diff options
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Cipher')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c | 323 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c | 165 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c | 211 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c | 130 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c | 370 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c | 166 |
6 files changed, 1365 insertions, 0 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c new file mode 100644 index 00000000..699dc99a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -0,0 +1,323 @@ +/** @file
+ AES Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/aes.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for AES operations.
+
+ @return The size, in bytes, of the context buffer required for AES operations.
+
+**/
+UINTN
+EFIAPI
+AesGetContextSize (
+ VOID
+ )
+{
+ //
+ // AES uses different key contexts for encryption and decryption, so here memory
+ // for 2 copies of AES_KEY is allocated.
+ //
+ return (UINTN) (2 * sizeof (AES_KEY));
+}
+
+/**
+ Initializes user-supplied memory as AES context for subsequent use.
+
+ This function initializes user-supplied memory pointed by AesContext as AES context.
+ In addition, it sets up all AES key materials for subsequent encryption and decryption
+ operations.
+ There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
+
+ If AesContext is NULL, then return FALSE.
+ If Key is NULL, then return FALSE.
+ If KeyLength is not valid, then return FALSE.
+
+ @param[out] AesContext Pointer to AES context being initialized.
+ @param[in] Key Pointer to the user-supplied AES key.
+ @param[in] KeyLength Length of AES key in bits.
+
+ @retval TRUE AES context initialization succeeded.
+ @retval FALSE AES context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesInit (
+ OUT VOID *AesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ AES_KEY *AesKey;
+
+ //
+ // Check input parameters.
+ //
+ if (AesContext == NULL || Key == NULL || (KeyLength != 128 && KeyLength != 192 && KeyLength != 256)) {
+ return FALSE;
+ }
+
+ //
+ // Initialize AES encryption & decryption key schedule.
+ //
+ AesKey = (AES_KEY *) AesContext;
+ if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {
+ return FALSE;
+ }
+ if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in ECB mode.
+
+ This function performs AES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (16 bytes), then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval TRUE AES encryption succeeded.
+ @retval FALSE AES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+
+ //
+ // Check input parameters.
+ //
+ if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
+ return FALSE;
+ }
+
+ AesKey = (AES_KEY *) AesContext;
+
+ //
+ // Perform AES data encryption with ECB mode (block-by-block)
+ //
+ while (InputSize > 0) {
+ AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
+ Input += AES_BLOCK_SIZE;
+ Output += AES_BLOCK_SIZE;
+ InputSize -= AES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in ECB mode.
+
+ This function performs AES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (16 bytes), then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES decryption output.
+
+ @retval TRUE AES decryption succeeded.
+ @retval FALSE AES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+
+ //
+ // Check input parameters.
+ //
+ if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
+ return FALSE;
+ }
+
+ AesKey = (AES_KEY *) AesContext;
+
+ //
+ // Perform AES data decryption with ECB mode (block-by-block)
+ //
+ while (InputSize > 0) {
+ AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
+ Input += AES_BLOCK_SIZE;
+ Output += AES_BLOCK_SIZE;
+ InputSize -= AES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in CBC mode.
+
+ This function performs AES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (16 bytes).
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (16 bytes), then return FALSE.
+ If Ivec is NULL, then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval TRUE AES encryption succeeded.
+ @retval FALSE AES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+ UINT8 IvecBuffer[AES_BLOCK_SIZE];
+
+ //
+ // Check input parameters.
+ //
+ if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
+ return FALSE;
+ }
+
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
+ return FALSE;
+ }
+
+ AesKey = (AES_KEY *) AesContext;
+ CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
+
+ //
+ // Perform AES data encryption with CBC mode
+ //
+ AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
+
+ return TRUE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in CBC mode.
+
+ This function performs AES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (16 bytes).
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (16 bytes), then return FALSE.
+ If Ivec is NULL, then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval TRUE AES decryption succeeded.
+ @retval FALSE AES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+ UINT8 IvecBuffer[AES_BLOCK_SIZE];
+
+ //
+ // Check input parameters.
+ //
+ if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
+ return FALSE;
+ }
+
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
+ return FALSE;
+ }
+
+ AesKey = (AES_KEY *) AesContext;
+ CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
+
+ //
+ // Perform AES data decryption with CBC mode
+ //
+ AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c new file mode 100644 index 00000000..6e3acf5e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -0,0 +1,165 @@ +/** @file
+ AES Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for AES operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+AesGetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as AES context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] AesContext Pointer to AES context being initialized.
+ @param[in] Key Pointer to the user-supplied AES key.
