From 663a5ca59d8b0037b3d1b445ce93ae3181f03685 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 30 Sep 2014 15:27:19 +0800 Subject: [PATCH 68/74] Cryptlib: remove the unused files I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some functions we would never use. This commit removes those files to avoid any potential trouble. Signed-off-by: Gary Ching-Pang Lin --- Cryptlib/Makefile | 5 +- Cryptlib/Pk/CryptDh.c | 328 -------------------------------- Cryptlib/Pk/CryptDhNull.c | 156 +++++++++++++++ Cryptlib/Pk/CryptPkcs7Sign.c | 207 -------------------- Cryptlib/Pk/CryptPkcs7VerifyNull.c | 100 ---------- Cryptlib/Pk/CryptRsaExt.c | 377 ------------------------------------- Cryptlib/update.sh | 5 +- 7 files changed, 158 insertions(+), 1020 deletions(-) delete mode 100644 Cryptlib/Pk/CryptDh.c create mode 100644 Cryptlib/Pk/CryptDhNull.c delete mode 100644 Cryptlib/Pk/CryptPkcs7Sign.c delete mode 100644 Cryptlib/Pk/CryptPkcs7VerifyNull.c delete mode 100644 Cryptlib/Pk/CryptRsaExt.c diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 73a1e2b..9719a27 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \ Cipher/CryptArc4.o \ Rand/CryptRand.o \ Pk/CryptRsaBasic.o \ - Pk/CryptRsaExt.o \ Pk/CryptRsaExtNull.o \ - Pk/CryptPkcs7Sign.o \ Pk/CryptPkcs7SignNull.o \ Pk/CryptPkcs7Verify.o \ - Pk/CryptPkcs7VerifyNull.o \ - Pk/CryptDh.o \ + Pk/CryptDhNull.o \ Pk/CryptX509.o \ Pk/CryptAuthenticode.o \ Pem/CryptPem.o \ diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c deleted file mode 100644 index 942b3d1..0000000 --- a/Cryptlib/Pk/CryptDh.c +++ /dev/null @@ -1,328 +0,0 @@ -/** @file - Diffie-Hellman Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" -#include - - -/** - Allocates and Initializes one Diffie-Hellman Context for subsequent use. - - @return Pointer to the Diffie-Hellman Context that has been initialized. - If the allocations fails, DhNew() returns NULL. - -**/ -VOID * -EFIAPI -DhNew ( - VOID - ) -{ - // - // Allocates & Initializes DH Context by OpenSSL DH_new() - // - return (VOID *) DH_new (); -} - -/** - Release the specified DH context. - - If DhContext is NULL, then return FALSE. - - @param[in] DhContext Pointer to the DH context to be released. - -**/ -VOID -EFIAPI -DhFree ( - IN VOID *DhContext - ) -{ - // - // Free OpenSSL DH Context - // - DH_free ((DH *) DhContext); -} - -/** - Generates DH parameter. - - Given generator g, and length of prime number p in bits, this function generates p, - and sets DH context according to value of g and p. - - Before this function can be invoked, pseudorandom number generator must be correctly - initialized by RandomSeed(). - - If DhContext is NULL, then return FALSE. - If Prime is NULL, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[in] Generator Value of generator. - @param[in] PrimeLength Length in bits of prime to be generated. - @param[out] Prime Pointer to the buffer to receive the generated prime number. - - @retval TRUE DH pamameter generation succeeded. - @retval FALSE Value of Generator is not supported. - @retval FALSE PRNG fails to generate random prime number with PrimeLength. - -**/ -BOOLEAN -EFIAPI -DhGenerateParameter ( - IN OUT VOID *DhContext, - IN UINTN Generator, - IN UINTN PrimeLength, - OUT UINT8 *Prime - ) -{ - BOOLEAN RetVal; - - // - // Check input parameters. - // - if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { - return FALSE; - } - - if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { - return FALSE; - } - - RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL); - if (!RetVal) { - return FALSE; - } - - BN_bn2bin (((DH *) DhContext)->p, Prime); - - return TRUE; -} - -/** - Sets generator and prime parameters for DH. - - Given generator g, and prime number p, this function and sets DH - context accordingly. - - If DhContext is NULL, then return FALSE. - If Prime is NULL, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[in] Generator Value of generator. - @param[in] PrimeLength Length in bits of prime to be generated. - @param[in] Prime Pointer to the prime number. - - @retval TRUE DH pamameter setting succeeded. - @retval FALSE Value of Generator is not supported. - @retval FALSE Value of Generator is not suitable for the Prime. - @retval FALSE Value of Prime is not a prime number. - @retval FALSE Value of Prime is not a safe prime number. - -**/ -BOOLEAN -EFIAPI -DhSetParameter ( - IN