public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Xiaoyu Lu <xiaoyux.lu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Philippe Mathieu-Daude <philmd@redhat.com>
Subject: [PATCH V6 08/13] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
Date: Fri, 15 May 2020 12:39:43 +0800	[thread overview]
Message-ID: <20200515043948.15028-9-zhichao.gao@intel.com> (raw)
In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 CryptoPkg/CryptoPkg.dsc                       |  45 +++----
 CryptoPkg/Driver/Crypto.c                     |  50 ++------
 CryptoPkg/Include/Library/BaseCryptLib.h      |  70 -----------
 .../Library/BaseCryptLib/Cipher/CryptAes.c    | 114 ------------------
 .../BaseCryptLib/Cipher/CryptAesNull.c        |  52 --------
 .../BaseCryptLibNull/Cipher/CryptAesNull.c    |  52 --------
 .../BaseCryptLibOnProtocolPpi/CryptLib.c      |  76 ------------
 CryptoPkg/Private/Protocol/Crypto.h           |  61 ++--------
 8 files changed, 42 insertions(+), 478 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 6ed7046563..1f68cc633b 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,27 +137,30 @@
   gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
 
 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family    | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family   | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family         | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family       | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
-  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family     | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family                           | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family                          | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family                        | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family                                | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize              | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init                        | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt                  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family                              | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family                               | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family                            | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 !if $(CRYPTO_SERVICES) == MIN_PEI
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 642d0267d9..1337fea42a 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1801,79 +1801,51 @@ CryptoServiceAesInit (
 }
 
 /**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
+  AES ECB Mode is deprecated and unsupported any longer.
+  Keep the function field for binary compability.
 
   @param[in]   AesContext  Pointer to the AES context.
   @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
   @param[in]   InputSize   Size of the Input buffer in bytes.
   @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
 
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
   @retval FALSE  This interface is not supported.
 
 **/
 BOOLEAN
 EFIAPI
-CryptoServiceAesEcbEncrypt (
+DeprecatedCryptoServiceAesEcbEncrypt (
   IN   VOID         *AesContext,
   IN   CONST UINT8  *Input,
   IN   UINTN        InputSize,
   OUT  UINT8        *Output
   )
 {
-  return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
+  return BaseCryptLibServiceDeprecated ("AesEcbEncrypt"), FALSE;
 }
 
 /**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
+  AES ECB Mode is deprecated and unsupported any longer.
+  Keep the function field for binary compability.
 
   @param[in]   AesContext  Pointer to the AES context.
   @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
   @param[in]   InputSize   Size of the Input buffer in bytes.
   @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
 
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
   @retval FALSE  This interface is not supported.
 
 **/
 BOOLEAN
 EFIAPI
-CryptoServiceAesEcbDecrypt (
+DeprecatedCryptoServiceAesEcbDecrypt (
   IN   VOID         *AesContext,
   IN   CONST UINT8  *Input,
   IN   UINTN        InputSize,
   OUT  UINT8        *Output
   )
 {
-  return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
+  return BaseCryptLibServiceDeprecated ("AesEcbDecrypt"), FALSE;
 }
 
 /**
@@ -4376,11 +4348,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
   DeprecatedCryptoServiceTdesEcbDecrypt,
   DeprecatedCryptoServiceTdesCbcEncrypt,
   DeprecatedCryptoServiceTdesCbcDecrypt,
-  /// AES
+  /// AES - ECB mode is deprecated and unsupported
   CryptoServiceAesGetContextSize,
   CryptoServiceAesInit,
-  CryptoServiceAesEcbEncrypt,
-  CryptoServiceAesEcbDecrypt,
+  DeprecatedCryptoServiceAesEcbEncrypt,
+  DeprecatedCryptoServiceAesEcbDecrypt,
   CryptoServiceAesCbcEncrypt,
   CryptoServiceAesCbcDecrypt,
   /// Arc4 - deprecated and unsupported
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 621bcfd1c4..86175c7a8a 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1323,76 +1323,6 @@ AesInit (
   IN   UINTN        KeyLength
   );
 
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  );
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  );
-
 /**
   Performs AES encryption on a data buffer of the specified size in CBC mode.
 
