From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56441+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56441+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274201; cv=none; d=zohomail.com; s=zohoarc; b=O61kYtQLsRgOuW6OvN2xiNwoAbZkTew9LW89b/K6K35hdbzIWZpkpln/NLmsbAVtGT4hP6wENJc8AXTBF9wWDb5DASb2MgjaGmqlRc3SlvBBYO5SaL+cAMoTZc40bEj/NTRR/I73hyDE5t1YT32MJv0buoDdhT1pZD64YTToCdo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274201; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GQjLgKYrSEkqcQn+XSMIjCoyOmKLxK3zDCjb09Ydd1c=; b=EsvWNAGaIlDW3rsmrIoIdz3dF6bwd9ZWtcWDV+JYXOZog2gm/Wyy4oAR+8Hkpq6ZQACg3TvKysDI58KYki6gfO0tUQjIhKq+BH9/vRlWq4DrzLGR+GRRAgT5R09ejVY/gr9oUgr/WEWrljTBaQg39vpfriYHuEW3affGRAl4PrU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56441+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274201786346.92371376473466; Thu, 26 Mar 2020 18:56:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XtEAYY1788612xyUheZd4c0t; Thu, 26 Mar 2020 18:56:41 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:40 -0700 IronPort-SDR: hTlWe45M0+/LQI7FE6ZUo2Z1QRFFUJj6VEj5FGxPuuOTrJ+QUFtzmjPDBjtDCgK/NKkflZikpe HgJyjCU9sABA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:40 -0700 IronPort-SDR: jAUAfNQgwI24qOYwpwJcokkHka6LnnbQaHOo7q8HgWmvsYowwUXDx/khJ85noYX/8ttQbWVmwH C5mD730wmG9g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246799" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:38 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Date: Fri, 27 Mar 2020 09:56:22 +0800 Message-Id: <20200327015629.2588-2-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: I5C7IZ4wUPtfbeugWTAUxEXLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274201; bh=O2CT3fh2UR5d2D4UPZ0cFVBjyScsir/fs2jerXjzUeQ=; h=Cc:Date:From:Reply-To:Subject:To; b=L71Q2Ze9oASEzlBVxEBlgwLuVp6ndAxacUD8Vw9VKXLq/V5kFkk2Wkwkm9FNInwlD3J 4JSrRUhbzukCGvSEfrW5VTezs+qALbNcbu7gC22w1RCEPPJh5KfMmLiLjY0zn+IjTziG5 hQO4N5ThG69O1xlvEz7ZrXGwhy+gxNha0W8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 165 ------------- CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 158 ------------- CryptoPkg/Private/Protocol/Crypto.h | 153 +----------- 12 files changed, 8 insertions(+), 1141 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 35bf2d3d92..48a565a2b3 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -105,164 +105,6 @@ CryptoServiceGetCryptoVersion ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -CryptoServiceMd4GetContextSize ( - VOID - ) -{ - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize= , (), 0); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceMd4Init ( - OUT VOID *Md4Context - ) -{ - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALS= E); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceMd4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Cont= ext, NewMd4Context), FALSE); -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceMd4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, D= ata, DataSize), FALSE); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceMd4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, Has= hValue), FALSE); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceMd4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataS= ize, HashValue), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -4422,13 +4264,6 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha256Duplicate, CryptoServiceHmacSha256Update, CryptoServiceHmacSha256Final, - /// Md4 - CryptoServiceMd4GetContextSize, - CryptoServiceMd4Init, - CryptoServiceMd4Duplicate, - CryptoServiceMd4Update, - CryptoServiceMd4Final, - CryptoServiceMd4HashAll, /// Md5 CryptoServiceMd5GetContextSize, CryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 5e8f2e0a10..c862f0334f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -/// -/// MD4 digest size in bytes -/// -#define MD4_DIGEST_SIZE 16 - /// /// MD5 digest size in bytes /// @@ -77,146 +72,6 @@ typedef enum { // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ); - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ); - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ); - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ); - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 1bbe4f435a..254fa310d5 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -28,7 +28,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Lib= rary/BaseCryptLib/Hash/CryptMd4.c deleted file mode 100644 index bc02da07b0..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c +++ /dev/null @@ -1,223 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - // - // Retrieves the OpenSSL MD4 Context Size - // - return (UINTN) (sizeof (MD4_CTX)); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Context Initialization - // - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || NewMd4Context =3D=3D NULL) { - return FALSE; - } - - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); - - return TRUE; -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Update - // - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize)); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || HashValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Finalization - // - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (HashValue =3D=3D NULL) { - return FALSE; - } - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Computation. - // - if (MD4 (Data, DataSize, HashValue) =3D=3D NULL) { - return FALSE; - } else { - return TRUE; - } -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg= /Library/BaseCryptLib/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index c836c257f8..e9add0127d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -6,14 +6,14 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, +# Note: # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not # supported in this instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index bff308a4f5..b1a06a2368 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -34,7 +34,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc0b65fd25..139983075e 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -34,7 +34,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 8f53b0dfd0..ff79fe47d7 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -28,7 +28,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5Null.c Hash/CryptSha1Null.c Hash/CryptSha256Null.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/Crypt= oPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c2a1df9afc..5e470028f4 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,164 +99,6 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), FALSE); -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), FALSE); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 40c387e002..c9529bda96 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2,6 +2,7 @@ This Protocol provides Crypto services to DXE modules =20 Copyright (C) Microsoft Corporation. All rights reserved. + Copyright (c) 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -450,151 +451,6 @@ BOOLEAN // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -typedef -UINTN -(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( - VOID - ); - - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_INIT) ( - OUT VOID *Md4Context - ); - - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ); - - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_FINAL) ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ); - - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ); - // -----------------------------------------------------------------------= ----- =20 /** @@ -4007,13 +3863,6 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; - /// Md4 - EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize; - EDKII_CRYPTO_MD4_INIT Md4Init; - EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate; - EDKII_CRYPTO_MD4_UPDATE Md4Update; - EDKII_CRYPTO_MD4_FINAL Md4Final; - EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll; /// Md5 EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; EDKII_CRYPTO_MD5_INIT Md5Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56441): https://edk2.groups.io/g/devel/message/56441 Mute This Topic: https://groups.io/mt/72579462/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56442+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56442+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274204; cv=none; d=zohomail.com; s=zohoarc; b=l94iF5WzxjN10hg5xrw0bMl2ZbmrG+NEDAIohf0oe8fIVagRgzwHmDwkT/KuKAc8F/FfeNS3+YTEfExgDp+7ArBwnCJUd7OJVDch7VHW24hwiaiyYILZIZA92hYV96TIwl2avpPFGnViCwOjepVpLHDf76FKwN0pTE1Lpm1IIsQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274204; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Ry0lhApw3f0LLJr6JPXBVJ8nT9cm8ModV2X0Mfb+M8E=; b=kQNDahtgPgRIo/hGsBntr8t/tBLQ/jiRs2816QCoHWhXNeTpirIkTmlO9MhBK1COo2jSo0cq6ClYXQSig8FEy3bmPy5KayuiMuTmLzuI2S0we2sDALVHv0/QaEsaj8+dtJId4yvHqGK6R++hsP9FpJWAPDpblWNZvd+Er8LKLus= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56442+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274204113931.3617154607197; Thu, 26 Mar 2020 18:56:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IukaYY1788612x2TsGqkPicu; Thu, 26 Mar 2020 18:56:43 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:42 -0700 IronPort-SDR: 17xXpWeyUCirjD3UJpAOkPAgXX8IIFUd1R+kNY2fLtKPs/I6EOscGyF1BCArd02pPWw1Dr88o+ t1erTPuJR7ng== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:42 -0700 IronPort-SDR: oDdGdYNNhwVxLXNww2CokVmmyNkUnvVqwJQoR45YsfHROK7a2J7/yOelkcRT0DIhUnfI6RTj6/ fnMKMyDvXv4A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246805" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:40 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 2/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Date: Fri, 27 Mar 2020 09:56:23 +0800 Message-Id: <20200327015629.2588-3-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: yEwkm9WgRAe9fZyeqKGSJywOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274203; bh=bU3g0BKJWDbgeAeSjEKyqvp/DjciZMTBSVobL2qdR/U=; h=Cc:Date:From:Reply-To:Subject:To; b=QOqU0BOAfiWgSgQCmj+DOEuBtMP3Uwi1Sgm3RsmM+IFQan+GZsjS0V9gpAlI+SIse7O GPhkqLFOYEZGnFl2gCeGvEYS58rpa6xk0s9D4Yt7uhw05jAsFj6yYerB7L4AprEFk+M6x 82qrzT7Jyiy7PXfawTWX1gBw6WD/c3WTw4w= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 ARC4 is not secure any longer. Remove the ARC4 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 153 ------------- CryptoPkg/Include/Library/BaseCryptLib.h | 132 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------ .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 147 ------------- CryptoPkg/Private/Protocol/Crypto.h | 139 ------------ 12 files changed, 3 insertions(+), 1032 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 48a565a2b3..1f65a83e57 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1898,153 +1898,6 @@ CryptoServiceAesCbcDecrypt ( return CALL_BASECRYPTLIB (Aes.Services.CbcDecrypt, AesCbcDecrypt, (AesCo= ntext, Input, InputSize, Ivec, Output), FALSE); } =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -CryptoServiceArc4GetContextSize ( - VOID - ) -{ - return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSi= ze, (), 0); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceArc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Ke= y, KeySize), FALSE); -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceArc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceArc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceArc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context),= FALSE); -} - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D @@ -4357,12 +4210,6 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceAesEcbDecrypt, CryptoServiceAesCbcEncrypt, CryptoServiceAesCbcDecrypt, - /// Arc4 - CryptoServiceArc4GetContextSize, - CryptoServiceArc4Init, - CryptoServiceArc4Encrypt, - CryptoServiceArc4Decrypt, - CryptoServiceArc4Reset, /// SM3 CryptoServiceSm3GetContextSize, CryptoServiceSm3Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index c862f0334f..25e236c4a3 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1667,138 +1667,6 @@ AesCbcDecrypt ( OUT UINT8 *Output ); =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ); - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 254fa310d5..dadd7b40c0 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -39,7 +39,6 @@ Kdf/CryptHkdf.c Cipher/CryptAes.c Cipher/CryptTdes.c - Cipher/CryptArc4.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptArc4.c deleted file mode 100644 index 388d312bed..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c +++ /dev/null @@ -1,205 +0,0 @@ -/** @file - ARC4 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - // - // Memory for 2 copies of RC4_KEY is allocated, one for working copy, an= d the other - // for backup copy. When Arc4Reset() is called, we can use the backup co= py to restore - // the working copy to the initial state. - // - return (UINTN) (2 * sizeof (RC4_KEY)); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Key =3D=3D NULL || (KeySize < 5 || KeySiz= e > 256)) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4_set_key (Rc4Key, (UINT32) KeySize, Key); - - CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); - - return TRUE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index e9add0127d..f43953b78c 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index b1a06a2368..68226a7389 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 139983075e..3a94655775 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal +# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAes.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index ff79fe47d7..d1af62ba30 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -39,7 +39,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 5e470028f4..77915bdb86 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1892,153 +1892,6 @@ AesCbcDecrypt ( CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec,= Output), FALSE); } =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE); -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output= ), FALSE); -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output= ), FALSE); -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE); -} - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index c9529bda96..e50d0b4190 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2733,139 +2733,6 @@ BOOLEAN OUT UINT8 *Output ); =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -typedef -UINTN -(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( - VOID - ); - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_INIT) ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_RESET) ( - IN OUT VOID *Arc4Context - ); - - /** Retrieves the size, in bytes, of the context buffer required for SM3 has= h operations. =20 @@ -3956,12 +3823,6 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; - /// Arc4 - EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize; - EDKII_CRYPTO_ARC4_INIT Arc4Init; - EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt; - EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt; - EDKII_CRYPTO_ARC4_RESET Arc4Reset; /// SM3 EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; EDKII_CRYPTO_SM3_INIT Sm3Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56442): https://edk2.groups.io/g/devel/message/56442 Mute This Topic: https://groups.io/mt/72579463/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56443+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56443+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274205; cv=none; d=zohomail.com; s=zohoarc; b=I6WuL/djvUyQ266JeM530LYN9Xk3wZ5b3euDnPGMmiwkWRciAYZGrMjP8aGiauX6zuaj7HgnINoybRoAIZAGt/3Cu1ByIaxQ8lHbYMR0qn49jEJwCL7edyLWqhCbFJcnQS8QCKsUR0gQDymRPWckTTKzTidhLGpkZkM1auxhF9U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274205; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hDgDLd/2WTFQhgAdjNWiZu3UZp3dWwjhlusyqbfzKA0=; b=SjKNtFBou6Tg7FWbfq0dMyELvmevBOEUi3AT9Yiz+1cWmteV+Y+FTINPj5iPkdWV5HC2mz/CTm+o/rs8fW3x484x4PXt4giuE4ilcN9tXAWhThwkrTOZWFK4/87u9vnWZ+OxLePlgF77DO1E3qrm69n38r3f3x4TQErxLwYzetE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56443+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274205869424.92313358151875; Thu, 26 Mar 2020 18:56:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8oG4YY1788612xLucwYjxXCy; Thu, 26 Mar 2020 18:56:45 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:44 -0700 IronPort-SDR: d3qsFAEGbYHC2FyUQrMbmDLPYIDAj8cCVqW7JUZStCHW8ODWGDWkH9YGYIDObG5DrNPXUmzzdu hbLWlxvMXkgQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:44 -0700 IronPort-SDR: FkDaS53in3b5miEajKI8oXNG1tbC/1HcwiFcIfD9WllD0+G37RQ1t0KX3HUSYgyvVVXDDonq4U 0E+gWhbkXNjg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246815" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:42 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 3/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Date: Fri, 27 Mar 2020 09:56:24 +0800 Message-Id: <20200327015629.2588-4-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: LYkgOOGonUu0vtG9CxPFwfWjx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274205; bh=/tt+Zmfnsd0WCVJjmhhhb89LhOdz7xQJ/lDGFX1DLMc=; h=Cc:Date:From:Reply-To:Subject:To; b=iCZxb/1ofd86v/6w+Ubwj0ViTBMAEj2C+hQNASXfH3BkQyOOGzF43XZ6jX/qUd+EQ04 ydtYCqZVFtpO09aJewtDY0ZBvo8Jl1+FTQmOX5pzEXD3lq+7wvxF23R/1HnBEEdVT+qql DKY15CcFh6Ypk6Yy7obWAp62uebEWyty18A= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Tdes is not secure any longer. Remove the Tdes support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 221 ----------- CryptoPkg/Include/Library/BaseCryptLib.h | 201 ---------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ---------- CryptoPkg/Private/Protocol/Crypto.h | 203 ---------- 12 files changed, 3 insertions(+), 1531 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 1f65a83e57..d471ecb5ba 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1473,220 +1473,6 @@ CryptoServiceHmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -CryptoServiceTdesGetContextSize ( - VOID - ) -{ - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSi= ze, (), 0); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceTdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Ke= y, KeyLength), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceTdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (Tde= sContext, Input, InputSize, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceTdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (Tde= sContext, Input, InputSize, Output), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceTdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceTdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 @@ -4196,13 +3982,6 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceX509Free, CryptoServiceX509StackFree, CryptoServiceX509GetTBSCert, - /// TDES - CryptoServiceTdesGetContextSize, - CryptoServiceTdesInit, - CryptoServiceTdesEcbEncrypt, - CryptoServiceTdesEcbDecrypt, - CryptoServiceTdesCbcEncrypt, - CryptoServiceTdesCbcDecrypt, /// AES CryptoServiceAesGetContextSize, CryptoServiceAesInit, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 25e236c4a3..c66232bc1c 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -44,11 +44,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// #define SM3_256_DIGEST_SIZE 32 =20 -/// -/// TDES block size in bytes -/// -#define TDES_BLOCK_SIZE 8 - /// /// AES block size in bytes /// @@ -1278,202 +1273,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ); - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index dadd7b40c0..498e0f75e8 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -38,7 +38,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c - Cipher/CryptTdes.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptTdes.c deleted file mode 100644 index fd799f3398..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ /dev/null @@ -1,364 +0,0 @@ -/** @file - TDES Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - // - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and = K3 each. - // - return (UINTN) (3 * sizeof (DES_key_schedule)); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Key =3D=3D NULL || (KeyLength !=3D 64 && = KeyLength !=3D 128 && KeyLength !=3D 192)) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - // - // If input Key is a weak key, return error. - // - if (DES_is_weak_key ((const_DES_cblock *) Key) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); - - if (KeyLength =3D=3D 64) { - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); - - if (KeyLength =3D=3D 128) { - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_ENCRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_DECRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_ENCRYPT - ); - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_DECRYPT - ); - - return TRUE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f43953b78c..f631f8d879 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 68226a7389..3b664ae30a 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 3a94655775..cc3556ae3f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index d1af62ba30..2f4464b584 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -38,7 +38,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 77915bdb86..43ee4e0841 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1467,220 +1467,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index e50d0b4190..5ecb3ccc79 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2344,202 +2344,6 @@ BOOLEAN // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -typedef -UINTN -(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( - VOID - ); - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_INIT) ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ); - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 @@ -3809,13 +3613,6 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_FREE X509Free; EDKII_CRYPTO_X509_STACK_FREE X509StackFree; EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; - /// TDES - EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize; - EDKII_CRYPTO_TDES_INIT TdesInit; - EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt; - EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt; - EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt; - EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt; /// AES EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56443): https://edk2.groups.io/g/devel/message/56443 Mute This Topic: https://groups.io/mt/72579464/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56444+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56444+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274207; cv=none; d=zohomail.com; s=zohoarc; b=gmpWLlQmKAsYto0Bwu/XBxWmoFbb5P2JgrEoGlvd62XV5doJL8PO8DHiwz1uWelJpBMtgBwWNNJF/BUaG8y2yr6NAV5rn4s9nvU0xJ4vJghykZv1B0IydoURQkf6+CpovANXHGgRfOjYfCkwC0plixCO6K5UYnXNPKaGP/qUJUk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274207; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=wUfEF7Vw/fotDbc+sHe5kKqRTjBmDWBdrhzr8cQU3Lw=; b=XfyWXHIJ4eug83CykTd8YKXgpzFaVg8Oq3V6iEGELlgTN9gXMt2nR3G3s2EvaO8u8mTPLAz/C5OsHYDx83O8cdhObjvdN8dBcC6HbUG4x2W1iZQ9SGMMz8l9/6Af6ZjM76NWYhs2aQjX08Ki1kzi4dgSa7V1F5KkKRiBjNsz/Xg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56444+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274207228946.402813864978; Thu, 26 Mar 2020 18:56:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Nqf3YY1788612xCWZgVd3mfo; Thu, 26 Mar 2020 18:56:46 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:46 -0700 IronPort-SDR: Z33F5EL6vS2vgK3PEzQDSRBIXddbVMvwahHRZNGAXDqty264wn5TJeLbxqwK+8tdBrXDl8RG9L LcYezsYApAJw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:46 -0700 IronPort-SDR: SkO1KDcUA2lnCB5PgK8nCMBblbB1DOZRa6yv/nNzOiV9expaM3WvWvq9NILggl6pOFFKKvZ+O9 fiuLaPn+4GbQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246820" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:44 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 4/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Date: Fri, 27 Mar 2020 09:56:25 +0800 Message-Id: <20200327015629.2588-5-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: JJBLJKa0iS6vEDj4yzi0af54x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274206; bh=GIodJeefou0BI+0oBmxPF6T8JU7F/WSxLqkvfnIJbOE=; h=Cc:Date:From:Reply-To:Subject:To; b=ft5am0a2+4ZA0i0v2BYXS1zTSRngnrB0RMvwldavAjzM7xgLVmmz8FmitdJeuJmhIwP jIV8U1k14SBXF/u4XD7W+W5HWuBMXUkNQ3/TLHZ1Urt8JXlTniZCbMyIDvfvjpbggYgGC Tz6eCfn9qfxZfm4qBEGqHS8LnKhFYApBdSo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Aes Ecb mode is not secure any longer. Remove the Aes Ecb mode support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 78 ------------ CryptoPkg/Include/Library/BaseCryptLib.h | 70 ----------- .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------ .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -------- .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +-------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 76 ------------ CryptoPkg/Private/Protocol/Crypto.h | 72 ----------- 7 files changed, 1 insertion(+), 515 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d471ecb5ba..cc5fd922b7 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1524,82 +1524,6 @@ CryptoServiceAesInit ( return CALL_BASECRYPTLIB (Aes.Services.Init, AesInit, (AesContext, Key, = KeyLength), FALSE); } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceAesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -CryptoServiceAesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 @@ -3985,8 +3909,6 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// AES CryptoServiceAesGetContextSize, CryptoServiceAesInit, - CryptoServiceAesEcbEncrypt, - CryptoServiceAesEcbDecrypt, CryptoServiceAesCbcEncrypt, CryptoServiceAesCbcDecrypt, /// SM3 diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index c66232bc1c..ad93ee2634 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1318,76 +1318,6 @@ AesInit ( IN UINTN KeyLength ); =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/L= ibrary/BaseCryptLib/Cipher/CryptAes.c index 2515b34bb8..914cffb211 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -78,120 +78,6 @@ AesInit ( return TRUE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data encryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data decryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoP= kg/Library/BaseCryptLib/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/Cry= ptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c index a82adacf4f..8ddc00a59b 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c @@ -1,7 +1,7 @@ /** @file AES Wrapper Implementation which does not provide real capabilities. =20 -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 43ee4e0841..c937f8540d 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1518,82 +1518,6 @@ AesInit ( CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE); } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Outpu= t), FALSE); -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Outpu= t), FALSE); -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 5ecb3ccc79..2c46a91eb6 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2389,76 +2389,6 @@ BOOLEAN IN UINTN KeyLength ); =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 @@ -3616,8 +3546,6 @@ struct _EDKII_CRYPTO_PROTOCOL { /// AES EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; - EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt; - EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; /// SM3 --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56444): https://edk2.groups.io/g/devel/message/56444 Mute This Topic: https://groups.io/mt/72579465/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56445+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56445+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274208; cv=none; d=zohomail.com; s=zohoarc; b=ZamDrAXbuKvZsc2VhuLtkBet0e4ShXQE1/fJE7n5ZnDXUIVxBUl73c26eCs3v7lodfxeMzex6fIwJYRXzYZCNmi1qNRJwRkAtVFdGgQda2gg42kLVa3+QDXQQHnRjB2TcvQ9LCAlWEw6J4MoKD+JnN2hC7iNNNnKApZMtCf4F3s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274208; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2z1hYwb/atw9gVR77VcoSwrd+tj664tshNAhg3bqH8U=; b=Ys3NFQ+8QQkXHr+V6lEUh9QAN6CNUFlNUc/ScEnnHcyY8AJmJFZsMK5YvtpwMjrUX5K29VFIdFZOC1xqncv3LG2+7GcRXQyyd2JFRk5S945kwKTLq7oWfaZH1PvvkQ0ZLZKNW8NT7F+Z9eyJm4X286Dae9mBs1QParORZkJfhLA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56445+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274208364630.4241062158085; Thu, 26 Mar 2020 18:56:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id WMseYY1788612xDEuf0t3mcC; Thu, 26 Mar 2020 18:56:48 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:47 -0700 IronPort-SDR: UHbWDvrND7JWz427ZjwgUTe3jwcpcx0U074LU90DYbblTt/uLSIhKfZbRr6YjIwXgzPWQ+Kkjz pBNdh0u09bKw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:47 -0700 IronPort-SDR: PFhgvdiZJfq1T+LzsbRWP/MVIy6cqG6SyInlze6R6yO24cMvVrN0BNS9FwQ+W4aAOzQwH+Ufcz pm8WxXUbmX0Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246824" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:46 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Date: Fri, 27 Mar 2020 09:56:26 +0800 Message-Id: <20200327015629.2588-6-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: kXQPgRW6BM8c3OjL3dooUqvgx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274208; bh=t6/4WNmXtfVYzYyySfc0aQrOfKoBQSoXshlVKxFVwn4=; h=Cc:Date:From:Reply-To:Subject:To; b=TLmDhhxX1pMrVhasakQk5n9BxILOBx+IB2E5AA0VIAbOy+yf3frgfE+cwm4LNCQcdwa BCME+vEtc0qXmOxzXCew8Jt++LjmfuD92bkb+2S4rTzNDHGJc31U1LUvZ4H/DQsPDYM3B xJIwLEJuYv/tys0XGSSNrPBvZCZ6+LYvcwU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 Md5 and SHA1 is not secure any longer but uefi spec need to keep them for backwards compatibility. Add two pcds PcdMD5Enable and PcdSHA1Enable to control the function enablement. Set the default value to false to indicate they are deprecated. