From nobody Mon Feb 9 16:34:40 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59169+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59169+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589221666; cv=none; d=zohomail.com; s=zohoarc; b=KeUdwTRC9CPQWODbOnbPA4WqLJJpYFIb5GHXhLWOTVrGr1KpFNjdtdep0zUhKPZ/4E9dKgny8zj1AZjiQQzL4vLVcv9y/tL9G8D3Y/OrJLsTmcaMGeX9bZPbfaed/O21JdPNTuD4OJLX2sWLDXvGD809ATGSu9WoIAphCr7BNqU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589221666; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YivgbDaUWhgY9lIePantXrDTMzKw7SdgbINUs7ygjx8=; b=E5TzlKXbNxEOAzS3doi4LQSjyhLOMXsdvhKSf0ImU7Fi4aVT/HByhgYaWkJuR9at+f/n5uL2Vxoejl+SiLKpkV2N9s6tmE1PQLjhAQQPTAOdEfvWCknZieWn9riW5OVlKJaCEDNg/btPrfTZkHjmrqns4x8XMxcigd69By58EuU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59169+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589221666657645.1883839767224; Mon, 11 May 2020 11:27:46 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Q7caYY1788612xhRX25tjkDz; Mon, 11 May 2020 11:27:46 -0700 X-Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web11.1033.1589221649973930155 for ; Mon, 11 May 2020 11:27:45 -0700 IronPort-SDR: adqRfXWQnDhONfPGb63x3+mpy7gtFzIQ7p6AeEhJEHAzqpsjuqzB301k39VFHxba678GRAydEB rEP85NAOtyZg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 May 2020 11:27:45 -0700 IronPort-SDR: frUxSMMBeayOOIK91zdrAiPoKlErkuhuKdnpC7g1V6ZZFEfc2quN1ddI62uycOtktcPIReCISo 1QgUgDXxnYHg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,380,1583222400"; d="scan'208";a="265244927" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga006.jf.intel.com with ESMTP; 11 May 2020 11:27:42 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V4 06/11] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Date: Tue, 12 May 2020 02:27:13 +0800 Message-Id: <20200511182718.7728-7-zhichao.gao@intel.com> In-Reply-To: <20200511182718.7728-1-zhichao.gao@intel.com> References: <20200511182718.7728-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: GqiuiB1pU408TsBawqQU4g51x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589221666; bh=lohu10bZYY3cv2JizyTq3Uam6SmcWSZPjlOQVYDHQk0=; h=Cc:Date:From:Reply-To:Subject:To; b=pFSogPBfv50C5UETDAIBa+bcPTfsSBdFmO+0PBAc5mvFOxk1PhLA3YvITgBj8uKXyB6 WVNdL28Gdcw9WfKMbE4UReCcDUr4r1wCDmBw3qwrdwrF8T1tjhzAtSHNnIBrv0Cli2JZO Q+CCE8x0tMqSXVf/F7A15BGhPmTzrKrloe0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 181 +-------- CryptoPkg/Include/Library/BaseCryptLib.h | 196 ---------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ---------- CryptoPkg/Private/Protocol/Crypto.h | 169 +------- 16 files changed, 50 insertions(+), 1430 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 832fcda3b9..22b49762bd 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1557,167 +1557,57 @@ CryptoServiceHmacSha256Final ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ UINTN EFIAPI -CryptoServiceTdesGetContextSize ( +DeprecatedCryptoServiceTdesGetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSi= ze, (), 0); + return BaseCryptLibServiceDeprecated ("TdesGetContextSize"), 0; } =20 -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesInit ( +DeprecatedCryptoServiceTdesInit ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ) { - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Ke= y, KeyLength), FALSE); + return BaseCryptLibServiceDeprecated ("TdesInit"), FALSE; } =20 -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesEcbEncrypt ( +DeprecatedCryptoServiceTdesEcbEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbEncrypt"), FALSE; } =20 -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesEcbDecrypt ( +DeprecatedCryptoServiceTdesEcbDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbDecrypt"), FALSE; } =20 -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesCbcEncrypt ( +DeprecatedCryptoServiceTdesCbcEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1725,41 +1615,12 @@ CryptoServiceTdesCbcEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcEncrypt"), FALSE; } =20 -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ BOOLEAN EFIAPI -CryptoServiceTdesCbcDecrypt ( +DeprecatedCryptoServiceTdesCbcDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1767,7 +1628,7 @@ CryptoServiceTdesCbcDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcDecrypt"), FALSE; } =20 /** @@ -4344,13 +4205,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceX509Free, CryptoServiceX509StackFree, CryptoServiceX509GetTBSCert, - /// TDES - CryptoServiceTdesGetContextSize, - CryptoServiceTdesInit, - CryptoServiceTdesEcbEncrypt, - CryptoServiceTdesEcbDecrypt, - CryptoServiceTdesCbcEncrypt, - CryptoServiceTdesCbcDecrypt, + /// TDES - deprecated and unsupported + DeprecatedCryptoServiceTdesGetContextSize, + DeprecatedCryptoServiceTdesInit, + DeprecatedCryptoServiceTdesEcbEncrypt, + DeprecatedCryptoServiceTdesEcbDecrypt, + DeprecatedCryptoServiceTdesCbcEncrypt, + DeprecatedCryptoServiceTdesCbcDecrypt, /// AES CryptoServiceAesGetContextSize, CryptoServiceAesInit, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 25e236c4a3..621bcfd1c4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1278,202 +1278,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ); - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index da38ea552f..2de8e9c346 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c - Cipher/CryptTdes.