OUT VOID *DhContext, - IN UINTN Generator, - IN UINTN PrimeLength, - IN CONST UINT8 *Prime - ) -{ - DH *Dh; - BIGNUM *Bn; - - // - // Check input parameters. - // - if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) { - return FALSE; - } - - if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { - return FALSE; - } - - Bn = NULL; - - Dh = (DH *) DhContext; - Dh->g = NULL; - Dh->p = BN_new (); - if (Dh->p == NULL) { - goto Error; - } - - Dh->g = BN_new (); - if (Dh->g == NULL) { - goto Error; - } - - Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p); - if (Bn == NULL) { - goto Error; - } - - if (BN_set_word (Dh->g, (UINT32) Generator) == 0) { - goto Error; - } - - return TRUE; - -Error: - - if (Dh->p != NULL) { - BN_free (Dh->p); - } - - if (Dh->g != NULL) { - BN_free (Dh->g); - } - - if (Bn != NULL) { - BN_free (Bn); - } - - return FALSE; -} - -/** - Generates DH public key. - - This function generates random secret exponent, and computes the public key, which is - returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. - If the PublicKey buffer is too small to hold the public key, FALSE is returned and - PublicKeySize is set to the required buffer size to obtain the public key. - - If DhContext is NULL, then return FALSE. - If PublicKeySize is NULL, then return FALSE. - If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[out] PublicKey Pointer to the buffer to receive generated public key. - @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. - On output, the size of data returned in PublicKey buffer in bytes. - - @retval TRUE DH public key generation succeeded. - @retval FALSE DH public key generation failed. - @retval FALSE PublicKeySize is not large enough. - -**/ -BOOLEAN -EFIAPI -DhGenerateKey ( - IN OUT VOID *DhContext, - OUT UINT8 *PublicKey, - IN OUT UINTN *PublicKeySize - ) -{ - BOOLEAN RetVal; - DH *Dh; - INTN Size; - - // - // Check input parameters. - // - if (DhContext == NULL || PublicKeySize == NULL) { - return FALSE; - } - - if (PublicKey == NULL && *PublicKeySize != 0) { - return FALSE; - } - - Dh = (DH *) DhContext; - - RetVal = (BOOLEAN) DH_generate_key (DhContext); - if (RetVal) { - Size = BN_num_bytes (Dh->pub_key); - if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) { - *PublicKeySize = Size; - return FALSE; - } - - BN_bn2bin (Dh->pub_key, PublicKey); - *PublicKeySize = Size; - } - - return RetVal; -} - -/** - Computes exchanged common key. - - Given peer's public key, this function computes the exchanged common key, based on its own - context including value of prime modulus and random secret exponent. - - If DhContext is NULL, then return FALSE. - If PeerPublicKey is NULL, then return FALSE. - If KeySize is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize is not large enough, then return FALSE. - - @param[in, out] DhContext Pointer to the DH context. - @param[in] PeerPublicKey Pointer to the peer's public key. - @param[in] PeerPublicKeySize Size of peer's public key in bytes. - @param[out] Key Pointer to the buffer to receive generated key. - @param[in, out] KeySize On input, the size of Key buffer in bytes. - On output, the size of data returned in Key buffer in bytes. - - @retval TRUE DH exchanged key generation succeeded. - @retval FALSE DH exchanged key generation failed. - @retval FALSE KeySize is not large enough. - -**/ -BOOLEAN -EFIAPI -DhComputeKey ( - IN OUT VOID *DhContext, - IN CONST UINT8 *PeerPublicKey, - IN UINTN PeerPublicKeySize, - OUT UINT8 *Key, - IN OUT UINTN *KeySize - ) -{ - BIGNUM *Bn; - INTN Size; - - // - // Check input parameters. - // - if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) { - return FALSE; - } - - if (PeerPublicKeySize > INT_MAX) { - return FALSE; - } - - Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL); - if (Bn == NULL) { - return FALSE; - } - - Size = DH_compute_key (Key, Bn, DhContext); - if (Size < 0) { - BN_free (Bn); - return FALSE; - } - - if (*KeySize < (UINTN) Size) { - *KeySize = Size; - BN_free (Bn); - return FALSE; - } - - *KeySize = Size; - BN_free (Bn); - return TRUE; -} diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c new file mode 100644 index 0000000..35045db --- /dev/null +++ b/Cryptlib/Pk/CryptDhNull.c @@ -0,0 +1,156 @@ +/** @file + Diffie-Hellman Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and Initializes one Diffie-Hellman Context for subsequent use. + + @return Pointer to the Diffie-Hellman Context that has been initialized. + If the interface is not supported, DhNew() returns NULL. + +**/ +VOID * +EFIAPI +DhNew ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified DH context. + + If the interface is not supported, then ASSERT(). + + @param[in] DhContext Pointer to the DH context to be released. + +**/ +VOID +EFIAPI +DhFree ( + IN VOID *DhContext + ) +{ + ASSERT (FALSE); +} + +/** + Generates DH parameter. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. + @param[in] PrimeLength Length in bits of prime to be generated. + @param[out] Prime Pointer to the buffer to receive the generated prime number. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhGenerateParameter ( + IN OUT VOID *DhContext, + IN UINTN Generator, + IN UINTN PrimeLength, + OUT UINT8 *Prime + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Sets generator and prime parameters for DH. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. + @param[in] PrimeLength Length in bits of prime to be generated. + @param[in] Prime Pointer to the prime number. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhSetParameter ( + IN OUT VOID *DhContext, + IN UINTN Generator, + IN UINTN PrimeLength, + IN CONST UINT8 *Prime + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Generates DH public key. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[out] PublicKey Pointer to the buffer to receive generated public key. + @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. + On output, the size of data returned in PublicKey buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhGenerateKey ( + IN OUT VOID *DhContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes exchanged common key. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] PeerPublicKey Pointer to the peer's public key. + @param[in] PeerPublicKeySize Size of peer's public key in bytes. + @param[out] Key Pointer to the buffer to receive generated key. + @param[in, out] KeySize On input, the size of Key buffer in bytes. + On output, the size of data returned in Key buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhComputeKey ( + IN OUT VOID *DhContext, + IN CONST UINT8 *PeerPublicKey, + IN UINTN PeerPublicKeySize, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c deleted file mode 100644 index 63fe78f..0000000 --- a/Cryptlib/Pk/CryptPkcs7Sign.c +++ /dev/null @@ -1,207 +0,0 @@ -/** @file - PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - - -/** - Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message - Syntax Standard, version 1.5". This interface is only intended to be used for - application to perform PKCS#7 functionality validation. - - @param[in] PrivateKey Pointer to the PEM-formatted private key data for - data signing. - @param[in] PrivateKeySize Size of the PEM private key data in bytes. - @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM - key data. - @param[in] InData Pointer to the content to be signed. - @param[in] InDataSize Size of InData in bytes. - @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. - @param[in] OtherCerts Pointer to an optional additional set of certificates to - include in the PKCS#7 signedData (e.g. any intermediate - CAs in the chain). - @param[out] SignedData Pointer to output PKCS#7 signedData. - @param[out] SignedDataSize Size of SignedData in bytes. - - @retval TRUE PKCS#7 data signing succeeded. - @retval FALSE PKCS#7 data signing failed. - -**/ -BOOLEAN -EFIAPI -Pkcs7Sign ( - IN CONST UINT8 *PrivateKey, - IN UINTN PrivateKeySize, - IN CONST UINT8 *KeyPassword, - IN UINT8 *InData, - IN UINTN InDataSize, - IN UINT8 *SignCert, - IN UINT8 *OtherCerts OPTIONAL, - OUT UINT8 **SignedData, - OUT UINTN *SignedDataSize - ) -{ - BOOLEAN Status; - EVP_PKEY *Key; - BIO *DataBio; - PKCS7 *Pkcs7; - UINT8 *RsaContext; - UINT8 *P7Data; - UINTN P7DataSize; - UINT8 *Tmp; - - // - // Check input parameters. - // - if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || - SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { - return FALSE; - } - - RsaContext = NULL; - Key = NULL; - Pkcs7 = NULL; - DataBio = NULL; - Status = FALSE; - - // - // Retrieve RSA private key from PEM data. - // - Status = RsaGetPrivateKeyFromPem ( - PrivateKey, - PrivateKeySize, - (CONST CHAR8 *) KeyPassword, - (VOID **) &RsaContext - ); - if (!Status) { - return Status; - } - - Status = FALSE; - - // - // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling - // - if (EVP_add_digest (EVP_md5 ()) == 0) { - goto _Exit; - } - if (EVP_add_digest (EVP_sha1 ()) == 0) { - goto _Exit; - } - if (EVP_add_digest (EVP_sha256 ()) == 0) { - goto _Exit; - } - - RandomSeed (NULL, 0); - - // - // Construct OpenSSL EVP_PKEY for private key. - // - Key = EVP_PKEY_new (); - if (Key == NULL) { - goto _Exit; - } - Key->save_type = EVP_PKEY_RSA; - Key->type = EVP_PKEY_type (EVP_PKEY_RSA); - Key->pkey.rsa = (RSA *) RsaContext; - - // - // Convert the data to be signed to BIO format. - // - DataBio = BIO_new (BIO_s_mem ()); - if (DataBio == NULL) { - goto _Exit; - } - - if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) { - goto _Exit; - } - - // - // Create the PKCS#7 signedData structure. - // - Pkcs7 = PKCS7_sign ( - (X509 *) SignCert, - Key, - (STACK_OF(X509) *) OtherCerts, - DataBio, - PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED - ); - if (Pkcs7 == NULL) { - goto _Exit; - } - - // - // Convert PKCS#7 signedData structure into DER-encoded buffer. - // - P7DataSize = i2d_PKCS7 (Pkcs7, NULL); - if (P7DataSize <= 19) { - goto _Exit; - } - - P7Data = malloc (P7DataSize); - if (P7Data == NULL) { - goto _Exit; - } - - Tmp = P7Data; - P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp); - ASSERT (P7DataSize > 19); - - // - // Strip ContentInfo to content only for signeddata. The data be trimmed off - // is totally 19 bytes. - // - *SignedDataSize = P7DataSize - 19; - *SignedData = malloc (*SignedDataSize); - if (*SignedData == NULL) { - OPENSSL_free (P7Data); - goto _Exit; - } - - CopyMem (*SignedData, P7Data + 19, *SignedDataSize); - - OPENSSL_free (P7Data); - - Status = TRUE; - -_Exit: - // - // Release Resources - // - if (RsaContext != NULL) { - RsaFree (RsaContext); - if (Key != NULL) { - Key->pkey.rsa = NULL; - } - } - - if (Key != NULL) { - EVP_PKEY_free (Key); - } - - if (DataBio != NULL) { - BIO_free (DataBio); - } - - if (Pkcs7 != NULL) { - PKCS7_free (Pkcs7); - } - - return Status; -} diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c deleted file mode 100644 index 9a4c77a..0000000 --- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c +++ /dev/null @@ -1,100 +0,0 @@ -/** @file - PKCS#7 SignedData Verification Wrapper Implementation which does not provide - real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -/** - Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: - Cryptographic Message Syntax Standard". The input signed data could be wrapped - in a ContentInfo structure. - - Return FALSE to indicate this interface is not supported. - - @param[in] P7Data Pointer to the PKCS#7 message to verify. - @param[in] P7Length Length of the PKCS#7 message in bytes. - @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. - It's caller's responsiblity to free the buffer. - @param[out] StackLength Length of signer's certificates in bytes. - @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. - It's caller's responsiblity to free the buffer. - @param[out] CertLength Length of the trusted certificate in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Pkcs7GetSigners ( - IN CONST UINT8 *P7Data, - IN UINTN P7Length, - OUT UINT8 **CertStack, - OUT UINTN *StackLength, - OUT UINT8 **TrustedCert, - OUT UINTN *CertLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Wrap function to use free() to free allocated memory for certificates. - - If the interface is not supported, then ASSERT(). - - @param[in] Certs Pointer to the certificates to be freed. - -**/ -VOID -EFIAPI -Pkcs7FreeSigners ( - IN UINT8 *Certs - ) -{ - ASSERT (FALSE); -} - -/** - Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: - Cryptographic Message Syntax Standard". The input signed data could be wrapped - in a ContentInfo structure. - - Return FALSE to indicate this interface is not supported. - - @param[in] P7Data Pointer to the PKCS#7 message to verify. - @param[in] P7Length Length of the PKCS#7 message in bytes. - @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which - is used for certificate chain verification. - @param[in] CertLength Length of the trusted certificate in bytes. - @param[in] InData Pointer to the content to be verified. - @param[in] DataLength Length of InData in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Pkcs7Verify ( - IN CONST UINT8 *P7Data, - IN UINTN P7Length, - IN CONST UINT8 *TrustedCert, - IN UINTN CertLength, - IN CONST UINT8 *InData, - IN UINTN DataLength - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c deleted file mode 100644 index 5c21d12..0000000 --- a/Cryptlib/Pk/CryptRsaExt.c +++ /dev/null @@ -1,377 +0,0 @@ -/** @file - RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. - - This file implements following APIs which provide more capabilities for RSA: - 1) RsaGetKey - 2) RsaGenerateKey - 3) RsaCheckKey - 4) RsaPkcs1Sign - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - -/** - Gets the tag-designated RSA key component from the established RSA context. - - This function retrieves the tag-designated RSA key component from the - established RSA context as a non-negative integer (octet string format - represented in RSA PKCS#1). - If specified key component has not been set or has been cleared, then returned - BnSize is set to 0. - If the BigNumber buffer is too small to hold the contents of the key, FALSE - is returned and BnSize is set to the required buffer size to obtain the key. - - If RsaContext is NULL, then return FALSE. - If BnSize is NULL, then return FALSE. - If BnSize is large enough but BigNumber is NULL, then return FALSE. - - @param[in, out] RsaContext Pointer to RSA context being set. - @param[in] KeyTag Tag of RSA key component being set. - @param[out] BigNumber Pointer to octet integer buffer. - @param[in, out] BnSize On input, the size of big number buffer in bytes. - On output, the size of data returned in big number buffer in bytes. - - @retval TRUE RSA key component was retrieved successfully. - @retval FALSE Invalid RSA key component tag. - @retval FALSE BnSize is too small. - -**/ -BOOLEAN -EFIAPI -RsaGetKey ( - IN OUT VOID *RsaContext, - IN RSA_KEY_TAG KeyTag, - OUT UINT8 *BigNumber, - IN OUT UINTN *BnSize - ) -{ - RSA *RsaKey; - BIGNUM *BnKey; - UINTN Size; - - // - // Check input parameters. - // - if (RsaContext == NULL || BnSize == NULL) { - return FALSE; - } - - RsaKey = (RSA *) RsaContext; - Size = *BnSize; - *BnSize = 0; - - switch (KeyTag) { - - // - // RSA Public Modulus (N) - // - case RsaKeyN: - if (RsaKey->n == NULL) { - return TRUE; - } - BnKey = RsaKey->n; - break; - - // - // RSA Public Exponent (e) - // - case RsaKeyE: - if (RsaKey->e == NULL) { - return TRUE; - } - BnKey = RsaKey->e; - break; - - // - // RSA Private Exponent (d) - // - case RsaKeyD: - if (RsaKey->d == NULL) { - return TRUE; - } - BnKey = RsaKey->d; - break; - - // - // RSA Secret Prime Factor of Modulus (p) - // - case RsaKeyP: - if (RsaKey->p == NULL) { - return TRUE; - } - BnKey = RsaKey->p; - break; - - // - // RSA Secret Prime Factor of Modules (q) - // - case RsaKeyQ: - if (RsaKey->q == NULL) { - return TRUE; - } - BnKey = RsaKey->q; - break; - - // - // p's CRT Exponent (== d mod (p - 1)) - // - case RsaKeyDp: - if (RsaKey->dmp1 == NULL) { - return TRUE; - } - BnKey = RsaKey->dmp1; - break; - - // - // q's CRT Exponent (== d mod (q - 1)) - // - case RsaKeyDq: - if (RsaKey->dmq1 == NULL) { - return TRUE; - } - BnKey = RsaKey->dmq1; - break; - - // - // The CRT Coefficient (== 1/q mod p) - // - case RsaKeyQInv: - if (RsaKey->iqmp == NULL) { - return TRUE; - } - BnKey = RsaKey->iqmp; - break; - - default: - return FALSE; - } - - *BnSize = Size; - Size = BN_num_bytes (BnKey); - - if (*BnSize < Size) { - *BnSize = Size; - return FALSE; - } - - if (BigNumber == NULL) { - return FALSE; - } - *BnSize = BN_bn2bin (BnKey, BigNumber) ; - - return TRUE; -} - -/** - Generates RSA key components. - - This function generates RSA key components. It takes RSA public exponent E and - length in bits of RSA modulus N as input, and generates all key components. - If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. - - Before this function can be invoked, pseudorandom number generator must be correctly - initialized by RandomSeed(). - - If RsaContext is NULL, then return FALSE. - - @param[in, out] RsaContext Pointer to RSA context being set. - @param[in] ModulusLength Length of RSA modulus N in bits. - @param[in] PublicExponent Pointer to RSA public exponent. - @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. - - @retval TRUE RSA key component was generated successfully. - @retval FALSE Invalid RSA key component tag. - -**/ -BOOLEAN -EFIAPI -RsaGenerateKey ( - IN OUT VOID *RsaContext, - IN UINTN