diff options
| author | Zhichao Gao <zhichao.gao@intel.com> | 2020-04-23 14:43:08 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-05-15 07:22:36 +0000 |
| commit | 80e28dcec86d011b525667148e6d16d30e7693cf (patch) | |
| tree | 4f442a796d9c649bc1307cfc3e8dd8ca556cdf88 /CryptoPkg | |
| parent | 394d58965222cff491e663e0ccbe9b7e87f5d630 (diff) | |
| download | edk2-80e28dcec86d011b525667148e6d16d30e7693cf.tar.gz | |
CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/CryptoPkg.dsc | 45 | ||||
| -rw-r--r-- | CryptoPkg/Driver/Crypto.c | 50 | ||||
| -rw-r--r-- | CryptoPkg/Include/Library/BaseCryptLib.h | 70 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c | 114 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c | 52 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c | 52 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 76 | ||||
| -rw-r--r-- | CryptoPkg/Private/Protocol/Crypto.h | 61 |
8 files changed, 42 insertions, 478 deletions
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 6ed7046563..1f68cc633b 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,27 +137,30 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 642d0267d9..1337fea42a 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1801,79 +1801,51 @@ CryptoServiceAesInit ( }
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] AesContext Pointer to the AES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the AES encryption output.
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceAesEcbEncrypt (
+DeprecatedCryptoServiceAesEcbEncrypt (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("AesEcbEncrypt"), FALSE;
}
/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] AesContext Pointer to the AES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the AES decryption output.
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceAesEcbDecrypt (
+DeprecatedCryptoServiceAesEcbDecrypt (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("AesEcbDecrypt"), FALSE;
}
/**
@@ -4376,11 +4348,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceTdesEcbDecrypt,
DeprecatedCryptoServiceTdesCbcEncrypt,
DeprecatedCryptoServiceTdesCbcDecrypt,
- /// AES
+ /// AES - ECB mode is deprecated and unsupported
CryptoServiceAesGetContextSize,
CryptoServiceAesInit,
- CryptoServiceAesEcbEncrypt,
- CryptoServiceAesEcbDecrypt,
+ DeprecatedCryptoServiceAesEcbEncrypt,
+ DeprecatedCryptoServiceAesEcbDecrypt,
CryptoServiceAesCbcEncrypt,
CryptoServiceAesCbcDecrypt,
/// Arc4 - deprecated and unsupported
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 621bcfd1c4..86175c7a8a 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1324,76 +1324,6 @@ AesInit ( );
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
This function performs AES encryption on data buffer pointed by Input, of specified
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c index 2515b34bb8..914cffb211 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -79,120 +79,6 @@ AesInit ( }
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data encryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data decryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
This function performs AES encryption on data buffer pointed by Input, of specified
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -51,58 +51,6 @@ AesInit ( }
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
Return FALSE to indicate this interface is not supported.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c @@ -51,58 +51,6 @@ AesInit ( }
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
Return FALSE to indicate this interface is not supported.
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 43ee4e0841..c937f8540d 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1519,82 +1519,6 @@ AesInit ( }
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
This function performs AES encryption on data buffer pointed by Input, of specified
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index a30660c192..e76ff623a5 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2498,69 +2498,22 @@ BOOLEAN );
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL { DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;
- /// AES
+ /// AES - ECB Mode is deprecated and unsupported
EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;
EDKII_CRYPTO_AES_INIT AesInit;
- EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt;
- EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt;
+ DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncrypt;
+ DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecrypt;
EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;
EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;
/// Arc4 - deprecated and unsupported
|