diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 73a1e2b..9719a27 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -25,13 +25,10 @@ OBJS = Hash/CryptMd4.o \
Cipher/CryptArc4.o \
Rand/CryptRand.o \
Pk/CryptRsaBasic.o \
- Pk/CryptRsaExt.o \
Pk/CryptRsaExtNull.o \
- Pk/CryptPkcs7Sign.o \
Pk/CryptPkcs7SignNull.o \
Pk/CryptPkcs7Verify.o \
- Pk/CryptPkcs7VerifyNull.o \
- Pk/CryptDh.o \
+ Pk/CryptDhNull.o \
Pk/CryptX509.o \
Pk/CryptAuthenticode.o \
Pem/CryptPem.o \
diff --git a/Cryptlib/Pk/CryptDh.c b/Cryptlib/Pk/CryptDh.c
deleted file mode 100644
index 942b3d1..0000000
--- a/Cryptlib/Pk/CryptDh.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/** @file
- Diffie-Hellman Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-#include
-
-
-/**
- Allocates and Initializes one Diffie-Hellman Context for subsequent use.
-
- @return Pointer to the Diffie-Hellman Context that has been initialized.
- If the allocations fails, DhNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-DhNew (
- VOID
- )
-{
- //
- // Allocates & Initializes DH Context by OpenSSL DH_new()
- //
- return (VOID *) DH_new ();
-}
-
-/**
- Release the specified DH context.
-
- If DhContext is NULL, then return FALSE.
-
- @param[in] DhContext Pointer to the DH context to be released.
-
-**/
-VOID
-EFIAPI
-DhFree (
- IN VOID *DhContext
- )
-{
- //
- // Free OpenSSL DH Context
- //
- DH_free ((DH *) DhContext);
-}
-
-/**
- Generates DH parameter.
-
- Given generator g, and length of prime number p in bits, this function generates p,
- and sets DH context according to value of g and p.
-
- Before this function can be invoked, pseudorandom number generator must be correctly
- initialized by RandomSeed().
-
- If DhContext is NULL, then return FALSE.
- If Prime is NULL, then return FALSE.
-
- @param[in, out] DhContext Pointer to the DH context.
- @param[in] Generator Value of generator.
- @param[in] PrimeLength Length in bits of prime to be generated.
- @param[out] Prime Pointer to the buffer to receive the generated prime number.
-
- @retval TRUE DH pamameter generation succeeded.
- @retval FALSE Value of Generator is not supported.
- @retval FALSE PRNG fails to generate random prime number with PrimeLength.
-
-**/
-BOOLEAN
-EFIAPI
-DhGenerateParameter (
- IN OUT VOID *DhContext,
- IN UINTN Generator,
- IN UINTN PrimeLength,
- OUT UINT8 *Prime
- )
-{
- BOOLEAN RetVal;
-
- //
- // Check input parameters.
- //
- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
- return FALSE;
- }
-
- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
- return FALSE;
- }
-
- RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
- if (!RetVal) {
- return FALSE;
- }
-
- BN_bn2bin (((DH *) DhContext)->p, Prime);
-
- return TRUE;
-}
-
-/**
- Sets generator and prime parameters for DH.
-
- Given generator g, and prime number p, this function and sets DH
- context accordingly.
-
- If DhContext is NULL, then return FALSE.
- If Prime is NULL, then return FALSE.
-
- @param[in, out] DhContext Pointer to the DH context.
- @param[in] Generator Value of generator.
- @param[in] PrimeLength Length in bits of prime to be generated.
- @param[in] Prime Pointer to the prime number.
-
- @retval TRUE DH pamameter setting succeeded.
- @retval FALSE Value of Generator is not supported.
- @retval FALSE Value of Generator is not suitable for the Prime.
- @retval FALSE Value of Prime is not a prime number.
- @retval FALSE Value of Prime is not a safe prime number.
-
-**/
-BOOLEAN
-EFIAPI
-DhSetParameter (
- IN OUT VOID *DhContext,
- IN UINTN Generator,
- IN UINTN PrimeLength,
- IN CONST UINT8 *Prime
- )
-{
- DH *Dh;
- BIGNUM *Bn;
-
- //
- // Check input parameters.
- //
- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
- return FALSE;
- }
-
- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
- return FALSE;
- }
-
- Bn = NULL;
-
- Dh = (DH *) DhContext;
- Dh->g = NULL;
- Dh->p = BN_new ();
- if (Dh->p == NULL) {
- goto Error;
- }
-
- Dh->g = BN_new ();
- if (Dh->g == NULL) {
- goto Error;
- }
-
- Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
- if (Bn == NULL) {
- goto Error;
- }
-
- if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
- goto Error;
- }
-
- return TRUE;
-
-Error:
-
- if (Dh->p != NULL) {
- BN_free (Dh->p);
- }
-
- if (Dh->g != NULL) {
- BN_free (Dh->g);
- }
-
- if (Bn != NULL) {
- BN_free (Bn);
- }
-
- return FALSE;
-}
-
-/**
- Generates DH public key.
-
- This function generates random secret exponent, and computes the public key, which is
- returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
- If the PublicKey buffer is too small to hold the public key, FALSE is returned and
- PublicKeySize is set to the required buffer size to obtain the public key.
-
- If DhContext is NULL, then return FALSE.
- If PublicKeySize is NULL, then return FALSE.
- If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
-
- @param[in, out] DhContext Pointer to the DH context.
- @param[out] PublicKey Pointer to the buffer to receive generated public key.
- @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
- On output, the size of data returned in PublicKey buffer in bytes.
-
- @retval TRUE DH public key generation succeeded.
- @retval FALSE DH public key generation failed.
- @retval FALSE PublicKeySize is not large enough.
-
-**/
-BOOLEAN
-EFIAPI
-DhGenerateKey (
- IN OUT VOID *DhContext,
- OUT UINT8 *PublicKey,
- IN OUT UINTN *PublicKeySize
- )
-{
- BOOLEAN RetVal;
- DH *Dh;
- INTN Size;
-
- //
- // Check input parameters.
- //
- if (DhContext == NULL || PublicKeySize == NULL) {
- return FALSE;
- }
-
- if (PublicKey == NULL && *PublicKeySize != 0) {
- return FALSE;
- }
-
- Dh = (DH *) DhContext;
-
- RetVal = (BOOLEAN) DH_generate_key (DhContext);
- if (RetVal) {
- Size = BN_num_bytes (Dh->pub_key);
- if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
- *PublicKeySize = Size;
- return FALSE;
- }
-
- BN_bn2bin (Dh->pub_key, PublicKey);
- *PublicKeySize = Size;
- }
-
- return RetVal;
-}
-
-/**
- Computes exchanged common key.
-
- Given peer's public key, this function computes the exchanged common key, based on its own
- context including value of prime modulus and random secret exponent.
-
- If DhContext is NULL, then return FALSE.
- If PeerPublicKey is NULL, then return FALSE.
- If KeySize is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize is not large enough, then return FALSE.
-
- @param[in, out] DhContext Pointer to the DH context.
- @param[in] PeerPublicKey Pointer to the peer's public key.
- @param[in] PeerPublicKeySize Size of peer's public key in bytes.
- @param[out] Key Pointer to the buffer to receive generated key.
- @param[in, out] KeySize On input, the size of Key buffer in bytes.
- On output, the size of data returned in Key buffer in bytes.
-
- @retval TRUE DH exchanged key generation succeeded.
- @retval FALSE DH exchanged key generation failed.
- @retval FALSE KeySize is not large enough.
-
-**/
-BOOLEAN
-EFIAPI
-DhComputeKey (
- IN OUT VOID *DhContext,
- IN CONST UINT8 *PeerPublicKey,
- IN UINTN PeerPublicKeySize,
- OUT UINT8 *Key,
- IN OUT UINTN *KeySize
- )
-{
- BIGNUM *Bn;
- INTN Size;
-
- //
- // Check input parameters.