ModulusLength, - IN CONST UINT8 *PublicExponent, - IN UINTN PublicExponentSize - ) -{ - BIGNUM *KeyE; - BOOLEAN RetVal; - - // - // Check input parameters. - // - if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) { - return FALSE; - } - - KeyE = BN_new (); - if (KeyE == NULL) { - return FALSE; - } - - RetVal = FALSE; - - if (PublicExponent == NULL) { - if (BN_set_word (KeyE, 0x10001) == 0) { - goto _Exit; - } - } else { - if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) { - goto _Exit; - } - } - - if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) { - RetVal = TRUE; - } - -_Exit: - BN_free (KeyE); - return RetVal; -} - -/** - Validates key components of RSA context. - - This function validates key compoents of RSA context in following aspects: - - Whether p is a prime - - Whether q is a prime - - Whether n = p * q - - Whether d*e = 1 mod lcm(p-1,q-1) - - If RsaContext is NULL, then return FALSE. - - @param[in] RsaContext Pointer to RSA context to check. - - @retval TRUE RSA key components are valid. - @retval FALSE RSA key components are not valid. - -**/ -BOOLEAN -EFIAPI -RsaCheckKey ( - IN VOID *RsaContext - ) -{ - UINTN Reason; - - // - // Check input parameters. - // - if (RsaContext == NULL) { - return FALSE; - } - - if (RSA_check_key ((RSA *) RsaContext) != 1) { - Reason = ERR_GET_REASON (ERR_peek_last_error ()); - if (Reason == RSA_R_P_NOT_PRIME || - Reason == RSA_R_Q_NOT_PRIME || - Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q || - Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) { - return FALSE; - } - } - - return TRUE; -} - -/** - Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. - - This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in - RSA PKCS#1. - If the Signature buffer is too small to hold the contents of signature, FALSE - is returned and SigSize is set to the required buffer size to obtain the signature. - - If RsaContext is NULL, then return FALSE. - If MessageHash is NULL, then return FALSE. - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. - If SigSize is large enough but Signature is NULL, then return FALSE. - - @param[in] RsaContext Pointer to RSA context for signature generation. - @param[in] MessageHash Pointer to octet message hash to be signed. - @param[in] HashSize Size of the message hash in bytes. - @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. - @param[in, out] SigSize On input, the size of Signature buffer in bytes. - On output, the size of data returned in Signature buffer in bytes. - - @retval TRUE Signature successfully generated in PKCS1-v1_5. - @retval FALSE Signature generation failed. - @retval FALSE SigSize is too small. - -**/ -BOOLEAN -EFIAPI -RsaPkcs1Sign ( - IN VOID *RsaContext, - IN CONST UINT8 *MessageHash, - IN UINTN HashSize, - OUT UINT8 *Signature, - IN OUT UINTN *SigSize - ) -{ - RSA *Rsa; - UINTN Size; - INT32 DigestType; - - // - // Check input parameters. - // - if (RsaContext == NULL || MessageHash == NULL) { - return FALSE; - } - - Rsa = (RSA *) RsaContext; - Size = BN_num_bytes (Rsa->n); - - if (*SigSize < Size) { - *SigSize = Size; - return FALSE; - } - - if (Signature == NULL) { - return FALSE; - } - - // - // Determine the message digest algorithm according to digest size. - // Only MD5, SHA-1 or SHA-256 algorithm is supported. - // - switch (HashSize) { - case MD5_DIGEST_SIZE: - DigestType = NID_md5; - break; - - case SHA1_DIGEST_SIZE: - DigestType = NID_sha1; - break; - - case SHA256_DIGEST_SIZE: - DigestType = NID_sha256; - break; - - default: - return FALSE; - } - - return (BOOLEAN) RSA_sign ( - DigestType, - MessageHash, - (UINT32) HashSize, - Signature, - (UINT32 *) SigSize, - (RSA *) RsaContext - ); -} diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh index 57b6631..0e34db9 100755 --- a/Cryptlib/update.sh +++ b/Cryptlib/update.sh @@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c cp $DIR/Rand/CryptRand.c Rand/CryptRand.c cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c -cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c -cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c -cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c -cp $DIR/Pk/CryptDh.c Pk/CryptDh.c +cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c cp $DIR/Pk/CryptX509.c Pk/CryptX509.c cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c cp $DIR/Pem/CryptPem.c Pem/CryptPem.c -- 1.9.3