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dec | 11 +++++++++++ CryptoPkg/CryptoPkg.uni | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec index 4d1a1368a8..4d1750839f 100644 --- a/CryptoPkg/CryptoPkg.dec +++ b/CryptoPkg/CryptoPkg.dec @@ -82,5 +82,16 @@ # @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008= , 0x00000010 gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x0000= 0001 =20 + ## Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI = spec + # want to keep it for backwards compatibility. + # @prompt Enable/Disable MD5 function. + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable|FALSE|BOOLEAN|0x00000003 + + ## Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEF= I spec + # want to keep it for backwards compatibility. It should be set to TRUE= when + # PcdHashApiLibPolicy enable the SHA1. + # @prompt Enable/Disable SHA1 function. + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable|FALSE|BOOLEAN|0x00000004 + [UserExtensions.TianoCore."ExtraFiles"] CryptoPkgExtra.uni diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni index 28459fcafe..8e27ebcd36 100644 --- a/CryptoPkg/CryptoPkg.uni +++ b/CryptoPkg/CryptoPkg.uni @@ -30,3 +30,14 @@ #string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_PROMP= T #language en-US "Enable/Disable EDK II Crypto Protocol/PPI services" =20 #string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_HELP = #language en-US "Enable/Disable the families and individual services produ= ced by the EDK II Crypto Protocols/PPIs. The default is all services disab= led. This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENAB= LE structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_PROMPT #language en-= US "Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI sp= ec\n" + = "want to keep it for backwards compatibility." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_HELP #language en-US= "Enable/Disable MD5 function." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_PROMPT #language en= -US "Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEFI= spec\n" + = "want to keep it for backwards compatibility.It should be set to TRUE w= hen\n" + = "PcdHashApiLibPolicy enable the SHA1." + +#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_HELP #language en-U= S "Enable/Disable SHA1 function." --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56445): https://edk2.groups.io/g/devel/message/56445 Mute This Topic: https://groups.io/mt/72579466/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56446+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56446+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274209; cv=none; d=zohomail.com; s=zohoarc; b=bCZkNbfAzSfON6Mfyf3stwD8YWNNmWL62P6SFgHOH9mMhSyITFvbiAP86CGR26lxg1fIaimkgfRrLBhNkHGsSuZJNronH4Nyr1O+v3XNOVZf3cbR6pFNLfaZOY9+UnJa1Ji4r0BwzPxUT5KedkqzUsuS8dmj7iZfZzY0P/l+j1Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274209; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/56GyRjyaiACtQHD92nWuZVlSThi7W+1Q7oZSQECTf8=; b=bKC3M1yaBh7L/tAQ0LT8jSgwrlqml9DLnlm7BILgGMXPPp576vlpDN1Rc70OWj+u5P5d4XdhT5VOme4hDdCc+GT2JfZz/emf27BK1HOV8etAJ99ANnOHKrfAcvQqTj0hJ1QftLoIb2w8ch9Fs4kXzUO2LQeSwHnbZ3et2H90zOk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56446+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274209621771.127277610228; Thu, 26 Mar 2020 18:56:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id sCHCYY1788612xZuMcQsX3Z8; Thu, 26 Mar 2020 18:56:49 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:48 -0700 IronPort-SDR: W7IzM1pY+cw6Ed2hUvHZHHZy1RBPIcOpUjeIhJhs934vdx0DKHCXgsDdBtzUbR1NEwHlPmBT5n jXQVHSNd6SpA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:48 -0700 IronPort-SDR: 94EMfkmoZaAJbV4WpkhezVBC1rY9oGccHje7aSgUAreaXGARKs7eH7VjXrqco49K/q0iNCwPIQ hlMWax6mIW4g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246830" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:47 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Maciej Rabeda , Jiaxin Wu , Siyuan Fu Subject: [edk2-devel] [PATCH 6/8] NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Date: Fri, 27 Mar 2020 09:56:27 +0800 Message-Id: <20200327015629.2588-7-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: mcjq2bT7LZHekUlTvuKhxVyzx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274209; bh=PicqrULRJaQylraj6Uo4NXcUP36KYbXw8z15r/jSe4I=; h=Cc:Date:From:Reply-To:Subject:To; b=MaXV3KbBCZeXtZfmV0xLA3CA8h6caGvkXDI3WozHyEqt7BH3vzP0r8iRqnMYj+jRwPu d5QjWSV23HVkicQ5/kZucluYiSIpcIZB9/Y9pGm3CMQAb/QnRVzvk+NjhH/jpp/Qsk2Ju kB8d6fgkqBDVV/1UNOa8z5TY7R6sxi0UeEE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 iSCSI driver required the MD5 function. Change the PcdMD5Enable to TRUE when NETWORK_ISCSI_ENABLE is TURE. Cc: Maciej Rabeda Cc: Jiaxin Wu Cc: Siyuan Fu Signed-off-by: Zhichao Gao Reviewed-by: Maciej Rabeda Reviewed-by: Siyuan Fu --- NetworkPkg/NetworkPcds.dsc.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkPkg/NetworkPcds.dsc.inc b/NetworkPkg/NetworkPcds.dsc.inc index f874b382ef..7a81f0cb2d 100644 --- a/NetworkPkg/NetworkPcds.dsc.inc +++ b/NetworkPkg/NetworkPcds.dsc.inc @@ -5,7 +5,7 @@ # by using "!include NetworkPkg/NetworkPcds.dsc.inc" to specify PCD settin= gs # according to the value of flags described in "NetworkDefines.dsc.inc". # -# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -14,3 +14,6 @@ !if $(NETWORK_ALLOW_HTTP_CONNECTIONS) =3D=3D TRUE gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE !endif +!if $(NETWORK_ISCSI_ENABLE) =3D=3D TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable|TRUE +!endif --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56446): https://edk2.groups.io/g/devel/message/56446 Mute This Topic: https://groups.io/mt/72579468/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56447+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56447+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274211; cv=none; d=zohomail.com; s=zohoarc; b=aZmGWWjgSO3oHWOa9WRh4Wt6ZC8EWyUaGKzWcCnLoiKRKhsVdrTQmbm4mvUN3wbBjmAxy+If7JxvsQyoE8dFahmS7BF3/31lctraGj9bQBDpgp52XwrwfL5xaf3cAU2N/0R/TwaPqqe42Q9sMFt2DNFVOo3nA6HoDmGtKA15qgg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274211; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=DHnm9odWXRWWweWdoRA9yNy2CGysEirKiYgmrzlOQL4=; b=Wsfkb/w3SdvL5N/CKrM0J5kUFV09caVzwVsrlnbi+Vm01PXt7+mHFtCg6ceWCBnv+88TJIwVW+PpQeYD1RdiorOUwvSZZLvDsCf3d3LE3WGBESZitK89dYnEappgZEJkf6heXKx0lb/Nz2ioZ53voF/Mc3CGN+x+qZmfa/cTumM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56447+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 15852742112851018.296522500702; Thu, 26 Mar 2020 18:56:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jqOlYY1788612xyqQRlS4TIu; Thu, 26 Mar 2020 18:56:50 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:50 -0700 IronPort-SDR: JgSssFtVYXKSpFF7g/KpiTKWaQFWeg/mh8J3K6POexBAF+ez9hcDIkxc6MmG1J886q9jQdf2rP u4kKKLF5UPLw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:50 -0700 IronPort-SDR: 4dW9HGZbQOF1V/LUl/IwgDUkfm098RsDkA4MgdJJpeEWGr1H99CSrf+asPSb4unqfh3znjJLq7 oKAFQf7VY+ZQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246840" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:48 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 7/8] Crypto/BaseCryptLib: Using pcd to control MD5 enablement Date: Fri, 27 Mar 2020 09:56:28 +0800 Message-Id: <20200327015629.2588-8-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: uKgf6L6amDzJEzdoV8jo8Ujbx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274210; bh=GVBFyT2olwyHtP0IrFgB0Cl3CGP5DNCv/ozBC0+9XjI=; h=Cc:Date:From:Reply-To:Subject:To; b=mW6QPbs0vMAcpEJHy/aITf9ttx2fLzADkXX/alD1GGpSc1o6D0QY9k22KHcwiZzFk2y W6V15OUtrP9oFTyfok7B3eOwSxaglYt8dC5keeNkMJ0tLtGVFYQDZzq9A2gqhDSf98zoj 513Tqt8sLf9ftysMEahwaYmqrRAY8EXOPQ8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 Md5 and SHA1 is not secure any longer but uefi spec need to keep them for backwards compatibility. Use pcd PcdMD5Enable to control the MD5 function enablement. When disable the MD5 functions would not be complied. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 9 +++++++++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 5 ++++- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 +++ CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 +++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 3 +++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 3 +++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 3 +++ CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +++ CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 3 +++ CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c | 3 +++ .../Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 +++ CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 5 +++++ CryptoPkg/Private/Protocol/Crypto.h | 7 ++++++- 14 files changed, 54 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index cc5fd922b7..b53da85bad 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -13,6 +13,7 @@ #include #include #include +#include =20 /** A macro used to retrieve the FixedAtBuild PcdCryptoServiceFamilyEnable w= ith a @@ -105,6 +106,7 @@ CryptoServiceGetCryptoVersion ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +#if (FixedPcdGetBool (PcdMD5Enable)) /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -262,6 +264,7 @@ CryptoServiceMd5HashAll ( { return CALL_BASECRYPTLIB (Md5.Services.HashAll, Md5HashAll, (Data, DataS= ize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. @@ -1021,6 +1024,7 @@ CryptoServiceSm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +#if (FixedPcdGetBool (PcdMD5Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. =20 @@ -1171,6 +1175,7 @@ CryptoServiceHmacMd5Final ( { return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5= Context, HmacValue), FALSE); } +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. @@ -3806,6 +3811,7 @@ CryptoServiceTlsGetCertRevocationList ( const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, +#if (FixedPcdGetBool (PcdMD5Enable)) /// HMAC MD5 CryptoServiceHmacMd5New, CryptoServiceHmacMd5Free, @@ -3813,6 +3819,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacMd5Duplicate, CryptoServiceHmacMd5Update, CryptoServiceHmacMd5Final, +#endif /// HMAC SHA1 CryptoServiceHmacSha1New, CryptoServiceHmacSha1Free, @@ -3827,6 +3834,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha256Duplicate, CryptoServiceHmacSha256Update, CryptoServiceHmacSha256Final, +#if (FixedPcdGetBool (PcdMD5Enable)) /// Md5 CryptoServiceMd5GetContextSize, CryptoServiceMd5Init, @@ -3834,6 +3842,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceMd5Update, CryptoServiceMd5Final, CryptoServiceMd5HashAll, +#endif /// Pkcs CryptoServicePkcs1v2Encrypt, CryptoServicePkcs5HashPassword, diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 498e0f75e8..5c65ef5892 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -83,6 +83,9 @@ IntrinsicLib PrintLib =20 +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + # # Remove these [BuildOptions] after this library is cleaned up # diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Lib= rary/BaseCryptLib/Hash/CryptMd5.c index 0e0d0ec54d..5af0c03a1c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -1,11 +1,13 @@ /** @file MD5 Digest Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdMD5Enable)) #include "InternalCryptLib.h" #include =20 @@ -223,3 +225,4 @@ Md5HashAll ( return TRUE; } } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c index da46ce09f4..2946e6432b 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdMD5Enable)) #include "InternalCryptLib.h" #include =20 @@ -214,3 +216,4 @@ HmacMd5Final ( =20 return TRUE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c index 5de55bf0d5..befd0b4c08 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdMD5Enable)) #include "InternalCryptLib.h" =20 /** @@ -137,3 +139,4 @@ HmacMd5Final ( ASSERT (FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f631f8d879..cebc74ccf2 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -76,6 +76,9 @@ OpensslLib IntrinsicLib =20 +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + # # Remove these [BuildOptions] after this library is cleaned up # diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/= Library/BaseCryptLib/Pk/CryptRsaBasic.c index d24e1fdf68..31b78464d2 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "InternalCryptLib.h" +#include =20 #include #include @@ -291,9 +292,11 @@ RsaPkcs1Verify ( // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported. // switch (HashSize) { +#if (FixedPcdGetBool (PcdMD5Enable)) case MD5_DIGEST_SIZE: DigestType =3D NID_md5; break; +#endif =20 case SHA1_DIGEST_SIZE: DigestType =3D NID_sha1; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Li= brary/BaseCryptLib/Pk/CryptRsaExt.c index 7cd5fecf04..1a50be1d78 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "InternalCryptLib.h" +#include =20 #include #include @@ -329,9 +330,11 @@ RsaPkcs1Sign ( // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported. // switch (HashSize) { +#if (FixedPcdGetBool (PcdMD5Enable)) case MD5_DIGEST_SIZE: DigestType =3D NID_md5; break; +#endif =20 case SHA1_DIGEST_SIZE: DigestType =3D NID_sha1; diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 3b664ae30a..72d4cd03ab 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -88,6 +88,9 @@ IntrinsicLib PrintLib =20 +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + # # Remove these [BuildOptions] after this library is cleaned up # diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc3556ae3f..21f104c916 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -87,6 +87,9 @@ IntrinsicLib PrintLib =20 +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + # # Remove these [BuildOptions] after this library is cleaned up # diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c b/Crypt= oPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c index 34c539fe3a..cbf863b1f8 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd5Null.c @@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdMD5Enable)) #include "InternalCryptLib.h" =20 =20 @@ -163,3 +165,4 @@ Md5HashAll( ASSERT(FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c index 5de55bf0d5..befd0b4c08 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdMD5Enable)) #include "InternalCryptLib.h" =20 /** @@ -137,3 +139,4 @@ HmacMd5Final ( ASSERT (FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c937f8540d..cba1e4c8bf 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -14,6 +14,7 @@ #include #include #include +#include =20 /** A macro used to call a non-void service in an EDK II Crypto Protocol. @@ -99,6 +100,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +#if (FixedPcdGetBool (PcdMD5Enable)) /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -256,6 +258,7 @@ Md5HashAll ( { CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. @@ -1015,6 +1018,7 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +#if (FixedPcdGetBool (PcdMD5Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. =20 @@ -1165,6 +1169,7 @@ HmacMd5Final ( { CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), FALSE); } +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 2c46a91eb6..527318dc23 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -43,6 +43,7 @@ UINTN //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +#if (FixedPcdGetBool (PcdMD5Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. =20 @@ -176,7 +177,7 @@ BOOLEAN IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ); - +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. @@ -3443,6 +3444,7 @@ EFI_STATUS struct _EDKII_CRYPTO_PROTOCOL { /// Version EDKII_CRYPTO_GET_VERSION GetVersion; +#if (FixedPcdGetBool (PcdMD5Enable)) /// HMAC MD5 EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New; EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free; @@ -3450,6 +3452,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate; EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; +#endif /// HMAC SHA1 EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; @@ -3464,6 +3467,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; +#if (FixedPcdGetBool (PcdMD5Enable)) /// Md5 EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; EDKII_CRYPTO_MD5_INIT Md5Init; @@ -3471,6 +3475,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_MD5_UPDATE Md5Update; EDKII_CRYPTO_MD5_FINAL Md5Final; EDKII_CRYPTO_MD5_HASH_ALL Md5HashAll; +#endif /// Pkcs EDKII_CRYPTO_PKCS1_ENCRYPT_V2 Pkcs1v2Encrypt; EDKII_CRYPTO_PKCS5_PW_HASH Pkcs5HashPassword; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56447): https://edk2.groups.io/g/devel/message/56447 Mute This Topic: https://groups.io/mt/72579469/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 13:48:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56448+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56448+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274216; cv=none; d=zohomail.com; s=zohoarc; b=W+8AYD08V0pVhq5Tr3tpLnNAHj0jaFMBzd19wDYUQIfwlUP4BNO8q1GwW/v+X8gG086PI/24lXIzUuIszO2204TLy/JW/yWrG2+s4mMELbKGv/jMfIW3RU468LdREWPXgWvIvLtjpRxQQLHfnStf6XVO6CHJpMaAfkihU2zF1mo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274216; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BJoSadPhg4b8g3HmlQILLgJedbGBm5oln74BRISXzgA=; b=YkGBW2gAtTIi9ZKlMH/h2xxEyKjfaNuqOfbnmJI/hZO1LPTmJmBarAmSJymSab3B8TrngP5Rn6C+ShAWyRBdun23AwsAz9+01VLd8O+Ik+yCTGpiUGaSLaBvfV9lAkLLihijEIF0qKaLvGBd8MPcJpwKMy3YIR35DCWK44AM1Cc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56448+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274216843319.66497218774987; Thu, 26 Mar 2020 18:56:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Hth5YY1788612xzh94t0pjJw; Thu, 26 Mar 2020 18:56:53 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:52 -0700 IronPort-SDR: vsIX45RECs6TgjFSvjIYPCUeFAxMFuN/oGeOs4mP6YgUHWBNk1nAOsHh/hJl79TPHKS3q4H7yM FvwsFGyYY6UQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:52 -0700 IronPort-SDR: ZYkC0p/96gQj9sXac9NFByIeq60Wt7tItKNlMeplDWqPuPN/53l/DyQT4AicwHpqh1jBIOtFcG iD8BldwfYJJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246853" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:50 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Date: Fri, 27 Mar 2020 09:56:29 +0800 Message-Id: <20200327015629.2588-9-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: jERRMaCQqAHS8R9SeOdngfvwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274213; bh=LZpJIAxG4Zw2lUNiLiOdN8R3SQBhXrWmYjc7BftLojI=; h=Cc:Date:From:Reply-To:Subject:To; b=MYCJ3PvmbImGeYM0QNE+Zd9wPxijjcuRFGgQFOhLSDcd8WtaZa3OmgG8qz2h26fBXrc abktT5jgUkLGDS0ykCCnZDkLfXBdKF4w0Hr1RJwZ6T6T0feUVuLnu5uh2NtYF07iKN/Bi AkGHABpOAtEz6XbEPRtXKMQHXICZnewWEyM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 Md5 and SHA1 is not secure any longer but uefi spec need to keep them for backwards compatibility. Use pcd PcdSHA1Enable to control the SHA1 function enablement. When disable the SHA1 functions would not be complied. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 8 ++++++++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 +++ .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 +++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 +++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 2 ++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 2 ++ CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +++- .../Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 4 ++++ CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | 12 ++++++++++++ CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf | 1 + CryptoPkg/Private/Protocol/Crypto.h | 9 ++++++++- 15 files changed, 53 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index b53da85bad..f7902205b3 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -266,6 +266,7 @@ CryptoServiceMd5HashAll ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -423,6 +424,7 @@ CryptoServiceSha1HashAll ( { return CALL_BASECRYPTLIB (Sha1.Services.HashAll, Sha1HashAll, (Data, Dat= aSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -1177,6 +1179,7 @@ CryptoServiceHmacMd5Final ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 @@ -1327,6 +1330,7 @@ CryptoServiceHmacSha1Final ( { return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacS= ha1Context, HmacValue), FALSE); } +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. @@ -3820,6 +3824,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacMd5Update, CryptoServiceHmacMd5Final, #endif +#if (FixedPcdGetBool (PcdSHA1Enable)) /// HMAC SHA1 CryptoServiceHmacSha1New, CryptoServiceHmacSha1Free, @@ -3827,6 +3832,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha1Duplicate, CryptoServiceHmacSha1Update, CryptoServiceHmacSha1Final, +#endif /// HMAC SHA256 CryptoServiceHmacSha256New, CryptoServiceHmacSha256Free, @@ -3877,6 +3883,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceRsaPkcs1Verify, CryptoServiceRsaGetPrivateKeyFromPem, CryptoServiceRsaGetPublicKeyFromX509, +#if (FixedPcdGetBool (PcdSHA1Enable)) /// Sha1 