Hi Jiewen and Heng, Thanks for review, I have corrected the comments and cipher suites name.
Thanks, Yi -----Original Message----- From: Luo, Heng <heng....@intel.com> Sent: Monday, October 10, 2022 9:37 AM To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com>; Li, Yi1 <yi1...@intel.com> Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Gao, Liming <gaolim...@byosoft.com.cn> Subject: RE: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define Hi Yi, Please double check and update the comments: https://www.rfc-editor.org/rfc/rfc5288, > #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} https://www.rfc-editor.org/rfc/rfc5289, section 3.2 > #define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B} -> > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 > #define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C} -> > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} Below definitions in https://www.rfc-editor.org/rfc/rfc8422#section-5.1.1 > /// typedef enum { > TlsEcNamedCurveSecp256r1 = 23, > TlsEcNamedCurveSecp384r1 = 24, > TlsEcNamedCurveSecp521r1 = 25, > TlsEcNamedCurveX25519 = 29, > TlsEcNamedCurveX448 = 30, > } TLS_EC_NAMED_CURVE; Thanks, Heng > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, > Jiewen > Sent: Monday, October 10, 2022 8:12 AM > To: Li, Yi1 <yi1...@intel.com>; devel@edk2.groups.io > Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Gao, Liming > <gaolim...@byosoft.com.cn> > Subject: Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration > related define > > Hi > 1) I cannot find the new cipher suite definition in rfc-5246 > (https://www.rfc- editor.org/rfc/rfc5246). > Would you please update comment as well, to let it point to right document? > > /// > /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. > /// > ... > #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} > #define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B} > #define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C} > #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} > > 2) I cannot find the new cipher suite definition in rfc-8442. > (Actually, there is no section 5.1.1 in RFC8442 > https://www.rfc-editor.org/rfc/rfc8442) > Would you please update comment as well, to let it point to right document? > > /// > /// TLS Supported Elliptic Curves Extensions, refers to section 5.1.1 > of rfc-8442 /// typedef enum { > TlsEcNamedCurveSecp256r1 = 23, > TlsEcNamedCurveSecp384r1 = 24, > TlsEcNamedCurveSecp521r1 = 25, > TlsEcNamedCurveX25519 = 29, > TlsEcNamedCurveX448 = 30, > } TLS_EC_NAMED_CURVE; > > > > -----Original Message----- > > From: Li, Yi1 <yi1...@intel.com> > > Sent: Saturday, October 8, 2022 10:10 AM > > To: devel@edk2.groups.io > > Cc: Li, Yi1 <yi1...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; > > Kinney, Michael D <michael.d.kin...@intel.com>; Gao, Liming > > <gaolim...@byosoft.com.cn> > > Subject: [PATCH V2 1/3] MdePkg: Add Tls configuration related define > > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 > > > > Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. > > > > Cc: Jiewen Yao <jiewen....@intel.com> > > Cc: Michael D Kinney <michael.d.kin...@intel.com> > > Cc: Liming Gao <gaolim...@byosoft.com.cn> > > Signed-off-by: Yi Li <yi1...@intel.com> > > --- > > MdePkg/Include/IndustryStandard/Tls1.h | 110 > > +++++++++++++++++------- > > - > > 1 file changed, 74 insertions(+), 36 deletions(-) > > > > diff --git a/MdePkg/Include/IndustryStandard/Tls1.h > > b/MdePkg/Include/IndustryStandard/Tls1.h > > index cf67428b11..5cf2860caf 100644 > > --- a/MdePkg/Include/IndustryStandard/Tls1.h > > +++ b/MdePkg/Include/IndustryStandard/Tls1.h > > @@ -15,42 +15,46 @@ > > /// > > /// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246. > > /// > > -#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} > > -#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} > > -#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} > > -#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} > > -#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} > > -#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} > > -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} > > -#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} > > -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} > > -#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} > > -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} > > -#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} > > -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} > > -#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} > > -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} > > -#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} > > -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} > > -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} > > -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} > > -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} > > -#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} > > -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} > > -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} > > -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} > > -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} > > -#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} > > -#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} > > -#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} > > -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} > > -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} > > -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} -#define > > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} > > -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} > > -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} > > -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} -#define > > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} > > +#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01} > > +#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02} > > +#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04} > > +#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05} > > +#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07} > > +#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09} > > +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A} > > +#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C} > > +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D} > > +#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F} > > +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10} > > +#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12} > > +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13} > > +#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15} > > +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16} > > +#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F} > > +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30} > > +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31} > > +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32} > > +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33} > > +#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35} > > +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36} > > +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37} > > +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38} > > +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39} > > +#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B} > > +#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C} > > +#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D} > > +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E} > > +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F} > > +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40} > > +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67} > > +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68} > > +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69} > > +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A} > > +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B} > > +#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0x00, 0x9F} > > +#define TLS_ECDHE_ECDSA_AES128_GCM_SHA256 {0xC0, 0x2B} > > +#define TLS_ECDHE_ECDSA_AES256_GCM_SHA384 {0xC0, 0x2C} > > +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} > > > > /// > > /// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246. > > @@ -95,6 +99,40 @@ typedef struct { > > // > > #define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432 > > > > +/// > > +/// TLS Hash algorithm, refers to section 7.4.1.4.1. of rfc-5246. > > +/// > > +typedef enum { > > + TlsHashAlgoNone = 0, > > + TlsHashAlgoMd5 = 1, > > + TlsHashAlgoSha1 = 2, > > + TlsHashAlgoSha224 = 3, > > + TlsHashAlgoSha256 = 4, > > + TlsHashAlgoSha384 = 5, > > + TlsHashAlgoSha512 = 6, > > +} TLS_HASH_ALGO; > > + > > +/// > > +/// TLS Signature algorithm, refers to section 7.4.1.4.1. of rfc-5246. > > +/// > > +typedef enum { > > + TlsSignatureAlgoAnonymous = 0, > > + TlsSignatureAlgoRsa = 1, > > + TlsSignatureAlgoDsa = 2, > > + TlsSignatureAlgoEcdsa = 3, > > +} TLS_SIGNATURE_ALGO; > > + > > +/// > > +/// TLS Supported Elliptic Curves Extensions, refers to section > > +5.1.1 of rfc- > > 8442 > > +/// > > +typedef enum { > > + TlsEcNamedCurveSecp256r1 = 23, > > + TlsEcNamedCurveSecp384r1 = 24, > > + TlsEcNamedCurveSecp521r1 = 25, > > + TlsEcNamedCurveX25519 = 29, > > + TlsEcNamedCurveX448 = 30, > > +} TLS_EC_NAMED_CURVE; > > + > > #pragma pack() > > > > #endif > > -- > > 2.31.1.windows.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94865): https://edk2.groups.io/g/devel/message/94865 Mute This Topic: https://groups.io/mt/94193504/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
