tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/BaseCryptLib: Retire the TDES algorithm 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

TDES is not secure any longer.
Remove the Tdes support from edk2.
Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Zhichao Gao 2020-04-22 17:48:02 +08:00 committed by mergify[bot]
parent f4c15d3807
commit b8af2c9eda
16 changed files with 60 additions and 1377 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
CryptoPkg/Driver/Crypto.c
View File

@ -1612,152 +1612,94 @@ CryptoServiceHmacSha256Final (
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for TDES operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
CryptoServiceTdesGetContextSize (
DeprecatedCryptoServiceTdesGetContextSize (
VOID
)
{
return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSize, (), 0);
return BaseCryptLibServiceDeprecated ("TdesGetContextSize"), 0;
}
/**
Initializes user-supplied memory as TDES context for subsequent use.
This function initializes user-supplied memory pointed by TdesContext as TDES context.
In addition, it sets up all TDES key materials for subsequent encryption and decryption
operations.
There are 3 key options as follows:
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
If TdesContext is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeyLength is not valid, then return FALSE.
If this interface is not supported, then return FALSE.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval TRUE TDES context initialization succeeded.
@retval FALSE TDES context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceTdesInit (
DeprecatedCryptoServiceTdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Key, KeyLength), FALSE);
return BaseCryptLibServiceDeprecated ("TdesInit"), FALSE;
}
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceTdesEcbEncrypt (
DeprecatedCryptoServiceTdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
return BaseCryptLibServiceDeprecated ("TdesEcbEncrypt"), FALSE;
}
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceTdesEcbDecrypt (
DeprecatedCryptoServiceTdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
return BaseCryptLibServiceDeprecated ("TdesEcbDecrypt"), FALSE;
}
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@ -1765,14 +1707,12 @@ CryptoServiceTdesEcbDecrypt (
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceTdesCbcEncrypt (
DeprecatedCryptoServiceTdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@ -1780,26 +1720,12 @@ CryptoServiceTdesCbcEncrypt (
OUT UINT8 *Output
)
{
return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
return BaseCryptLibServiceDeprecated ("TdesCbcEncrypt"), FALSE;
}
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@ -1807,14 +1733,12 @@ CryptoServiceTdesCbcEncrypt (
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceTdesCbcDecrypt (
DeprecatedCryptoServiceTdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@ -1822,7 +1746,7 @@ CryptoServiceTdesCbcDecrypt (
OUT UINT8 *Output
)
{
return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
return BaseCryptLibServiceDeprecated ("TdesCbcDecrypt"), FALSE;
}
/**
@ -4445,13 +4369,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceX509Free,
CryptoServiceX509StackFree,
CryptoServiceX509GetTBSCert,
/// TDES
CryptoServiceTdesGetContextSize,
CryptoServiceTdesInit,
CryptoServiceTdesEcbEncrypt,
CryptoServiceTdesEcbDecrypt,
CryptoServiceTdesCbcEncrypt,
CryptoServiceTdesCbcDecrypt,
/// TDES - deprecated and unsupported
DeprecatedCryptoServiceTdesGetContextSize,
DeprecatedCryptoServiceTdesInit,
DeprecatedCryptoServiceTdesEcbEncrypt,
DeprecatedCryptoServiceTdesEcbDecrypt,
DeprecatedCryptoServiceTdesCbcEncrypt,
DeprecatedCryptoServiceTdesCbcDecrypt,
/// AES
CryptoServiceAesGetContextSize,
CryptoServiceAesInit,

196
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -1278,202 +1278,6 @@ HmacSha256Final (
// Symmetric Cryptography Primitive
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for TDES operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
TdesGetContextSize (
VOID
);
/**
Initializes user-supplied memory as TDES context for subsequent use.
This function initializes user-supplied memory pointed by TdesContext as TDES context.
In addition, it sets up all TDES key materials for subsequent encryption and decryption
operations.
There are 3 key options as follows:
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
If TdesContext is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeyLength is not valid, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval TRUE TDES context initialization succeeded.
@retval FALSE TDES context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
);
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
);
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
);
/**
Retrieves the size, in bytes, of the context buffer required for AES operations.

