]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CryptoPkg: Document and disable deprecated crypto services
[mirror_edk2.git] / CryptoPkg / Include / Pcd / PcdCryptoServiceFamilyEnable.h
1 /** @file
2 Defines the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure associated with
3 gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable that is used
4 to enable/disable crypto services at either the family scope or the
5 individual service scope. Platforms can minimize the number of enabled
6 services to reduce size.
7
8 The following services have been deprecated and must never be enabled.
9 The associated fields in this data structure are never removed or replaced
10 to preseve the binary layout of the data structure. New services are
11 always added to the end of the data structure.
12 * HmacMd5 family
13 * HmacSha1 family
14 * Md4 family
15 * Md5 family
16 * Tdes family
17 * Arc4 family
18 * Aes.Services.EcbEncrypt service
19 * Aes.Services.EcbDecrypt service
20
21 Is is recommended that the following services always be disabled and may
22 be deprecated in the future.
23 * Sha1 family
24
25 Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
26 SPDX-License-Identifier: BSD-2-Clause-Patent
27
28 **/
29
30 #ifndef __PCD_CRYPTO_SERVICE_FAMILY_ENABLE_H__
31 #define __PCD_CRYPTO_SERVICE_FAMILY_ENABLE_H__
32
33 ///
34 /// Define used to enable all the crypto services in a family
35 ///
36 #define PCD_CRYPTO_SERVICE_ENABLE_FAMILY 0xFFFFFFFF
37
38 ///
39 /// PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure. Each field in this structure
40 /// is associated with a service in the EDK II Crypto Protocol/PPI. This allows
41 /// each individual service to be enabled/disabled in a DSC file. Services are
42 /// also grouped into families. Unions are used to support enabling or
43 /// disabling an entire family in a single DSC statement.
44 ///
45 typedef struct {
46 union {
47 struct {
48 UINT8 New : 1; // Deprecated
49 UINT8 Free : 1; // Deprecated
50 UINT8 SetKey : 1; // Deprecated
51 UINT8 Duplicate : 1; // Deprecated
52 UINT8 Update : 1; // Deprecated
53 UINT8 Final : 1; // Deprecated
54 } Services;
55 UINT32 Family; // Deprecated
56 } HmacMd5;
57 union {
58 struct {
59 UINT8 New : 1; // Deprecated
60 UINT8 Free : 1; // Deprecated
61 UINT8 SetKey : 1; // Deprecated
62 UINT8 Duplicate : 1; // Deprecated
63 UINT8 Update : 1; // Deprecated
64 UINT8 Final : 1; // Deprecated
65 } Services;
66 UINT32 Family; // Deprecated
67 } HmacSha1;
68 union {
69 struct {
70 UINT8 New : 1;
71 UINT8 Free : 1;
72 UINT8 SetKey : 1;
73 UINT8 Duplicate : 1;
74 UINT8 Update : 1;
75 UINT8 Final : 1;
76 UINT8 All : 1;
77 } Services;
78 UINT32 Family;
79 } HmacSha256;
80 union {
81 struct {
82 UINT8 New : 1;
