From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Li, Yi1" <yi1.li@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Gao, Liming" <gaoliming@byosoft.com.cn>
Subject: Re: [PATCH V2 1/3] MdePkg: Add Tls configuration related define
Date: Mon, 10 Oct 2022 00:11:41 +0000 [thread overview]
Message-ID: <MW4PR11MB5872B8D5E70CA3FA4C7F1A038C209@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <9f6468e21b28debeacbb08839b28d62aefc45cc8.1665194514.git.yi1.li@intel.com>
Hi
1) I cannot find the new cipher suite definition in rfc-5246 (https://www.rfc-editor.org/rfc/rfc5246).
Would you please update comment as well, to let it point to right document?
///
/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
///
...
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F}
#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B}
#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C}
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30}
2) I cannot find the new cipher suite definition in rfc-8442. (Actually, there is no section 5.1.1 in RFC8442 https://www.rfc-editor.org/rfc/rfc8442)
Would you please update comment as well, to let it point to right document?
///
/// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 of rfc-8442
///
typedef enum {
TlsEcNamedCurveSecp256r1 = 23,
TlsEcNamedCurveSecp384r1 = 24,
TlsEcNamedCurveSecp521r1 = 25,
TlsEcNamedCurveX25519 = 29,
TlsEcNamedCurveX448 = 30,
} TLS_EC_NAMED_CURVE;
> -----Original Message-----
> From: Li, Yi1 <yi1.li@intel.com>
> Sent: Saturday, October 8, 2022 10:10 AM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 <yi1.li@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>
> Subject: [PATCH V2 1/3] MdePkg: Add Tls configuration related define
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892
>
> Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Signed-off-by: Yi Li <yi1.li@intel.com>
> ---
> MdePkg/Include/IndustryStandard/Tls1.h | 110 +++++++++++++++++-------
> -
> 1 file changed, 74 insertions(+), 36 deletions(-)
>
> diff --git a/MdePkg/Include/IndustryStandard/Tls1.h
> b/MdePkg/Include/IndustryStandard/Tls1.h
> index cf67428b11..5cf2860caf 100644
> --- a/MdePkg/Include/IndustryStandard/Tls1.h
> +++ b/MdePkg/Include/IndustryStandard/Tls1.h
> @@ -15,42 +15,46 @@
> ///
> /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
> ///
> -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
> -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
> -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
> -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
> -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
> -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
> -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
> -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
> -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
> -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
> -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
> -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
> -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
> -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
> -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
> -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
> -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
> -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
> -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
> -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
> -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
> -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
> -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
> -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
> -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
> -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
> -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
> -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
> -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
> -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
> -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
> -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
> -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
> -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
> -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
> -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
> +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
> +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
> +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
> +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
> +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
> +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
> +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
> +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
> +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
> +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
> +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
> +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
> +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
> +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
> +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
> +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
> +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
> +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
> +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
> +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
> +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
> +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
> +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
> +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
> +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
> +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
> +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
> +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
> +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
> +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
> +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
> +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
> +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
> +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
> +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
> +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
> +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F}
> +#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B}
> +#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C}
> +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30}
>
> ///
> /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
> @@ -95,6 +99,40 @@ typedef struct {
> //
> #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432
>
> +///
> +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246.
> +///
> +typedef enum {
> + TlsHashAlgoNone = 0,
> + TlsHashAlgoMd5 = 1,
> + TlsHashAlgoSha1 = 2,
> + TlsHashAlgoSha224 = 3,
> + TlsHashAlgoSha256 = 4,
> + TlsHashAlgoSha384 = 5,
> + TlsHashAlgoSha512 = 6,
> +} TLS_HASH_ALGO;
> +
> +///
> +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246.
> +///
> +typedef enum {
> + TlsSignatureAlgoAnonymous = 0,
> + TlsSignatureAlgoRsa = 1,
> + TlsSignatureAlgoDsa = 2,
> + TlsSignatureAlgoEcdsa = 3,
> +} TLS_SIGNATURE_ALGO;
> +
> +///
> +/// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 of rfc-
> 8442
> +///
> +typedef enum {
> + TlsEcNamedCurveSecp256r1 = 23,
> + TlsEcNamedCurveSecp384r1 = 24,
> + TlsEcNamedCurveSecp521r1 = 25,
> + TlsEcNamedCurveX25519 = 29,
> + TlsEcNamedCurveX448 = 30,
> +} TLS_EC_NAMED_CURVE;
> +
> #pragma pack()
>
> #endif
> --
> 2.31.1.windows.1
next prev parent reply other threads:[~2022-10-10 0:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-08 2:09 [PATCH V2 0/3] CryptoPkg: Extend Tls library Li, Yi
2022-10-08 2:09 ` [PATCH V2 1/3] MdePkg: Add Tls configuration related define Li, Yi
2022-10-10 0:11 ` Yao, Jiewen [this message]
2022-10-10 1:36 ` [edk2-devel] " Heng Luo
2022-10-10 2:41 ` Li, Yi
2022-10-08 2:09 ` [PATCH V2 2/3] CryptoPkg: Extend Tls function library Li, Yi
2022-10-08 2:09 ` [PATCH V2 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol Li, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB5872B8D5E70CA3FA4C7F1A038C209@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox