Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Heng Luo" <heng.luo@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	"Li, Yi1" <yi1.li@intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Gao, Liming" <gaoliming@byosoft.com.cn>
Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define
Date: Mon, 10 Oct 2022 01:36:30 +0000	[thread overview]
Message-ID: <SN6PR11MB2752971F109A11B75CBEDC6893209@SN6PR11MB2752.namprd11.prod.outlook.com> (raw)
In-Reply-To: <MW4PR11MB5872B8D5E70CA3FA4C7F1A038C209@MW4PR11MB5872.namprd11.prod.outlook.com>

Hi Yi, 
Please double check and update the comments:

https://www.rfc-editor.org/rfc/rfc5288, 
> #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384    {0x00, 0x9F}

https://www.rfc-editor.org/rfc/rfc5289, section 3.2
> #define TLS_ECDHE_ECDSA_AES128_GCM_SHA256      {0xC0, 0x2B}  -> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> #define TLS_ECDHE_ECDSA_AES256_GCM_SHA384      {0xC0, 0x2C} -> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  {0xC0, 0x30}

Below definitions in https://www.rfc-editor.org/rfc/rfc8422#section-5.1.1
> /// typedef enum {
>   TlsEcNamedCurveSecp256r1 = 23,
>   TlsEcNamedCurveSecp384r1 = 24,
>   TlsEcNamedCurveSecp521r1 = 25,
>   TlsEcNamedCurveX25519    = 29,
>   TlsEcNamedCurveX448      = 30,
> } TLS_EC_NAMED_CURVE;

