CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>

1 files changed, 0 insertions, 151 deletions

diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index dfe7fb7e91..a614b61ed4 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1016,157 +1016,6 @@ Sm3HashAll (
 //=====================================================================================

 

 /**

-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.

-

-  If this interface is not supported, then return NULL.

-

-  @return  Pointer to the HMAC_CTX context that has been initialized.

-           If the allocations fails, HmacSha1New() returns NULL.

-  @return  NULL   This interface is not supported.

-

-**/

-VOID *

-EFIAPI

-HmacSha1New (

-  VOID

-  )

-{

-  CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL);

-}

-

-/**

-  Release the specified HMAC_CTX context.

-

-  If this interface is not supported, then do nothing.

-

-  @param[in]  HmacSha1Ctx  Pointer to the HMAC_CTX context to be released.

-

-**/

-VOID

-EFIAPI

-HmacSha1Free (

-  IN  VOID  *HmacSha1Ctx

-  )

-{

-  CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx));

-}

-

-/**

-  Set user-supplied key for subsequent use. It must be done before any

-  calling to HmacSha1Update().

-

-  If HmacSha1Context is NULL, then return FALSE.

-  If this interface is not supported, then return FALSE.

-

-  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context.

-  @param[in]   Key              Pointer to the user-supplied key.

-  @param[in]   KeySize          Key size in bytes.

-

-  @retval TRUE   The Key is set successfully.

-  @retval FALSE  The Key is set unsuccessfully.

-  @retval FALSE  This interface is not supported.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1SetKey (

-  OUT  VOID         *HmacSha1Context,

-  IN   CONST UINT8  *Key,

-  IN   UINTN        KeySize

-  )

-{

-  CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE);

-}

-

-/**

-  Makes a copy of an existing HMAC-SHA1 context.

-

-  If HmacSha1Context is NULL, then return FALSE.

-  If NewHmacSha1Context is NULL, then return FALSE.

-  If this interface is not supported, then return FALSE.

-

-  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.

-  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.

-

-  @retval TRUE   HMAC-SHA1 context copy succeeded.

-  @retval FALSE  HMAC-SHA1 context copy failed.

-  @retval FALSE  This interface is not supported.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Duplicate (

-  IN   CONST VOID  *HmacSha1Context,

-  OUT  VOID        *NewHmacSha1Context

-  )

-{

-  CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE);

-}

-

-/**

-  Digests the input data and updates HMAC-SHA1 context.

-

-  This function performs HMAC-SHA1 digest on a data buffer of the specified size.

-  It can be called multiple times to compute the digest of long or discontinuous data streams.

-  HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by

-  HmacSha1Final(). Behavior with invalid context is undefined.

-

-  If HmacSha1Context is NULL, then return FALSE.

-  If this interface is not supported, then return FALSE.

-

-  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.

-  @param[in]       Data            Pointer to the buffer containing the data to be digested.

-  @param[in]       DataSize        Size of Data buffer in bytes.

-

-  @retval TRUE   HMAC-SHA1 data digest succeeded.

-  @retval FALSE  HMAC-SHA1 data digest failed.

-  @retval FALSE  This interface is not supported.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Update (

-  IN OUT  VOID        *HmacSha1Context,

-  IN      CONST VOID  *Data,

-  IN      UINTN       DataSize

-  )

-{

-  CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE);

-}

-

-/**

-  Completes computation of the HMAC-SHA1 digest value.

-

-  This function completes HMAC-SHA1 hash computation and retrieves the digest value into

-  the specified memory. After this function has been called, the HMAC-SHA1 context cannot

-  be used again.

-  HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized

-  by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.

-

-  If HmacSha1Context is NULL, then return FALSE.

-  If HmacValue is NULL, then return FALSE.

-  If this interface is not supported, then return FALSE.

-

-  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.

-  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest

-                                    value (20 bytes).

-

-  @retval TRUE   HMAC-SHA1 digest computation succeeded.

-  @retval FALSE  HMAC-SHA1 digest computation failed.

-  @retval FALSE  This interface is not supported.

-

-**/

-BOOLEAN

-EFIAPI

-HmacSha1Final (

-  IN OUT  VOID   *HmacSha1Context,

-  OUT     UINT8  *HmacValue

-  )

-{

-  CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);

-}

-

-/**

   Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.

 

   @return  Pointer to the HMAC_CTX context that has been initialized.