From b86e8e7e9c4d4191d556a52fbd2c3e614ddb246e Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 8 Oct 2018 13:31:30 -0400 Subject: Add CryptoPkg/Library/BaseCryptLib/ and CryptoPkg/Library/OpensslLib/ --- CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c | 323 ++++++++++++++++++ .../Library/BaseCryptLib/Cipher/CryptAesNull.c | 165 +++++++++ CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c | 211 ++++++++++++ .../Library/BaseCryptLib/Cipher/CryptArc4Null.c | 130 ++++++++ CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c | 370 +++++++++++++++++++++ .../Library/BaseCryptLib/Cipher/CryptTdesNull.c | 166 +++++++++ 6 files changed, 1365 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c (limited to 'CryptoPkg/Library/BaseCryptLib/Cipher') diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c new file mode 100644 index 00000000..699dc99a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -0,0 +1,323 @@ +/** @file + AES Wrapper Implementation over OpenSSL. + +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieves the size, in bytes, of the context buffer required for AES operations. + + @return The size, in bytes, of the context buffer required for AES operations. + +**/ +UINTN +EFIAPI +AesGetContextSize ( + VOID + ) +{ + // + // AES uses different key contexts for encryption and decryption, so here memory + // for 2 copies of AES_KEY is allocated. + // + return (UINTN) (2 * sizeof (AES_KEY)); +} + +/** + Initializes user-supplied memory as AES context for subsequent use. + + This function initializes user-supplied memory pointed by AesContext as AES context. + In addition, it sets up all AES key materials for subsequent encryption and decryption + operations. + There are 3 options for key length, 128 bits, 192 bits, and 256 bits. + + If AesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. + + @param[out] AesContext Pointer to AES context being initialized. + @param[in] Key Pointer to the user-supplied AES key. + @param[in] KeyLength Length of AES key in bits. + + @retval TRUE AES context initialization succeeded. + @retval FALSE AES context initialization failed. + +**/ +BOOLEAN +EFIAPI +AesInit ( + OUT VOID *AesContext, + IN CONST UINT8 *Key, + IN UINTN KeyLength + ) +{ + AES_KEY *AesKey; + + // + // Check input parameters. + // + if (AesContext == NULL || Key == NULL || (KeyLength != 128 && KeyLength != 192 && KeyLength != 256)) { + return FALSE; + } + + // + // Initialize AES encryption & decryption key schedule. + // + AesKey = (AES_KEY *) AesContext; + if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) { + return FALSE; + } + if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) { + return FALSE; + } + return TRUE; +} + +/** + Performs AES encryption on a data buffer of the specified size in ECB mode. + + This function performs AES encryption on data buffer pointed by Input, of specified + size of InputSize, in ECB mode. + InputSize must be multiple of block size (16 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + AesContext should be already correctly initialized by AesInit(). Behavior with + invalid AES context is undefined. + + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval TRUE AES encryption succeeded. + @retval FALSE AES encryption failed. + +**/ +BOOLEAN +EFIAPI +AesEcbEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + AES_KEY *AesKey; + + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } + + AesKey = (AES_KEY *) AesContext; + + // + // Perform AES data encryption with ECB mode (block-by-block) + // + while (InputSize > 0) { + AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT); + Input += AES_BLOCK_SIZE; + Output += AES_BLOCK_SIZE; + InputSize -= AES_BLOCK_SIZE; + } + + return TRUE; +} + +/** + Performs AES decryption on a data buffer of the specified size in ECB mode. + + This function performs AES decryption on data buffer pointed by Input, of specified + size of InputSize, in ECB mode. + InputSize must be multiple of block size (16 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + AesContext should be already correctly initialized by AesInit(). Behavior with + invalid AES context is undefined. + + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the AES decryption output. + + @retval TRUE AES decryption succeeded. + @retval FALSE AES decryption failed. + +**/ +BOOLEAN +EFIAPI +AesEcbDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + AES_KEY *AesKey; + + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } + + AesKey = (AES_KEY *) AesContext; + + // + // Perform AES data decryption with ECB mode (block-by-block) + // + while (InputSize > 0) { + AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT); + Input += AES_BLOCK_SIZE; + Output += AES_BLOCK_SIZE; + InputSize -= AES_BLOCK_SIZE; + } + + return TRUE; +} + +/** + Performs AES encryption on a data buffer of the specified size in CBC mode. + + This function performs AES encryption on data buffer pointed by Input, of specified + size of InputSize, in CBC mode. + InputSize must be multiple of block size (16 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + Initialization vector should be one block size (16 bytes). + AesContext should be already correctly initialized by AesInit(). Behavior with + invalid AES context is undefined. + + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval TRUE AES encryption succeeded. + @retval FALSE AES encryption failed. + +**/ +BOOLEAN +EFIAPI +AesCbcEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + AES_KEY *AesKey; + UINT8 IvecBuffer[AES_BLOCK_SIZE]; + + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) { + return FALSE; + } + + if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { + return FALSE; + } + + AesKey = (AES_KEY *) AesContext; + CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE); + + // + // Perform AES data encryption with CBC mode + // + AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT); + + return