83 UINT8 Free : 1;
84 UINT8 SetKey : 1;
85 UINT8 Duplicate : 1;
86 UINT8 Update : 1;
87 UINT8 Final : 1;
88 UINT8 All : 1;
89 } Services;
90 UINT32 Family;
91 } HmacSha384;
92 union {
93 struct {
94 UINT8 GetContextSize : 1; // Deprecated
95 UINT8 Init : 1; // Deprecated
96 UINT8 Duplicate : 1; // Deprecated
97 UINT8 Update : 1; // Deprecated
98 UINT8 Final : 1; // Deprecated
99 UINT8 HashAll : 1; // Deprecated
100 } Services;
101 UINT32 Family; // Deprecated
102 } Md4;
103 union {
104 struct {
105 UINT8 GetContextSize : 1; // Deprecated
106 UINT8 Init : 1; // Deprecated
107 UINT8 Duplicate : 1; // Deprecated
108 UINT8 Update : 1; // Deprecated
109 UINT8 Final : 1; // Deprecated
110 UINT8 HashAll : 1; // Deprecated
111 } Services;
112 UINT32 Family;
113 } Md5; // Deprecated
114 union {
115 struct {
116 UINT8 Pkcs1v2Encrypt : 1;
117 UINT8 Pkcs5HashPassword : 1;
118 UINT8 Pkcs7Verify : 1;
119 UINT8 VerifyEKUsInPkcs7Signature : 1;
120 UINT8 Pkcs7GetSigners : 1;
121 UINT8 Pkcs7FreeSigners : 1;
122 UINT8 Pkcs7Sign : 1;
123 UINT8 Pkcs7GetAttachedContent : 1;
124 UINT8 Pkcs7GetCertificatesList : 1;
125 UINT8 AuthenticodeVerify : 1;
126 UINT8 ImageTimestampVerify : 1;
127 } Services;
128 UINT32 Family;
129 } Pkcs;
130 union {
131 struct {
132 UINT8 New : 1;
133 UINT8 Free : 1;
134 UINT8 GenerateParameter : 1;
135 UINT8 SetParameter : 1;
136 UINT8 GenerateKey : 1;
137 UINT8 ComputeKey : 1;
138 } Services;
139 UINT32 Family;
140 } Dh;
141 union {
142 struct {
143 UINT8 Seed : 1;
144 UINT8 Bytes : 1;
145 } Services;
146 UINT32 Family;
147 } Random;
148 union {
149 struct {
150 UINT8 VerifyPkcs1 : 1;
151 UINT8 New : 1;
152 UINT8 Free : 1;
153 UINT8 SetKey : 1;
154 UINT8 GetKey : 1;
155 UINT8 GenerateKey : 1;
156 UINT8 CheckKey : 1;
157 UINT8 Pkcs1Sign : 1;
158 UINT8 Pkcs1Verify : 1;
159 UINT8 GetPrivateKeyFromPem : 1;
160 UINT8 GetPublicKeyFromX509 : 1;
161 } Services;
162 UINT32 Family;
163 } Rsa;
164 union {
165 struct {
166 UINT8 GetContextSize : 1; // Recommend disable
167 UINT8 Init : 1; // Recommend disable
168 UINT8 Duplicate : 1; // Recommend disable
169 UINT8 Update : 1; // Recommend disable
170 UINT8 Final : 1; // Recommend disable
171 UINT8 HashAll : 1; // Recommend disable
172 } Services;
173 UINT32 Family; // Recommend disable
174 } Sha1;
175 union {
176 struct {
177 UINT8 GetContextSize : 1;
178 UINT8 Init : 1;
179 UINT8 Duplicate : 1;
180 UINT8 Update : 1;
181 UINT8 Final : 1;
182 UINT8 HashAll : 1;
183 } Services;
184 UINT32 Family;
185 } Sha256;
186 union {
187 struct {
188 UINT8 GetContextSize : 1;
189 UINT8 Init : 1;
190 UINT8 Duplicate : 1;
191 UINT8 Update : 1;
192 UINT8 Final : 1;
193 UINT8 HashAll : 1;
194 } Services;
195 UINT32 Family;
196 } Sha384;
197 union {
198 struct {
199 UINT8 GetContextSize : 1;
200 UINT8 Init : 1;
201 UINT8 Duplicate : 1;
202 UINT8 Update : 1;
203 UINT8 Final : 1;
204 UINT8 HashAll : 1;
205 } Services;
206 UINT32 Family;
207 } Sha512;
208 union {
209 struct {
210 UINT8 GetSubjectName : 1;
211 UINT8 GetCommonName : 1;
212 UINT8 GetOrganizationName : 1;
213 UINT8 VerifyCert : 1;
214 UINT8 ConstructCertificate : 1;
215 UINT8 ConstructCertificateStack : 1;
216 UINT8 ConstructCertificateStackV : 1;
217 UINT8 Free : 1;
218 UINT8 StackFree : 1;
219 UINT8 GetTBSCert : 1;
220 UINT8 GetVersion : 1;
221 UINT8 GetSerialNumber : 1;
222 UINT8 GetIssuerName : 1;
223 UINT8 GetSignatureAlgorithm : 1;
224 UINT8 GetExtensionData : 1;
225 UINT8 GetExtendedKeyUsage : 1;
226 UINT8 GetValidity : 1;
227 UINT8 FormatDateTime : 1;
228 UINT8 CompareDateTime : 1;
229 UINT8 GetKeyUsage : 1;
230 UINT8 VerifyCertChain : 1;
231 UINT8 GetCertFromCertChain : 1;
232 UINT8 Asn1GetTag : 1;
233 UINT8 GetExtendedBasicConstraints : 1;
234 } Services;
235 UINT32 Family;
236 } X509;
237 union {
238 struct {
239 UINT8 GetContextSize : 1; // Deprecated
240 UINT8 Init : 1; // Deprecated
241 UINT8 EcbEncrypt : 1; // Deprecated
242 UINT8 EcbDecrypt : 1; // Deprecated
243 UINT8 CbcEncrypt : 1; // Deprecated
244 UINT8 CbcDecrypt : 1; // Deprecated
245 } Services;
246 UINT32 Family; // Deprecated
247 } Tdes;
248 union {
249 struct {
250 UINT8 GetContextSize : 1;
251 UINT8 Init : 1;
252 UINT8 EcbEncrypt : 1; // Deprecated
253 UINT8 EcbDecrypt : 1; // Deprecated
254 UINT8 CbcEncrypt : 1;
255 UINT8 CbcDecrypt : 1;
256 } Services;
257 UINT32 Family;
258 } Aes;
259 union {
260 struct {
261 UINT8 GetContextSize : 1; // Deprecated
262 UINT8 Init : 1; // Deprecated
263 UINT8 Encrypt : 1; // Deprecated
264 UINT8 Decrypt : 1; // Deprecated
265 UINT8 Reset : 1; // Deprecated
266 } Services;
267 UINT32 Family; // Deprecated
268 } Arc4;
269 union {
270 struct {
271 UINT8 GetContextSize : 1;
272 UINT8 Init : 1;
273 UINT8 Duplicate : 1;
274 UINT8 Update : 1;
275 UINT8 Final : 1;
276 UINT8 HashAll : 1;
277 } Services;
278 UINT32 Family;
279 } Sm3;
280 union {
281 struct {
282 UINT8 Sha256ExtractAndExpand : 1;
283 UINT8 Sha256Extract : 1;
284 UINT8 Sha256Expand : 1;
285 UINT8 Sha384ExtractAndExpand : 1;
286 UINT8 Sha384Extract : 1;
287 UINT8 Sha384Expand : 1;
288 } Services;
289 UINT32 Family;
290 } Hkdf;
291 union {
292 struct {
293 UINT8 Initialize : 1;
294 UINT8 CtxFree : 1;
295 UINT8 CtxNew : 1;
296 UINT8 Free : 1;
297 UINT8 New : 1;
298 UINT8 InHandshake : 1;
299 UINT8 DoHandshake : 1;
300 UINT8 HandleAlert : 1;
301 UINT8 CloseNotify : 1;
302 UINT8 CtrlTrafficOut : 1;
303 UINT8 CtrlTrafficIn : 1;
304 UINT8 Read : 1;
305 UINT8 Write : 1;
306 UINT8 Shutdown : 1;
307 } Services;
308 UINT32 Family;
309 } Tls;
310 union {
