From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.12307.1653184471447644489 for ; Sat, 21 May 2022 18:54:36 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=KFxrSi+g; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653184475; x=1684720475; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=sEIlZU+RaUZB+NGM/DoS5FnhyTtC9KL8rNpB+InXMJc=; b=KFxrSi+gzsWKZ56GFoWtkLAMuhG3vc9kM3JtaBLfpE82lmHf60R5c+Wv y7tD0/GNCEwyvElg0Yzcq41kK7FBcJ4k5w05FmKKLIEh1ynftPMCaWjdw YbtmVBG3c+rwfsQk3o24TqSwTGBTCxvK9hInwHIu+nXDiwOo6PlOzwd2K K3hsfYwMtROAFklBCZngdX6omY/8iiVB1f6oCPJ96/bSgk6TMMquvyHit 3wc3f8b3Zkt61nepWHim40Kbj9rUbvny19HGi87MyPuIMIYlU96GQkjMh I8K89/JaTvIKs41jUZShh/zHT/NaX0LA/cBTPxDhFT+NPsJWcrEUMA3gE g==; X-IronPort-AV: E=McAfee;i="6400,9594,10354"; a="333560477" X-IronPort-AV: E=Sophos;i="5.91,243,1647327600"; d="scan'208";a="333560477" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2022 18:54:35 -0700 X-IronPort-AV: E=Sophos;i="5.91,243,1647327600"; d="scan'208";a="599981369" Received: from shwdejointd178.ccr.corp.intel.com ([10.239.153.103]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2022 18:54:33 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Michael D Kinney , Liming Gao Subject: [PATCH 1/5] MdePkg: Add Tls configuration related define Date: Sun, 22 May 2022 09:54:15 +0800 Message-Id: <7664558e2ef56fc6c1d83a8869ac74a57eb24d46.1653183737.git.yi1.li@intel.com> X-Mailer: git-send-email 2.31.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li --- MdePkg/Include/IndustryStandard/Tls1.h | 110 +++++++++++++++++-------- 1 file changed, 74 insertions(+), 36 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h index cf67428b1129..5cf2860caff4 100644 --- a/MdePkg/Include/IndustryStandard/Tls1.h +++ b/MdePkg/Include/IndustryStandard/Tls1.h @@ -15,42 +15,46 @@ /// /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. /// -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} +#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B} +#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C} +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} /// /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. @@ -95,6 +99,40 @@ typedef struct { // #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432 +/// +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246. +/// +typedef enum { + TlsHashAlgoNone = 0, + TlsHashAlgoMd5 = 1, + TlsHashAlgoSha1 = 2, + TlsHashAlgoSha224 = 3, + TlsHashAlgoSha256 = 4, + TlsHashAlgoSha384 = 5, + TlsHashAlgoSha512 = 6, +} TLS_HASH_ALGO; + +/// +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246. +/// +typedef enum { + TlsSignatureAlgoAnonymous = 0, + TlsSignatureAlgoRsa = 1, + TlsSignatureAlgoDsa = 2, + TlsSignatureAlgoEcdsa = 3, +} TLS_SIGNATURE_ALGO; + +/// +/// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 of rfc-8442 +/// +typedef enum { + TlsEcNamedCurveSecp256r1 = 23, + TlsEcNamedCurveSecp384r1 = 24, + TlsEcNamedCurveSecp521r1 = 25, + TlsEcNamedCurveX25519 = 29, + TlsEcNamedCurveX448 = 30, +} TLS_EC_NAMED_CURVE; + #pragma pack() #endif -- 2.31.1.windows.1