CryptoPkg/BaseCryptLib: Retire the TDES algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Zhichao Gao
committed by
mergify[bot]
mergify[bot]
parent
f4c15d3807
commit
b8af2c9eda
@ -1467,220 +1467,6 @@ HmacSha256Final (
|
||||
// Symmetric Cryptography Primitive
|
||||
//=====================================================================================
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for TDES operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for TDES operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
TdesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0);
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as TDES context for subsequent use.
|
||||
|
||||
This function initializes user-supplied memory pointed by TdesContext as TDES context.
|
||||
In addition, it sets up all TDES key materials for subsequent encryption and decryption
|
||||
operations.
|
||||
There are 3 key options as follows:
|
||||
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
|
||||
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
|
||||
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
|
||||
|
||||
If TdesContext is NULL, then return FALSE.
|
||||
If Key is NULL, then return FALSE.
|
||||
If KeyLength is not valid, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] TdesContext Pointer to TDES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied TDES key.
|
||||
@param[in] KeyLength Length of TDES key in bits.
|
||||
|
||||
@retval TRUE TDES context initialization succeeded.
|
||||
@retval FALSE TDES context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesInit (
|
||||
OUT VOID *TdesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
This function performs TDES encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in ECB mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then return FALSE.
|
||||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval TRUE TDES encryption succeeded.
|
||||
@retval FALSE TDES encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
This function performs TDES decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in ECB mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then return FALSE.
|
||||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
|
||||
|
||||
@retval TRUE TDES decryption succeeded.
|
||||
@retval FALSE TDES decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
This function performs TDES encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in CBC mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
Initialization vector should be one block size (8 bytes).
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then return FALSE.
|
||||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Ivec is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval TRUE TDES encryption succeeded.
|
||||
@retval FALSE TDES encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
This function performs TDES decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in CBC mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
Initialization vector should be one block size (8 bytes).
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then return FALSE.
|
||||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Ivec is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval TRUE TDES decryption succeeded.
|
||||
@retval FALSE TDES decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for AES operations.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user