]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
projects / mirror_edk2.git / blob
? search:


f3a1eb7293de8da7c88a5abf16463ad6e46f7d29
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Cipher / CryptTdes.c
1 /** @file
2 TDES Wrapper Implementation over OpenSSL.
3
4 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "InternalCryptLib.h"
16 #include <openssl/des.h>
17
18 /**
19 Retrieves the size, in bytes, of the context buffer required for TDES operations.
20
21 @return The size, in bytes, of the context buffer required for TDES operations.
22
23 **/
24 UINTN
25 EFIAPI
26 TdesGetContextSize (
27 VOID
28 )
29 {
30 //
31 // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
32 //
33 return (UINTN) (3 * sizeof (DES_key_schedule));
34 }
35
36 /**
37 Initializes user-supplied memory as TDES context for subsequent use.
38
39 This function initializes user-supplied memory pointed by TdesContext as TDES context.
40 In addition, it sets up all TDES key materials for subsequent encryption and decryption
41 operations.
42 There are 3 key options as follows:
43 KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
44 KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
45 KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
46
47 If TdesContext is NULL, then return FALSE.
48 If Key is NULL, then return FALSE.
49 If KeyLength is not valid, then return FALSE.
50
51 @param[out] TdesContext Pointer to TDES context being initialized.
52 @param[in] Key Pointer to the user-supplied TDES key.
53 @param[in] KeyLength Length of TDES key in bits.
54
55 @retval TRUE TDES context initialization succeeded.
56 @retval FALSE TDES context initialization failed.
57
58 **/
59 BOOLEAN
60 EFIAPI
61 TdesInit (
62 OUT VOID *TdesContext,
63 IN CONST UINT8 *Key,
64 IN UINTN KeyLength
65 )
66 {
67 DES_key_schedule *KeySchedule;
68
69 //
70 // Check input parameters.
71 //
72 if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) {
73 return FALSE;
74 }
75
76 KeySchedule = (DES_key_schedule *) TdesContext;
77
78 //
79 // If input Key is a weak key, return error.
80 //
81 if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
82 return FALSE;
83 }
84
85 DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
86
87 if (KeyLength == 64) {
88 CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
89 CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
90 return TRUE;
91 }
92
93 if (DES_is_weak_key ((const_DES_cblock *) Key + 8) == 1) {
94 return FALSE;
95 }
96
97 DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
98
99 if (KeyLength == 128) {
100 CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
101 return TRUE;
102 }
103
104 if (DES_is_weak_key ((const_DES_cblock *) Key + 16) == 1) {
105 return FALSE;
106 }
107
108 DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
109
110 return TRUE;
111 }
112
113 /**
114 Performs TDES encryption on a data buffer of the specified size in ECB mode.
115
116 This function performs TDES encryption on data buffer pointed by Input, of specified
117 size of InputSize, in ECB mode.
118 InputSize must be multiple of block size (8 bytes). This function does not perform
119 padding. Caller must perform padding, if necessary, to ensure valid input data size.
120 TdesContext should be already correctly initialized by TdesInit(). Behavior with
121 invalid TDES context is undefined.
122
123 If TdesContext is NULL, then return FALSE.
124 If Input is NULL, then return FALSE.
125 If InputSize is not multiple of block size (8 bytes), then return FALSE.
126 If Output is NULL, then return FALSE.
127
128 @param[in] TdesContext Pointer to the TDES context.
129 @param[in] Input Pointer to the buffer containing the data to be encrypted.
130 @param[in] InputSize Size of the Input buffer in bytes.
131 @param[out] Output Pointer to a buffer that receives the TDES encryption output.
132
133 @retval TRUE TDES encryption succeeded.
134 @retval FALSE TDES encryption failed.
135
136 **/
137 BOOLEAN
138 EFIAPI
139 TdesEcbEncrypt (
140 IN VOID *TdesContext,
141 IN CONST UINT8 *Input,
142 IN UINTN InputSize,
143 OUT UINT8 *Output
144 )
145 {
146 DES_key_schedule *KeySchedule;
147
148 //
149 // Check input parameters.
150 //
151 if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
152 return FALSE;
153 }
154
155 KeySchedule = (DES_key_schedule *) TdesContext;
156
157 while (InputSize > 0) {
158 DES_ecb3_encrypt (
159 (const_DES_cblock *) Input,
160 (DES_cblock *) Output,
161 KeySchedule,
162 KeySchedule + 1,
163 KeySchedule + 2,
164 DES_ENCRYPT
165 );
166 Input += TDES_BLOCK_SIZE;
167 Output += TDES_BLOCK_SIZE;
168 InputSize -= TDES_BLOCK_SIZE;
169 }
170
171 return TRUE;
172 }
173
174 /**
175 Performs TDES decryption on a data buffer of the specified size in ECB mode.
176
177 This function performs TDES decryption on data buffer pointed by Input, of specified
178 size of InputSize, in ECB mode.
179 InputSize must be multiple of block size (8 bytes). This function does not perform
180 padding. Caller must perform padding, if necessary, to ensure valid input data size.
181 TdesContext should be already correctly initialized by TdesInit(). Behavior with
182 invalid TDES context is undefined.
183
184 If TdesContext is NULL, then return FALSE.
185 If Input is NULL, then return FALSE.
186 If InputSize is not multiple of block size (8 bytes), then return FALSE.
187 If Output is NULL, then return FALSE.
188
189 @param[in] TdesContext Pointer to the TDES context.
190 @param[in] Input Pointer to the buffer containing the data to be decrypted.
191 @param[in] InputSize Size of the Input buffer in bytes.
192 @param[out] Output Pointer to a buffer that receives the TDES decryption output.
193
194 @retval TRUE TDES decryption succeeded.
195 @retval FALSE TDES decryption failed.
196
197 **/
198 BOOLEAN
199 EFIAPI
200 TdesEcbDecrypt (
201 IN VOID *TdesContext,
202 IN CONST UINT8 *Input,
203 IN UINTN InputSize,
204 OUT UINT8 *Output
205 )
206 {
207 DES_key_schedule *KeySchedule;
208
209 //
210 // Check input parameters.
211 //
212 if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
213 return FALSE;
214 }
215
216 KeySchedule = (DES_key_schedule *) TdesContext;
217
218 while (InputSize > 0) {
219 DES_ecb3_encrypt (
220 (const_DES_cblock *) Input,
221 (DES_cblock *) Output,
222 KeySchedule,
223 KeySchedule + 1,
224 KeySchedule + 2,
225 DES_DECRYPT
226 );
227 Input += TDES_BLOCK_SIZE;
228 Output += TDES_BLOCK_SIZE;
229 InputSize -= TDES_BLOCK_SIZE;
230 }
231
232 return TRUE;
233 }
234
235 /**
236 Performs TDES encryption on a data buffer of the specified size in CBC mode.
237
238 This function performs TDES encryption on data buffer pointed by Input, of specified
239 size of InputSize, in CBC mode.
240 InputSize must be multiple of block size (8 bytes). This function does not perform
241 padding. Caller must perform padding, if necessary, to ensure valid input data size.
242 Initialization vector should be one block size (8 bytes).
243 TdesContext should be already correctly initialized by TdesInit(). Behavior with
244 invalid TDES context is undefined.
245
246 If TdesContext is NULL, then return FALSE.
247 If Input is NULL, then return FALSE.
248 If InputSize is not multiple of block size (8 bytes), then return FALSE.
249 If Ivec is NULL, then return FALSE.
250 If Output is NULL, then return FALSE.
251
252 @param[in] TdesContext Pointer to the TDES context.
253 @param[in] Input Pointer to the buffer containing the data to be encrypted.
254 @param[in] InputSize Size of the Input buffer in bytes.
255 @param[in] Ivec Pointer to initialization vector.
256 @param[out] Output Pointer to a buffer that receives the TDES encryption output.
257
258 @retval TRUE TDES encryption succeeded.
259 @retval FALSE TDES encryption failed.
260
261 **/
262 BOOLEAN
263 EFIAPI
264 TdesCbcEncrypt (
265 IN VOID *TdesContext,
266 IN CONST UINT8 *Input,
267 IN UINTN InputSize,
268 IN CONST UINT8 *Ivec,
269 OUT UINT8 *Output
270 )
271 {
272 DES_key_schedule *KeySchedule;
273 UINT8 IvecBuffer[TDES_BLOCK_SIZE];
274
275 //
276 // Check input parameters.
277 //
278 if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
279 return FALSE;
280 }
281
282 KeySchedule = (DES_key_schedule *) TdesContext;
283 CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
284
285 DES_ede3_cbc_encrypt (
286 Input,
287 Output,
288 (UINT32) InputSize,
289 KeySchedule,
290 KeySchedule + 1,
291 KeySchedule + 2,
292 (DES_cblock *) IvecBuffer,
293 DES_ENCRYPT
294 );
295
296 return TRUE;
297 }
298
299 /**
300 Performs TDES decryption on a data buffer of the specified size in CBC mode.
301
302 This function performs TDES decryption on data buffer pointed by Input, of specified
303 size of InputSize, in CBC mode.
304 InputSize must be multiple of block size (8 bytes). This function does not perform
305 padding. Caller must perform padding, if necessary, to ensure valid input data size.
306 Initialization vector should be one block size (8 bytes).
307 TdesContext should be already correctly initialized by TdesInit(). Behavior with
308 invalid TDES context is undefined.
309
310 If TdesContext is NULL, then return FALSE.
311 If Input is NULL, then return FALSE.
312 If InputSize is not multiple of block size (8 bytes), then return FALSE.
313 If Ivec is NULL, then return FALSE.
314 If Output is NULL, then return FALSE.
315
316 @param[in] TdesContext Pointer to the TDES context.
317 @param[in] Input Pointer to the buffer containing the data to be encrypted.
318 @param[in] InputSize Size of the Input buffer in bytes.
319 @param[in] Ivec Pointer to initialization vector.
320 @param[out] Output Pointer to a buffer that receives the TDES encryption output.
321
322 @retval TRUE TDES decryption succeeded.
323 @retval FALSE TDES decryption failed.
324
325 **/
326 BOOLEAN
327 EFIAPI
328 TdesCbcDecrypt (
329 IN VOID *TdesContext,
330 IN CONST UINT8 *Input,
331 IN UINTN InputSize,
332 IN CONST UINT8 *Ivec,
333 OUT UINT8 *Output
334 )
335 {
336 DES_key_schedule *KeySchedule;
337 UINT8 IvecBuffer[TDES_BLOCK_SIZE];
338
339 //
340 // Check input parameters.
341 //
342 if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) {
343 return FALSE;
344 }
345
346 KeySchedule = (DES_key_schedule *) TdesContext;
347 CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
348
349 DES_ede3_cbc_encrypt (
350 Input,
351 Output,
352 (UINT32) InputSize,
353 KeySchedule,
354 KeySchedule + 1,
355 KeySchedule + 2,
356 (DES_cblock *) IvecBuffer,
357 DES_DECRYPT
358 );
359
360 return TRUE;
361 }
362
EFI Development Kit II mirror for PVE