diff options
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool')
16 files changed, 3730 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/CMakeLists.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/CMakeLists.txt new file mode 100644 index 000000000..f0af28353 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/CMakeLists.txt @@ -0,0 +1,30 @@ +include_directories(../include) + +add_executable( + bssl + + args.cc + ciphers.cc + client.cc + const.cc + digest.cc + generate_ed25519.cc + genrsa.cc + pkcs12.cc + rand.cc + server.cc + speed.cc + tool.cc + transport_common.cc +) + +if (APPLE OR WIN32 OR ANDROID) + target_link_libraries(bssl ssl crypto) +else() + find_library(FOUND_LIBRT rt) + if (FOUND_LIBRT) + target_link_libraries(bssl ssl crypto -lrt) + else() + target_link_libraries(bssl ssl crypto) + endif() +endif() diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/args.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/args.cc new file mode 100644 index 000000000..9ec18a3f5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/args.cc @@ -0,0 +1,104 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <string> +#include <vector> + +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "internal.h" + + +bool ParseKeyValueArguments(std::map<std::string, std::string> *out_args, + const std::vector<std::string> &args, + const struct argument *templates) { + out_args->clear(); + + for (size_t i = 0; i < args.size(); i++) { + const std::string &arg = args[i]; + const struct argument *templ = nullptr; + for (size_t j = 0; templates[j].name[0] != 0; j++) { + if (strcmp(arg.c_str(), templates[j].name) == 0) { + templ = &templates[j]; + break; + } + } + + if (templ == nullptr) { + fprintf(stderr, "Unknown argument: %s\n", arg.c_str()); + return false; + } + + if (out_args->find(arg) != out_args->end()) { + fprintf(stderr, "Duplicate argument: %s\n", arg.c_str()); + return false; + } + + if (templ->type == kBooleanArgument) { + (*out_args)[arg] = ""; + } else { + if (i + 1 >= args.size()) { + fprintf(stderr, "Missing argument for option: %s\n", arg.c_str()); + return false; + } + (*out_args)[arg] = args[++i]; + } + } + + for (size_t j = 0; templates[j].name[0] != 0; j++) { + const struct argument *templ = &templates[j]; + if (templ->type == kRequiredArgument && + out_args->find(templ->name) == out_args->end()) { + fprintf(stderr, "Missing value for required argument: %s\n", templ->name); + return false; + } + } + + return true; +} + +void PrintUsage(const struct argument *templates) { + for (size_t i = 0; templates[i].name[0] != 0; i++) { + const struct argument *templ = &templates[i]; + fprintf(stderr, "%s\t%s\n", templ->name, templ->description); + } +} + +bool GetUnsigned(unsigned *out, const std::string &arg_name, + unsigned default_value, + const std::map<std::string, std::string> &args) { + const auto &it = args.find(arg_name); + if (it == args.end()) { + *out = default_value; + return true; + } + + const std::string &value = it->second; + if (value.empty()) { + return false; + } + + char *endptr; + unsigned long int num = strtoul(value.c_str(), &endptr, 10); + if (*endptr || + num > UINT_MAX) { + return false; + } + + *out = num; + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/ciphers.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/ciphers.cc new file mode 100644 index 000000000..6370b7830 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/ciphers.cc @@ -0,0 +1,64 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <string> +#include <vector> + +#include <stdint.h> +#include <stdlib.h> + +#include <openssl/ssl.h> + +#include "internal.h" + + +bool Ciphers(const std::vector<std::string> &args) { + if (args.size() != 1) { + fprintf(stderr, "Usage: bssl ciphers <cipher suite string>\n"); + return false; + } + + const std::string &ciphers_string = args.back(); + + bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_client_method())); + if (!SSL_CTX_set_strict_cipher_list(ctx.get(), ciphers_string.c_str())) { + fprintf(stderr, "Failed to parse cipher suite config.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + const struct ssl_cipher_preference_list_st *pref_list = ctx->cipher_list; + STACK_OF(SSL_CIPHER) *ciphers = pref_list->ciphers; + + bool last_in_group = false; + for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + bool in_group = pref_list->in_group_flags[i]; + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i); + + if (in_group && !last_in_group) { + printf("[\n "); + } else if (last_in_group) { + printf(" "); + } + + printf("%s\n", SSL_CIPHER_get_name(cipher)); + + if (!in_group && last_in_group) { + printf("]\n"); + } + last_in_group = in_group; + } + + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/client.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/client.cc new file mode 100644 index 000000000..6cd40fb0d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/client.cc @@ -0,0 +1,414 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/base.h> + +#include <stdio.h> + +#if !defined(OPENSSL_WINDOWS) +#include <sys/select.h> +#else +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include <winsock2.h> +OPENSSL_MSVC_PRAGMA(warning(pop)) +#endif + +#include <openssl/err.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> + +#include "../crypto/internal.h" +#include "internal.h" +#include "transport_common.h" + + +static const struct argument kArguments[] = { + { + "-connect", kRequiredArgument, + "The hostname and port of the server to connect to, e.g. foo.com:443", + }, + { + "-cipher", kOptionalArgument, + "An OpenSSL-style cipher suite string that configures the offered ciphers", + }, + { + "-max-version", kOptionalArgument, + "The maximum acceptable protocol version", + }, + { + "-min-version", kOptionalArgument, + "The minimum acceptable protocol version", + }, + { + "-server-name", kOptionalArgument, + "The server name to advertise", + }, + { + "-select-next-proto", kOptionalArgument, + "An NPN protocol to select if the server supports NPN", + }, + { + "-alpn-protos", kOptionalArgument, + "A comma-separated list of ALPN protocols to advertise", + }, + { + "-fallback-scsv", kBooleanArgument, + "Enable FALLBACK_SCSV", + }, + { + "-ocsp-stapling", kBooleanArgument, + "Advertise support for OCSP stabling", + }, + { + "-signed-certificate-timestamps", kBooleanArgument, + "Advertise support for signed certificate timestamps", + }, + { + "-channel-id-key", kOptionalArgument, + "The key to use for signing a channel ID", + }, + { + "-false-start", kBooleanArgument, + "Enable False Start", + }, + { "-session-in", kOptionalArgument, + "A file containing a session to resume.", + }, + { "-session-out", kOptionalArgument, + "A file to write the negotiated session to.", + }, + { + "-key", kOptionalArgument, + "Private-key file to use (default is no client certificate)", + }, + { + "-starttls", kOptionalArgument, + "A STARTTLS mini-protocol to run before the TLS handshake. Supported" + " values: 'smtp'", + }, + { + "-grease", kBooleanArgument, + "Enable GREASE", + }, + { + "-resume", kBooleanArgument, + "Establish a second connection resuming the original connection.", + }, + { + "-root-certs", kOptionalArgument, + "A filename containing one of more PEM root certificates. Implies that" + "verification is required.", + }, + { + "", kOptionalArgument, "", + }, +}; + +static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) { + bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; + } + bssl::UniquePtr<EVP_PKEY> pkey(PEM_read_bio_PrivateKey(bio.get(), nullptr, + nullptr, nullptr)); + return pkey; +} + +static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { + *out = reinterpret_cast<uint8_t *>(arg); + *outlen = strlen(reinterpret_cast<const char *>(arg)); + return SSL_TLSEXT_ERR_OK; +} + +static FILE *g_keylog_file = nullptr; + +static void KeyLogCallback(const SSL *ssl, const char *line) { + fprintf(g_keylog_file, "%s\n", line); + fflush(g_keylog_file); +} + +static bssl::UniquePtr<BIO> session_out; +static bssl::UniquePtr<SSL_SESSION> resume_session; + +static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { + if (session_out) { + if (!PEM_write_bio_SSL_SESSION(session_out.get(), session) || + BIO_flush(session_out.get()) <= 0) { + fprintf(stderr, "Error while saving session:\n"); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return 0; + } + } + resume_session = bssl::UniquePtr<SSL_SESSION>(session); + return 1; +} + +static bool WaitForSession(SSL *ssl, int sock) { + fd_set read_fds; + FD_ZERO(&read_fds); + + if (!SocketSetNonBlocking(sock, true)) { + return false; + } + + while (!resume_session) { + FD_SET(sock, &read_fds); + int ret = select(sock + 1, &read_fds, NULL, NULL, NULL); + if (ret <= 0) { + perror("select"); + return false; + } + + uint8_t buffer[512]; + int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer)); + + if (ssl_ret <= 0) { + int ssl_err = SSL_get_error(ssl, ssl_ret); + if (ssl_err == SSL_ERROR_WANT_READ) { + continue; + } + fprintf(stderr, "Error while reading: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + } + + return true; +} + +static bool DoConnection(SSL_CTX *ctx, + std::map<std::string, std::string> args_map, + bool (*cb)(SSL *ssl, int sock)) { + int sock = -1; + if (!Connect(&sock, args_map["-connect"])) { + return false; + } + + if (args_map.count("-starttls") != 0) { + const std::string& starttls = args_map["-starttls"]; + if (starttls == "smtp") { + if (!DoSMTPStartTLS(sock)) { + return false; + } + } else { + fprintf(stderr, "Unknown value for -starttls: %s\n", starttls.c_str()); + return false; + } + } + + bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_CLOSE)); + bssl::UniquePtr<SSL> ssl(SSL_new(ctx)); + + if (args_map.count("-server-name") != 0) { + SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str()); + } + + if (args_map.count("-session-in") != 0) { + bssl::UniquePtr<BIO> in(BIO_new_file(args_map["-session-in"].c_str(), + "rb")); + if (!in) { + fprintf(stderr, "Error reading session\n"); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + bssl::UniquePtr<SSL_SESSION> session(PEM_read_bio_SSL_SESSION(in.get(), + nullptr, nullptr, nullptr)); + if (!session) { + fprintf(stderr, "Error reading session\n"); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + SSL_set_session(ssl.get(), session.get()); + } else if (resume_session) { + SSL_set_session(ssl.get(), resume_session.get()); + } + + SSL_set_bio(ssl.get(), bio.get(), bio.get()); + bio.release(); + + int ret = SSL_connect(ssl.get()); + if (ret != 1) { + int ssl_err = SSL_get_error(ssl.get(), ret); + fprintf(stderr, "Error while connecting: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + + fprintf(stderr, "Connected.\n"); + PrintConnectionInfo(ssl.get()); + + return cb(ssl.get(), sock); +} + +bool Client(const std::vector<std::string> &args) { + if (!InitSocketLibrary()) { + return false; + } + + std::map<std::string, std::string> args_map; + + if (!ParseKeyValueArguments(&args_map, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_client_method())); + + const char *keylog_file = getenv("SSLKEYLOGFILE"); + if (keylog_file) { + g_keylog_file = fopen(keylog_file, "a"); + if (g_keylog_file == nullptr) { + perror("fopen"); + return false; + } + SSL_CTX_set_keylog_callback(ctx.get(), KeyLogCallback); + } + + if (args_map.count("-cipher") != 0 && + !SSL_CTX_set_strict_cipher_list(ctx.get(), args_map["-cipher"].c_str())) { + fprintf(stderr, "Failed setting cipher list\n"); + return false; + } + + uint16_t max_version = TLS1_3_VERSION; + if (args_map.count("-max-version") != 0 && + !VersionFromString(&max_version, args_map["-max-version"])) { + fprintf(stderr, "Unknown protocol version: '%s'\n", + args_map["-max-version"].c_str()); + return false; + } + + if (!SSL_CTX_set_max_proto_version(ctx.get(), max_version)) { + return false; + } + + if (args_map.count("-min-version") != 0) { + uint16_t version; + if (!VersionFromString(&version, args_map["-min-version"])) { + fprintf(stderr, "Unknown protocol version: '%s'\n", + args_map["-min-version"].c_str()); + return false; + } + if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) { + return false; + } + } + + if (args_map.count("-select-next-proto") != 0) { + const std::string &proto = args_map["-select-next-proto"]; + if (proto.size() > 255) { + fprintf(stderr, "Bad NPN protocol: '%s'\n", proto.c_str()); + return false; + } + // |SSL_CTX_set_next_proto_select_cb| is not const-correct. + SSL_CTX_set_next_proto_select_cb(ctx.get(), NextProtoSelectCallback, + const_cast<char *>(proto.c_str())); + } + + if (args_map.count("-alpn-protos") != 0) { + const std::string &alpn_protos = args_map["-alpn-protos"]; + std::vector<uint8_t> wire; + size_t i = 0; + while (i <= alpn_protos.size()) { + size_t j = alpn_protos.find(',', i); + if (j == std::string::npos) { + j = alpn_protos.size(); + } + size_t len = j - i; + if (len > 255) { + fprintf(stderr, "Invalid ALPN protocols: '%s'\n", alpn_protos.c_str()); + return false; + } + wire.push_back(static_cast<uint8_t>(len)); + wire.resize(wire.size() + len); + OPENSSL_memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i, + len); + i = j + 1; + } + if (SSL_CTX_set_alpn_protos(ctx.get(), wire.data(), wire.size()) != 0) { + return false; + } + } + + if (args_map.count("-fallback-scsv") != 0) { + SSL_CTX_set_mode(ctx.get(), SSL_MODE_SEND_FALLBACK_SCSV); + } + + if (args_map.count("-ocsp-stapling") != 0) { + SSL_CTX_enable_ocsp_stapling(ctx.get()); + } + + if (args_map.count("-signed-certificate-timestamps") != 0) { + SSL_CTX_enable_signed_cert_timestamps(ctx.get()); + } + + if (args_map.count("-channel-id-key") != 0) { + bssl::UniquePtr<EVP_PKEY> pkey = + LoadPrivateKey(args_map["-channel-id-key"]); + if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx.get(), pkey.get())) { + return false; + } + } + + if (args_map.count("-false-start") != 0) { + SSL_CTX_set_mode(ctx.get(), SSL_MODE_ENABLE_FALSE_START); + } + + if (args_map.count("-key") != 0) { + const std::string &key = args_map["-key"]; + if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), SSL_FILETYPE_PEM)) { + fprintf(stderr, "Failed to load private key: %s\n", key.c_str()); + return false; + } + if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key.c_str())) { + fprintf(stderr, "Failed to load cert chain: %s\n", key.c_str()); + return false; + } + } + + SSL_CTX_set_session_cache_mode(ctx.get(), SSL_SESS_CACHE_CLIENT); + SSL_CTX_sess_set_new_cb(ctx.get(), NewSessionCallback); + + if (args_map.count("-session-out") != 0) { + session_out.reset(BIO_new_file(args_map["-session-out"].c_str(), "wb")); + if (!session_out) { + fprintf(stderr, "Error while opening %s:\n", + args_map["-session-out"].c_str()); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + } + + if (args_map.count("-grease") != 0) { + SSL_CTX_set_grease_enabled(ctx.get(), 1); + } + + if (args_map.count("-root-certs") != 0) { + if (!SSL_CTX_load_verify_locations( + ctx.get(), args_map["-root-certs"].c_str(), nullptr)) { + fprintf(stderr, "Failed to load root certificates.\n"); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + SSL_CTX_set_verify(ctx.get(), SSL_VERIFY_PEER, nullptr); + } + + if (args_map.count("-resume") != 0 && + !DoConnection(ctx.get(), args_map, &WaitForSession)) { + return false; + } + + return DoConnection(ctx.get(), args_map, &TransferData); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/const.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/const.cc new file mode 100644 index 000000000..7b7001e50 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/const.cc @@ -0,0 +1,434 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <stddef.h> +#include <stdint.h> + +#include "internal.h" + + +const uint8_t kDERRSAPrivate2048[] = { + 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xd0, 0x02, 0xde, 0x5d, 0x19, 0x33, 0x48, 0x15, 0xc7, 0x86, 0xde, 0xa3, + 0xec, 0x63, 0x89, 0x14, 0x63, 0x99, 0x30, 0x1f, 0x5d, 0x25, 0xb2, 0xfa, + 0x27, 0x28, 0x4b, 0xb4, 0xf3, 0xba, 0xc6, 0xbc, 0x19, 0x38, 0x89, 0x56, + 0xf0, 0x42, 0xae, 0x9f, 0x84, 0x7b, 0x0d, 0xcf, 0xda, 0x1c, 0xd1, 0xd8, + 0x11, 0x26, 0x3f, 0x67, 0x76, 0x19, 0xfd, 0xfe, 0x6b, 0x12, 0xd4, 0x02, + 0x00, 0x42, 0x1b, 0x0f, 0xb6, 0x78, 0x5e, 0x1d, 0xb9, 0x3d, 0x32, 0x4f, + 0x7f, 0x41, 0xe4, 0xc9, 0x1b, 0x94, 0x40, 0x4e, 0xa2, 0x5c, 0x9c, 0x88, + 0x79, 0xf9, 0x9a, 0x64, 0x1b, 0x83, 0xdf, 0x1f, 0x9b, 0xb1, 0xa5, 0xe4, + 0xdf, 0x6d, 0x75, 0x3f, 0x98, 0xc7, 0x42, 0x53, 0xb4, 0x36, 0xba, 0x60, + 0xdd, 0xbd, 0x2d, 0xa9, 0x9f, 0x63, 0xd2, 0x74, 0xcc, 0xff, 0x13, 0x8a, + 0xa1, 0xd0, 0x91, 0x36, 0x1e, 0x22, 0x6e, 0x45, 0x46, 0xf3, 0xd1, 0xca, + 0xf6, 0x2c, 0x3f, 0x87, 0xf1, 0x15, 0xbf, 0xb0, 0x4d, 0xe3, 0xcc, 0xa7, + 0x18, 0xad, 0xa9, 0xb0, 0x5f, 0xbb, 0x2d, 0xc3, 0x06, 0x55, 0x69, 0x40, + 0xb9, 0x9a, 0x92, 0x14, 0x67, 0xde, 0x4c, 0x0d, 0x09, 0xab, 0x57, 0x41, + 0xe4, 0x30, 0xae, 0xd2, 0x22, 0x01, 0xbb, 0x36, 0xcb, 0x45, 0x0a, 0x82, + 0xc8, 0x56, 0x61, 0x39, 0x6a, 0x0a, 0xea, 0xab, 0x39, 0x28, 0x2c, 0x92, + 0x80, 0xe8, 0x00, 0xd1, 0xfa, 0xcc, 0x1d, 0xf8, 0xe5, 0xd7, 0x03, 0x34, + 0x04, 0x1b, 0x17, 0x35, 0xbc, 0xc6, 0xf9, 0x55, 0x0c, 0x05, 0xd8, 0xd3, + 0xc7, 0x4e, 0x0a, 0x92, 0xf1, 0x1d, 0x0d, 0x01, 0xf3, 0x0e, 0x3a, 0x9b, + 0x9b, 0x75, 0x8f, 0xe8, 0x0d, 0xbb, 0xf6, 0x81, 0x09, 0x48, 0x72, 0x05, + 0x9e, 0x0e, 0x48, 0x62, 0xd2, 0xba, 0x88, 0xa3, 0x18, 0xf5, 0x1b, 0xc9, + 0x9b, 0xff, 0x31, 0x3f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x00, 0x76, 0xf1, 0x9c, 0xfb, 0x79, 0x64, 0x84, 0x8c, 0xc7, 0xaa, 0x4c, + 0x77, 0x49, 0xbd, 0xe4, 0xed, 0xbe, 0xc2, 0x22, 0xed, 0x5c, 0x53, 0x29, + 0x53, 0xb7, 0xbe, 0x68, 0x04, 0x11, 0xf6, 0xb4, 0x9b, 0x6c, 0x84, 0x92, + 0xac, 0x1e, 0xf8, 0xd2, 0x67, 0xae, 0xd6, 0xba, 0xa0, 0x27, 0x25, 0xa1, + 0xac, 0xbe, 0xa9, 0xb3, 0x49, 0xd3, 0x13, 0xab, 0xd4, 0xa6, 0x9f, 0x7e, + 0x91, 0xa2, 0x5a, 0x2a, 0xa5, 0x42, 0x7e, 0xf3, 0xba, 0x65, 0x69, 0x23, + 0xf2, 0xa7, 0x5f, 0x23, 0x97, 0x07, 0xe9, 0x2f, 0x18, 0x87, 0xe9, 0x13, + 0x2d, 0x4b, 0x2a, 0x3a, 0x69, 0x91, 0xfe, 0x47, 0x41, 0x08, 0xc3, 0x7d, + 0x8c, 0x31, 0x62, 0xa2, 0xcf, 0xf9, 0xe9, 0xbe, 0xf8, 0xa4, 0x2d, 0x43, + 0x48, 0x0e, 0xa3, 0x95, 0x8f, 0xcf, 0xef, 0xc1, 0xb1, 0x3e, 0x63, 0x81, + 0x66, 0x1d, 0x7f, 0x68, 0xf9, 0x9c, 0x23, 0xae, 0x0f, 0x70, 0xaf, 0xed, + 0xa9, 0x4e, 0x95, 0xd1, 0x39, 0x51, 0x15, 0x55, 0xfc, 0x4e, 0x9e, 0xb3, + 0xb0, 0xc0, 0x07, 0x1d, 0xd9, 0xd2, 0x48, 0x4c, 0x03, 0x31, 0x2d, 0x21, + 0xda, 0x4d, 0xed, 0x29, 0xf8, 0xbf, 0xaf, 0x1f, 0x8d, 0x6f, 0xdc, 0xae, + 0xf0, 0x4a, 0x01, 0xa1, 0xb8, 0x06, 0x61, 0x58, 0x18, 0xff, 0x40, 0xa1, + 0x1c, 0x82, 0xf8, 0x23, 0xaf, 0xce, 0x62, 0x3e, 0x2d, 0x30, 0x09, 0xff, + 0xba, 0xa6, 0x34, 0x7e, 0x6e, 0x9e, 0x59, 0x66, 0x6b, 0x39, 0x08, 0x1f, + 0x3e, 0x76, 0xbc, 0x29, 0xef, 0x10, 0x62, 0x7f, 0xf4, 0xdf, 0xe6, 0x5f, + 0xa4, 0x1f, 0x60, 0xfe, 0x37, 0xdb, 0xd7, 0x8f, 0xff, 0xf9, 0xf0, 0xaf, + 0x66, 0xa2, 0x7d, 0x36, 0x19, 0x7f, 0xe2, 0xc3, 0x84, 0x66, 0x18, 0x2b, + 0x18, 0x16, 0x4f, 0xb3, 0xce, 0x69, 0x6b, 0xb6, 0xd6, 0x98, 0x25, 0xcb, + 0x90, 0x4f, 0x60, 0x68, 0x91, 0x02, 0x81, 0x81, 0x00, 0xf6, 0xd6, 0xae, + 0x84, 0xc0, 0x9f, 0x2f, 0xef, 0xa6, 0x7e, 0x91, 0x7a, 0x4d, 0x1c, 0xe0, + 0x3e, 0x61, 0xf8, 0xcc, 0x4d, 0x0d, 0x09, 0xa3, 0xeb, 0x9a, 0xbe, 0x89, + 0x59, 0x50, 0xf7, 0xd6, 0x8f, 0x66, 0x67, 0x97, 0x7e, 0xb4, 0x2d, 0x73, + 0x08, 0xf8, 0x12, 0x22, 0x7f, 0x5c, 0x76, 0x2b, 0x06, 0x7c, 0xaa, 0x54, + 0x83, 0xce, 0x2d, 0xab, 0xc3, 0xb7, 0xb1, 0x74, 0x10, 0xc9, 0x67, 0xc7, + 0x8c, 0xd1, 0x13, 0x17, 0x1e, 0xb2, 0x4f, 0xc7, 0xda, 0xcf, 0x45, 0xc3, + 0x1c, 0x6d, 0x98, 0x08, 0xc9, 0xf4, 0xd4, 0x6d, 0x16, 0xb4, 0x6b, 0x02, + 0x24, 0x25, 0x0a, 0x2d, 0xc0, 0xa3, 0x2e, 0x4b, 0xae, 0xf7, 0x4e, 0xb5, + 0x68, 0xb2, 0xe7, 0x88, 0xdc, 0x2e, 0xbc, 0x91, 0x42, 0x7f, 0x36, 0xbc, + 0x71, 0x4e, 0xc4, 0x5f, 0xfa, 0xbe, 0x46, 0x89, 0x61, 0xe3, 0x17, 0x3b, + 0x51, 0x29, 0xa8, 0x2c, 0x07, 0x02, 0x81, 0x81, 0x00, 0xd7, 0xbb, 0x45, + 0x76, 0x81, 0x15, 0x3e, 0x1b, 0x95, 0xd8, 0x7c, 0x8c, 0x08, 0x02, 0xe1, + 0x04, 0xaf, 0xa1, 0x59, 0x4c, 0xc7, 0x71, 0xf1, 0xd0, 0xef, 0xa7, 0xb6, + 0xa0, 0x70, 0xd0, 0xf7, 0x86, 0x8d, 0x4a, 0xf6, 0x9f, 0xac, 0xf3, 0x78, + 0xc9, 0xb5, 0xdf, 0x86, 0x71, 0xa9, 0x69, 0x63, 0xe4, 0x8a, 0x22, 0x57, + 0xa2, 0xa8, 0xd5, 0xf1, 0xb0, 0xe5, 0x43, 0x20, 0xd2, 0x18, 0x89, 0x3b, + 0xed, 0x90, 0xf5, 0xde, 0x82, 0x90, 0x7a, 0xd4, 0x0a, 0x3d, 0x89, 0x82, + 0x3a, 0x5f, 0x66, 0x73, 0x0e, 0x98, 0x1c, 0x84, 0x3a, 0x5a, 0x8f, 0xa1, + 0xb8, 0x60, 0xaf, 0x40, 0x8b, 0x6f, 0xda, 0x85, 0xad, 0x55, 0x62, 0x04, + 0xe1, 0x07, 0xb8, 0x49, 0xcb, 0xd4, 0x17, 0xdc, 0xb6, 0xe3, 0x39, 0xf5, + 0x22, 0xa0, 0xec, 0x58, 0xbd, 0x06, 0x4a, 0x87, 0xa1, 0x90, 0x9c, 0x27, + 0xd7, 0xa5, 0x9d, 0xf3, 0x09, 0x02, 0x81, 0x80, 0x28, 0x4c, 0xec, 0xb9, + 0x67, 0xe9, 0x95, 0x9d, 0xff, 0x04, 0xf3, 0x23, 0x90, 0xab, 0x82, 0x41, + 0x2d, 0x25, 0xbd, 0xd5, 0x66, 0xa7, 0x88, 0x47, 0xd3, 0x40, 0x00, 0x94, + 0xc0, 0x8f, 0x76, 0x4c, 0x7b, 0x5f, 0xb6, 0x70, 0x4d, 0x62, 0x8e, 0x41, + 0x8c, 0x9f, 0x09, 0x5a, 0xd9, 0xf1, 0xc1, 0x1c, 0x92, 0x06, 0x0d, 0x3e, + 0x67, 0xcf, 0x35, 0x18, 0x03, 0x49, 0xc9, 0xb5, 0x63, 0xec, 0xb9, 0xbb, + 0xd7, 0xf6, 0xd1, 0xf3, 0x85, 0x11, 0x59, 0x83, 0xf4, 0x0b, 0x63, 0xcb, + 0xa4, 0x69, 0x0a, 0x26, 0x4e, 0xfe, 0xcf, 0xc0, 0xc1, 0x3c, 0x27, 0x61, + 0x57, 0x5a, 0xce, 0x15, 0x81, 0x8e, 0xf1, 0x74, 0x63, 0x94, 0x4a, 0x32, + 0x09, 0xe3, 0x9b, 0x88, 0xb7, 0x68, 0xba, 0x1e, 0xad, 0x3e, 0x76, 0x8d, + 0xd9, 0x5a, 0x5e, 0x81, 0x45, 0xc7, 0xa6, 0x6e, 0x80, 0xf1, 0x2e, 0x12, + 0x16, 0x47, 0x0a, 0xc9, 0x02, 0x81, 0x81, 0x00, 0xa0, 0xc7, 0x6e, 0x46, + 0x9a, 0x7f, 0x85, 0x71, 0x33, 0xa5, 0x4b, 0x75, 0x65, 0x87, 0x17, 0xc2, + 0xd1, 0x4e, 0x33, 0xea, 0x97, 0xfe, 0x20, 0xd5, 0xb1, 0xb6, 0xd1, 0xd2, + 0x13, 0x22, 0x7a, 0x47, 0xaa, 0x48, 0x03, 0x34, 0x0f, 0xc6, 0xc8, 0xef, + 0xb3, 0xff, 0x6a, 0x08, 0x8d, 0xd5, 0x00, 0xe0, 0xd3, 0xde, 0x32, 0x68, + 0x04, 0xe2, 0xa6, 0x25, 0x4b, 0x48, 0x53, 0x4e, 0xa1, 0x80, 0xad, 0xcc, + 0x29, 0x2c, 0x44, 0xf0, 0x13, 0xd3, 0xa6, 0xf2, 0x16, 0xd8, 0xc3, 0xd8, + 0xd3, 0x3e, 0xdc, 0x63, 0x35, 0x14, 0x93, 0xab, 0x95, 0xd0, 0xd4, 0x1b, + 0x40, 0xdb, 0x7c, 0x04, 0x2f, 0x91, 0xb1, 0xec, 0xf3, 0xe4, 0x80, 0x74, + 0x61, 0xb7, 0x84, 0x30, 0x47, 0xda, 0x9c, 0xe1, 0x24, 0xca, 0x0e, 0x1b, + 0x07, 0xc9, 0xfd, 0x7c, 0xab, 0x12, 0xa2, 0xb0, 0xd3, 0xc0, 0xbd, 0xa4, + 0xe7, 0x46, 0xa7, 0x59, 0x02, 0x81, 0x80, 0x30, 0x5a, 0xa3, 0x8e, 0x0f, + 0xeb, 0xad, 0x9f, 0xf6, 0xa4, 0x82, 0xd8, 0x78, 0x83, 0xd2, 0xe4, 0x14, + 0x91, 0x20, 0x6f, 0x1f, 0x2b, 0x08, 0x21, 0x92, 0x5e, 0x30, 0xfe, 0x13, + 0xf2, 0x02, 0xd6, 0xe8, 0x96, 0x40, 0x98, 0x85, 0xb2, 0x63, 0x2b, 0x12, + 0xcf, 0x37, 0x4a, 0x27, 0xb1, 0x5f, 0x6f, 0x76, 0xa0, 0x29, 0xae, 0x2f, + 0x63, 0x72, 0xd9, 0x39, 0xca, 0x09, 0x29, 0x47, 0x98, 0x9f, 0x85, 0xae, + 0xb7, 0xe3, 0x0c, 0xcd, 0xbe, 0x4e, 0x45, 0xd3, 0x69, 0x1a, 0xb7, 0x7f, + 0xce, 0x2d, 0xfe, 0x9b, 0xe7, 0x4c, 0x7c, 0x2c, 0x8c, 0x26, 0x92, 0xdc, + 0x73, 0x71, 0x5f, 0x09, 0x4b, 0x49, 0xbf, 0x86, 0x94, 0xef, 0x3f, 0xf5, + 0x89, 0x8f, 0x12, 0x63, 0xff, 0xf2, 0x61, 0x6a, 0x66, 0xb2, 0xcc, 0x01, + 0x75, 0xef, 0x54, 0xa4, 0xa7, 0x03, 0x49, 0xfd, 0x27, 0xf4, 0x85, 0x00, + 0x77, 0xe6, 0xd3, +}; + +const size_t kDERRSAPrivate2048Len = sizeof(kDERRSAPrivate2048); + +const uint8_t kDERRSAPrivate4096[] = { + 0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, + 0xc3, 0x82, 0x01, 0xda, 0x03, 0xe1, 0x0d, 0x78, 0xf4, 0x86, 0xf1, 0x28, + 0xf0, 0x4c, 0x34, 0xa6, 0x73, 0x0c, 0xfb, 0x22, 0xfa, 0x35, 0xc9, 0x3a, + 0x4c, 0xf1, 0x15, 0xfe, 0x96, 0x4a, 0x64, 0x75, 0xfe, 0x62, 0x5c, 0x77, + 0x76, 0x12, 0x9a, 0x68, 0x63, 0x09, 0x4d, 0x6f, 0x4a, 0xec, 0xc7, 0xac, + 0x17, 0x60, 0x5e, 0xfa, 0xd8, 0xe0, 0xca, 0x3d, 0xfd, 0x0b, 0x5a, 0x88, + 0x4c, 0xe6, 0xbd, 0x99, 0x34, 0x9e, 0x06, 0xc5, 0xf8, 0x33, 0xad, 0x5d, + 0x8d, 0x73, 0x5d, 0x1c, 0xc2, 0xb3, 0xcd, 0x47, 0x2f, 0x41, 0x04, 0xe8, + 0x71, 0x6d, 0xd9, 0x19, 0xf4, 0x56, 0xb8, 0xcf, 0x0f, 0x92, 0x13, 0xb4, + 0x1c, 0x6a, 0x51, 0x4e, 0xdd, 0xd0, 0xc0, 0x20, 0x3f, 0xd9, 0x32, 0x92, + 0xe2, 0xbd, 0x66, 0x33, 0x4b, 0x44, 0xbf, 0xd8, 0x28, 0x3d, 0x51, 0x00, + 0xe3, 0xf8, 0x3b, 0x6c, 0x55, 0x22, 0x71, 0xee, 0xa7, 0x3c, 0xe4, 0x36, + 0xa2, 0xcf, 0x41, 0xeb, 0x64, 0x79, 0xbb, 0x75, 0xe8, 0xc5, 0x29, 0xe1, + 0xa5, 0xd2, 0xf6, 0x84, 0x2c, 0x0e, 0x0c, 0x0f, 0xc2, 0x42, 0xfd, 0xa9, + 0xdb, 0x8f, 0x44, 0xa0, 0xfc, 0xf3, 0x26, 0xd8, 0x6a, 0xc2, 0x14, 0x2d, + 0x3c, 0x09, 0x68, 0x98, 0x67, 0x0e, 0x01, 0xd4, 0x80, 0x02, 0x5c, 0xc0, + 0xb9, 0xd3, 0x12, 0x2e, 0xaa, 0x3c, 0xab, 0x56, 0x8c, 0x96, 0xb3, 0x25, + 0xeb, 0xa7, 0x86, 0xd8, 0xbe, 0x70, 0x01, 0xe9, 0xa7, 0x7b, 0x27, 0x01, + 0xbe, 0x4c, 0x23, 0xf4, 0x19, 0x17, 0x6e, 0x31, 0x69, 0xab, 0x1a, 0x6a, + 0x1f, 0x57, 0xde, 0x9a, 0x8e, 0x1d, 0xfd, 0xd9, 0x5d, 0xce, 0xa0, 0x47, + 0x19, 0x8d, 0x27, 0x33, 0x77, 0xe2, 0xa4, 0x1d, 0x72, 0x72, 0xe6, 0xec, + 0xf3, 0xad, 0x85, 0x50, 0xc0, 0x94, 0xab, 0x78, 0x03, 0x67, 0x1e, 0x48, + 0x45, 0x50, 0x41, 0x7d, 0xb5, 0x62, 0x28, 0x80, 0x41, 0x89, 0xac, 0x99, + 0xe2, 0xd7, 0xe1, 0xc2, 0x54, 0xfc, 0xff, 0xa7, 0xc0, 0x71, 0xc6, 0xd7, + 0xae, 0x05, 0xf2, 0xbc, 0x2a, 0xe8, 0x43, 0x88, 0x4a, 0x0c, 0xb2, 0x61, + 0x2e, 0x9b, 0xac, 0x48, 0x90, 0xaa, 0x7b, 0x24, 0x9b, 0xc2, 0xc5, 0x48, + 0x95, 0x8d, 0x4f, 0x92, 0x6a, 0xb7, 0xcc, 0xb5, 0x9f, 0x06, 0xe4, 0x05, + 0xac, 0x05, 0x81, 0x66, 0xb0, 0x24, 0x04, 0x12, 0xac, 0xac, 0x9a, 0x1e, + 0xea, 0xce, 0x82, 0xfb, 0x27, 0x2e, 0xa1, 0x5e, 0xb8, 0x86, 0x74, 0x1a, + 0x3a, 0xdd, 0x8c, 0x98, 0x3c, 0x23, 0x2b, 0xea, 0x8a, 0xd0, 0x92, 0x43, + 0xbb, 0xec, 0xb3, 0x27, 0x52, 0x2c, 0x7f, 0x07, 0x33, 0xe5, 0x21, 0xa3, + 0xda, 0x4e, 0x65, 0xd2, 0x96, 0xb5, 0x88, 0xcb, 0x9f, 0x0c, 0x21, 0x41, + 0x80, 0x02, 0xb2, 0x9e, 0x78, 0x60, 0x40, 0x18, 0x21, 0x52, 0x4f, 0x09, + 0x5f, 0x75, 0x8b, 0xf3, 0x71, 0x70, 0xab, 0x94, 0x3b, 0xd1, 0xe8, 0x65, + 0x55, 0xf2, 0x76, 0xe3, 0x7c, 0x1d, 0x3a, 0x7c, 0x44, 0xbf, 0xb4, 0x10, + 0x2e, 0x16, 0x7f, 0xdc, 0xd2, 0x37, 0xf3, 0x48, 0x68, 0x80, 0xa9, 0x9d, + 0x56, 0xff, 0x63, 0xed, 0x29, 0x79, 0x39, 0xfa, 0x92, 0x65, 0x22, 0xee, + 0x5c, 0x2a, 0xa9, 0xef, 0x30, 0x82, 0x10, 0xae, 0x46, 0xe2, 0x52, 0xa5, + 0x2e, 0x23, 0xe6, 0x65, 0xb5, 0x54, 0xd8, 0xa1, 0xe8, 0x9c, 0xf1, 0xe3, + 0xf5, 0xc8, 0x4b, 0x54, 0xac, 0x02, 0x4d, 0xdf, 0x01, 0xc2, 0xc7, 0x82, + 0x30, 0x0d, 0x86, 0x17, 0x64, 0x99, 0x7b, 0xfa, 0x46, 0x23, 0x19, 0x6b, + 0x7c, 0x01, 0x61, 0x22, 0xa6, 0x28, 0x17, 0x48, 0xa4, 0x6a, 0x32, 0x00, + 0x16, 0x23, 0x40, 0x0b, 0x51, 0xd7, 0xc7, 0x91, 0x60, 0xd7, 0x32, 0x91, + 0xf5, 0xf7, 0x3c, 0x24, 0xc0, 0x9f, 0x4a, 0xf3, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x00, 0x6b, 0x3d, 0x28, 0x9e, 0xd9, 0x79, 0xdc, + 0xd5, 0xf7, 0xea, 0xfc, 0xe5, 0x23, 0xc9, 0xe9, 0x27, 0x53, 0xfc, 0x4e, + 0xd4, 0xc4, 0xc2, 0x33, 0xfa, 0x92, 0xb1, 0xbb, 0x0a, 0xc6, 0x8d, 0x4f, + 0xc5, 0x99, 0x1f, 0x82, 0xf0, 0xd4, 0x07, 0x28, 0x43, 0x11, 0xef, 0xcc, + 0x55, 0xbb, 0x97, 0x5d, 0x7e, 0xfb, 0xe3, 0x94, 0xb5, 0xab, 0xb8, 0xc1, + 0xb6, 0x76, 0xd2, 0x7f, 0x7a, 0x3c, 0x14, 0x64, 0xf3, 0x60, 0x75, 0x3d, + 0xe9, 0xe1, 0x57, 0x17, 0x45, 0x35, 0x8d, 0x8e, 0x09, 0x74, 0x93, 0x03, + 0x8a, 0x84, 0x54, 0xf9, 0xc8, 0x36, 0x4f, 0xb6, 0xc2, 0x11, 0xd0, 0x6f, + 0xd6, 0xc4, 0x07, 0xb0, 0x5f, 0x1f, 0x27, 0x02, 0x2a, 0x6c, 0x69, 0x50, + 0xb9, 0x5f, 0xcc, 0x57, 0x7d, 0x52, 0x79, 0xe9, 0x51, 0x41, 0x7c, 0x18, + 0x6f, 0x0c, 0xc3, 0x75, 0x67, 0x33, 0xa4, 0xb9, 0x93, 0x96, 0xaf, 0x2a, + 0x27, 0x69, 0xfc, 0x70, 0x81, 0xb7, 0x94, 0x4f, 0xe8, 0x3a, 0x58, 0xbb, + 0x86, 0xd5, 0x83, 0x30, 0x91, 0xe1, 0x4f, 0x72, 0x80, 0xd5, 0x59, 0x6f, + 0x2c, 0x45, 0xb6, 0x51, 0x45, 0x96, 0x75, 0x63, 0x83, 0x9a, 0xbc, 0x15, + 0x16, 0xa8, 0x98, 0x84, 0x50, 0xbb, 0x99, 0xbd, 0x91, 0xbb, 0x15, 0x67, + 0xd3, 0x93, 0xd3, 0xb7, 0xe4, 0xcf, 0x09, 0x03, 0xf4, 0x2c, 0xd4, 0xd2, + 0x76, 0xca, 0xee, 0xee, 0x9d, 0x62, 0x41, 0xa6, 0x29, 0xc5, 0x6b, 0xd2, + 0xe0, 0xc3, 0x49, 0x3e, 0x00, 0x2a, 0xcd, 0xc0, 0xfa, 0xe7, 0xb8, 0x7e, + 0x6d, 0x04, 0x35, 0x22, 0x6c, 0x0b, 0x7d, 0x3b, 0x51, 0x33, 0x9b, 0x27, + 0xde, 0xcf, 0x21, 0xc3, 0xb0, 0xbc, 0x47, 0x3c, 0xb5, 0x72, 0x91, 0x12, + 0xcc, 0x44, 0x36, 0xda, 0x8c, 0x26, 0xad, 0x8b, 0x6e, 0xdb, 0xf3, 0xb0, + 0x8a, 0x47, 0xf3, 0x8c, 0x1c, 0xc0, 0x48, 0x61, 0x63, 0x09, 0x48, 0x08, + 0x4f, 0x3b, 0xb4, 0x90, 0xf7, 0x4b, 0xd7, 0x58, 0x88, 0xfe, 0x3d, 0xe4, + 0x9d, 0xf2, 0xec, 0xf4, 0x6d, 0x70, 0x2c, 0x0f, 0x55, 0x61, 0xdb, 0x62, + 0x3d, 0x75, 0x19, 0x4b, 0x24, 0x02, 0xe3, 0xbd, 0x01, 0xd8, 0xe4, 0x05, + 0x85, 0xda, 0x19, 0xc5, 0x91, 0xda, 0x09, 0xf6, 0xd0, 0xff, 0x7d, 0xae, + 0x68, 0x86, 0x17, 0xac, 0xf7, 0xb9, 0xde, 0xe7, 0x3f, 0x1e, 0xb5, 0x7e, + 0xcd, 0x64, 0xf2, 0x48, 0x61, 0x86, 0x4b, 0x21, 0x5b, 0xe2, 0x3b, 0x69, + 0xfc, 0xeb, 0x17, 0x25, 0x97, 0x6d, 0x6f, 0xd9, 0x7e, 0xce, 0x31, 0xb7, + 0xad, 0x2c, 0xb0, 0x31, 0xaf, 0x89, 0x2d, 0x8d, 0x30, 0x2a, 0x45, 0x69, + 0x0c, 0x8e, 0x96, 0xfa, 0x00, 0xcb, 0x47, 0x32, 0x3c, 0x40, 0xe5, 0x75, + 0xe3, 0xa9, 0x4f, 0xd4, 0xa8, 0x33, 0x76, 0x59, 0xea, 0xbe, 0x09, 0xae, + 0x2c, 0x27, 0x9e, 0x1f, 0xc2, 0xdd, 0x90, 0x38, 0xe6, 0xb8, 0x49, 0x1f, + 0x17, 0x5a, 0x01, 0xa2, 0x73, 0xaa, 0x92, 0xb6, 0xed, 0x26, 0xd7, 0x0d, + 0xa0, 0x39, 0x42, 0xdb, 0xc1, 0xf6, 0xe3, 0x0b, 0x11, 0x4c, 0x3e, 0x40, + 0xba, 0x2a, 0x42, 0xa9, 0x5b, 0x74, 0x0a, 0xcd, 0x0c, 0xae, 0x13, 0x27, + 0x6b, 0x37, 0xfa, 0xdd, 0x08, 0x89, 0xb4, 0xc2, 0x11, 0xda, 0xb2, 0x8d, + 0x44, 0x59, 0x1f, 0x19, 0x1a, 0x7d, 0x0b, 0x70, 0x62, 0x00, 0x8a, 0x4a, + 0x2e, 0xda, 0x44, 0xc6, 0xc6, 0xf9, 0xe6, 0x14, 0xdc, 0xe1, 0x9e, 0xb6, + 0x8e, 0xcf, 0x0d, 0xa2, 0xf4, 0x64, 0x8c, 0x71, 0x4e, 0x0a, 0xf6, 0xa8, + 0xca, 0x2d, 0xe0, 0xd2, 0x5f, 0x78, 0xee, 0x3d, 0x77, 0x13, 0xba, 0x61, + 0xac, 0xe3, 0x0f, 0xb0, 0x5f, 0xd3, 0x28, 0x12, 0x5d, 0xa6, 0xe9, 0x38, + 0xfa, 0x6e, 0xe7, 0xdf, 0xee, 0x65, 0x98, 0x97, 0x48, 0xb7, 0xa9, 0x73, + 0x21, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe7, 0x1b, 0x4c, 0x5c, 0xcc, 0xb7, + 0xae, 0x4b, 0xe8, 0x7d, 0x19, 0xc0, 0x53, 0xc7, 0x17, 0x86, 0xac, 0xef, + 0x79, 0x94, 0x61, 0xc3, 0x17, 0x17, 0xb6, 0x5f, 0x08, 0x7c, 0xc7, 0x96, + 0xf3, 0x69, 0xc4, 0x2b, 0x90, 0xae, 0x35, 0x57, 0x2c, 0x73, 0x10, 0xaa, + 0x59, 0x69, 0x42, 0x21, 0xa3, 0x29, 0x94, 0x35, 0x3c, 0x12, 0x9e, 0xa0, + 0x08, 0x28, 0xad, 0x34, 0x3d, 0x07, 0x23, 0x6d, 0xb8, 0xfa, 0x48, 0x4e, + 0x1a, 0x4b, 0xeb, 0x4c, 0x91, 0xf2, 0xa0, 0x83, 0x75, 0x8c, 0x82, 0x4e, + 0xea, 0x75, 0xfb, 0x39, 0x9e, 0x81, 0xe9, 0xac, 0x8f, 0x1f, 0x7c, 0x59, + 0x4f, 0x8e, 0x99, 0x81, 0x2e, 0xea, 0xb7, 0x77, 0x16, 0xf4, 0xea, 0x9e, + 0x4a, 0x44, 0xa0, 0x5b, 0xc6, 0x22, 0x82, 0xa3, 0x54, 0x1f, 0x9e, 0x07, + 0xfb, 0x8e, 0x92, 0xd0, 0x31, 0x5e, 0x68, 0x26, 0xdf, 0x18, 0xc3, 0x85, + 0xba, 0x43, 0xcb, 0xae, 0x3d, 0x31, 0x03, 0xc6, 0x20, 0xfd, 0x11, 0xb1, + 0x62, 0xdc, 0xa0, 0xb4, 0xef, 0x21, 0x8c, 0x1d, 0x95, 0xfa, 0xf1, 0x79, + 0xba, 0x97, 0x43, 0xf7, 0x45, 0x39, 0x05, 0x54, 0xbf, 0x49, 0xab, 0x99, + 0x00, 0x6a, 0x06, 0x84, 0x9c, 0xb6, 0xf0, 0xdc, 0x46, 0x8e, 0x1c, 0x66, + 0xec, 0x4a, 0xae, 0xc3, 0xba, 0xfb, 0x1b, 0xe7, 0xef, 0x0b, 0xb6, 0xe5, + 0xd7, 0xf1, 0x6c, 0x82, 0xd8, 0xdc, 0xa3, 0xc2, 0x02, 0x17, 0x53, 0xe0, + 0xa0, 0x84, 0x4e, 0xad, 0x4a, 0x9b, 0x07, 0x87, 0x1a, 0x59, 0x21, 0xba, + 0xa0, 0x9b, 0x8f, 0x27, 0xa0, 0x93, 0xf7, 0x51, 0xad, 0x62, 0xc0, 0x6f, + 0x00, 0x37, 0x16, 0x70, 0xa6, 0x30, 0xb7, 0xa9, 0x7b, 0x7f, 0x53, 0x9d, + 0x54, 0x93, 0xba, 0x1f, 0xe1, 0x35, 0x4a, 0x88, 0x45, 0x34, 0x95, 0x24, + 0x64, 0x9a, 0xa5, 0x61, 0x7c, 0xed, 0x83, 0x38, 0xfb, 0x45, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xd8, 0x91, 0x15, 0x00, 0x3f, 0x7f, 0x27, 0x0a, 0x3b, + 0xc4, 0x67, 0x36, 0x1d, 0x13, 0xd1, 0x50, 0x39, 0x1e, 0x26, 0xad, 0x25, + 0x65, 0x6a, 0x1d, 0xf7, 0x5d, 0x6b, 0x4b, 0x26, 0xb0, 0x32, 0x5a, 0x30, + 0x78, 0xb6, 0x11, 0xab, 0x5b, 0x4b, 0x6e, 0xcd, 0xe5, 0x93, 0xb2, 0xa9, + 0xca, 0x4b, 0xe8, 0x61, 0x45, 0xd1, 0xf7, 0x8b, 0x11, 0x77, 0x3a, 0x59, + 0xd6, 0xb3, 0x2a, 0xf3, 0x8a, 0x6a, 0x2e, 0x53, 0xe8, 0x21, 0xda, 0x03, + 0xd5, 0x2d, 0xcc, 0xd2, 0xba, 0xec, 0x11, 0x69, 0xe3, 0xab, 0xd5, 0x9e, + 0xfc, 0x9c, 0xff, 0x90, 0x79, 0x05, 0x3a, 0xb0, 0x5e, 0x43, 0x05, 0xd7, + 0x9b, 0xec, 0xda, 0x22, 0x2c, 0xc4, 0x18, 0x28, 0x26, 0xbb, 0xdb, 0x45, + 0xa0, 0x7d, 0x32, 0x17, 0xc3, 0x14, 0xd8, 0x72, 0x7a, 0x59, 0x33, 0x5e, + 0x02, 0xb2, 0x3c, 0xd8, 0x46, 0x82, 0x5e, 0x9c, 0x06, 0x20, 0x5f, 0x63, + 0xd8, 0x02, 0xda, 0x59, 0x0b, 0x32, 0x89, 0xc4, 0xbd, 0x63, 0x74, 0xbb, + 0x76, 0x34, 0xb9, 0x18, 0x29, 0x6d, 0x79, 0xe6, 0x02, 0x57, 0xab, 0x16, + 0x5a, 0x59, 0xea, 0x22, 0xdc, 0x37, 0x9c, 0x19, 0x7a, 0x2a, 0x40, 0xeb, + 0xa7, 0x2d, 0xef, 0x3d, 0xc5, 0x29, 0x71, 0xa6, 0x4a, 0x2d, 0x62, 0xc4, + 0x85, 0xed, 0x65, 0x88, 0x7a, 0x83, 0x3c, 0x06, 0x9a, 0xac, 0x24, 0x50, + 0xed, 0x27, 0xfc, 0xff, 0x98, 