVB+yiYlNCX0DF/qReheKAz24sKvL/1mrywU1ih8xGSL9PI C1H/kyZ3VCJ/dCXLuGwsgVkl+EpPzuy0g2FYBbp45zwEoc7W/KZMinChb FiB5Wdr3HVWL1uGfvzlPEJmS8moHnhPMAk03PMP8xCQFRxbEg9Tk2aAXy 8GIZZGZnDY38EViN3Oc/82SSnPN/bhA1fc/BUTciSVOMUFmwdYZB1APt6 w==; X-IronPort-AV: E=McAfee;i="6500,9779,10481"; a="300931253" X-IronPort-AV: E=Sophos;i="5.93,345,1654585200"; d="scan'208";a="300931253" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Sep 2022 23:27:23 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10481"; a="616284715" X-IronPort-AV: E=Sophos;i="5.93,345,1654585200"; d="scan'208";a="616284715" Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Sep 2022 23:27:21 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Michael D Kinney , Liming Gao Subject: [PATCH 1/3] MdePkg: Add Tls configuration related define Date: Mon, 26 Sep 2022 14:27:08 +0800 Message-Id: <17a35da0626a56148519315dcf4f25d047b0f836.1664172690.git.yi1.li@intel.com> X-Mailer: git-send-email 2.31.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li --- MdePkg/Include/IndustryStandard/Tls1.h | 110 +++++++++++++++++-------- 1 file changed, 74 insertions(+), 36 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h index cf67428b11..5cf2860caf 100644 --- a/MdePkg/Include/IndustryStandard/Tls1.h +++ b/MdePkg/Include/IndustryStandard/Tls1.h @@ -15,42 +15,46 @@ /// /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. /// -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} +#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B} +#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C} +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} /// /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. @@ -95,6 +99,40 @@ typedef struct { // #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432 +/// +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246. +/// +typedef enum { + TlsHashAlgoNone = 0, + TlsHashAlgoMd5 = 1, + TlsHashAlgoSha1 = 2, + TlsHashAlgoSha224 = 3, + TlsHashAlgoSha256 = 4, + TlsHashAlgoSha384 = 5, + TlsHashAlgoSha512 = 6, +} TLS_HASH_ALGO; + +/// +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246. +/// +typedef enum { + TlsSignatureAlgoAnonymous = 0, + TlsSignatureAlgoRsa = 1, + TlsSignatureAlgoDsa = 2, + TlsSignatureAlgoEcdsa = 3, +} TLS_SIGNATURE_ALGO; + +/// +/// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 of rfc-8442 +/// +typedef enum { + TlsEcNamedCurveSecp256r1 = 23, + TlsEcNamedCurveSecp384r1 = 24, + TlsEcNamedCurveSecp521r1 = 25, + TlsEcNamedCurveX25519 = 29, + TlsEcNamedCurveX448 = 30, +} TLS_EC_NAMED_CURVE; + #pragma pack() #endif -- 2.31.1.windows.1