CryptoServiceSha1GetContextSize, CryptoServiceSha1Init, @@ -3884,6 +3891,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceSha1Update, CryptoServiceSha1Final, CryptoServiceSha1HashAll, +#endif /// Sha256 CryptoServiceSha256GetContextSize, CryptoServiceSha256Init, diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 5c65ef5892..9ffd98096c 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -85,6 +85,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index 7593ca55b1..baba6b267c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdSHA1Enable)) #include "InternalCryptLib.h" #include =20 @@ -214,3 +216,4 @@ HmacSha1Final ( =20 return TRUE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c index e8c0f341b7..1314fa1a77 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdSHA1Enable)) #include "InternalCryptLib.h" =20 /** @@ -137,3 +139,4 @@ HmacSha1Final ( ASSERT (FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index cebc74ccf2..b40e76f243 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -78,6 +78,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c b/CryptoP= kg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c index a89c1525c1..15e6bc2cb4 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "InternalCryptLib.h" +#include #include #include =20 @@ -68,9 +69,11 @@ Pkcs5HashPassword ( // Make sure the digest algorithm is supported. // switch (DigestSize) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case SHA1_DIGEST_SIZE: HashAlg =3D EVP_sha1(); break; +#endif case SHA256_DIGEST_SIZE: HashAlg =3D EVP_sha256(); break; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/= Library/BaseCryptLib/Pk/CryptRsaBasic.c index 31b78464d2..549ee1b933 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -298,9 +298,11 @@ RsaPkcs1Verify ( break; #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) case SHA1_DIGEST_SIZE: DigestType =3D NID_sha1; break; +#endif =20 case SHA256_DIGEST_SIZE: DigestType =3D NID_sha256; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Li= brary/BaseCryptLib/Pk/CryptRsaExt.c index 1a50be1d78..60605e3486 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -336,9 +336,11 @@ RsaPkcs1Sign ( break; #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) case SHA1_DIGEST_SIZE: DigestType =3D NID_sha1; break; +#endif =20 case SHA256_DIGEST_SIZE: DigestType =3D NID_sha256; diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 72d4cd03ab..b6c0be70f2 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -90,6 +90,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 21f104c916..7f678eee93 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -89,6 +89,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/= CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c index e8c0f341b7..3aac798188 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c @@ -5,7 +5,8 @@ Copyright (c) 2012 - 2020, Intel Corporation. All rights re= served.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ - +#include +#if (FixedPcdGetBool (PcdSHA1Enable)) #include "InternalCryptLib.h" =20 /** @@ -137,3 +138,4 @@ HmacSha1Final ( ASSERT (FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index cba1e4c8bf..8429fefc0b 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -260,6 +260,7 @@ Md5HashAll ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -417,6 +418,7 @@ Sha1HashAll ( { CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -1171,6 +1173,7 @@ HmacMd5Final ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 @@ -1321,6 +1324,7 @@ HmacSha1Final ( { CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE); } +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c b/CryptoPkg/= Library/BaseHashApiLib/BaseHashApiLib.c index f9796b2158..754d75aeb2 100644 --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c @@ -33,9 +33,11 @@ HashApiGetContextSize ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1GetContextSize (); break; +#endif =20 case HASH_ALG_SHA256: return Sha256GetContextSize (); @@ -75,9 +77,11 @@ HashApiInit ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Init (HashContext); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Init (HashContext); @@ -119,9 +123,11 @@ HashApiDuplicate ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Duplicate (HashContext, NewHashContext); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Duplicate (HashContext, NewHashContext); @@ -165,9 +171,11 @@ HashApiUpdate ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Update (HashContext, DataToHash, DataToHashLen); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Update (HashContext, DataToHash, DataToHashLen); @@ -209,9 +217,11 @@ HashApiFinal ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Final (HashContext, Digest); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Final (HashContext, Digest); @@ -255,9 +265,11 @@ HashApiHashAll ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1HashAll (DataToHash, DataToHashLen, Digest); break; +#endif =20 case HASH_ALG_SHA256: return Sha256HashAll (DataToHash, DataToHashLen, Digest); diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf b/CryptoPk= g/Library/BaseHashApiLib/BaseHashApiLib.inf index b4d8675ddd..29f7d7abfd 100644 --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf @@ -42,3 +42,4 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy ## CONSUMES + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable ## CONSUMES diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 527318dc23..3f8c5751a7 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -179,6 +179,7 @@ BOOLEAN ); #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 @@ -315,7 +316,7 @@ BOOLEAN IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ); - +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. @@ -1537,6 +1538,7 @@ BOOLEAN // SHA //---------------------------------------- =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -1676,6 +1678,7 @@ BOOLEAN IN UINTN DataSize, OUT UINT8 *HashValue ); +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -3453,6 +3456,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; #endif +#if (FixedPcdGetBool (PcdSHA1Enable)) /// HMAC SHA1 EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; @@ -3460,6 +3464,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate; EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update; EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final; +#endif /// HMAC SHA256 EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; @@ -3510,6 +3515,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify; EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFromPem; EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX509; +#if (FixedPcdGetBool (PcdSHA1Enable)) /// Sha1 EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize; EDKII_CRYPTO_SHA1_INIT Sha1Init; @@ -3517,6 +3523,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_SHA1_UPDATE Sha1Update; EDKII_CRYPTO_SHA1_FINAL Sha1Final; EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll; +#endif /// Sha256 EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize; EDKII_CRYPTO_SHA256_INIT Sha256Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56448): https://edk2.groups.io/g/devel/message/56448 Mute This Topic: https://groups.io/mt/72579470/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-