311 struct {
312 UINT8 Version : 1;
313 UINT8 ConnectionEnd : 1;
314 UINT8 CipherList : 1;
315 UINT8 CompressionMethod : 1;
316 UINT8 Verify : 1;
317 UINT8 VerifyHost : 1;
318 UINT8 SessionId : 1;
319 UINT8 CaCertificate : 1;
320 UINT8 HostPublicCert : 1;
321 UINT8 HostPrivateKey : 1;
322 UINT8 CertRevocationList : 1;
323 UINT8 HostPrivateKeyEx : 1;
324 UINT8 SignatureAlgoList : 1;
325 UINT8 EcCurve : 1;
326 } Services;
327 UINT32 Family;
328 } TlsSet;
329 union {
330 struct {
331 UINT8 Version : 1;
332 UINT8 ConnectionEnd : 1;
333 UINT8 CurrentCipher : 1;
334 UINT8 CurrentCompressionId : 1;
335 UINT8 Verify : 1;
336 UINT8 SessionId : 1;
337 UINT8 ClientRandom : 1;
338 UINT8 ServerRandom : 1;
339 UINT8 KeyMaterial : 1;
340 UINT8 CaCertificate : 1;
341 UINT8 HostPublicCert : 1;
342 UINT8 HostPrivateKey : 1;
343 UINT8 CertRevocationList : 1;
344 UINT8 ExportKey : 1;
345 } Services;
346 UINT32 Family;
347 } TlsGet;
348 union {
349 struct {
350 UINT8 Sign : 1;
351 UINT8 Verify : 1;
352 } Services;
353 UINT32 Family;
354 } RsaPss;
355 union {
356 struct {
357 UINT8 HashAll : 1;
358 } Services;
359 UINT32 Family;
360 } ParallelHash;
361 union {
362 struct {
363 UINT8 Encrypt : 1;
364 UINT8 Decrypt : 1;
365 } Services;
366 UINT32 Family;
367 } AeadAesGcm;
368 union {
369 struct {
370 UINT8 Init : 1;
371 UINT8 FromBin : 1;
372 UINT8 ToBin : 1;
373 UINT8 Free : 1;
374 UINT8 Add : 1;
375 UINT8 Sub : 1;
376 UINT8 Mod : 1;
377 UINT8 ExpMod : 1;
378 UINT8 InverseMod : 1;
379 UINT8 Div : 1;
380 UINT8 MulMod : 1;
381 UINT8 Cmp : 1;
382 UINT8 Bits : 1;
383 UINT8 Bytes : 1;
384 UINT8 IsWord : 1;
385 UINT8 IsOdd : 1;
386 UINT8 Copy : 1;
387 UINT8 ValueOne : 1;
388 UINT8 RShift : 1;
389 UINT8 ConstTime : 1;
390 UINT8 SqrMod : 1;
391 UINT8 NewContext : 1;
392 UINT8 ContextFree : 1;
393 UINT8 SetUint : 1;
394 UINT8 AddMod : 1;
395 } Services;
396 UINT32 Family;
397 } Bn;
398 union {
399 struct {
400 UINT8 GroupInit : 1;
401 UINT8 GroupGetCurve : 1;
402 UINT8 GroupGetOrder : 1;
403 UINT8 GroupFree : 1;
404 UINT8 PointInit : 1;
405 UINT8 PointDeInit : 1;
406 UINT8 PointGetAffineCoordinates : 1;
407 UINT8 PointSetAffineCoordinates : 1;
408 UINT8 PointAdd : 1;
409 UINT8 PointMul : 1;
410 UINT8 PointInvert : 1;
411 UINT8 PointIsOnCurve : 1;
412 UINT8 PointIsAtInfinity : 1;
413 UINT8 PointEqual : 1;
414 UINT8 PointSetCompressedCoordinates : 1;
415 UINT8 NewByNid : 1;
416 UINT8 Free : 1;
417 UINT8 GenerateKey : 1;
418 UINT8 GetPubKey : 1;
419 UINT8 DhComputeKey : 1;
420 UINT8 GetPublicKeyFromX509 : 1;
421 UINT8 GetPrivateKeyFromPem : 1;
422 UINT8 DsaSign : 1;
423 UINT8 DsaVerify : 1;
424 } Services;
425 UINT32 Family;
426 } Ec;
427 } PCD_CRYPTO_SERVICE_FAMILY_ENABLE;
428
429 #endif
EFI Development Kit II mirror for PVE