+ @param[in] KeyLength Length of AES key in bits.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesInit (
+ OUT VOID *AesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c new file mode 100644 index 00000000..3064c443 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c @@ -0,0 +1,211 @@ +/** @file
+ ARC4 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/rc4.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
+
+ @return The size, in bytes, of the context buffer required for ARC4 operations.
+
+**/
+UINTN
+EFIAPI
+Arc4GetContextSize (
+ VOID
+ )
+{
+ //
+ // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
+ // for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
+ // the working copy to the initial state.
+ //
+ return (UINTN) (2 * sizeof (RC4_KEY));
+}
+
+/**
+ Initializes user-supplied memory as ARC4 context for subsequent use.
+
+ This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
+ In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
+ operations.
+
+ If Arc4Context is NULL, then return FALSE.
+ If Key is NULL, then return FALSE.
+ If KeySize does not in the range of [5, 256] bytes, then return FALSE.
+
+ @param[out] Arc4Context Pointer to ARC4 context being initialized.
+ @param[in] Key Pointer to the user-supplied ARC4 key.
+ @param[in] KeySize Size of ARC4 key in bytes.
+
+ @retval TRUE ARC4 context initialization succeeded.
+ @retval FALSE ARC4 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Init (
+ OUT VOID *Arc4Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ //
+ // Check input parameters.
+ //
+ if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) {
+ return FALSE;
+ }
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
+
+ CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY));
+
+ return TRUE;
+}
+
+/**
+ Performs ARC4 encryption on a data buffer of the specified size.
+
+ This function performs ARC4 encryption on data buffer pointed by Input, of specified
+ size of InputSize.
+ Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
+ invalid ARC4 context is undefined.
+
+ If Arc4Context is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
+
+ @retval TRUE ARC4 encryption succeeded.
+ @retval FALSE ARC4 encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Encrypt (
+ IN OUT VOID *Arc4Context,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ //
+ // Check input parameters.
+ //
+ if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
+ return FALSE;
+ }
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
+
+ return TRUE;
+}
+
+/**
+ Performs ARC4 decryption on a data buffer of the specified size.
+
+ This function performs ARC4 decryption on data buffer pointed by Input, of specified
+ size of InputSize.
+ Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
+ invalid ARC4 context is undefined.
+
+ If Arc4Context is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
+
+ @retval TRUE ARC4 decryption succeeded.
+ @retval FALSE ARC4 decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Decrypt (
+ IN OUT VOID *Arc4Context,
+ IN UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ //
+ // Check input parameters.
+ //
+ if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
+ return FALSE;
+ }
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
+
+ return TRUE;
+}
+
+/**
+ Resets the ARC4 context to the initial state.
+
+ The function resets the ARC4 context to the state it had immediately after the
+ ARC4Init() function call.
+ Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
+ should be already correctly initialized by ARC4Init().
+
+ If Arc4Context is NULL, then return FALSE.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+
+ @retval TRUE ARC4 reset succeeded.
+ @retval FALSE ARC4 reset failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Reset (
+ IN OUT VOID *Arc4Context
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ //
+ // Check input parameters.
+ //
+ if (Arc4Context == NULL) {
+ return FALSE;
+ }
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c new file mode 100644 index 00000000..5b48e445 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c @@ -0,0 +1,130 @@ +/** @file
+ ARC4 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+
+**/
+UINTN
+EFIAPI
+Arc4GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as ARC4 context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Arc4Context Pointer to ARC4 context being initialized.
+ @param[in] Key Pointer to the user-supplied ARC4 key.
+ @param[in] KeySize Size of ARC4 key in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Init (
+ OUT VOID *Arc4Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs ARC4 encryption on a data buffer of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Encrypt (
+ IN OUT VOID *Arc4Context,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs ARC4 decryption on a data buffer of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Decrypt (
+ IN OUT VOID *Arc4Context,
+ IN UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Resets the ARC4 context to the initial state.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Reset (
+ IN OUT VOID *Arc4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c new file mode 100644 index 00000000..8025a49c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c @@ -0,0 +1,370 @@ +/** @file
+ TDES Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/des.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for TDES operations.
+
+ @return The size, in bytes, of the context buffer required for TDES operations.
+
+**/
+UINTN
+EFIAPI
+TdesGetContextSize (
+ VOID
+ )
+{
+ //
+ // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
+ //
+ return (UINTN) (3 * sizeof (DES_key_schedule));
+}
+
+/**
+ Initializes user-supplied memory as TDES context for subsequent use.