- //
- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
- return FALSE;
- }
-
- if (PeerPublicKeySize > INT_MAX) {
- return FALSE;
- }
-
- Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
- if (Bn == NULL) {
- return FALSE;
- }
-
- Size = DH_compute_key (Key, Bn, DhContext);
- if (Size < 0) {
- BN_free (Bn);
- return FALSE;
- }
-
- if (*KeySize < (UINTN) Size) {
- *KeySize = Size;
- BN_free (Bn);
- return FALSE;
- }
-
- *KeySize = Size;
- BN_free (Bn);
- return TRUE;
-}
diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c
new file mode 100644
index 0000000..35045db
--- /dev/null
+++ b/Cryptlib/Pk/CryptDhNull.c
@@ -0,0 +1,156 @@
+/** @file
+ Diffie-Hellman Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and Initializes one Diffie-Hellman Context for subsequent use.
+
+ @return Pointer to the Diffie-Hellman Context that has been initialized.
+ If the interface is not supported, DhNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+DhNew (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified DH context.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] DhContext Pointer to the DH context to be released.
+
+**/
+VOID
+EFIAPI
+DhFree (
+ IN VOID *DhContext
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Generates DH parameter.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[out] Prime Pointer to the buffer to receive the generated prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ OUT UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Sets generator and prime parameters for DH.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[in] Prime Pointer to the prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhSetParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ IN CONST UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates DH public key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.
+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
+ On output, the size of data returned in PublicKey buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateKey (
+ IN OUT VOID *DhContext,
+ OUT UINT8 *PublicKey,
+ IN OUT UINTN *PublicKeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes exchanged common key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] PeerPublicKey Pointer to the peer's public key.
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+ @param[out] Key Pointer to the buffer to receive generated key.
+ @param[in, out] KeySize On input, the size of Key buffer in bytes.
+ On output, the size of data returned in Key buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhComputeKey (
+ IN OUT VOID *DhContext,
+ IN CONST UINT8 *PeerPublicKey,
+ IN UINTN PeerPublicKeySize,
+ OUT UINT8 *Key,
+ IN OUT UINTN *KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/Cryptlib/Pk/CryptPkcs7Sign.c b/Cryptlib/Pk/CryptPkcs7Sign.c
deleted file mode 100644
index 63fe78f..0000000
--- a/Cryptlib/Pk/CryptPkcs7Sign.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/** @file
- PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-
-#include
-#include
-#include
-
-
-/**
- Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
- Syntax Standard, version 1.5". This interface is only intended to be used for
- application to perform PKCS#7 functionality validation.
-
- @param[in] PrivateKey Pointer to the PEM-formatted private key data for
- data signing.
- @param[in] PrivateKeySize Size of the PEM private key data in bytes.
- @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
- key data.
- @param[in] InData Pointer to the content to be signed.
- @param[in] InDataSize Size of InData in bytes.
- @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
- @param[in] OtherCerts Pointer to an optional additional set of certificates to
- include in the PKCS#7 signedData (e.g. any intermediate
- CAs in the chain).
- @param[out] SignedData Pointer to output PKCS#7 signedData.
- @param[out] SignedDataSize Size of SignedData in bytes.
-
- @retval TRUE PKCS#7 data signing succeeded.
- @retval FALSE PKCS#7 data signing failed.
-
-**/
-BOOLEAN
-EFIAPI
-Pkcs7Sign (
- IN CONST UINT8 *PrivateKey,
- IN UINTN PrivateKeySize,
- IN CONST UINT8 *KeyPassword,
- IN UINT8 *InData,
- IN UINTN InDataSize,
- IN UINT8 *SignCert,
- IN UINT8 *OtherCerts OPTIONAL,
- OUT UINT8 **SignedData,
- OUT UINTN *SignedDataSize
- )
-{
- BOOLEAN Status;
- EVP_PKEY *Key;
- BIO *DataBio;
- PKCS7 *Pkcs7;
- UINT8 *RsaContext;
- UINT8 *P7Data;
- UINTN P7DataSize;
- UINT8 *Tmp;
-
- //
- // Check input parameters.
- //
- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
- return FALSE;
- }
-
- RsaContext = NULL;
- Key = NULL;
- Pkcs7 = NULL;
- DataBio = NULL;
- Status = FALSE;
-
- //
- // Retrieve RSA private key from PEM data.
- //
- Status = RsaGetPrivateKeyFromPem (
- PrivateKey,
- PrivateKeySize,
- (CONST CHAR8 *) KeyPassword,
- (VOID **) &RsaContext
- );
- if (!Status) {
- return Status;
- }
-
- Status = FALSE;
-
- //
- // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
- //
- if (EVP_add_digest (EVP_md5 ()) == 0) {
- goto _Exit;
- }
- if (EVP_add_digest (EVP_sha1 ()) == 0) {
- goto _Exit;
- }
- if (EVP_add_digest (EVP_sha256 ()) == 0) {
- goto _Exit;
- }
-
- RandomSeed (NULL, 0);
-
- //
- // Construct OpenSSL EVP_PKEY for private key.
- //
- Key = EVP_PKEY_new ();
- if (Key == NULL) {
- goto _Exit;
- }
- Key->save_type = EVP_PKEY_RSA;
- Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
- Key->pkey.rsa = (RSA *) RsaContext;
-
- //
- // Convert the data to be signed to BIO format.
- //
- DataBio = BIO_new (BIO_s_mem ());
- if (DataBio == NULL) {
- goto _Exit;
- }
-
- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
- goto _Exit;
- }
-
- //
- // Create the PKCS#7 signedData structure.
- //
- Pkcs7 = PKCS7_sign (
- (X509 *) SignCert,
- Key,
- (STACK_OF(X509) *) OtherCerts,
- DataBio,
- PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
- );
- if (Pkcs7 == NULL) {
- goto _Exit;
- }
-
- //
- // Convert PKCS#7 signedData structure into DER-encoded buffer.
- //
- P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
- if (P7DataSize <= 19) {
- goto _Exit;
- }
-
- P7Data = malloc (P7DataSize);
- if (P7Data == NULL) {
- goto _Exit;
- }
-
- Tmp = P7Data;
- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
- ASSERT (P7DataSize > 19);
-
- //
- // Strip ContentInfo to content only for signeddata. The data be trimmed off
- // is totally 19 bytes.
- //
- *SignedDataSize = P7DataSize - 19;
- *SignedData = malloc (*SignedDataSize);
- if (*SignedData == NULL) {
- OPENSSL_free (P7Data);
- goto _Exit;
- }
-
- CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
-
- OPENSSL_free (P7Data);
-
- Status = TRUE;
-
-_Exit:
- //
- // Release Resources
- //
- if (RsaContext != NULL) {
- RsaFree (RsaContext);
- if (Key != NULL) {
- Key->pkey.rsa = NULL;
- }
- }
-
- if (Key != NULL) {
- EVP_PKEY_free (Key);
- }
-
- if (DataBio != NULL) {
- BIO_free (DataBio);
- }
-
- if (Pkcs7 != NULL) {
- PKCS7_free (Pkcs7);
- }
-
- return Status;
-}
diff --git a/Cryptlib/Pk/CryptPkcs7VerifyNull.c b/Cryptlib/Pk/CryptPkcs7VerifyNull.c
deleted file mode 100644
index 9a4c77a..0000000
--- a/Cryptlib/Pk/CryptPkcs7VerifyNull.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/** @file
- PKCS#7 SignedData Verification Wrapper Implementation which does not provide
- real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
- Cryptographic Message Syntax Standard". The input signed data could be wrapped
- in a ContentInfo structure.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] P7Data Pointer to the PKCS#7 message to verify.
- @param[in] P7Length Length of the PKCS#7 message in bytes.
- @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
- It's caller's responsiblity to free the buffer.
- @param[out] StackLength Length of signer's certificates in bytes.
- @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
- It's caller's responsiblity to free the buffer.
- @param[out] CertLength Length of the trusted certificate in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Pkcs7GetSigners (
- IN CONST UINT8 *P7Data,
- IN UINTN P7Length,
- OUT UINT8 **CertStack,
- OUT UINTN *StackLength,
- OUT UINT8 **TrustedCert,
- OUT UINTN *CertLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Wrap function to use free() to free allocated memory for certificates.
-
- If the interface is not supported, then ASSERT().
-
- @param[in] Certs Pointer to the certificates to be freed.
-
-**/
-VOID
-EFIAPI
-Pkcs7FreeSigners (
- IN UINT8 *Certs
- )
-{
- ASSERT (FALSE);
-}
-
-/**
- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
- Cryptographic Message Syntax Standard". The input signed data could be wrapped
- in a ContentInfo structure.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] P7Data Pointer to the PKCS#7 message to verify.
- @param[in] P7Length Length of the PKCS#7 message in bytes.
- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
- is used for certificate chain verification.
- @param[in] CertLength Length of the trusted certificate in bytes.
- @param[in] InData Pointer to the content to be verified.
- @param[in] DataLength Length of InData in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Pkcs7Verify (
- IN CONST UINT8 *P7Data,
- IN UINTN P7Length,
- IN CONST UINT8 *TrustedCert,
- IN UINTN CertLength,
- IN CONST UINT8 *InData,
- IN UINTN DataLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/Cryptlib/Pk/CryptRsaExt.c b/Cryptlib/Pk/CryptRsaExt.c
deleted file mode 100644
index 5c21d12..0000000
--- a/Cryptlib/Pk/CryptRsaExt.c
+++ /dev/null
@@ -1,377 +0,0 @@
-/** @file
- RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
-
- This file implements following APIs which provide more capabilities for RSA:
- 1) RsaGetKey
- 2) RsaGenerateKey
- 3) RsaCheckKey
- 4) RsaPkcs1Sign
-
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-
-#include
-#include
-#include
-
-/**
- Gets the tag-designated RSA key component from the established RSA context.
-
- This function retrieves the tag-designated RSA key component from the
- established RSA context as a non-negative integer (octet string format
- represented in RSA PKCS#1).
- If specified key component has not been set or has been cleared, then returned
- BnSize is set to 0.
- If the BigNumber buffer is too small to hold the contents of the key, FALSE
- is returned and BnSize is set to the required buffer size to obtain the key.
-
- If RsaContext is NULL, then return FALSE.
- If BnSize is NULL, then return FALSE.
- If BnSize is large enough but BigNumber is NULL, then return FALSE.
-
- @param[in, out] RsaContext Pointer to RSA context being set.
- @param[in] KeyTag Tag of RSA key component being set.
- @param[out] BigNumber Pointer to octet integer buffer.
- @param[in, out] BnSize On input, the size of big number buffer in bytes.
- On output, the size of data returned in big number buffer in bytes.
-
- @retval TRUE RSA key component was retrieved successfully.
- @retval FALSE Invalid RSA key component tag.
- @retval FALSE BnSize is too small.
-
-**/
-BOOLEAN
-EFIAPI
-RsaGetKey (
- IN OUT VOID *RsaContext,
- IN RSA_KEY_TAG KeyTag,
- OUT UINT8 *BigNumber,
- IN OUT UINTN *BnSize
- )
-{
- RSA *RsaKey;
- BIGNUM *BnKey;
- UINTN Size;
-
- //
- // Check input parameters.
- //
- if (RsaContext == NULL || BnSize == NULL) {
- return FALSE;
- }
-
- RsaKey = (RSA *) RsaContext;
- Size = *BnSize;
- *BnSize = 0;
-
- switch (KeyTag) {
-
- //
- // RSA Public Modulus (N)
- //
- case RsaKeyN:
- if (RsaKey->n == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->n;
- break;
-
- //
- // RSA Public Exponent (e)
- //
- case RsaKeyE:
- if (RsaKey->e == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->e;
- break;
-
- //
- // RSA Private Exponent (d)
- //
- case RsaKeyD:
- if (RsaKey->d == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->d;
- break;
-
- //
- // RSA Secret Prime Factor of Modulus (p)
- //
- case RsaKeyP:
- if (RsaKey->p == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->p;
- break;
-
- //
- // RSA Secret Prime Factor of Modules (q)
- //
- case RsaKeyQ:
- if (RsaKey->q == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->q;
- break;
-
- //
- // p's CRT Exponent (== d mod (p - 1))
- //
- case RsaKeyDp:
- if (RsaKey->dmp1 == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->dmp1;
- break;
-
- //
- // q's CRT Exponent (== d mod (q - 1))
- //
- case RsaKeyDq:
- if (RsaKey->dmq1 == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->dmq1;
- break;
-
- //
- // The CRT Coefficient (== 1/q mod p)
- //
- case RsaKeyQInv:
- if (RsaKey->iqmp == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->iqmp;
- break;
-
- default:
- return FALSE;
- }
-
- *BnSize = Size;
- Size = BN_num_bytes (BnKey);
-
- if (*BnSize < Size) {
- *BnSize = Size;
- return FALSE;
- }
-
- if (BigNumber == NULL) {
- return FALSE;
- }
- *BnSize = BN_bn2bin (BnKey, BigNumber) ;
-
- return TRUE;
-}
-
-/**
- Generates RSA key components.
-
- This function generates RSA key components. It takes RSA public exponent E and
- length in bits of RSA modulus N as input, and generates all key components.
- If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
-
- Before this function can be invoked, pseudorandom number generator must be correctly
- initialized by RandomSeed().
-
- If RsaContext is NULL, then return FALSE.
-
- @param[in, out] RsaContext Pointer to RSA context being set.
- @param[in] ModulusLength Length of RSA modulus N in bits.
- @param[in] PublicExponent Pointer to RSA public exponent.
- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
-
- @retval TRUE RSA key component was generated successfully.
- @retval FALSE Invalid RSA key component tag.
-
-**/
-BOOLEAN
-EFIAPI
-RsaGenerateKey (
- IN OUT VOID *RsaContext,
- IN UINTN ModulusLength,
- IN CONST UINT8 *PublicExponent,
- IN UINTN PublicExponentSize
- )
-{
- BIGNUM *KeyE;
- BOOLEAN RetVal;
-
- //
- // Check input parameters.
- //
- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
- return FALSE;
- }
-
- KeyE = BN_new ();
- if (KeyE == NULL) {
- return FALSE;
- }
-
- RetVal = FALSE;
-
- if (PublicExponent == NULL) {
- if (BN_set_word (KeyE, 0x10001) == 0) {
- goto _Exit;
- }
- } else {
- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
- goto _Exit;
- }
- }
-
- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
- RetVal = TRUE;
- }
-
-_Exit:
- BN_free (KeyE);
- return RetVal;
-}
-
-/**
- Validates key components of RSA context.
-
- This function validates key compoents of RSA context in following aspects:
- - Whether p is a prime
- - Whether q is a prime
- - Whether n = p * q
- - Whether d*e = 1 mod lcm(p-1,q-1)
-
- If RsaContext is NULL, then return FALSE.
-
- @param[in] RsaContext Pointer to RSA context to check.
-
- @retval TRUE RSA key components are valid.
- @retval FALSE RSA key components are not valid.
-
-**/
-BOOLEAN
-EFIAPI
-RsaCheckKey (
- IN VOID *RsaContext
- )
-{
- UINTN Reason;
-
- //
- // Check input parameters.
