From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web11.1033.1589221649973930155 for ; Mon, 11 May 2020 11:27:45 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: adqRfXWQnDhONfPGb63x3+mpy7gtFzIQ7p6AeEhJEHAzqpsjuqzB301k39VFHxba678GRAydEB rEP85NAOtyZg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2020 11:27:45 -0700 IronPort-SDR: frUxSMMBeayOOIK91zdrAiPoKlErkuhuKdnpC7g1V6ZZFEfc2quN1ddI62uycOtktcPIReCISo 1QgUgDXxnYHg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,380,1583222400"; d="scan'208";a="265244927" Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga006.jf.intel.com with ESMTP; 11 May 2020 11:27:42 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [PATCH V4 06/11] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Date: Tue, 12 May 2020 02:27:13 +0800 Message-Id: <20200511182718.7728-7-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20200511182718.7728-1-zhichao.gao@intel.com> References: <20200511182718.7728-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 181 +-------- CryptoPkg/Include/Library/BaseCryptLib.h | 196 ---------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ---------- CryptoPkg/Private/Protocol/Crypto.h | 169 +------- 16 files changed, 50 insertions(+), 1430 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 832fcda3b9..22b49762bd 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1557,167 +1557,57 @@ CryptoServiceHmacSha256Final ( //===================================================================================== /** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES operations. - @retval 0 This interface is not supported. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. **/ UINTN EFIAPI -CryptoServiceTdesGetContextSize ( +DeprecatedCryptoServiceTdesGetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSize, (), 0); + return BaseCryptLibServiceDeprecated ("TdesGetContextSize"), 0; } -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as TDES context. - In addition, it sets up all TDES key materials for subsequent encryption and decryption - operations. - There are 3 key options as follows: - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesInit ( +DeprecatedCryptoServiceTdesInit ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ) { - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Key, KeyLength), FALSE); + return BaseCryptLibServiceDeprecated ("TdesInit"), FALSE; } -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesEcbEncrypt ( +DeprecatedCryptoServiceTdesEcbEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbEncrypt"), FALSE; } -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesEcbDecrypt ( +DeprecatedCryptoServiceTdesEcbDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbDecrypt"), FALSE; } -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesCbcEncrypt ( +DeprecatedCryptoServiceTdesCbcEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1725,41 +1615,12 @@ CryptoServiceTdesCbcEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcEncrypt"), FALSE; } -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesCbcDecrypt ( +DeprecatedCryptoServiceTdesCbcDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1767,7 +1628,7 @@ CryptoServiceTdesCbcDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcDecrypt"), FALSE; } /** @@ -4344,13 +4205,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { CryptoServiceX509Free, CryptoServiceX509StackFree, CryptoServiceX509GetTBSCert, - /// TDES - CryptoServiceTdesGetContextSize, - CryptoServiceTdesInit, - CryptoServiceTdesEcbEncrypt, - CryptoServiceTdesEcbDecrypt, - CryptoServiceTdesCbcEncrypt, - CryptoServiceTdesCbcDecrypt, + /// TDES - deprecated and unsupported + DeprecatedCryptoServiceTdesGetContextSize, + DeprecatedCryptoServiceTdesInit, + DeprecatedCryptoServiceTdesEcbEncrypt, + DeprecatedCryptoServiceTdesEcbDecrypt, + DeprecatedCryptoServiceTdesCbcEncrypt, + DeprecatedCryptoServiceTdesCbcDecrypt, /// AES CryptoServiceAesGetContextSize, CryptoServiceAesInit, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 25e236c4a3..621bcfd1c4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1278,202 +1278,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //===================================================================================== -/** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as TDES context. - In addition, it sets up all TDES key materials for subsequent encryption and decryption - operations. - There are 3 key options as follows: - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ); - -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - /** Retrieves the size, in bytes, of the context buffer required for AES operations. diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index da38ea552f..2de8e9c346 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c - Cipher/CryptTdes.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c deleted file mode 100644 index fd799f3398..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ /dev/null @@ -1,364 +0,0 @@ -/** @file - TDES Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - @return The size, in bytes, of the context buffer required for TDES operations. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - // - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each. - // - return (UINTN) (3 * sizeof (DES_key_schedule)); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as TDES context. - In addition, it sets up all TDES key materials for subsequent encryption and decryption - operations. - There are 3 key options as follows: - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) { - return FALSE; - } - - KeySchedule = (DES_key_schedule *) TdesContext; - - // - // If input Key is a weak key, return error. - // - if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); - - if (KeyLength == 64) { - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); - - if (KeyLength == 128) { - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) { - return FALSE; - } - - KeySchedule = (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_ENCRYPT - ); - Input += TDES_BLOCK_SIZE; - Output += TDES_BLOCK_SIZE; - InputSize -= TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) { - return FALSE; - } - - KeySchedule = (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_DECRYPT - ); - Input += TDES_BLOCK_SIZE; - Output += TDES_BLOCK_SIZE; - InputSize -= TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) { - return FALSE; - } - - if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule = (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_ENCRYPT - ); - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) { - return FALSE; - } - - if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule = (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_DECRYPT - ); - - return TRUE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index f43953b78c..f631f8d879 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 # certificate handler functions, authenticode signature verification functions, # PEM handler functions, and pseudorandom number generator functions are not @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni index 5abd8e8dfb..c906935d3d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenticode // signature verification functions, PEM handler functions, and pseudorandom number // generator functions are not supported in this instance. @@ -21,5 +21,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM" -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c index 75a133bd0c..6f7e1971f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem ( // // Add possible block-cipher descriptor for PEM data decryption. - // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM. + // NOTE: Only support most popular ciphers AES for the encrypted PEM. // - if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) { - return FALSE; - } if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) { return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index f1eb099b67..672e19299c 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and # authenticode signature verification functions are not supported in this instance. # @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni index 5a48d2a308..0a3bb1c04f 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification functions are // not supported in this instance. // @@ -20,5 +20,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER" -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 3a94655775..cc3556ae3f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and # authenticode signature verification functions are not supported in this instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni index 0561f107e8..2e362c635f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification functions are // not supported in this instance. // @@ -20,5 +20,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver" -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance." diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index a205c9005d..04b552f8b7 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 77915bdb86..43ee4e0841 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1467,220 +1467,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //===================================================================================== -/** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as TDES context. - In addition, it sets up all TDES key materials for subsequent encryption and decryption - operations. - There are 3 key options as follows: - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for AES operations. diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index f36c5c1aff..a30660c192 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2396,155 +2396,45 @@ BOOLEAN //===================================================================================== /** - Retrieves the size, in bytes, of the context buffer required for TDES operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES operations. - @retval 0 This interface is not supported. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( VOID ); -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as TDES context. - In addition, it sets up all TDES key materials for subsequent encryption and decryption - operations. - There are 3 key options as follows: - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ); -/** - Performs TDES encryption on a data buffer of the specified size in ECB mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); -/** - Performs TDES decryption on a data buffer of the specified size in ECB mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES decryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); -/** - Performs TDES encryption on a data buffer of the specified size in CBC mode. - - This function performs TDES encryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -2552,38 +2442,9 @@ BOOLEAN OUT UINT8 *Output ); -/** - Performs TDES decryption on a data buffer of the specified size in CBC mode. - - This function performs TDES decryption on data buffer pointed by Input, of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does not perform - padding. Caller must perform padding, if necessary, to ensure valid input data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behavior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES encryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_FREE X509Free; EDKII_CRYPTO_X509_STACK_FREE X509StackFree; EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; - /// TDES - EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize; - EDKII_CRYPTO_TDES_INIT TdesInit; - EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt; - EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt; - EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt; - EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt; + /// TDES - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContextSize; + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt; /// AES EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; -- 2.21.0.windows.1