From: "Li, Yi" <yi1.li@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Luo, Heng" <heng.luo@intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Gao, Liming" <gaoliming@byosoft.com.cn>
Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define
Date: Mon, 10 Oct 2022 02:41:05 +0000 [thread overview]
Message-ID: <SJ1PR11MB62278521579123B1F92DB93EC5209@SJ1PR11MB6227.namprd11.prod.outlook.com> (raw)
In-Reply-To: <SN6PR11MB2752971F109A11B75CBEDC6893209@SN6PR11MB2752.namprd11.prod.outlook.com>
Hi Jiewen and Heng,
Thanks for review, I have corrected the comments and cipher suites name.
Thanks,
Yi
-----Original Message-----
From: Luo, Heng <heng.luo@intel.com>
Sent: Monday, October 10, 2022 9:37 AM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Li, Yi1 <yi1.li@intel.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>
Subject: RE: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define
Hi Yi,
Please double check and update the comments:
https://www.rfc-editor.org/rfc/rfc5288,
> #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F}
https://www.rfc-editor.org/rfc/rfc5289, section 3.2
> #define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B} -> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> #define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C} -> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30}
Below definitions in https://www.rfc-editor.org/rfc/rfc8422#section-5.1.1
> /// typedef enum {
> TlsEcNamedCurveSecp256r1 = 23,
> TlsEcNamedCurveSecp384r1 = 24,
> TlsEcNamedCurveSecp521r1 = 25,
> TlsEcNamedCurveX25519 = 29,
> TlsEcNamedCurveX448 = 30,
> } TLS_EC_NAMED_CURVE;
Thanks,
Heng
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> Sent: Monday, October 10, 2022 8:12 AM
> To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>
> Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration
> related define
>
> Hi
> 1) I cannot find the new cipher suite definition in rfc-5246
> (https://www.rfc- editor.org/rfc/rfc5246).
> Would you please update comment as well, to let it point to right document?
>
> ///
> /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
> ///
> ...
> #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F}
> #define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B}
> #define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C}
> #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30}
>
> 2) I cannot find the new cipher suite definition in rfc-8442.
> (Actually, there is no section 5.1.1 in RFC8442
> https://www.rfc-editor.org/rfc/rfc8442)
> Would you please update comment as well, to let it point to right document?
>
> ///
> /// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1
> of rfc-8442 /// typedef enum {
> TlsEcNamedCurveSecp256r1 = 23,
> TlsEcNamedCurveSecp384r1 = 24,
> TlsEcNamedCurveSecp521r1 = 25,
> TlsEcNamedCurveX25519 = 29,
> TlsEcNamedCurveX448 = 30,
> } TLS_EC_NAMED_CURVE;
>
>
> > -----Original Message-----
> > From: Li, Yi1 <yi1.li@intel.com>
> > Sent: Saturday, October 8, 2022 10:10 AM
> > To: devel@edk2.groups.io
> > Cc: Li, Yi1 <yi1.li@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> > <gaoliming@byosoft.com.cn>
> > Subject: [PATCH V2 1/3] MdePkg: Add Tls configuration related define
> >
> > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892
> >
> > Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Signed-off-by: Yi Li <yi1.li@intel.com>
> > ---
> > MdePkg/Include/IndustryStandard/Tls1.h | 110
> > +++++++++++++++++-------
> > -
> > 1 file changed, 74 insertions(+), 36 deletions(-)
> >
> > diff --git a/MdePkg/Include/IndustryStandard/Tls1.h
> > b/MdePkg/Include/IndustryStandard/Tls1.h
> > index cf67428b11..5cf2860caf 100644
> > --- a/MdePkg/Include/IndustryStandard/Tls1.h
> > +++ b/MdePkg/Include/IndustryStandard/Tls1.h
> > @@ -15,42 +15,46 @@
> > ///
> > /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
> > ///
> > -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
> > -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
> > -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
> > -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
> > -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
> > -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
> > -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
> > -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
> > -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
> > -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
> > -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
> > -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
> > -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
> > -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
> > -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
> > -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
> > -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
> > -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
> > -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
> > -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
> > -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
> > -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
> > -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
> > -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
> > -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
> > -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
> > -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
> > -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
> > -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
> > -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
> > -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} -#define
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
> > -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
> > -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
> > -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} -#define
> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
> > +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
> > +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
> > +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
> > +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
> > +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
> > +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
> > +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
> > +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
> > +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
> > +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
> > +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
> > +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
> > +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
> > +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
> > +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
> > +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
> > +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
> > +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
> > +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
> > +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
> > +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
> > +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
> > +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
> > +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
> > +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
> > +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
> > +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
> > +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
> > +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
> > +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
> > +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
> > +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
> > +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
> > +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
> > +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
> > +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
> > +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F}
> > +#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B}
> > +#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C}
> > +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30}
> >
> > ///
> > /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
> > @@ -95,6 +99,40 @@ typedef struct {
> > //
> > #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432
> >
> > +///
> > +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246.
> > +///
> > +typedef enum {
> > + TlsHashAlgoNone = 0,
> > + TlsHashAlgoMd5 = 1,
> > + TlsHashAlgoSha1 = 2,
> > + TlsHashAlgoSha224 = 3,
> > + TlsHashAlgoSha256 = 4,
> > + TlsHashAlgoSha384 = 5,
> > + TlsHashAlgoSha512 = 6,
> > +} TLS_HASH_ALGO;
> > +
> > +///
> > +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246.
> > +///
> > +typedef enum {
> > + TlsSignatureAlgoAnonymous = 0,
> > + TlsSignatureAlgoRsa = 1,
> > + TlsSignatureAlgoDsa = 2,
> > + TlsSignatureAlgoEcdsa = 3,
> > +} TLS_SIGNATURE_ALGO;
> > +
> > +///
> > +/// TLS Supported Elliptic Curves Extensions, refers to section
> > +5.1.1 of rfc-
> > 8442
> > +///
> > +typedef enum {
> > + TlsEcNamedCurveSecp256r1 = 23,
> > + TlsEcNamedCurveSecp384r1 = 24,
> > + TlsEcNamedCurveSecp521r1 = 25,
> > + TlsEcNamedCurveX25519 = 29,
> > + TlsEcNamedCurveX448 = 30,
> > +} TLS_EC_NAMED_CURVE;
> > +
> > #pragma pack()
> >
> > #endif
> > --
> > 2.31.1.windows.1
>
>
>
>
>
next prev parent reply other threads:[~2022-10-10 2:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-08 2:09 [PATCH V2 0/3] CryptoPkg: Extend Tls library Li, Yi
2022-10-08 2:09 ` [PATCH V2 1/3] MdePkg: Add Tls configuration related define Li, Yi
2022-10-10 0:11 ` Yao, Jiewen
2022-10-10 1:36 ` [edk2-devel] " Heng Luo
2022-10-10 2:41 ` Li, Yi [this message]
2022-10-08 2:09 ` [PATCH V2 2/3] CryptoPkg: Extend Tls function library Li, Yi
2022-10-08 2:09 ` [PATCH V2 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol Li, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ1PR11MB62278521579123B1F92DB93EC5209@SJ1PR11MB6227.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox