From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web09.2083.1665369628245893996 for ; Sun, 09 Oct 2022 19:40:29 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=k0gUu4SJ; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665369629; x=1696905629; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Pd2GB51m35SdCHC8JK37UCT5Gxil+0dW5VUOwjAb03g=; b=k0gUu4SJgOJGnV3hxhP0jQGlxc/q5h+ilRWZ0uWHCQ+N6vOFOedYNDhX Dd2QZHyU/hJryPHj9KxEoJGBlpvy90vzMxyRZWdXyBkfKb1EoBL0GIEMP F7ONFpH7c1eJxXzXoeR/4WJ0nF8wfWdvmS5WsXdobKORwQ3ZXWaxUa/Ua 5pmDCphelW37+vMNa5jh1txQjvdeMa4Gq2Vgx1rP5s349I7gbc8E4eeXJ B+A/OQZX9B69db323H0uk5dGpKqpExBZ6LcLcBdYOZ+82mrkkqoFkYYej VVIzyv5KHzUyZkVX/qkVZ64lWRCHJ4Az3Eu85uHlEqbzjmWhQIB/47/SC A==; X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="302861953" X-IronPort-AV: E=Sophos;i="5.95,172,1661842800"; d="scan'208";a="302861953" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2022 19:40:29 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="576893881" X-IronPort-AV: E=Sophos;i="5.95,172,1661842800"; d="scan'208";a="576893881" Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2022 19:40:27 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Michael D Kinney , Liming Gao Subject: [PATCH V3 1/3] MdePkg: Add Tls configuration related define Date: Mon, 10 Oct 2022 10:39:57 +0800 Message-Id: <965fb84a8afba7038d09c8685909bf3c31d8ca39.1665369262.git.yi1.li@intel.com> X-Mailer: git-send-email 2.31.1.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li --- MdePkg/Include/IndustryStandard/Tls1.h | 112 +++++++++++++++++-------- 1 file changed, 75 insertions(+), 37 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h index cf67428b11..f1ba0af7dc 100644 --- a/MdePkg/Include/IndustryStandard/Tls1.h +++ b/MdePkg/Include/IndustryStandard/Tls1.h @@ -13,44 +13,48 @@ #pragma pack(1) /// -/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. +/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346, rfc-5246, rfc-5288 and rfc-5289. /// -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} +#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x2B} +#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x2C} +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} /// /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. @@ -95,6 +99,40 @@ typedef struct { // #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432 +/// +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246. +/// +typedef enum { + TlsHashAlgoNone = 0, + TlsHashAlgoMd5 = 1, + TlsHashAlgoSha1 = 2, + TlsHashAlgoSha224 = 3, + TlsHashAlgoSha256 = 4, + TlsHashAlgoSha384 = 5, + TlsHashAlgoSha512 = 6, +} TLS_HASH_ALGO; + +/// +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246. +/// +typedef enum { + TlsSignatureAlgoAnonymous = 0, + TlsSignatureAlgoRsa = 1, + TlsSignatureAlgoDsa = 2, + TlsSignatureAlgoEcdsa = 3, +} TLS_SIGNATURE_ALGO; + +/// +/// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 of rfc-8422. +/// +typedef enum { + TlsEcNamedCurveSecp256r1 = 23, + TlsEcNamedCurveSecp384r1 = 24, + TlsEcNamedCurveSecp521r1 = 25, + TlsEcNamedCurveX25519 = 29, + TlsEcNamedCurveX448 = 30, +} TLS_EC_NAMED_CURVE; + #pragma pack() #endif -- 2.31.1.windows.1