+
+ This function initializes user-supplied memory pointed by TdesContext as TDES context.
+ In addition, it sets up all TDES key materials for subsequent encryption and decryption
+ operations.
+ There are 3 key options as follows:
+ KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
+ KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
+ KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
+
+ If TdesContext is NULL, then return FALSE.
+ If Key is NULL, then return FALSE.
+ If KeyLength is not valid, then return FALSE.
+
+ @param[out] TdesContext Pointer to TDES context being initialized.
+ @param[in] Key Pointer to the user-supplied TDES key.
+ @param[in] KeyLength Length of TDES key in bits.
+
+ @retval TRUE TDES context initialization succeeded.
+ @retval FALSE TDES context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesInit (
+ OUT VOID *TdesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ DES_key_schedule *KeySchedule;
+
+ //
+ // Check input parameters.
+ //
+ if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) {
+ return FALSE;
+ }
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+
+ //
+ // If input Key is a weak key, return error.
+ //
+ if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
+ return FALSE;
+ }
+
+ DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
+
+ if (KeyLength == 64) {
+ CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
+ CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
+ return TRUE;
+ }
+
+ if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) {
+ return FALSE;
+ }
+
+ DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
+
+ if (KeyLength == 128) {
+ CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
+ return TRUE;
+ }
+
+ if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) {
+ return FALSE;
+ }
+
+ DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
+
+ return TRUE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in ECB mode.
+
+ This function performs TDES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (8 bytes), then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval TRUE TDES encryption succeeded.
+ @retval FALSE TDES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+
+ //
+ // Check input parameters.
+ //
+ if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
+ return FALSE;
+ }
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+
+ while (InputSize > 0) {
+ DES_ecb3_encrypt (
+ (const_DES_cblock *) Input,
+ (DES_cblock *) Output,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ DES_ENCRYPT
+ );
+ Input += TDES_BLOCK_SIZE;
+ Output += TDES_BLOCK_SIZE;
+ InputSize -= TDES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in ECB mode.
+
+ This function performs TDES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (8 bytes), then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES decryption output.
+
+ @retval TRUE TDES decryption succeeded.
+ @retval FALSE TDES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+
+ //
+ // Check input parameters.
+ //
+ if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
+ return FALSE;
+ }
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+
+ while (InputSize > 0) {
+ DES_ecb3_encrypt (
+ (const_DES_cblock *) Input,
+ (DES_cblock *) Output,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ DES_DECRYPT
+ );
+ Input += TDES_BLOCK_SIZE;
+ Output += TDES_BLOCK_SIZE;
+ InputSize -= TDES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in CBC mode.
+
+ This function performs TDES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (8 bytes).
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (8 bytes), then return FALSE.
+ If Ivec is NULL, then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval TRUE TDES encryption succeeded.
+ @retval FALSE TDES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+ UINT8 IvecBuffer[TDES_BLOCK_SIZE];
+
+ //
+ // Check input parameters.
+ //
+ if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
+ return FALSE;
+ }
+
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
+ return FALSE;
+ }
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+ CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
+
+ DES_ede3_cbc_encrypt (
+ Input,
+ Output,
+ (UINT32) InputSize,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ (DES_cblock *) IvecBuffer,
+ DES_ENCRYPT
+ );
+
+ return TRUE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in CBC mode.
+
+ This function performs TDES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (8 bytes).
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then return FALSE.
+ If Input is NULL, then return FALSE.
+ If InputSize is not multiple of block size (8 bytes), then return FALSE.
+ If Ivec is NULL, then return FALSE.
+ If Output is NULL, then return FALSE.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval TRUE TDES decryption succeeded.
+ @retval FALSE TDES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+ UINT8 IvecBuffer[TDES_BLOCK_SIZE];
+
+ //
+ // Check input parameters.
+ //
+ if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
+ return FALSE;
+ }
+
+ if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
+ return FALSE;
+ }
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+ CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
+
+ DES_ede3_cbc_encrypt (
+ Input,
+ Output,
+ (UINT32) InputSize,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ (DES_cblock *) IvecBuffer,
+ DES_DECRYPT
+ );
+
+ return TRUE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c new file mode 100644 index 00000000..cec33b62 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c @@ -0,0 +1,166 @@ +/** @file
+ TDES Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for TDES operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+TdesGetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as TDES context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] TdesContext Pointer to TDES context being initialized.
+ @param[in] Key Pointer to the user-supplied TDES key.
+ @param[in] KeyLength Length of TDES key in bits.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesInit (
+ OUT VOID *TdesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
|