From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web10.28266.1653317457918653981
 for <devel@edk2.groups.io>;
 Mon, 23 May 2022 07:50:58 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=AJgXv9zy;
 spf=none, err=permanent DNS error (domain: linux.intel.com, ip: 192.55.52.120, mailfrom: maciej.rabeda@linux.intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1653317457; x=1684853457;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=rej4RYp0+KYs/FaERkzTIfAl0RvFkvzPcvRA5cLuOL4=;
  b=AJgXv9zyLCUIJ3QZ3W7eDjiD50MEJZ5EmePznbHXxsM28+popr7aK8lO
   Gz8p/FyEPF6bXxq75uFwgfVfm9t7BQWezxux8sTHjmID84PReOwSshDXb
   kM9jtF4DAfz0hW9PqpM05eGM0jxvcsEWJiEBdc9xBI92gZr1aVbFRZydg
   vydy10GhnnljKrj8TsdWZj4i0YxO8VV9g0Z0WJstDGd3kHNo22cTGOrWm
   jucdx4AIpwAfSP2Cyy0/v8HeFrQkYviWCQcCCYwE31XCrdBrFCt0+BiaR
   ZOS2ilRwy9aRwodRn2A/zQjsMyEzdoL0x8RHsMRmwTZgsUUoA+F7kxdNu
   Q==;
X-IronPort-AV: E=McAfee;i="6400,9594,10356"; a="272059756"
X-IronPort-AV: E=Sophos;i="5.91,246,1647327600"; 
   d="scan'208";a="272059756"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 May 2022 07:50:57 -0700
X-IronPort-AV: E=Sophos;i="5.91,246,1647327600"; 
   d="scan'208";a="548009093"
Received: from mrabeda-mobl2.ger.corp.intel.com (HELO [10.102.8.138]) ([10.102.8.138])
  by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 May 2022 07:50:55 -0700
Message-ID: <454fa0e9-71d3-aa78-6ab5-fdd6e9bc79d7@linux.intel.com>
Date: Mon, 23 May 2022 16:50:47 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Subject: Re: [edk2-devel] [PATCH 0/5] CryptoPkg: Add additional cipher algos and TLS API to meet WPA3
To: devel@edk2.groups.io, yi1.li@intel.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Jian J Wang <jian.j.wang@intel.com>,
 Xiaoyu Lu <xiaoyu1.lu@intel.com>, Guomin Jiang <guomin.jiang@intel.com>,
 Jiaxin Wu <jiaxin.wu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>
References: <cover.1653183737.git.yi1.li@intel.com>
From: "Maciej Rabeda" <maciej.rabeda@linux.intel.com>
In-Reply-To: <cover.1653183737.git.yi1.li@intel.com>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

For NetworkPkg part: Reviewed-by: Maciej Rabeda 
<maciej.rabeda@linux.intel.com>

On 22 maj 2022 03:54, yi1 li wrote:
> To meet the needs of WPA3 Enterprise, additional cipher algorithms
> and TLS APIs need to be added.
> Code branch: https://github.com/liyi77/edk2/tree/Add-TLS
> Details as follows:
> - TlsShutdown: Shutdown the TLS connection without releasing the resources,
> meaning a new connection can be started without calling TlsNew() and
> without setting certificates etc.
> - TlsExportKey: Derive keying material from a TLS connection using the
> mechanism described in RFC 5705 and export the key material (needed
> by EAP methods such as EAP-TTLS and EAP-PEAP).
> - TlsSetEcCurve: Set the EC curve to be used for TLS flows.
> - TlsSetSignatureAlgoList: Set the signature algorithm list to used by
> the TLS object.
> - Additional cipher algorithms: Which are needed for SUITE-B and SUITE-B-192.
> - Add implementation for TlsSetHostPrivateKey().
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>
> Yi Li (3):
>    MdePkg: Add Tls configuration related define
>    CryptoPkg: Add TlsSetConfiguration API
>    NetworkPkg/TlsDxe: Sync to new TlsSetHostPrivateKey() API
>
> yi1 li (2):
>    CryptoPkg: Add APIs TlsShutdown and TlsExportKey to TlsLib
>    CryptoPkg: Add implementation for TlsSetHostPrivateKey()
>
>   CryptoPkg/Driver/Crypto.c                     |  97 +++-
>   CryptoPkg/Include/Library/TlsLib.h            |  93 +++-
>   .../Pcd/PcdCryptoServiceFamilyEnable.h        |   3 +
>   .../BaseCryptLibOnProtocolPpi/CryptLib.c      |  97 +++-
>   CryptoPkg/Library/TlsLib/InternalTlsLib.h     |   5 +
>   CryptoPkg/Library/TlsLib/TlsConfig.c          | 426 +++++++++++++++++-
>   CryptoPkg/Library/TlsLib/TlsProcess.c         |  32 ++
>   CryptoPkg/Library/TlsLibNull/TlsConfigNull.c  |  67 ++-
>   CryptoPkg/Library/TlsLibNull/TlsProcessNull.c |  23 +
>   CryptoPkg/Private/Protocol/Crypto.h           |  82 +++-
>   MdePkg/Include/IndustryStandard/Tls1.h        | 110 +++--
>   NetworkPkg/TlsDxe/TlsConfigProtocol.c         |   2 +-
>   12 files changed, 968 insertions(+), 69 deletions(-)
>