- //
- if (RsaContext == NULL) {
- return FALSE;
- }
-
- if (RSA_check_key ((RSA *) RsaContext) != 1) {
- Reason = ERR_GET_REASON (ERR_peek_last_error ());
- if (Reason == RSA_R_P_NOT_PRIME ||
- Reason == RSA_R_Q_NOT_PRIME ||
- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
- return FALSE;
- }
- }
-
- return TRUE;
-}
-
-/**
- Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
-
- This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
- RSA PKCS#1.
- If the Signature buffer is too small to hold the contents of signature, FALSE
- is returned and SigSize is set to the required buffer size to obtain the signature.
-
- If RsaContext is NULL, then return FALSE.
- If MessageHash is NULL, then return FALSE.
- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
- If SigSize is large enough but Signature is NULL, then return FALSE.
-
- @param[in] RsaContext Pointer to RSA context for signature generation.
- @param[in] MessageHash Pointer to octet message hash to be signed.
- @param[in] HashSize Size of the message hash in bytes.
- @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
- @param[in, out] SigSize On input, the size of Signature buffer in bytes.
- On output, the size of data returned in Signature buffer in bytes.
-
- @retval TRUE Signature successfully generated in PKCS1-v1_5.
- @retval FALSE Signature generation failed.
- @retval FALSE SigSize is too small.
-
-**/
-BOOLEAN
-EFIAPI
-RsaPkcs1Sign (
- IN VOID *RsaContext,
- IN CONST UINT8 *MessageHash,
- IN UINTN HashSize,
- OUT UINT8 *Signature,
- IN OUT UINTN *SigSize
- )
-{
- RSA *Rsa;
- UINTN Size;
- INT32 DigestType;
-
- //
- // Check input parameters.
- //
- if (RsaContext == NULL || MessageHash == NULL) {
- return FALSE;
- }
-
- Rsa = (RSA *) RsaContext;
- Size = BN_num_bytes (Rsa->n);
-
- if (*SigSize < Size) {
- *SigSize = Size;
- return FALSE;
- }
-
- if (Signature == NULL) {
- return FALSE;
- }
-
- //
- // Determine the message digest algorithm according to digest size.
- // Only MD5, SHA-1 or SHA-256 algorithm is supported.
- //
- switch (HashSize) {
- case MD5_DIGEST_SIZE:
- DigestType = NID_md5;
- break;
-
- case SHA1_DIGEST_SIZE:
- DigestType = NID_sha1;
- break;
-
- case SHA256_DIGEST_SIZE:
- DigestType = NID_sha256;
- break;
-
- default:
- return FALSE;
- }
-
- return (BOOLEAN) RSA_sign (
- DigestType,
- MessageHash,
- (UINT32) HashSize,
- Signature,
- (UINT32 *) SigSize,
- (RSA *) RsaContext
- );
-}
diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh
index 57b6631..0e34db9 100755
--- a/Cryptlib/update.sh
+++ b/Cryptlib/update.sh
@@ -14,13 +14,10 @@ cp $DIR/Cipher/CryptTdes.c Cipher/CryptTdes.c
cp $DIR/Cipher/CryptArc4.c Cipher/CryptArc4.c
cp $DIR/Rand/CryptRand.c Rand/CryptRand.c
cp $DIR/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c
-cp $DIR/Pk/CryptRsaExt.c Pk/CryptRsaExt.c
cp $DIR/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c
-cp $DIR/Pk/CryptPkcs7Sign.c Pk/CryptPkcs7Sign.c
cp $DIR/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c
cp $DIR/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c
-cp $DIR/Pk/CryptPkcs7VerifyNull.c Pk/CryptPkcs7VerifyNull.c
-cp $DIR/Pk/CryptDh.c Pk/CryptDh.c
+cp $DIR/Pk/CryptDhNull.c Pk/CryptDhNull.c
cp $DIR/Pk/CryptX509.c Pk/CryptX509.c
cp $DIR/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c
cp $DIR/Pem/CryptPem.c Pem/CryptPem.c