Thanks,
Heng
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Monday, October 10, 2022 8:12 AM
> To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>
> Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related
> define
> 
> Hi
> 1) I cannot find the new cipher suite definition in rfc-5246 (https://www.rfc-
> editor.org/rfc/rfc5246).
> Would you please update comment as well, to let it point to right document?
> 
> ///
> /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
> ///
> ...
> #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384    {0x00, 0x9F}
> #define TLS_ECDHE_ECDSA_AES128_GCM_SHA256      {0xC0, 0x2B}
> #define TLS_ECDHE_ECDSA_AES256_GCM_SHA384      {0xC0, 0x2C}
> #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  {0xC0, 0x30}
> 
> 2) I cannot find the new cipher suite definition in rfc-8442. (Actually, there is no
> section 5.1.1 in RFC8442 https://www.rfc-editor.org/rfc/rfc8442)
> Would you please update comment as well, to let it point to right document?
> 
> ///
> /// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 of rfc-8442
> /// typedef enum {
>   TlsEcNamedCurveSecp256r1 = 23,
>   TlsEcNamedCurveSecp384r1 = 24,
>   TlsEcNamedCurveSecp521r1 = 25,
>   TlsEcNamedCurveX25519    = 29,
>   TlsEcNamedCurveX448      = 30,
> } TLS_EC_NAMED_CURVE;
> 
> 
> > -----Original Message-----
> > From: Li, Yi1 <yi1.li@intel.com>
> > Sent: Saturday, October 8, 2022 10:10 AM
> > To: devel@edk2.groups.io
> > Cc: Li, Yi1 <yi1.li@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> > <gaoliming@byosoft.com.cn>
> > Subject: [PATCH V2 1/3] MdePkg: Add Tls configuration related define
> >
> > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892
> >
> > Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Signed-off-by: Yi Li <yi1.li@intel.com>
> > ---
> >  MdePkg/Include/IndustryStandard/Tls1.h | 110 +++++++++++++++++-------
> > -
> >  1 file changed, 74 insertions(+), 36 deletions(-)
> >
> > diff --git a/MdePkg/Include/IndustryStandard/Tls1.h
> > b/MdePkg/Include/IndustryStandard/Tls1.h
> > index cf67428b11..5cf2860caf 100644
> > --- a/MdePkg/Include/IndustryStandard/Tls1.h
> > +++ b/MdePkg/Include/IndustryStandard/Tls1.h
> > @@ -15,42 +15,46 @@
> >  ///
> >  /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
> >  ///
> > -#define TLS_RSA_WITH_NULL_MD5                {0x00, 0x01}
> > -#define TLS_RSA_WITH_NULL_SHA                {0x00, 0x02}
> > -#define TLS_RSA_WITH_RC4_128_MD5             {0x00, 0x04}
> > -#define TLS_RSA_WITH_RC4_128_SHA             {0x00, 0x05}
> > -#define TLS_RSA_WITH_IDEA_CBC_SHA            {0x00, 0x07}
> > -#define TLS_RSA_WITH_DES_CBC_SHA             {0x00, 0x09}
> > -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA        {0x00, 0x0A}
> > -#define TLS_DH_DSS_WITH_DES_CBC_SHA          {0x00, 0x0C}
> > -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA     {0x00, 0x0D}
> > -#define TLS_DH_RSA_WITH_DES_CBC_SHA          {0x00, 0x0F}
> > -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA     {0x00, 0x10}
> > -#define TLS_DHE_DSS_WITH_DES_CBC_SHA         {0x00, 0x12}
> > -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA    {0x00, 0x13}
> > -#define TLS_DHE_RSA_WITH_DES_CBC_SHA         {0x00, 0x15}
> > -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA    {0x00, 0x16}
> > -#define TLS_RSA_WITH_AES_128_CBC_SHA         {0x00, 0x2F}
> > -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA      {0x00, 0x30}
> > -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA      {0x00, 0x31}
> > -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA     {0x00, 0x32}
> > -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA     {0x00, 0x33}
> > -#define TLS_RSA_WITH_AES_256_CBC_SHA         {0x00, 0x35}
> > -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA      {0x00, 0x36}
> > -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA      {0x00, 0x37}
> > -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA     {0x00, 0x38}
> > -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA     {0x00, 0x39}
> > -#define TLS_RSA_WITH_NULL_SHA256             {0x00, 0x3B}
> > -#define TLS_RSA_WITH_AES_128_CBC_SHA256      {0x00, 0x3C}
> > -#define TLS_RSA_WITH_AES_256_CBC_SHA256      {0x00, 0x3D}
> > -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256   {0x00, 0x3E}
> > -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256   {0x00, 0x3F}
> > -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256  {0x00, 0x40} -#define
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256  {0x00, 0x67}
> > -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256   {0x00, 0x68}
> > -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256   {0x00, 0x69}
> > -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256  {0x00, 0x6A} -#define
> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256  {0x00, 0x6B}
> > +#define TLS_RSA_WITH_NULL_MD5                  {0x00, 0x01}
> > +#define TLS_RSA_WITH_NULL_SHA                  {0x00, 0x02}
> > +#define TLS_RSA_WITH_RC4_128_MD5               {0x00, 0x04}
> > +#define TLS_RSA_WITH_RC4_128_SHA               {0x00, 0x05}
> > +#define TLS_RSA_WITH_IDEA_CBC_SHA              {0x00, 0x07}
> > +#define TLS_RSA_WITH_DES_CBC_SHA               {0x00, 0x09}
> > +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA          {0x00, 0x0A}
> > +#define TLS_DH_DSS_WITH_DES_CBC_SHA            {0x00, 0x0C}
> > +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA       {0x00, 0x0D}
> > +#define TLS_DH_RSA_WITH_DES_CBC_SHA            {0x00, 0x0F}
> > +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA       {0x00, 0x10}
> > +#define TLS_DHE_DSS_WITH_DES_CBC_SHA           {0x00, 0x12}
> > +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA      {0x00, 0x13}
> > +#define TLS_DHE_RSA_WITH_DES_CBC_SHA           {0x00, 0x15}
> > +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA      {0x00, 0x16}
> > +#define TLS_RSA_WITH_AES_128_CBC_SHA           {0x00, 0x2F}
> > +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA        {0x00, 0x30}
> > +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA        {0x00, 0x31}
> > +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA       {0x00, 0x32}
> > +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA       {0x00, 0x33}
> > +#define TLS_RSA_WITH_AES_256_CBC_SHA           {0x00, 0x35}
> > +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA        {0x00, 0x36}
> > +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA        {0x00, 0x37}
> > +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA       {0x00, 0x38}
> > +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA       {0x00, 0x39}
> > +#define TLS_RSA_WITH_NULL_SHA256               {0x00, 0x3B}
> > +#define TLS_RSA_WITH_AES_128_CBC_SHA256        {0x00, 0x3C}
> > +#define TLS_RSA_WITH_AES_256_CBC_SHA256        {0x00, 0x3D}
> > +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256     {0x00, 0x3E}
> > +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256     {0x00, 0x3F}
> > +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256    {0x00, 0x40}
> > +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256    {0x00, 0x67}
> > +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256     {0x00, 0x68}
> > +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256     {0x00, 0x69}
> > +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256    {0x00, 0x6A}
> > +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256    {0x00, 0x6B}
> > +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384    {0x00, 0x9F}
> > +#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256      {0xC0, 0x2B}
> > +#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384      {0xC0, 0x2C}
> > +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  {0xC0, 0x30}
> >
> >  ///
> >  /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
> > @@ -95,6 +99,40 @@ typedef struct {
> >  //
> >  #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH  18432
> >
> > +///
> > +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246.
> > +///
> > +typedef enum {
> > +  TlsHashAlgoNone   = 0,
> > +  TlsHashAlgoMd5    = 1,
> > +  TlsHashAlgoSha1   = 2,
> > +  TlsHashAlgoSha224 = 3,
> > +  TlsHashAlgoSha256 = 4,
> > +  TlsHashAlgoSha384 = 5,
> > +  TlsHashAlgoSha512 = 6,
> > +} TLS_HASH_ALGO;
> > +
> > +///
> > +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246.
> > +///
> > +typedef enum {
> > +  TlsSignatureAlgoAnonymous = 0,
> > +  TlsSignatureAlgoRsa       = 1,
> > +  TlsSignatureAlgoDsa       = 2,
> > +  TlsSignatureAlgoEcdsa     = 3,
> > +} TLS_SIGNATURE_ALGO;
> > +
> > +///
> > +/// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1
> > +of rfc-
> > 8442
> > +///
> > +typedef enum {
> > +  TlsEcNamedCurveSecp256r1 = 23,
> > +  TlsEcNamedCurveSecp384r1 = 24,
> > +  TlsEcNamedCurveSecp521r1 = 25,
> > +  TlsEcNamedCurveX25519    = 29,
> > +  TlsEcNamedCurveX448      = 30,
> > +} TLS_EC_NAMED_CURVE;
> > +
> >  #pragma pack()
> >
> >  #endif
> > --
> > 2.31.1.windows.1
> 
> 
> 
> 
>

next prev parent reply	other threads:[~2022-10-10  1:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-08  2:09 [PATCH V2 0/3] CryptoPkg: Extend Tls library Li, Yi
2022-10-08  2:09 ` [PATCH V2 1/3] MdePkg: Add Tls configuration related define Li, Yi
2022-10-10  0:11   ` Yao, Jiewen
2022-10-10  1:36     ` Heng Luo [this message]
2022-10-10  2:41       ` [edk2-devel] " Li, Yi
2022-10-08  2:09 ` [PATCH V2 2/3] CryptoPkg: Extend Tls function library Li, Yi
2022-10-08  2:09 ` [PATCH V2 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol Li, Yi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=SN6PR11MB2752971F109A11B75CBEDC6893209@SN6PR11MB2752.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox