From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web11.1033.1589221649973930155 for ; Mon, 11 May 2020 11:27:56 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: yPCRwqaA5amVF+njkZ6m/u7oci0fAFRs61QKTezCItlZYtKq0kOYJfRahcTQCs8ckUjmfzyoYj Eg3qW/yq4HPg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2020 11:27:55 -0700 IronPort-SDR: BEVyEoP0vhxpEBG2jhRXCatAjDCbDld5W59j9Rg16ranr52Wj6hEHCss7NQt3XiSiSFsUhZV1C 9Twyd4+F9j5g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,380,1583222400"; d="scan'208";a="265245032" Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga006.jf.intel.com with ESMTP; 11 May 2020 11:27:53 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [PATCH V4 10/11] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Date: Tue, 12 May 2020 02:27:17 +0800 Message-Id: <20200511182718.7728-11-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20200511182718.7728-1-zhichao.gao@intel.com> References: <20200511182718.7728-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 3 - CryptoPkg/Driver/Crypto.c | 128 ++--------- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 4 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ CryptoPkg/Private/Protocol/Crypto.h | 121 ++-------- 16 files changed, 45 insertions(+), 1009 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 9ddf73f9fa..1af78468a1 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -163,7 +162,6 @@ !endif !if $(CRYPTO_SERVICES) == MIN_PEI - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -178,7 +176,6 @@ !endif !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 3d6c8f4d38..071d8c8529 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1170,154 +1170,68 @@ DeprecatedCryptoServiceHmacMd5Final ( } /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. **/ VOID * EFIAPI -CryptoServiceHmacSha1New ( +DeprecatedCryptoServiceHmacSha1New ( VOID ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL); + return BaseCryptLibServiceDeprecated ("HmacSha1New"), NULL; } -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ VOID EFIAPI -CryptoServiceHmacSha1Free ( +DeprecatedCryptoServiceHmacSha1Free ( IN VOID *HmacSha1Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1Ctx)); + BaseCryptLibServiceDeprecated ("HmacSha1Free"); } -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceHmacSha1SetKey ( +DeprecatedCryptoServiceHmacSha1SetKey ( OUT VOID *HmacSha1Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1SetKey"), FALSE; } -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Duplicate ( +DeprecatedCryptoServiceHmacSha1Duplicate ( IN CONST VOID *HmacSha1Context, OUT VOID *NewHmacSha1Context ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Duplicate"), FALSE; } -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Update ( +DeprecatedCryptoServiceHmacSha1Update ( IN OUT VOID *HmacSha1Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Update"), FALSE; } -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Final ( +DeprecatedCryptoServiceHmacSha1Final ( IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacSha1Context, HmacValue), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Final"), FALSE; } /** @@ -3972,13 +3886,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceHmacMd5Duplicate, DeprecatedCryptoServiceHmacMd5Update, DeprecatedCryptoServiceHmacMd5Final, - /// HMAC SHA1 - CryptoServiceHmacSha1New, - CryptoServiceHmacSha1Free, - CryptoServiceHmacSha1SetKey, - CryptoServiceHmacSha1Duplicate, - CryptoServiceHmacSha1Update, - CryptoServiceHmacSha1Final, + /// HMAC SHA1 - deprecated and unsupported + DeprecatedCryptoServiceHmacSha1New, + DeprecatedCryptoServiceHmacSha1Free, + DeprecatedCryptoServiceHmacSha1SetKey, + DeprecatedCryptoServiceHmacSha1Duplicate, + DeprecatedCryptoServiceHmacSha1Update, + DeprecatedCryptoServiceHmacSha1Final, /// HMAC SHA256 CryptoServiceHmacSha256New, CryptoServiceHmacSha256Free, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index b99401661c..1b1ffa75ef 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //===================================================================================== -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 33d7c13bff..4aae2aba95 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c deleted file mode 100644 index 7593ca55b1..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context == NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context == NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in OpenSSL - // - if (Data == NULL && DataSize != 0) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 digest computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacSha1Context == NULL || HmacValue == NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index 2a630ef290..dc28e3a11d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 # certificate handler functions, authenticode signature verification functions, # PEM handler functions, and pseudorandom number generator functions are not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni index 95c71a8ae2..20ae64e8bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenticode // signature verification functions, PEM handler functions, and pseudorandom number @@ -21,5 +21,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM" -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 1642521087..5005beed02 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and # authenticode signature verification functions are not supported in this instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni index f7e1acb3a7..0cf378c5ab 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification functions are // not supported in this instance. @@ -20,5 +20,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER" -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index ec9c8e7c05..91ec3e03bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,8 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1 functions, RSA external -# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and # authenticode signature verification functions are not supported in this instance. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
@@ -39,7 +38,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni index 8eb3acac93..f0c33abbcf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification functions are // not supported in this instance. @@ -20,5 +20,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver" -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 558ccfc002..689af4fedd 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index dfe7fb7e91..a614b61ed4 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1015,157 +1015,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //===================================================================================== -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL); -} - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx)); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE); -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE); -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE); -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE); -} - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index bd4cd7f383..d167390774 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -89,140 +89,49 @@ BOOLEAN OUT UINT8 *HmacValue ); - /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. **/ typedef VOID* -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_NEW) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW) ( VOID ); -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ typedef VOID -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FREE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE) ( IN VOID *HmacSha1Ctx ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( OUT VOID *HmacSha1Context, IN CONST UINT8 *Key, IN UINTN KeySize ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( IN CONST VOID *HmacSha1Context, OUT VOID *NewHmacSha1Context ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( IN OUT VOID *HmacSha1Context, IN CONST VOID *Data, IN UINTN DataSize ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL) ( IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ); @@ -3538,13 +3447,13 @@ struct _EDKII_CRYPTO_PROTOCOL { DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplicate; DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update; DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final; - /// HMAC SHA1 - EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; - EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; - EDKII_CRYPTO_HMAC_SHA1_SET_KEY HmacSha1SetKey; - EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate; - EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update; - EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final; + /// HMAC SHA1 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Free; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1SetKey; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Duplicate; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Update; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Final; /// HMAC SHA256 EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; -- 2.21.0.windows.1