From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.12307.1653184471447644489 for ; Sat, 21 May 2022 18:54:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=TL/PVZKQ; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653184471; x=1684720471; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=hVB+5ZDQPTEyAp/YYwXpD3qvkQlhzaT21i48z6bSHx0=; b=TL/PVZKQXpMX2PdJ/17CwfoxchENw6yAhu5vDZjdKYmVgWjTLJqfFwbk nZp+FexWeGPFBZbbPUPM83jVIgYttRK7DqcGFhm6NJoUyz/a0KiTvEfa+ 5YG2cakDy5v3Bto1WH0F3hALkC5TUzhjVby7gqI4x+dD4qRRYpL0k3QLm MoPmnKVxo6aESLTGPdlV9hG1Qkmg2rPyZDwEybbSHcIkp3VobsYwW+NVn G3YBUDwalDd3/ltQLEGqql5ZHbSfwmhZKqIVx49dbR2wGZC0yjZhYXHvr 0pnllRA/aZDu6htFKgI3UnXH4SjhhdNEe6GlvKbdYSE74xUkjQt/qNQfj w==; X-IronPort-AV: E=McAfee;i="6400,9594,10354"; a="333560453" X-IronPort-AV: E=Sophos;i="5.91,243,1647327600"; d="scan'208";a="333560453" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2022 18:54:30 -0700 X-IronPort-AV: E=Sophos;i="5.91,243,1647327600"; d="scan'208";a="599981310" Received: from shwdejointd178.ccr.corp.intel.com ([10.239.153.103]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2022 18:54:27 -0700 From: "yi1 li" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Maciej Rabeda , Jiaxin Wu , Siyuan Fu , Michael D Kinney , Liming Gao Subject: [PATCH 0/5] CryptoPkg: Add additional cipher algos and TLS API to meet WPA3 Date: Sun, 22 May 2022 09:54:14 +0800 Message-Id: X-Mailer: git-send-email 2.31.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit To meet the needs of WPA3 Enterprise, additional cipher algorithms and TLS APIs need to be added. Code branch: https://github.com/liyi77/edk2/tree/Add-TLS Details as follows: - TlsShutdown: Shutdown the TLS connection without releasing the resources, meaning a new connection can be started without calling TlsNew() and without setting certificates etc. - TlsExportKey: Derive keying material from a TLS connection using the mechanism described in RFC 5705 and export the key material (needed by EAP methods such as EAP-TTLS and EAP-PEAP). - TlsSetEcCurve: Set the EC curve to be used for TLS flows. - TlsSetSignatureAlgoList: Set the signature algorithm list to used by the TLS object. - Additional cipher algorithms: Which are needed for SUITE-B and SUITE-B-192. - Add implementation for TlsSetHostPrivateKey(). Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Maciej Rabeda Cc: Jiaxin Wu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Liming Gao Yi Li (3): MdePkg: Add Tls configuration related define CryptoPkg: Add TlsSetConfiguration API NetworkPkg/TlsDxe: Sync to new TlsSetHostPrivateKey() API yi1 li (2): CryptoPkg: Add APIs TlsShutdown and TlsExportKey to TlsLib CryptoPkg: Add implementation for TlsSetHostPrivateKey() CryptoPkg/Driver/Crypto.c | 97 +++- CryptoPkg/Include/Library/TlsLib.h | 93 +++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 3 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 97 +++- CryptoPkg/Library/TlsLib/InternalTlsLib.h | 5 + CryptoPkg/Library/TlsLib/TlsConfig.c | 426 +++++++++++++++++- CryptoPkg/Library/TlsLib/TlsProcess.c | 32 ++ CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 67 ++- CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 23 + CryptoPkg/Private/Protocol/Crypto.h | 82 +++- MdePkg/Include/IndustryStandard/Tls1.h | 110 +++-- NetworkPkg/TlsDxe/TlsConfigProtocol.c | 2 +- 12 files changed, 968 insertions(+), 69 deletions(-) -- 2.31.1.windows.1