1
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
View File

@ -39,7 +39,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Cipher/CryptTdes.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c

364
CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
View File

@ -1,364 +0,0 @@
/** @file
TDES Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
#include <openssl/des.h>
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
@return The size, in bytes, of the context buffer required for TDES operations.
**/
UINTN
EFIAPI
TdesGetContextSize (
VOID
)
{
//
// Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
//
return (UINTN) (3 * sizeof (DES_key_schedule));
}
/**
Initializes user-supplied memory as TDES context for subsequent use.
This function initializes user-supplied memory pointed by TdesContext as TDES context.
In addition, it sets up all TDES key materials for subsequent encryption and decryption
operations.
There are 3 key options as follows:
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
If TdesContext is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeyLength is not valid, then return FALSE.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval TRUE TDES context initialization succeeded.
@retval FALSE TDES context initialization failed.
**/
BOOLEAN
EFIAPI
TdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
DES_key_schedule *KeySchedule;
//
// Check input parameters.
//
if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) {
return FALSE;
}
KeySchedule = (DES_key_schedule *) TdesContext;
//
// If input Key is a weak key, return error.
//
if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
return FALSE;
}
DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
if (KeyLength == 64) {
CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
return TRUE;
}
if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) {
return FALSE;
}
DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
if (KeyLength == 128) {
CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
return TRUE;
}
if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) {
return FALSE;
}
DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
return TRUE;
}
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
**/
BOOLEAN
EFIAPI
TdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
DES_key_schedule *KeySchedule;
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
return FALSE;
}
KeySchedule = (DES_key_schedule *) TdesContext;
while (InputSize > 0) {
DES_ecb3_encrypt (
(const_DES_cblock *) Input,
(DES_cblock *) Output,
KeySchedule,
KeySchedule + 1,
KeySchedule + 2,
DES_ENCRYPT
);
Input += TDES_BLOCK_SIZE;
Output += TDES_BLOCK_SIZE;
InputSize -= TDES_BLOCK_SIZE;
}
return TRUE;
}
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
**/
BOOLEAN
EFIAPI
TdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
DES_key_schedule *KeySchedule;
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
return FALSE;
}
KeySchedule = (DES_key_schedule *) TdesContext;
while (InputSize > 0) {
DES_ecb3_encrypt (
(const_DES_cblock *) Input,
(DES_cblock *) Output,
KeySchedule,
KeySchedule + 1,
KeySchedule + 2,
DES_DECRYPT
);
Input += TDES_BLOCK_SIZE;
Output += TDES_BLOCK_SIZE;
InputSize -= TDES_BLOCK_SIZE;
}
return TRUE;
}
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
**/
BOOLEAN
EFIAPI
TdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
DES_key_schedule *KeySchedule;
UINT8 IvecBuffer[TDES_BLOCK_SIZE];
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
KeySchedule = (DES_key_schedule *) TdesContext;
CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
DES_ede3_cbc_encrypt (
Input,
Output,
(UINT32) InputSize,
KeySchedule,
KeySchedule + 1,
KeySchedule + 2,
(DES_cblock *) IvecBuffer,
DES_ENCRYPT
);
return TRUE;
}
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
**/
BOOLEAN
EFIAPI
TdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
DES_key_schedule *KeySchedule;
UINT8 IvecBuffer[TDES_BLOCK_SIZE];
//
// Check input parameters.
//
if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
return FALSE;
}
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
KeySchedule = (DES_key_schedule *) TdesContext;
CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
DES_ede3_cbc_encrypt (
Input,
Output,
(UINT32) InputSize,
KeySchedule,
KeySchedule + 1,
KeySchedule + 2,
(DES_cblock *) IvecBuffer,
DES_DECRYPT
);
return TRUE;
}

160
CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
View File

@ -1,160 +0,0 @@
/** @file
TDES Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
TdesGetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory as TDES context for subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}

3
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
View File

@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c

6
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
View File

@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."

7
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
View File

@ -1,7 +1,7 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem (
//
// Add possible block-cipher descriptor for PEM data decryption.
// NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
// NOTE: Only support most popular ciphers AES for the encrypted PEM.
//
if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
return FALSE;
}
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}

3
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
View File

@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c

6
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
View File

@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

3
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
View File

@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@ -44,7 +44,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c

6
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
View File

@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

1
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
View File

@ -39,7 +39,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c

160
CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
View File

@ -1,160 +0,0 @@
/** @file
TDES Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
TdesGetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory as TDES context for subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
Return FALSE to indicate this interface is not supported.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}

214
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
View File

@ -1467,220 +1467,6 @@ HmacSha256Final (
// Symmetric Cryptography Primitive
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for TDES operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
TdesGetContextSize (
VOID
)
{
CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0);
}
/**
Initializes user-supplied memory as TDES context for subsequent use.
This function initializes user-supplied memory pointed by TdesContext as TDES context.
In addition, it sets up all TDES key materials for subsequent encryption and decryption
operations.
There are 3 key options as follows:
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
If TdesContext is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeyLength is not valid, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval TRUE TDES context initialization succeeded.
@retval FALSE TDES context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE);
}
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
}
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
}
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
}
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
TdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
IN CONST UINT8 *Ivec,
OUT UINT8 *Output
)
{
CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
}
/**
Retrieves the size, in bytes, of the context buffer required for AES operations.

169
CryptoPkg/Private/Protocol/Crypto.h
View File

@ -2396,155 +2396,45 @@ BOOLEAN
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for TDES operations.
@retval 0 This interface is not supported.
TDES is deprecated and unsupported any longer.
Keep the function field for binary compability.
**/
typedef
UINTN
(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) (
VOID
);
/**
Initializes user-supplied memory as TDES context for subsequent use.
This function initializes user-supplied memory pointed by TdesContext as TDES context.
In addition, it sets up all TDES key materials for subsequent encryption and decryption
operations.
There are 3 key options as follows:
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
If TdesContext is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeyLength is not valid, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
@retval TRUE TDES context initialization succeeded.
@retval FALSE TDES context initialization failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_TDES_INIT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
);
/**
Performs TDES encryption on a data buffer of the specified size in ECB mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Performs TDES decryption on a data buffer of the specified size in ECB mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in ECB mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
This function performs TDES encryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES encryption succeeded.
@retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@ -2552,38 +2442,9 @@ BOOLEAN
OUT UINT8 *Output
);
/**
Performs TDES decryption on a data buffer of the specified size in CBC mode.
This function performs TDES decryption on data buffer pointed by Input, of specified
size of InputSize, in CBC mode.
InputSize must be multiple of block size (8 bytes). This function does not perform
padding. Caller must perform padding, if necessary, to ensure valid input data size.
Initialization vector should be one block size (8 bytes).
TdesContext should be already correctly initialized by TdesInit(). Behavior with
invalid TDES context is undefined.
If TdesContext is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If InputSize is not multiple of block size (8 bytes), then return FALSE.
If Ivec is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
@retval TRUE TDES decryption succeeded.
@retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_X509_FREE X509Free;
EDKII_CRYPTO_X509_STACK_FREE X509StackFree;
EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert;
/// TDES
EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize;
EDKII_CRYPTO_TDES_INIT TdesInit;
EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt;
EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt;
EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt;
EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt;
/// TDES - deprecated and unsupported
DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContextSize;
DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit;
DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt;
DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;
/// AES
EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;
EDKII_CRYPTO_AES_INIT AesInit;