TRUE; +} + +/** + Performs AES decryption on a data buffer of the specified size in CBC mode. + + This function performs AES decryption on data buffer pointed by Input, of specified + size of InputSize, in CBC mode. + InputSize must be multiple of block size (16 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + Initialization vector should be one block size (16 bytes). + AesContext should be already correctly initialized by AesInit(). Behavior with + invalid AES context is undefined. + + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval TRUE AES decryption succeeded. + @retval FALSE AES decryption failed. + +**/ +BOOLEAN +EFIAPI +AesCbcDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + AES_KEY *AesKey; + UINT8 IvecBuffer[AES_BLOCK_SIZE]; + + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) { + return FALSE; + } + + if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { + return FALSE; + } + + AesKey = (AES_KEY *) AesContext; + CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE); + + // + // Perform AES data decryption with CBC mode + // + AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT); + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c new file mode 100644 index 00000000..6e3acf5e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -0,0 +1,165 @@ +/** @file + AES Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for AES operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +AesGetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory as AES context for subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] AesContext Pointer to AES context being initialized. + @param[in] Key Pointer to the user-supplied AES key. + @param[in] KeyLength Length of AES key in bits. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesInit ( + OUT VOID *AesContext, + IN CONST UINT8 *Key, + IN UINTN KeyLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES encryption on a data buffer of the specified size in ECB mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesEcbEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES decryption on a data buffer of the specified size in ECB mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the AES decryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesEcbDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES encryption on a data buffer of the specified size in CBC mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesCbcEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES decryption on a data buffer of the specified size in CBC mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesCbcDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c new file mode 100644 index 00000000..3064c443 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c @@ -0,0 +1,211 @@ +/** @file + ARC4 Wrapper Implementation over OpenSSL. + +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieves the size, in bytes, of the context buffer required for ARC4 operations. + + @return The size, in bytes, of the context buffer required for ARC4 operations. + +**/ +UINTN +EFIAPI +Arc4GetContextSize ( + VOID + ) +{ + // + // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other + // for backup copy. When Arc4Reset() is called, we can use the backup copy to restore + // the working copy to the initial state. + // + return (UINTN) (2 * sizeof (RC4_KEY)); +} + +/** + Initializes user-supplied memory as ARC4 context for subsequent use. + + This function initializes user-supplied memory pointed by Arc4Context as ARC4 context. + In addition, it sets up all ARC4 key materials for subsequent encryption and decryption + operations. + + If Arc4Context is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize does not in the range of [5, 256] bytes, then return FALSE. + + @param[out] Arc4Context Pointer to ARC4 context being initialized. + @param[in] Key Pointer to the user-supplied ARC4 key. + @param[in] KeySize Size of ARC4 key in bytes. + + @retval TRUE ARC4 context initialization succeeded. + @retval FALSE ARC4 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Arc4Init ( + OUT VOID *Arc4Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + RC4_KEY *Rc4Key; + + // + // Check input parameters. + // + if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) { + return FALSE; + } + + Rc4Key = (RC4_KEY *) Arc4Context; + + RC4_set_key (Rc4Key, (UINT32) KeySize, Key); + + CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); + + return TRUE; +} + +/** + Performs ARC4 encryption on a data buffer of the specified size. + + This function performs ARC4 encryption on data buffer pointed by Input, of specified + size of InputSize. + Arc4Context should be already correctly initialized by Arc4Init(). Behavior with + invalid ARC4 context is undefined. + + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the ARC4 encryption output. + + @retval TRUE ARC4 encryption succeeded. + @retval FALSE ARC4 encryption failed. + +**/ +BOOLEAN +EFIAPI +Arc4Encrypt ( + IN OUT VOID *Arc4Context, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + RC4_KEY *Rc4Key; + + // + // Check input parameters. + // + if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) { + return FALSE; + } + + Rc4Key = (RC4_KEY *) Arc4Context; + + RC4 (Rc4Key, (UINT32) InputSize, Input, Output); + + return TRUE; +} + +/** + Performs ARC4 decryption on a data buffer of the specified size. + + This function performs ARC4 decryption on data buffer pointed by Input, of specified + size of InputSize. + Arc4Context should be already correctly initialized by Arc4Init(). Behavior with + invalid ARC4 context is undefined. + + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the ARC4 decryption output. + + @retval TRUE ARC4 decryption succeeded. + @retval FALSE ARC4 decryption failed. + +**/ +BOOLEAN +EFIAPI +Arc4Decrypt ( + IN OUT VOID *Arc4Context, + IN UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + RC4_KEY *Rc4Key; + + // + // Check input parameters. + // + if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) { + return FALSE; + } + + Rc4Key = (RC4_KEY *) Arc4Context; + + RC4 (Rc4Key, (UINT32) InputSize, Input, Output); + + return TRUE; +} + +/** + Resets the ARC4 context to the initial state. + + The function resets the ARC4 context to the state it had immediately after the + ARC4Init() function call. + Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context + should be already correctly initialized by ARC4Init(). + + If Arc4Context is NULL, then return FALSE. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + + @retval TRUE ARC4 reset succeeded. + @retval FALSE ARC4 reset failed. + +**/ +BOOLEAN +EFIAPI +Arc4Reset ( + IN OUT VOID *Arc4Context + ) +{ + RC4_KEY *Rc4Key; + + // + // Check input parameters. + // + if (Arc4Context == NULL) { + return FALSE; + } + + Rc4Key = (RC4_KEY *) Arc4Context; + + CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); + + return TRUE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c new file mode 100644 index 00000000..5b48e445 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c @@ -0,0 +1,130 @@ +/** @file + ARC4 Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for ARC4 operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + + +**/ +UINTN +EFIAPI +Arc4GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory as ARC4 context for subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] Arc4Context Pointer to ARC4 context being initialized. + @param[in] Key Pointer to the user-supplied ARC4 key. + @param[in] KeySize Size of ARC4 key in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Arc4Init ( + OUT VOID *Arc4Context, + IN CONST UINT8 *Key, + IN UINTN KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs ARC4 encryption on a data buffer of the specified size. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the ARC4 encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Arc4Encrypt ( + IN OUT VOID *Arc4Context, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs ARC4 decryption on a data buffer of the specified size. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the ARC4 decryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Arc4Decrypt ( + IN OUT VOID *Arc4Context, + IN UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Resets the ARC4 context to the initial state. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Arc4Context Pointer to the ARC4 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Arc4Reset ( + IN OUT VOID *Arc4Context + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c new file mode 100644 index 00000000..8025a49c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c @@ -0,0 +1,370 @@ +/** @file + TDES Wrapper Implementation over OpenSSL. + +Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" +#include + +/** + Retrieves the size, in bytes, of the context buffer required for TDES operations. + + @return The size, in bytes, of the context buffer required for TDES operations. + +**/ +UINTN +EFIAPI +TdesGetContextSize ( + VOID + ) +{ + // + // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each. + // + return (UINTN) (3 * sizeof (DES_key_schedule)); +} + +/** + Initializes user-supplied memory as TDES context for subsequent use. + + This function initializes user-supplied memory pointed by TdesContext as TDES context. + In addition, it sets up all TDES key materials for subsequent encryption and decryption + operations. + There are 3 key options as follows: + KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) + KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) + KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) + + If TdesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. + + @param[out] TdesContext Pointer to TDES context being initialized. + @param[in] Key Pointer to the user-supplied TDES key. + @param[in] KeyLength Length of TDES key in bits. + + @retval TRUE TDES context initialization succeeded. + @retval FALSE TDES context initialization failed. + +**/ +BOOLEAN +EFIAPI +TdesInit ( + OUT VOID *TdesContext, + IN CONST UINT8 *Key, + IN UINTN KeyLength + ) +{ + DES_key_schedule *KeySchedule; + + // + // Check input parameters. + // + if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) { + return FALSE; + } + + KeySchedule = (DES_key_schedule *) TdesContext; + + // + // If input Key is a weak key, return error. + // + if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) { + return FALSE; + } + + DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); + + if (KeyLength == 64) { + CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); + CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); + return TRUE; + } + + if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) { + return FALSE; + } + + DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); + + if (KeyLength == 128) { + CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); + return TRUE; + } + + if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) { + return FALSE; + } + + DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); + + return TRUE; +} + +/** + Performs TDES encryption on a data buffer of the specified size in ECB mode. + + This function performs TDES encryption on data buffer pointed by Input, of specified + size of InputSize, in ECB mode. + InputSize must be multiple of block size (8 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + TdesContext should be already correctly initialized by TdesInit(). Behavior with + invalid TDES context is undefined. + + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the TDES encryption output. + + @retval TRUE TDES encryption succeeded. + @retval FALSE TDES encryption failed. + +**/ +BOOLEAN +EFIAPI +TdesEcbEncrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + DES_key_schedule *KeySchedule; + + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } + + KeySchedule = (DES_key_schedule *) TdesContext; + + while (InputSize > 0) { + DES_ecb3_encrypt ( + (const_DES_cblock *) Input, + (DES_cblock *) Output, + KeySchedule, + KeySchedule + 1, + KeySchedule + 2, + DES_ENCRYPT + ); + Input += TDES_BLOCK_SIZE; + Output += TDES_BLOCK_SIZE; + InputSize -= TDES_BLOCK_SIZE; + } + + return TRUE; +} + +/** + Performs TDES decryption on a data buffer of the specified size in ECB mode. + + This function performs TDES decryption on data buffer pointed by Input, of specified + size of InputSize, in ECB mode. + InputSize must be multiple of block size (8 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + TdesContext should be already correctly initialized by TdesInit(). Behavior with + invalid TDES context is undefined. + + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the TDES decryption output. + + @retval TRUE TDES decryption succeeded. + @retval FALSE TDES decryption failed. + +**/ +BOOLEAN +EFIAPI +TdesEcbDecrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + DES_key_schedule *KeySchedule; + + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } + + KeySchedule = (DES_key_schedule *) TdesContext; + + while (InputSize > 0) { + DES_ecb3_encrypt ( + (const_DES_cblock *) Input, + (DES_cblock *) Output, + KeySchedule, + KeySchedule + 1, + KeySchedule + 2, + DES_DECRYPT + ); + Input += TDES_BLOCK_SIZE; + Output += TDES_BLOCK_SIZE; + InputSize -= TDES_BLOCK_SIZE; + } + + return TRUE; +} + +/** + Performs TDES encryption on a data buffer of the specified size in CBC mode. + + This function performs TDES encryption on data buffer pointed by Input, of specified + size of InputSize, in CBC mode. + InputSize must be multiple of block size (8 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + Initialization vector should be one block size (8 bytes). + TdesContext should be already correctly initialized by TdesInit(). Behavior with + invalid TDES context is undefined. + + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the TDES encryption output. + + @retval TRUE TDES encryption succeeded. + @retval FALSE TDES encryption failed. + +**/ +BOOLEAN +EFIAPI +TdesCbcEncrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + DES_key_schedule *KeySchedule; + UINT8 IvecBuffer[TDES_BLOCK_SIZE]; + + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) { + return FALSE; + } + + if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { + return FALSE; + } + + KeySchedule = (DES_key_schedule *) TdesContext; + CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); + + DES_ede3_cbc_encrypt ( + Input, + Output, + (UINT32) InputSize, + KeySchedule, + KeySchedule + 1, + KeySchedule + 2, + (DES_cblock *) IvecBuffer, + DES_ENCRYPT + ); + + return TRUE; +} + +/** + Performs TDES decryption on a data buffer of the specified size in CBC mode. + + This function performs TDES decryption on data buffer pointed by Input, of specified + size of InputSize, in CBC mode. + InputSize must be multiple of block size (8 bytes). This function does not perform + padding. Caller must perform padding, if necessary, to ensure valid input data size. + Initialization vector should be one block size (8 bytes). + TdesContext should be already correctly initialized by TdesInit(). Behavior with + invalid TDES context is undefined. + + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the TDES encryption output. + + @retval TRUE TDES decryption succeeded. + @retval FALSE TDES decryption failed. + +**/ +BOOLEAN +EFIAPI +TdesCbcDecrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + DES_key_schedule *KeySchedule; + UINT8 IvecBuffer[TDES_BLOCK_SIZE]; + + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) { + return FALSE; + } + + if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { + return FALSE; + } + + KeySchedule = (DES_key_schedule *) TdesContext; + CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); + + DES_ede3_cbc_encrypt ( + Input, + Output, + (UINT32) InputSize, + KeySchedule, + KeySchedule + 1, + KeySchedule + 2, + (DES_cblock *) IvecBuffer, + DES_DECRYPT + ); + + return TRUE; +} + diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c new file mode 100644 index 00000000..cec33b62 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c @@ -0,0 +1,166 @@ +/** @file + TDES Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for TDES operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +TdesGetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory as TDES context for subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] TdesContext Pointer to TDES context being initialized. + @param[in] Key Pointer to the user-supplied TDES key. + @param[in] KeyLength Length of TDES key in bits. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +TdesInit ( + OUT VOID *TdesContext, + IN CONST UINT8 *Key, + IN UINTN KeyLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs TDES encryption on a data buffer of the specified size in ECB mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the TDES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +TdesEcbEncrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs TDES decryption on a data buffer of the specified size in ECB mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the TDES decryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +TdesEcbDecrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs TDES encryption on a data buffer of the specified size in CBC mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the TDES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +TdesCbcEncrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs TDES decryption on a data buffer of the specified size in CBC mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] TdesContext Pointer to the TDES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the TDES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +TdesCbcDecrypt ( + IN VOID *TdesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + -- cgit v1.2.3