0xdb, 0x8b, 0xf1, 0xf1, 0x6f, 0xa0, 0x89, + 0xc1, 0xfe, 0x82, 0xbb, 0xab, 0xe1, 0xc2, 0x2a, 0xea, 0xd3, 0x73, 0xbf, + 0xe9, 0xb3, 0x4d, 0xd7, 0xf4, 0x3b, 0x66, 0x9f, 0x3b, 0xd4, 0x9b, 0xf9, + 0xad, 0xa0, 0x45, 0xed, 0x58, 0x41, 0xc6, 0xf2, 0x32, 0x0c, 0xbd, 0xc6, + 0x4b, 0x2b, 0xfa, 0x1c, 0x57, 0x49, 0x5d, 0x82, 0x37, 0xba, 0x02, 0x8e, + 0x43, 0x72, 0x1f, 0xdc, 0x55, 0x74, 0xd7, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xc0, 0xcc, 0xc3, 0x4d, 0xff, 0xf3, 0x94, 0xd2, 0xfa, 0xe7, 0xb2, 0xde, + 0x02, 0x86, 0x6b, 0x98, 0x0d, 0x19, 0xd3, 0xa1, 0xf8, 0x55, 0x1b, 0x24, + 0xcb, 0x1e, 0x49, 0x24, 0x60, 0x16, 0x0c, 0x87, 0xc6, 0x02, 0x5a, 0x37, + 0x1b, 0x84, 0xd8, 0x2e, 0x3e, 0x4e, 0xff, 0x3c, 0x92, 0xd1, 0x21, 0x1f, + 0x84, 0xe7, 0x4c, 0x70, 0x74, 0x29, 0x29, 0xe5, 0x55, 0x69, 0xe9, 0x27, + 0xd5, 0x64, 0xaa, 0x17, 0x12, 0xcf, 0x25, 0x9d, 0x04, 0x75, 0xe2, 0xa4, + 0x39, 0x48, 0xb2, 0x7e, 0x40, 0x0f, 0xba, 0x06, 0x27, 0x4a, 0x10, 0x74, + 0x6d, 0x0f, 0x6a, 0x6f, 0x67, 0xfb, 0xd2, 0x25, 0x32, 0xe6, 0xd4, 0xcf, + 0x37, 0xb3, 0x80, 0x51, 0x5e, 0x92, 0x23, 0x7f, 0x51, 0x10, 0x7f, 0x21, + 0x37, 0x3f, 0x2e, 0xe5, 0x19, 0x9f, 0xab, 0x3b, 0x6c, 0x3b, 0x87, 0x94, + 0x2c, 0xeb, 0x90, 0xdf, 0x45, 0xee, 0x80, 0x50, 0x22, 0xd1, 0xff, 0x76, + 0xae, 0xa1, 0x51, 0xd0, 0x0e, 0x3c, 0xa0, 0x2f, 0x53, 0x5a, 0xde, 0xcc, + 0x6b, 0xea, 0x1a, 0xbf, 0x39, 0x48, 0xc6, 0x63, 0x7f, 0x6e, 0x00, 0x2f, + 0xeb, 0xc4, 0xa1, 0xb8, 0xc2, 0x11, 0x68, 0x89, 0x0b, 0x5b, 0x02, 0xaa, + 0x94, 0x12, 0x10, 0x42, 0x6a, 0x6b, 0x6a, 0xe1, 0x7b, 0x1f, 0x0b, 0x14, + 0x86, 0x59, 0x5d, 0xd1, 0xb6, 0x09, 0xd5, 0xb7, 0x31, 0x41, 0x8f, 0xcd, + 0xb2, 0x48, 0x1e, 0x1a, 0x7b, 0xfd, 0x3f, 0xac, 0x61, 0x3e, 0xac, 0xa8, + 0xdd, 0x04, 0xd6, 0xf4, 0x58, 0xf1, 0x2b, 0x1f, 0xdb, 0xb3, 0xc1, 0x80, + 0xef, 0xa9, 0x12, 0x2e, 0xfa, 0x3f, 0x20, 0x3c, 0xd4, 0xd9, 0xb1, 0xab, + 0x9e, 0xed, 0x23, 0x7c, 0x3b, 0xb3, 0x5b, 0x65, 0xca, 0xb6, 0xe1, 0xd8, + 0xe5, 0x8e, 0xfd, 0xbd, 0x3a, 0x57, 0x1c, 0x1e, 0xef, 0xad, 0x7e, 0xdd, + 0x5e, 0xc5, 0xe0, 0xc9, 0x02, 0x82, 0x01, 0x00, 0x28, 0x3d, 0xfd, 0x5b, + 0x08, 0x71, 0x86, 0x3d, 0x9e, 0x91, 0x86, 0x64, 0x45, 0xce, 0xf2, 0xec, + 0x27, 0x50, 0xf4, 0xfa, 0xe3, 0xa2, 0x0e, 0xaf, 0xf6, 0xd1, 0x43, 0x28, + 0xb9, 0xcd, 0xaf, 0xed, 0x96, 0x68, 0x37, 0xdc, 0xdc, 0xac, 0xa0, 0x3d, + 0xbc, 0xc0, 0xd6, 0x4b, 0x32, 0xc5, 0xc6, 0x89, 0x2d, 0xda, 0x1d, 0x84, + 0x14, 0x31, 0x70, 0xa8, 0x45, 0x1d, 0x62, 0x39, 0xae, 0xfb, 0x9f, 0x73, + 0x70, 0x60, 0x08, 0x3a, 0x4c, 0xd0, 0x06, 0x2c, 0xb3, 0x53, 0xcc, 0x9e, + 0x07, 0xc1, 0x28, 0xa3, 0x0f, 0x61, 0xfd, 0x82, 0x77, 0xc4, 0x25, 0x36, + 0x9c, 0xa3, 0x47, 0x6d, 0x04, 0x7d, 0x92, 0xeb, 0x8d, 0xc2, 0x27, 0xc6, + 0x1d, 0x5f, 0xe5, 0x34, 0x7f, 0xa1, 0xac, 0xe1, 0xec, 0x0c, 0x72, 0x09, + 0x2e, 0x6c, 0x91, 0xba, 0xbb, 0xd3, 0x60, 0x6f, 0x71, 0xf8, 0xd8, 0x2c, + 0xe0, 0x6d, 0x3b, 0x02, 0xbe, 0xb8, 0xda, 0xfe, 0xdb, 0xe0, 0xfa, 0xc9, + 0x22, 0xe7, 0xd6, 0x5d, 0x50, 0xa0, 0x4c, 0x77, 0xc0, 0x87, 0xa2, 0x32, + 0x2e, 0x8d, 0x6c, 0xe0, 0xfb, 0xcc, 0x5a, 0x3c, 0xe9, 0xb1, 0x66, 0x1b, + 0xf9, 0x97, 0xfb, 0xd6, 0x08, 0x74, 0x0e, 0x53, 0x10, 0x75, 0x5c, 0x98, + 0x23, 0xc0, 0x50, 0xe2, 0xb3, 0x85, 0xf7, 0x71, 0x10, 0x85, 0x43, 0x71, + 0x9a, 0x00, 0x8f, 0xd0, 0x47, 0xc1, 0x69, 0xd6, 0xd7, 0x5f, 0xfe, 0x1b, + 0xe9, 0x1f, 0x66, 0x10, 0xbc, 0xc8, 0x71, 0x94, 0xb5, 0x6e, 0xe1, 0x0a, + 0x85, 0x93, 0x11, 0x2b, 0xc7, 0x13, 0x94, 0x1f, 0xf8, 0xeb, 0x07, 0x46, + 0xb0, 0x7c, 0x1b, 0xab, 0xc8, 0x1f, 0x7d, 0x52, 0xc1, 0x21, 0xcf, 0x47, + 0x3a, 0xa6, 0x16, 0x3c, 0x05, 0x66, 0xde, 0x8b, 0x21, 0x4d, 0x0e, 0xf2, + 0xf3, 0x49, 0x8b, 0xa5, 0x01, 0xee, 0x82, 0x7c, 0x6d, 0x22, 0xec, 0x0d, + 0x02, 0x82, 0x01, 0x00, 0x39, 0x88, 0xc7, 0x5d, 0x9c, 0x8b, 0xbc, 0xa1, + 0x33, 0xe4, 0x93, 0x24, 0x91, 0x3c, 0xfb, 0x35, 0xf5, 0xaf, 0x61, 0xa3, + 0x06, 0x0e, 0xf5, 0x28, 0x9e, 0x95, 0x21, 0xd8, 0xa3, 0xea, 0x77, 0xc0, + 0x70, 0x28, 0x3f, 0xff, 0x4e, 0x6b, 0x8c, 0x01, 0x83, 0x43, 0xcd, 0x71, + 0xb4, 0xe3, 0xcc, 0xa7, 0x1e, 0xff, 0xbe, 0xf4, 0x78, 0xdc, 0x67, 0xf5, + 0xe9, 0x3d, 0x6d, 0x06, 0x29, 0x53, 0xd5, 0x20, 0x99, 0x4b, 0x03, 0xab, + 0x41, 0x48, 0xe7, 0x13, 0x28, 0x1f, 0x0f, 0x96, 0xea, 0x44, 0x12, 0x6b, + 0x0d, 0x67, 0xfc, 0x3b, 0x7b, 0xbc, 0x2a, 0x2d, 0x2a, 0x8b, 0x31, 0xa5, + 0x81, 0xc8, 0xf4, 0x4d, 0xd2, 0x9f, 0xbf, 0x49, 0x11, 0xd6, 0x05, 0x2b, + 0x68, 0x8f, 0x5a, 0x40, 0x98, 0x0a, 0x3f, 0x3f, 0xd5, 0xae, 0x96, 0x46, + 0xae, 0xd0, 0x66, 0x80, 0xe4, 0x3c, 0x2e, 0x34, 0xde, 0x7d, 0xbc, 0x30, + 0x95, 0xa2, 0x6a, 0x94, 0x4e, 0xa5, 0x4c, 0x55, 0x37, 0xca, 0x0d, 0x70, + 0x6b, 0xae, 0xde, 0x1e, 0xa2, 0xcd, 0x6a, 0xdf, 0xda, 0xa1, 0xa1, 0xd8, + 0xec, 0xd3, 0x9d, 0xde, 0x07, 0xc1, 0xa0, 0xb7, 0xab, 0x52, 0xe4, 0xc8, + 0x3c, 0x1b, 0x55, 0xae, 0xb7, 0x84, 0x9b, 0xd6, 0x90, 0x13, 0x49, 0xed, + 0x65, 0x88, 0x4b, 0x3c, 0x94, 0x55, 0xc8, 0x86, 0x87, 0x5a, 0x0b, 0xa5, + 0x7c, 0x20, 0xec, 0xc5, 0x48, 0x9e, 0xb2, 0x6c, 0x0e, 0x0c, 0xf2, 0x4d, + 0xea, 0x1a, 0x44, 0x8e, 0x66, 0xaa, 0x6e, 0x6c, 0x9a, 0xea, 0x18, 0x02, + 0x7c, 0xaf, 0xf0, 0x5e, 0x63, 0xb7, 0xe2, 0xb1, 0x8e, 0x99, 0x99, 0x32, + 0xa5, 0x0f, 0x0f, 0x35, 0x88, 0x6d, 0xf6, 0xc5, 0x5c, 0x75, 0x70, 0x7f, + 0xab, 0x78, 0xa3, 0x15, 0x43, 0x08, 0x88, 0x58, 0x9d, 0xbb, 0x63, 0xf7, + 0x59, 0x8e, 0xd7, 0x45, 0x87, 0x86, 0x05, 0x9d, +}; + +const size_t kDERRSAPrivate4096Len = sizeof(kDERRSAPrivate4096); + +const uint8_t kDERRSAPrivate3Prime2048[] = { + 0x30, 0x82, 0x04, 0xd7, 0x02, 0x01, 0x01, 0x02, 0x82, 0x01, 0x00, 0x62, + 0x91, 0xe9, 0xea, 0xb3, 0x5d, 0x6c, 0x29, 0xae, 0x21, 0x83, 0xbb, 0xb5, + 0x82, 0xb1, 0x9e, 0xea, 0xe0, 0x64, 0x5b, 0x1e, 0x2f, 0x5e, 0x2c, 0x0a, + 0x80, 0x3d, 0x29, 0xd4, 0xfa, 0x9a, 0xe7, 0x44, 0xe6, 0x21, 0xbd, 0x98, + 0xc0, 0x3d, 0xe0, 0x53, 0x59, 0xae, 0xd3, 0x3e, 0xfe, 0xc4, 0xc2, 0xc4, + 0x5a, 0x5a, 0x89, 0x07, 0xf4, 0x4f, 0xdc, 0xb0, 0x6a, 0xd4, 0x3e, 0x99, + 0x7d, 0x7a, 0x97, 0x26, 0x4e, 0xe1, 0x93, 0xca, 0x6e, 0xed, 0x07, 0xfc, + 0xb4, 0xfa, 0x95, 0x1e, 0x73, 0x7b, 0x86, 0x08, 0x6a, 0xb9, 0xd4, 0x29, + 0xb0, 0x7e, 0x59, 0xb7, 0x9d, 0x7b, 0xeb, 0x67, 0x6e, 0xf0, 0xbb, 0x5e, + 0xcf, 0xb9, 0xcd, 0x58, 0x93, 0xf0, 0xe7, 0x88, 0x17, 0x6c, 0x0d, 0x76, + 0x1e, 0xb9, 0x27, 0x9a, 0x4d, 0x02, 0x16, 0xb6, 0x49, 0x6d, 0xa7, 0x83, + 0x23, 0x4d, 0x02, 0x48, 0x0c, 0x0c, 0x1f, 0x0e, 0x85, 0x21, 0xe3, 0x06, + 0x76, 0x0a, 0x73, 0xe6, 0xc1, 0x21, 0xfa, 0x30, 0x18, 0x78, 0x29, 0x5c, + 0x31, 0xd0, 0x29, 0xae, 0x6f, 0x7d, 0x87, 0xd8, 0x2f, 0x16, 0xfa, 0xbc, + 0x67, 0x8a, 0x94, 0x71, 0x59, 0x9b, 0xec, 0x22, 0x40, 0x55, 0x9f, 0xc2, + 0x94, 0xb5, 0xbd, 0x78, 0x01, 0xc9, 0xef, 0x18, 0xc8, 0x6d, 0x0d, 0xdc, + 0x53, 0x42, 0xb2, 0x5c, 0xab, 0x65, 0x05, 0xbd, 0x35, 0x08, 0x85, 0x1b, + 0xf8, 0xe9, 0x47, 0xbc, 0xfe, 0xc5, 0xae, 0x47, 0x29, 0x63, 0x44, 0x8e, + 0x4d, 0xb7, 0x47, 0xab, 0x0d, 0xd8, 0x76, 0x68, 0x4f, 0xc7, 0x07, 0x02, + 0xe4, 0x86, 0xb0, 0xcf, 0xd8, 0x19, 0xad, 0xf4, 0x85, 0x76, 0x8b, 0x3b, + 0x4e, 0x40, 0x8d, 0x29, 0x7a, 0x8a, 0x07, 0x36, 0xf3, 0x78, 0xae, 0x17, + 0xa6, 0x8f, 0x53, 0x58, 0x65, 0x4c, 0x86, 0x9e, 0xd7, 0x8b, 0xec, 0x38, + 0x4f, 0x99, 0xc7, 0x02, 0x01, 0x03, 0x02, 0x82, 0x01, 0x00, 0x41, 0xb6, + 0x9b, 0xf1, 0xcc, 0xe8, 0xf2, 0xc6, 0x74, 0x16, 0x57, 0xd2, 0x79, 0x01, + 0xcb, 0xbf, 0x47, 0x40, 0x42, 0xe7, 0x69, 0x74, 0xe9, 0x72, 0xb1, 0xaa, + 0xd3, 0x71, 0x38, 0xa7, 0x11, 0xef, 0x83, 0x44, 0x16, 0x7e, 0x65, 0xd5, + 0x7e, 0x95, 0x8c, 0xe6, 0x74, 0x8c, 0xd4, 0xa9, 0xd8, 0x81, 0xd8, 0x3c, + 0x3c, 0x5b, 0x5a, 0xa2, 0xdf, 0xe8, 0x75, 0x9c, 0x8d, 0x7f, 0x10, 0xfe, + 0x51, 0xba, 0x19, 0x89, 0xeb, 0xb7, 0xdc, 0x49, 0xf3, 0x5a, 0xa8, 0x78, + 0xa7, 0x0e, 0x14, 0x4c, 0xfd, 0x04, 0x05, 0x9c, 0x7b, 0xe2, 0xc5, 0xa3, + 0x04, 0xee, 0xd9, 0x4c, 0xfd, 0x7d, 0x47, 0xb0, 0x0d, 0x9b, 0x3d, 0x70, + 0x91, 0x81, 0x2c, 0xab, 0x2b, 0x87, 0xad, 0x11, 0x68, 0x24, 0xfc, 0x2b, + 0xd4, 0xee, 0x5e, 0x28, 0xeb, 0x6d, 0xab, 0xde, 0x0f, 0x77, 0x15, 0x58, + 0x76, 0x39, 0xc9, 0x59, 0x3a, 0x7f, 0x19, 0x9d, 0xc6, 0x7e, 0x86, 0xe4, + 0xd5, 0x38, 0x70, 0x9e, 0xae, 0xb9, 0xfb, 0x33, 0x33, 0xd1, 0x0c, 0x2d, + 0xab, 0x01, 0x20, 0xe1, 0x8b, 0x29, 0x99, 0xd3, 0xeb, 0x87, 0x05, 0x72, + 0xaa, 0x43, 0x58, 0x64, 0x8e, 0x9e, 0x31, 0xdb, 0x45, 0x9b, 0x2b, 0xac, + 0x58, 0x80, 0x5d, 0x33, 0xa2, 0x43, 0x05, 0x96, 0xcc, 0xca, 0x2d, 0x04, + 0x5f, 0xd6, 0xb7, 0x3d, 0x8b, 0x8f, 0x2d, 0xa3, 0xa5, 0xf8, 0x73, 0xf5, + 0xd7, 0xc0, 0x19, 0xff, 0x10, 0xe6, 0xee, 0x3a, 0x26, 0x2f, 0xe1, 0x64, + 0x3d, 0x11, 0xcd, 0x2d, 0xe4, 0x0a, 0x84, 0x27, 0xe3, 0xcb, 0x16, 0x62, + 0x19, 0xe7, 0xe3, 0x0d, 0x13, 0xe8, 0x09, 0x5a, 0x53, 0xd0, 0x20, 0x56, + 0x15, 0xf5, 0xb3, 0x67, 0xac, 0xa1, 0xb5, 0x94, 0x6b, 0xab, 0xdc, 0x71, + 0xc7, 0xbf, 0x0a, 0xde, 0x76, 0xf5, 0x03, 0xa0, 0x30, 0xd8, 0x27, 0x9d, + 0x00, 0x2b, 0x02, 0x57, 0x00, 0xf1, 0x4f, 0xc2, 0x86, 0x13, 0x06, 0x17, + 0xf7, 0x69, 0x7e, 0x37, 0xdf, 0x67, 0xc5, 0x32, 0xa0, 0x74, 0x1c, 0x32, + 0x69, 0x0f, 0x9f, 0x08, 0x88, 0x24, 0xb1, 0x51, 0xbc, 0xbc, 0x92, 0xba, + 0x73, 0x1f, 0x9c, 0x75, 0xc2, 0x14, 0x6d, 0x4f, 0xc4, 0x5a, 0xcf, 0xda, + 0x44, 0x35, 0x00, 0x6b, 0x42, 0x3b, 0x9f, 0x14, 0xf1, 0x05, 0xb3, 0x51, + 0x22, 0xb6, 0xbe, 0x9c, 0xe0, 0xc1, 0x5c, 0x48, 0x61, 0xdf, 0x4e, 0x4c, + 0x72, 0xb8, 0x05, 0x35, 0x7c, 0xac, 0xf1, 0xbb, 0xa0, 0x3b, 0x2a, 0xea, + 0xf7, 0x86, 0xe9, 0xd2, 0xff, 0x1e, 0x1d, 0x02, 0x56, 0x00, 0xca, 0xb1, + 0x39, 0xf6, 0xa2, 0xc6, 0x3b, 0x65, 0x45, 0x2f, 0x39, 0x00, 0xcd, 0x6e, + 0xd6, 0x55, 0xf7, 0x71, 0x37, 0x89, 0xc2, 0xe7, 0x7a, 0xc0, 0x1a, 0xa6, + 0x2f, 0xea, 0x17, 0x7c, 0xaa, 0x2a, 0x91, 0x8f, 0xd4, 0xc7, 0x50, 0x8b, + 0xab, 0x8e, 0x99, 0x3b, 0x33, 0x91, 0xbc, 0x02, 0x10, 0x58, 0x4b, 0x58, + 0x40, 0x9b, 0xc4, 0x8f, 0x48, 0x2b, 0xa7, 0x44, 0xfd, 0x07, 0x04, 0xf0, + 0x98, 0x67, 0x56, 0xea, 0x25, 0x92, 0x8b, 0x2e, 0x4b, 0x4a, 0xa1, 0xd3, + 0xc2, 0xa4, 0xb4, 0x9b, 0x59, 0x70, 0x32, 0xa6, 0xd8, 0x8b, 0xd9, 0x02, + 0x57, 0x00, 0xa0, 0xdf, 0xd7, 0x04, 0x0c, 0xae, 0xba, 0xa4, 0xf0, 0xfe, + 0xcf, 0xea, 0x45, 0x2e, 0x21, 0xc0, 0x4d, 0x68, 0x21, 0x9b, 0x5f, 0xbf, + 0x5b, 0x05, 0x6d, 0xcb, 0x8b, 0xd3, 0x28, 0x61, 0xd1, 0xa2, 0x15, 0x12, + 0xf9, 0x2c, 0x0d, 0x9e, 0x35, 0x2d, 0x91, 0xdf, 0xe6, 0xd8, 0x23, 0x55, + 0x9c, 0xd6, 0xd2, 0x6a, 0x0d, 0xf6, 0x03, 0xcc, 0xe0, 0xc1, 0xcf, 0x29, + 0xbd, 0xeb, 0x2b, 0x92, 0xda, 0xeb, 0xea, 0x34, 0x32, 0xf7, 0x25, 0x58, + 0xce, 0x53, 0x1d, 0xf6, 0x7d, 0x15, 0x7c, 0xc7, 0x47, 0x4f, 0xaf, 0x46, + 0x8c, 0xaa, 0x14, 0x13, 0x02, 0x56, 0x00, 0x87, 0x20, 0xd1, 0x4f, 0x17, + 0x2e, 0xd2, 0x43, 0x83, 0x74, 0xd0, 0xab, 0x33, 0x9f, 0x39, 0x8e, 0xa4, + 0xf6, 0x25, 0x06, 0x81, 0xef, 0xa7, 0x2a, 0xbc, 0x6e, 0xca, 0x9c, 0x0f, + 0xa8, 0x71, 0x71, 0xb6, 0x5f, 0xe3, 0x2f, 0x8b, 0x07, 0xc7, 0xb4, 0x66, + 0x27, 0x77, 0xb6, 0x7d, 0x56, 0xb5, 0x90, 0x32, 0x3a, 0xd5, 0xbd, 0x2d, + 0xb4, 0xda, 0xc7, 0xc4, 0xd8, 0xa8, 0xaf, 0x58, 0xa0, 0x65, 0x9a, 0x39, + 0xf1, 0x6e, 0x61, 0xb2, 0x1e, 0xdc, 0xdc, 0x6b, 0xe2, 0x81, 0xc3, 0x23, + 0x12, 0x3b, 0xa0, 0x21, 0xc4, 0x90, 0x5d, 0x3b, 0x02, 0x57, 0x00, 0xe6, + 0x8a, 0xaa, 0xb8, 0x6d, 0x2c, 0x81, 0x43, 0xb5, 0xd6, 0xa0, 0x2b, 0x42, + 0x49, 0xa9, 0x0a, 0x51, 0xfa, 0x18, 0xc8, 0x32, 0xea, 0x54, 0x18, 0xf3, + 0x60, 0xc2, 0xb5, 0x4a, 0x43, 0x05, 0x93, 0x9c, 0x01, 0xd9, 0x28, 0xed, + 0x73, 0xfa, 0x82, 0xbc, 0x12, 0x64, 0xcb, 0xc4, 0x24, 0xa9, 0x3e, 0xae, + 0x7c, 0x4b, 0x8f, 0x94, 0x57, 0x7b, 0x14, 0x10, 0x41, 0xdc, 0x62, 0x12, + 0x8c, 0xb2, 0x4a, 0x7c, 0xf6, 0x53, 0xd4, 0xc6, 0xe4, 0xda, 0xd1, 0xa2, + 0x00, 0x0e, 0x3d, 0x30, 0xf7, 0x05, 0x4f, 0x1d, 0x82, 0xbc, 0x52, 0xd9, + 0xb1, 0x30, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x02, 0x56, 0x00, + 0x84, 0x12, 0x4f, 0xf7, 0x3b, 0x65, 0x53, 0x34, 0x6c, 0x6c, 0x4d, 0x77, + 0xdf, 0xfd, 0x1f, 0xb6, 0x16, 0xe2, 0x25, 0x15, 0xca, 0xc9, 0xc1, 0x41, + 0x9a, 0x50, 0xda, 0xeb, 0x88, 0x4f, 0x3d, 0xb3, 0x01, 0x00, 0x44, 0xc4, + 0xac, 0xe7, 0x14, 0x62, 0xa6, 0x56, 0xde, 0xc5, 0xb7, 0xc3, 0x1d, 0x07, + 0xbd, 0x7d, 0x64, 0xc5, 0x7e, 0x45, 0x25, 0x56, 0xed, 0x7a, 0xd2, 0x14, + 0xdb, 0x4e, 0x27, 0xd4, 0x1f, 0xf8, 0x94, 0xa7, 0xef, 0x07, 0xce, 0xdb, + 0x24, 0xb7, 0xdd, 0x71, 0x5c, 0x63, 0xc9, 0x33, 0xfe, 0xde, 0x40, 0x52, + 0xeb, 0x02, 0x55, 0x58, 0x0c, 0x35, 0x4f, 0x7c, 0xee, 0x37, 0x78, 0x48, + 0x48, 0x33, 0xa5, 0x3f, 0xfe, 0x15, 0x24, 0x0f, 0x41, 0x6e, 0x0e, 0x87, + 0x31, 0x2b, 0x81, 0x11, 0x8b, 0x3c, 0x9d, 0x05, 0x8a, 0x29, 0x22, 0x00, + 0xaa, 0xd8, 0x83, 0x1d, 0xef, 0x62, 0xec, 0x6e, 0xe4, 0x94, 0x83, 0xcf, + 0xd7, 0x68, 0xaf, 0xd3, 0xa8, 0xed, 0xd8, 0xfe, 0xd8, 0xc3, 0x8f, 0x48, + 0xfc, 0x8c, 0x0d, 0xe7, 0x89, 0x6f, 0xe2, 0xbf, 0xfb, 0x0d, 0xc5, 0x4a, + 0x05, 0x34, 0x92, 0x18, 0x7a, 0x93, 0xa0, 0xe8, 0x42, 0x86, 0x22, 0xa9, + 0xe9, 0x80, 0x37, 0x47, 0x02, 0x55, 0x60, 0x76, 0xab, 0xde, 0x2b, 0xf5, + 0xa2, 0x2c, 0xaa, 0x0c, 0x99, 0x81, 0xee, 0x72, 0x2c, 0x7d, 0x22, 0x59, + 0x2a, 0x35, 0xea, 0x50, 0x4e, 0x47, 0x6b, 0x92, 0x2d, 0x30, 0xa1, 0x01, + 0xa5, 0x9e, 0x26, 0x6e, 0x27, 0xca, 0xf5, 0xf2, 0x87, 0x5d, 0x31, 0xaf, + 0xe9, 0x32, 0xcd, 0x10, 0xfd, 0x4d, 0xdb, 0xf9, 0x86, 0x05, 0x12, 0x1b, + 0x01, 0x84, 0x55, 0x97, 0x5f, 0xe2, 0x78, 0x27, 0xd9, 0xe4, 0x26, 0x7d, + 0xab, 0x0e, 0xe0, 0x1b, 0x6f, 0xcb, 0x4b, 0x14, 0xdd, 0xdc, 0xdc, 0x8b, + 0xe8, 0x9f, 0xd0, 0x62, 0x96, 0xca, 0xcf, +}; + +const size_t kDERRSAPrivate3Prime2048Len = sizeof(kDERRSAPrivate3Prime2048); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/digest.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/digest.cc new file mode 100644 index 000000000..7b6c88b54 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/digest.cc @@ -0,0 +1,476 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/base.h> + +#include <memory> +#include <string> +#include <vector> + +#include <errno.h> +#include <fcntl.h> +#include <limits.h> +#include <stdio.h> +#include <sys/stat.h> +#include <sys/types.h> + +#if !defined(OPENSSL_WINDOWS) +#include <string.h> +#include <unistd.h> +#if !defined(O_BINARY) +#define O_BINARY 0 +#endif +#else +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include <windows.h> +OPENSSL_MSVC_PRAGMA(warning(pop)) +#include <io.h> +#define PATH_MAX MAX_PATH +typedef int ssize_t; +#endif + +#include <openssl/digest.h> + +#include "internal.h" + + +struct close_delete { + void operator()(int *fd) { + BORINGSSL_CLOSE(*fd); + } +}; + +template<typename T, typename R, R (*func) (T*)> +struct func_delete { + void operator()(T* obj) { + func(obj); + } +}; + +// Source is an awkward expression of a union type in C++: Stdin | File filename. +struct Source { + enum Type { + STDIN, + }; + + Source() : is_stdin_(false) {} + explicit Source(Type) : is_stdin_(true) {} + explicit Source(const std::string &name) + : is_stdin_(false), filename_(name) {} + + bool is_stdin() const { return is_stdin_; } + const std::string &filename() const { return filename_; } + + private: + bool is_stdin_; + std::string filename_; +}; + +static const char kStdinName[] = "standard input"; + +// OpenFile opens the regular file named |filename| and sets |*out_fd| to be a +// file descriptor to it. Returns true on sucess or prints an error to stderr +// and returns false on error. +static bool OpenFile(int *out_fd, const std::string &filename) { + *out_fd = -1; + + int fd = BORINGSSL_OPEN(filename.c_str(), O_RDONLY | O_BINARY); + if (fd < 0) { + fprintf(stderr, "Failed to open input file '%s': %s\n", filename.c_str(), + strerror(errno)); + return false; + } + std::unique_ptr<int, close_delete> scoped_fd(&fd); + +#if !defined(OPENSSL_WINDOWS) + struct stat st; + if (fstat(fd, &st)) { + fprintf(stderr, "Failed to stat input file '%s': %s\n", filename.c_str(), + strerror(errno)); + return false; + } + + if (!S_ISREG(st.st_mode)) { + fprintf(stderr, "%s: not a regular file\n", filename.c_str()); + return false; + } +#endif + + *out_fd = fd; + scoped_fd.release(); + return true; +} + +// SumFile hashes the contents of |source| with |md| and sets |*out_hex| to the +// hex-encoded result. +// +// It returns true on success or prints an error to stderr and returns false on +// error. +static bool SumFile(std::string *out_hex, const EVP_MD *md, + const Source &source) { + std::unique_ptr<int, close_delete> scoped_fd; + int fd; + + if (source.is_stdin()) { + fd = 0; + } else { + if (!OpenFile(&fd, source.filename())) { + return false; + } + scoped_fd.reset(&fd); + } + + static const size_t kBufSize = 8192; + std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufSize]); + + bssl::ScopedEVP_MD_CTX ctx; + if (!EVP_DigestInit_ex(ctx.get(), md, NULL)) { + fprintf(stderr, "Failed to initialize EVP_MD_CTX.\n"); + return false; + } + + for (;;) { + ssize_t n; + + do { + n = BORINGSSL_READ(fd, buf.get(), kBufSize); + } while (n == -1 && errno == EINTR); + + if (n == 0) { + break; + } else if (n < 0) { + fprintf(stderr, "Failed to read from %s: %s\n", + source.is_stdin() ? kStdinName : source.filename().c_str(), + strerror(errno)); + return false; + } + + if (!EVP_DigestUpdate(ctx.get(), buf.get(), n)) { + fprintf(stderr, "Failed to update hash.\n"); + return false; + } + } + + uint8_t digest[EVP_MAX_MD_SIZE]; + unsigned digest_len; + if (!EVP_DigestFinal_ex(ctx.get(), digest, &digest_len)) { + fprintf(stderr, "Failed to finish hash.\n"); + return false; + } + + char hex_digest[EVP_MAX_MD_SIZE * 2]; + static const char kHextable[] = "0123456789abcdef"; + for (unsigned i = 0; i < digest_len; i++) { + const uint8_t b = digest[i]; + hex_digest[i * 2] = kHextable[b >> 4]; + hex_digest[i * 2 + 1] = kHextable[b & 0xf]; + } + *out_hex = std::string(hex_digest, digest_len * 2); + + return true; +} + +// PrintFileSum hashes |source| with |md| and prints a line to stdout in the +// format of the coreutils *sum utilities. It returns true on success or prints +// an error to stderr and returns false on error. +static bool PrintFileSum(const EVP_MD *md, const Source &source) { + std::string hex_digest; + if (!SumFile(&hex_digest, md, source)) { + return false; + } + + // TODO: When given "--binary" or "-b", we should print " *" instead of " " + // between the digest and the filename. + // + // MSYS and Cygwin md5sum default to binary mode by default, whereas other + // platforms' tools default to text mode by default. We default to text mode + // by default and consider text mode equivalent to binary mode (i.e. we + // always use Unix semantics, even on Windows), which means that our default + // output will differ from the MSYS and Cygwin tools' default output. + printf("%s %s\n", hex_digest.c_str(), + source.is_stdin() ? "-" : source.filename().c_str()); + return true; +} + +// CheckModeArguments contains arguments for the check mode. See the +// sha256sum(1) man page for details. +struct CheckModeArguments { + bool quiet = false; + bool status = false; + bool warn = false; + bool strict = false; +}; + +// Check reads lines from |source| where each line is in the format of the +// coreutils *sum utilities. It attempts to verify each hash by reading the +// file named in the line. +// +// It returns true if all files were verified and, if |args.strict|, no input +// lines had formatting errors. Otherwise it prints errors to stderr and +// returns false. +static bool Check(const CheckModeArguments &args, const EVP_MD *md, + const Source &source) { + std::unique_ptr<FILE, func_delete<FILE, int, fclose>> scoped_file; + FILE *file; + + if (source.is_stdin()) { + file = stdin; + } else { + int fd; + if (!OpenFile(&fd, source.filename())) { + return false; + } + + file = BORINGSSL_FDOPEN(fd, "rb"); + if (!file) { + perror("fdopen"); + BORINGSSL_CLOSE(fd); + return false; + } + + scoped_file = std::unique_ptr<FILE, func_delete<FILE, int, fclose>>(file); + } + + const size_t hex_size = EVP_MD_size(md) * 2; + char line[EVP_MAX_MD_SIZE * 2 + 2 /* spaces */ + PATH_MAX + 1 /* newline */ + + 1 /* NUL */]; + unsigned bad_lines = 0; + unsigned parsed_lines = 0; + unsigned error_lines = 0; + unsigned bad_hash_lines = 0; + unsigned line_no = 0; + bool ok = true; + bool draining_overlong_line = false; + + for (;;) { + line_no++; + + if (fgets(line, sizeof(line), file) == nullptr) { + if (feof(file)) { + break; + } + fprintf(stderr, "Error reading from input.\n"); + return false; + } + + size_t len = strlen(line); + + if (draining_overlong_line) { + if (line[len - 1] == '\n') { + draining_overlong_line = false; + } + continue; + } + + const bool overlong = line[len - 1] != '\n' && !feof(file); + + if (len < hex_size + 2 /* spaces */ + 1 /* filename */ || + line[hex_size] != ' ' || + line[hex_size + 1] != ' ' || + overlong) { + bad_lines++; + if (args.warn) { + fprintf(stderr, "%s: %u: improperly formatted line\n", + source.is_stdin() ? kStdinName : source.filename().c_str(), line_no); + } + if (args.strict) { + ok = false; + } + if (overlong) { + draining_overlong_line = true; + } + continue; + } + + if (line[len - 1] == '\n') { + line[len - 1] = 0; + len--; + } + + parsed_lines++; + + // coreutils does not attempt to restrict relative or absolute paths in the + // input so nor does this code. + std::string calculated_hex_digest; + const std::string target_filename(&line[hex_size + 2]); + Source target_source; + if (target_filename == "-") { + // coreutils reads from stdin if the filename is "-". + target_source = Source(Source::STDIN); + } else { + target_source = Source(target_filename); + } + + if (!SumFile(&calculated_hex_digest, md, target_source)) { + error_lines++; + ok = false; + continue; + } + + if (calculated_hex_digest != std::string(line, hex_size)) { + bad_hash_lines++; + if (!args.status) { + printf("%s: FAILED\n", target_filename.c_str()); + } + ok = false; + continue; + } + + if (!args.quiet) { + printf("%s: OK\n", target_filename.c_str()); + } + } + + if (!args.status) { + if (bad_lines > 0 && parsed_lines > 0) { + fprintf(stderr, "WARNING: %u line%s improperly formatted\n", bad_lines, + bad_lines == 1 ? " is" : "s are"); + } + if (error_lines > 0) { + fprintf(stderr, "WARNING: %u computed checksum(s) did NOT match\n", + error_lines); + } + } + + if (parsed_lines == 0) { + fprintf(stderr, "%s: no properly formatted checksum lines found.\n", + source.is_stdin() ? kStdinName : source.filename().c_str()); + ok = false; + } + + return ok; +} + +// DigestSum acts like the coreutils *sum utilites, with the given hash +// function. +static bool DigestSum(const EVP_MD *md, + const std::vector<std::string> &args) { + bool check_mode = false; + CheckModeArguments check_args; + bool check_mode_args_given = false; + std::vector<Source> sources; + + auto it = args.begin(); + while (it != args.end()) { + const std::string &arg = *it; + if (!arg.empty() && arg[0] != '-') { + break; + } + + it++; + + if (arg == "--") { + break; + } + + if (arg == "-") { + // "-" ends the argument list and indicates that stdin should be used. + sources.push_back(Source(Source::STDIN)); + break; + } + + if (arg.size() >= 2 && arg[0] == '-' && arg[1] != '-') { + for (size_t i = 1; i < arg.size(); i++) { + switch (arg[i]) { + case 'b': + case 't': + // Binary/text mode – irrelevent, even on Windows. + break; + case 'c': + check_mode = true; + break; + case 'w': + check_mode_args_given = true; + check_args.warn = true; + break; + default: + fprintf(stderr, "Unknown option '%c'.\n", arg[i]); + return false; + } + } + } else if (arg == "--binary" || arg == "--text") { + // Binary/text mode – irrelevent, even on Windows. + } else if (arg == "--check") { + check_mode = true; + } else if (arg == "--quiet") { + check_mode_args_given = true; + check_args.quiet = true; + } else if (arg == "--status") { + check_mode_args_given = true; + check_args.status = true; + } else if (arg == "--warn") { + check_mode_args_given = true; + check_args.warn = true; + } else if (arg == "--strict") { + check_mode_args_given = true; + check_args.strict = true; + } else { + fprintf(stderr, "Unknown option '%s'.\n", arg.c_str()); + return false; + } + } + + if (check_mode_args_given && !check_mode) { + fprintf( + stderr, + "Check mode arguments are only meaningful when verifying checksums.\n"); + return false; + } + + for (; it != args.end(); it++) { + sources.push_back(Source(*it)); + } + + if (sources.empty()) { + sources.push_back(Source(Source::STDIN)); + } + + bool ok = true; + + if (check_mode) { + for (auto &source : sources) { + ok &= Check(check_args, md, source); + } + } else { + for (auto &source : sources) { + ok &= PrintFileSum(md, source); + } + } + + return ok; +} + +bool MD5Sum(const std::vector<std::string> &args) { + return DigestSum(EVP_md5(), args); +} + +bool SHA1Sum(const std::vector<std::string> &args) { + return DigestSum(EVP_sha1(), args); +} + +bool SHA224Sum(const std::vector<std::string> &args) { + return DigestSum(EVP_sha224(), args); +} + +bool SHA256Sum(const std::vector<std::string> &args) { + return DigestSum(EVP_sha256(), args); +} + +bool SHA384Sum(const std::vector<std::string> &args) { + return DigestSum(EVP_sha384(), args); +} + +bool SHA512Sum(const std::vector<std::string> &args) { + return DigestSum(EVP_sha512(), args); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/generate_ed25519.