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptTdes.c deleted file mode 100644 index fd799f3398..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ /dev/null @@ -1,364 +0,0 @@ -/** @file - TDES Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - // - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and = K3 each. - // - return (UINTN) (3 * sizeof (DES_key_schedule)); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Key =3D=3D NULL || (KeyLength !=3D 64 && = KeyLength !=3D 128 && KeyLength !=3D 192)) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - // - // If input Key is a weak key, return error. - // - if (DES_is_weak_key ((const_DES_cblock *) Key) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); - - if (KeyLength =3D=3D 64) { - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); - - if (KeyLength =3D=3D 128) { - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_ENCRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_DECRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_ENCRYPT - ); - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_DECRYPT - ); - - return TRUE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f43953b78c..f631f8d879 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 5abd8e8dfb..c906935d3d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 ce= rtificate handler functions, authenticode signature verification functions,= PEM handler functions, and pseudorandom number generator functions are not= supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certific= ate handler functions, authenticode signature verification functions, PEM h= andler functions, and pseudorandom number generator functions are not suppo= rted in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Libr= ary/BaseCryptLib/Pem/CryptPem.c index 75a133bd0c..6f7e1971f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over O= penSSL. =20 -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem ( =20 // // Add possible block-cipher descriptor for PEM data decryption. - // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted= PEM. + // NOTE: Only support most popular ciphers AES for the encrypted PEM. // - if (EVP_add_cipher (EVP_des_ede3_cbc ()) =3D=3D 0) { - return FALSE; - } if (EVP_add_cipher (EVP_aes_128_cbc ()) =3D=3D 0) { return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index f1eb099b67..672e19299c 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 5a48d2a308..0a3bb1c04f 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 3a94655775..cc3556ae3f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 0561f107e8..2e362c635f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index a205c9005d..04b552f8b7 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 77915bdb86..43ee4e0841 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1467,220 +1467,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index f36c5c1aff..a30660c192 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2396,155 +2396,45 @@ BOOLEAN //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( VOID ); =20 -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -2552,38 +2442,9 @@ BOOLEAN OUT UINT8 *Output ); =20 -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_FREE X509Free; EDKII_CRYPTO_X509_STACK_FREE X509StackFree; EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; - /// TDES - EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize; - EDKII_CRYPTO_TDES_INIT TdesInit; - EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt; - EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt; - EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt; - EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt; + /// TDES - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContext= Size; + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt; /// AES EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59169): https://edk2.groups.io/g/devel/message/59169 Mute This Topic: https://groups.io/mt/74142379/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-