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
index 2515b34bb8..914cffb211 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
@@ -78,120 +78,6 @@ AesInit (
   return TRUE;
 }
 
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  AES_KEY  *AesKey;
-
-  //
-  // Check input parameters.
-  //
-  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
-    return FALSE;
-  }
-
-  AesKey = (AES_KEY *) AesContext;
-
-  //
-  // Perform AES data encryption with ECB mode (block-by-block)
-  //
-  while (InputSize > 0) {
-    AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
-    Input     += AES_BLOCK_SIZE;
-    Output    += AES_BLOCK_SIZE;
-    InputSize -= AES_BLOCK_SIZE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  AES_KEY  *AesKey;
-
-  //
-  // Check input parameters.
-  //
-  if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
-    return FALSE;
-  }
-
-  AesKey = (AES_KEY *) AesContext;
-
-  //
-  // Perform AES data decryption with ECB mode (block-by-block)
-  //
-  while (InputSize > 0) {
-    AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
-    Input     += AES_BLOCK_SIZE;
-    Output    += AES_BLOCK_SIZE;
-    InputSize -= AES_BLOCK_SIZE;
-  }
-
-  return TRUE;
-}
-
 /**
   Performs AES encryption on a data buffer of the specified size in CBC mode.
 
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
   return FALSE;
 }
 
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
 /**
   Performs AES encryption on a data buffer of the specified size in CBC mode.
 
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
   return FALSE;
 }
 
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
 /**
   Performs AES encryption on a data buffer of the specified size in CBC mode.
 
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 43ee4e0841..c937f8540d 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1518,82 +1518,6 @@ AesInit (
   CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE);
 }
 
-/**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
-  IN   VOID         *AesContext,
-  IN   CONST UINT8  *Input,
-  IN   UINTN        InputSize,
-  OUT  UINT8        *Output
-  )
-{
-  CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
-}
-
 /**
   Performs AES encryption on a data buffer of the specified size in CBC mode.
 
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index a30660c192..e76ff623a5 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2498,69 +2498,22 @@ BOOLEAN
   );
 
 /**
-  Performs AES encryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES encryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
-
-  @retval TRUE   AES encryption succeeded.
-  @retval FALSE  AES encryption failed.
-  @retval FALSE  This interface is not supported.
+  AES ECB Mode is deprecated and unsupported any longer.
+  Keep the function field for binary compability.
 
 **/
 typedef
 BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) (
   IN   VOID         *AesContext,
   IN   CONST UINT8  *Input,
   IN   UINTN        InputSize,
   OUT  UINT8        *Output
   );
 
-/**
-  Performs AES decryption on a data buffer of the specified size in ECB mode.
-
-  This function performs AES decryption on data buffer pointed by Input, of specified
-  size of InputSize, in ECB mode.
-  InputSize must be multiple of block size (16 bytes). This function does not perform
-  padding. Caller must perform padding, if necessary, to ensure valid input data size.
-  AesContext should be already correctly initialized by AesInit(). Behavior with
-  invalid AES context is undefined.
-
-  If AesContext is NULL, then return FALSE.
-  If Input is NULL, then return FALSE.
-  If InputSize is not multiple of block size (16 bytes), then return FALSE.
-  If Output is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in]   AesContext  Pointer to the AES context.
-  @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
-  @param[in]   InputSize   Size of the Input buffer in bytes.
-  @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
-
-  @retval TRUE   AES decryption succeeded.
-  @retval FALSE  AES decryption failed.
-  @retval FALSE  This interface is not supported.
-
-**/
 typedef
 BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) (
   IN   VOID         *AesContext,
   IN   CONST UINT8  *Input,
   IN   UINTN        InputSize,
@@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL {
   DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT        DeprecatedTdesEcbDecrypt;
   DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT        DeprecatedTdesCbcEncrypt;
   DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT        DeprecatedTdesCbcDecrypt;
-  /// AES
+  /// AES - ECB Mode is deprecated and unsupported
   EDKII_CRYPTO_AES_GET_CONTEXT_SIZE               AesGetContextSize;
   EDKII_CRYPTO_AES_INIT                           AesInit;
-  EDKII_CRYPTO_AES_ECB_ENCRYPT                    AesEcbEncrypt;
-  EDKII_CRYPTO_AES_ECB_DECRYPT                    AesEcbDecrypt;
+  DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT         DeprecatedAesEcbEncrypt;
+  DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT         DeprecatedAesEcbDecrypt;
   EDKII_CRYPTO_AES_CBC_ENCRYPT                    AesCbcEncrypt;
   EDKII_CRYPTO_AES_CBC_DECRYPT                    AesCbcDecrypt;
   /// Arc4 - deprecated and unsupported
-- 
2.21.0.windows.1


  parent reply	other threads:[~2020-05-15  4:40 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-15  4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 02/13] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 03/13] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 04/13] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 05/13] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 06/13] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 07/13] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib Gao, Zhichao
2020-05-15  4:39 ` Gao, Zhichao [this message]
2020-05-15  4:39 ` [PATCH V6 09/13] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 11/13] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Gao, Zhichao
2020-05-15  4:43   ` Wang, Jian J
2020-05-18  5:37   ` Xiaoyu Lu
2020-05-19  1:58     ` Gao, Zhichao
2020-05-15  4:39 ` [PATCH V6 13/13] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200515043948.15028-9-zhichao.gao@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox