tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/BaseCryptLib: Retire ARC4 algorithm 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

ARC4 is not secure any longer.
Remove the ARC4 support from edk2.
Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Zhichao Gao 2020-04-22 17:44:12 +08:00 committed by mergify[bot]
parent 9b2a082e5b
commit c22a32e1ab
15 changed files with 48 additions and 917 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
CryptoPkg/Driver/Crypto.c
View File

@ -2037,150 +2037,107 @@ CryptoServiceAesCbcDecrypt (
}
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
ARC4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for ARC4 operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
CryptoServiceArc4GetContextSize (
DeprecatedCryptoServiceArc4GetContextSize (
VOID
)
{
return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSize, (), 0);
return BaseCryptLibServiceDeprecated ("Arc4GetContextSize"), 0;
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
If this interface is not supported, then return FALSE.
ARC4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval TRUE ARC4 context initialization succeeded.
@retval FALSE ARC4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceArc4Init (
DeprecatedCryptoServiceArc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Key, KeySize), FALSE);
return BaseCryptLibServiceDeprecated ("Arc4Init"), FALSE;
}
/**
Performs ARC4 encryption on a data buffer of the specified size.
This function performs ARC4 encryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
ARC4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval TRUE ARC4 encryption succeeded.
@retval FALSE ARC4 encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceArc4Encrypt (
DeprecatedCryptoServiceArc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Context, Input, InputSize, Output), FALSE);
return BaseCryptLibServiceDeprecated ("Arc4Encrypt"), FALSE;
}
/**
Performs ARC4 decryption on a data buffer of the specified size.
This function performs ARC4 decryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
ARC4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval TRUE ARC4 decryption succeeded.
@retval FALSE ARC4 decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceArc4Decrypt (
DeprecatedCryptoServiceArc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Context, Input, InputSize, Output), FALSE);
return BaseCryptLibServiceDeprecated ("Arc4Decrypt"), FALSE;
}
/**
Resets the ARC4 context to the initial state.
The function resets the ARC4 context to the state it had immediately after the
ARC4Init() function call.
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
should be already correctly initialized by ARC4Init().
If Arc4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
ARC4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval TRUE ARC4 reset succeeded.
@retval FALSE ARC4 reset failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceArc4Reset (
DeprecatedCryptoServiceArc4Reset (
IN OUT VOID *Arc4Context
)
{
return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context), FALSE);
return BaseCryptLibServiceDeprecated ("Arc4Reset"), FALSE;
}
//=====================================================================================
@ -4502,12 +4459,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceAesEcbDecrypt,
CryptoServiceAesCbcEncrypt,
CryptoServiceAesCbcDecrypt,
/// Arc4
CryptoServiceArc4GetContextSize,
CryptoServiceArc4Init,
CryptoServiceArc4Encrypt,
CryptoServiceArc4Decrypt,
CryptoServiceArc4Reset,
/// Arc4 - deprecated and unsupported
DeprecatedCryptoServiceArc4GetContextSize,
DeprecatedCryptoServiceArc4Init,
DeprecatedCryptoServiceArc4Encrypt,
DeprecatedCryptoServiceArc4Decrypt,
DeprecatedCryptoServiceArc4Reset,
/// SM3
CryptoServiceSm3GetContextSize,
CryptoServiceSm3Init,

132
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -1667,138 +1667,6 @@ AesCbcDecrypt (
OUT UINT8 *Output
);
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for ARC4 operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Arc4GetContextSize (
VOID
);
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval TRUE ARC4 context initialization succeeded.
@retval FALSE ARC4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
);
/**
Performs ARC4 encryption on a data buffer of the specified size.
This function performs ARC4 encryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval TRUE ARC4 encryption succeeded.
@retval FALSE ARC4 encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Performs ARC4 decryption on a data buffer of the specified size.
This function performs ARC4 decryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval TRUE ARC4 decryption succeeded.
@retval FALSE ARC4 decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Resets the ARC4 context to the initial state.
The function resets the ARC4 context to the state it had immediately after the
ARC4Init() function call.
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
should be already correctly initialized by ARC4Init().
If Arc4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval TRUE ARC4 reset succeeded.
@retval FALSE ARC4 reset failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Reset (
IN OUT VOID *Arc4Context
);
//=====================================================================================
// Asymmetric Cryptography Primitive
//=====================================================================================

1
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
View File

@ -40,7 +40,6 @@
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Cipher/CryptTdes.c
Cipher/CryptArc4.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c

205
CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
View File

@ -1,205 +0,0 @@
/** @file
ARC4 Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
#include <openssl/rc4.h>
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
@return The size, in bytes, of the context buffer required for ARC4 operations.
**/
UINTN
EFIAPI
Arc4GetContextSize (
VOID
)
{
//
// Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
// for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
// the working copy to the initial state.
//
return (UINTN) (2 * sizeof (RC4_KEY));
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval TRUE ARC4 context initialization succeeded.
@retval FALSE ARC4 context initialization failed.
**/
BOOLEAN
EFIAPI
Arc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY));
return TRUE;
}
/**
Performs ARC4 encryption on a data buffer of the specified size.
This function performs ARC4 encryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval TRUE ARC4 encryption succeeded.
@retval FALSE ARC4 encryption failed.
**/
BOOLEAN
EFIAPI
Arc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
return TRUE;
}
/**
Performs ARC4 decryption on a data buffer of the specified size.
This function performs ARC4 decryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval TRUE ARC4 decryption succeeded.
@retval FALSE ARC4 decryption failed.
**/
BOOLEAN
EFIAPI
Arc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
return TRUE;
}
/**
Resets the ARC4 context to the initial state.
The function resets the ARC4 context to the state it had immediately after the
ARC4Init() function call.
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
should be already correctly initialized by ARC4Init().
If Arc4Context is NULL, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval TRUE ARC4 reset succeeded.
@retval FALSE ARC4 reset failed.
**/
BOOLEAN
EFIAPI
Arc4Reset (
IN OUT VOID *Arc4Context
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
return TRUE;
}

124
CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
View File

@ -1,124 +0,0 @@
/** @file
ARC4 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Arc4GetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs ARC4 encryption on a data buffer of the specified size.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs ARC4 decryption on a data buffer of the specified size.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Resets the ARC4 context to the initial state.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Reset (
IN OUT VOID *Arc4Context
)
{
ASSERT (FALSE);
return FALSE;
}

3
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
View File

@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@ -46,7 +46,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c

4
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
View File

@ -7,7 +7,7 @@
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."

3
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
View File

@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@ -46,7 +46,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c

4
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
View File

@ -7,7 +7,7 @@
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

3
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
View File

@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@ -45,7 +45,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c

4
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
View File

@ -7,7 +7,7 @@
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

1
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
View File

@ -40,7 +40,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
Cipher/CryptArc4Null.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c

124
CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
View File

@ -1,124 +0,0 @@
/** @file
ARC4 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Arc4GetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs ARC4 encryption on a data buffer of the specified size.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs ARC4 decryption on a data buffer of the specified size.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Resets the ARC4 context to the initial state.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Reset (
IN OUT VOID *Arc4Context
)
{
ASSERT (FALSE);
return FALSE;
}

147
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
View File

@ -1892,153 +1892,6 @@ AesCbcDecrypt (
CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec, Output), FALSE);
}
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for ARC4 operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Arc4GetContextSize (
VOID
)
{
CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0);
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval TRUE ARC4 context initialization succeeded.
@retval FALSE ARC4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE);
}
/**
Performs ARC4 encryption on a data buffer of the specified size.
This function performs ARC4 encryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval TRUE ARC4 encryption succeeded.
@retval FALSE ARC4 encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output), FALSE);
}
/**
Performs ARC4 decryption on a data buffer of the specified size.
This function performs ARC4 decryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval TRUE ARC4 decryption succeeded.
@retval FALSE ARC4 decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output), FALSE);
}
/**
Resets the ARC4 context to the initial state.
The function resets the ARC4 context to the state it had immediately after the
ARC4Init() function call.
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
should be already correctly initialized by ARC4Init().
If Arc4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval TRUE ARC4 reset succeeded.
@retval FALSE ARC4 reset failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Arc4Reset (
IN OUT VOID *Arc4Context
)
{
CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE);
}
//=====================================================================================
// Asymmetric Cryptography Primitive
//=====================================================================================

115
CryptoPkg/Private/Protocol/Crypto.h
View File

@ -2785,134 +2785,45 @@ BOOLEAN
);
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for ARC4 operations.
@retval 0 This interface is not supported.
ARC4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
**/
typedef
UINTN
(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) (
VOID
);
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval TRUE ARC4 context initialization succeeded.
@retval FALSE ARC4 context initialization failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_ARC4_INIT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
);
/**
Performs ARC4 encryption on a data buffer of the specified size.
This function performs ARC4 encryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval TRUE ARC4 encryption succeeded.
@retval FALSE ARC4 encryption failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Performs ARC4 decryption on a data buffer of the specified size.
This function performs ARC4 decryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval TRUE ARC4 decryption succeeded.
@retval FALSE ARC4 decryption failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
/**
Resets the ARC4 context to the initial state.
The function resets the ARC4 context to the state it had immediately after the
ARC4Init() function call.
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
should be already correctly initialized by ARC4Init().
If Arc4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval TRUE ARC4 reset succeeded.
@retval FALSE ARC4 reset failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_ARC4_RESET) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) (
IN OUT VOID *Arc4Context
);
@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt;
EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;
EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;
/// Arc4
EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize;
EDKII_CRYPTO_ARC4_INIT Arc4Init;
EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt;
EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt;
EDKII_CRYPTO_ARC4_RESET Arc4Reset;
/// Arc4 - deprecated and unsupported
DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetContextSize;
DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init;
DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt;
DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt;
DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset;
/// SM3
EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize;
EDKII_CRYPTO_SM3_INIT Sm3Init;