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/generate_ed25519.cc new file mode 100644 index 000000000..35b57b994 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/generate_ed25519.cc @@ -0,0 +1,74 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/curve25519.h> + +#include <errno.h> +#include <stdio.h> +#include <string.h> + +#include "internal.h" + + +struct FileCloser { + void operator()(FILE *file) { + fclose(file); + } +}; + +using ScopedFILE = std::unique_ptr<FILE, FileCloser>; + +static const struct argument kArguments[] = { + { + "-out-public", kRequiredArgument, "The file to write the public key to", + }, + { + "-out-private", kRequiredArgument, + "The file to write the private key to", + }, + { + "", kOptionalArgument, "", + }, +}; + +static bool WriteToFile(const std::string &path, const uint8_t *in, + size_t in_len) { + ScopedFILE file(fopen(path.c_str(), "wb")); + if (!file) { + fprintf(stderr, "Failed to open '%s': %s\n", path.c_str(), strerror(errno)); + return false; + } + if (fwrite(in, in_len, 1, file.get()) != 1) { + fprintf(stderr, "Failed to write to '%s': %s\n", path.c_str(), + strerror(errno)); + return false; + } + return true; +} + +bool GenerateEd25519Key(const std::vector<std::string> &args) { + std::map<std::string, std::string> args_map; + + if (!ParseKeyValueArguments(&args_map, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + uint8_t public_key[32], private_key[64]; + ED25519_keypair(public_key, private_key); + + return WriteToFile(args_map["-out-public"], public_key, sizeof(public_key)) && + WriteToFile(args_map["-out-private"], private_key, + sizeof(private_key)); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/genrsa.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/genrsa.cc new file mode 100644 index 000000000..b49ebbc59 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/genrsa.cc @@ -0,0 +1,68 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include <openssl/rsa.h> + +#include "internal.h" + + +static const struct argument kArguments[] = { + { + "-nprimes", kOptionalArgument, + "The number of primes to generate (default: 2)", + }, + { + "-bits", kOptionalArgument, + "The number of bits in the modulus (default: 2048)", + }, + { + "", kOptionalArgument, "", + }, +}; + +bool GenerateRSAKey(const std::vector<std::string> &args) { + std::map<std::string, std::string> args_map; + + if (!ParseKeyValueArguments(&args_map, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + unsigned bits, nprimes = 0; + if (!GetUnsigned(&bits, "-bits", 2048, args_map) || + !GetUnsigned(&nprimes, "-nprimes", 2, args_map)) { + PrintUsage(kArguments); + return false; + } + + bssl::UniquePtr<RSA> rsa(RSA_new()); + bssl::UniquePtr<BIGNUM> e(BN_new()); + bssl::UniquePtr<BIO> bio(BIO_new_fp(stdout, BIO_NOCLOSE)); + + if (!BN_set_word(e.get(), RSA_F4) || + !RSA_generate_multi_prime_key(rsa.get(), bits, nprimes, e.get(), NULL) || + !PEM_write_bio_RSAPrivateKey(bio.get(), rsa.get(), NULL /* cipher */, + NULL /* key */, 0 /* key len */, + NULL /* password callback */, + NULL /* callback arg */)) { + ERR_print_errors_fp(stderr); + return false; + } + + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/internal.h b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/internal.h new file mode 100644 index 000000000..fd66e00f6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/internal.h @@ -0,0 +1,92 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_TOOL_INTERNAL_H +#define OPENSSL_HEADER_TOOL_INTERNAL_H + +#include <openssl/base.h> + +#include <string> +#include <vector> + +OPENSSL_MSVC_PRAGMA(warning(push)) +// MSVC issues warning C4702 for unreachable code in its xtree header when +// compiling with -D_HAS_EXCEPTIONS=0. See +// https://connect.microsoft.com/VisualStudio/feedback/details/809962 +OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) + +#include <map> + +OPENSSL_MSVC_PRAGMA(warning(pop)) + +#if defined(OPENSSL_WINDOWS) + #define BORINGSSL_OPEN _open + #define BORINGSSL_FDOPEN _fdopen + #define BORINGSSL_CLOSE _close + #define BORINGSSL_READ _read + #define BORINGSSL_WRITE _write +#else + #define BORINGSSL_OPEN open + #define BORINGSSL_FDOPEN fdopen + #define BORINGSSL_CLOSE close + #define BORINGSSL_READ read + #define BORINGSSL_WRITE write +#endif + +enum ArgumentType { + kRequiredArgument, + kOptionalArgument, + kBooleanArgument, +}; + +struct argument { + const char *name; + ArgumentType type; + const char *description; +}; + +bool ParseKeyValueArguments(std::map<std::string, std::string> *out_args, const + std::vector<std::string> &args, const struct argument *templates); + +void PrintUsage(const struct argument *templates); + +bool GetUnsigned(unsigned *out, const std::string &arg_name, + unsigned default_value, + const std::map<std::string, std::string> &args); + +bool Ciphers(const std::vector<std::string> &args); +bool Client(const std::vector<std::string> &args); +bool DoPKCS12(const std::vector<std::string> &args); +bool GenerateEd25519Key(const std::vector<std::string> &args); +bool GenerateRSAKey(const std::vector<std::string> &args); +bool MD5Sum(const std::vector<std::string> &args); +bool Rand(const std::vector<std::string> &args); +bool SHA1Sum(const std::vector<std::string> &args); +bool SHA224Sum(const std::vector<std::string> &args); +bool SHA256Sum(const std::vector<std::string> &args); +bool SHA384Sum(const std::vector<std::string> &args); +bool SHA512Sum(const std::vector<std::string> &args); +bool Server(const std::vector<std::string> &args); +bool Speed(const std::vector<std::string> &args); + +// These values are DER encoded, RSA private keys. +extern const uint8_t kDERRSAPrivate2048[]; +extern const size_t kDERRSAPrivate2048Len; +extern const uint8_t kDERRSAPrivate4096[]; +extern const size_t kDERRSAPrivate4096Len; +extern const uint8_t kDERRSAPrivate3Prime2048[]; +extern const size_t kDERRSAPrivate3Prime2048Len; + + +#endif /* !OPENSSL_HEADER_TOOL_INTERNAL_H */ diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/pkcs12.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/pkcs12.cc new file mode 100644 index 000000000..a8ddb0e01 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/pkcs12.cc @@ -0,0 +1,142 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/base.h> + +#include <memory> +#include <string> +#include <vector> + +#include <errno.h> +#include <fcntl.h> +#include <stdint.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#if defined(OPENSSL_WINDOWS) +#include <io.h> +#else +#include <unistd.h> +#endif + +#include <openssl/bytestring.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include <openssl/pkcs8.h> +#include <openssl/stack.h> + +#include "../crypto/internal.h" +#include "internal.h" + + +#if defined(OPENSSL_WINDOWS) +typedef int read_result_t; +#else +typedef ssize_t read_result_t; +#endif + +static const struct argument kArguments[] = { + { + "-dump", kOptionalArgument, + "Dump the key and contents of the given file to stdout", + }, + { + "", kOptionalArgument, "", + }, +}; + +bool DoPKCS12(const std::vector<std::string> &args) { + std::map<std::string, std::string> args_map; + + if (!ParseKeyValueArguments(&args_map, args, kArguments) || + args_map["-dump"].empty()) { + PrintUsage(kArguments); + return false; + } + + int fd = BORINGSSL_OPEN(args_map["-dump"].c_str(), O_RDONLY); + if (fd < 0) { + perror("open"); + return false; + } + + struct stat st; + if (fstat(fd, &st)) { + perror("fstat"); + BORINGSSL_CLOSE(fd); + return false; + } + const size_t size = st.st_size; + + std::unique_ptr<uint8_t[]> contents(new uint8_t[size]); + read_result_t n; + size_t off = 0; + do { + n = BORINGSSL_READ(fd, &contents[off], size - off); + if (n >= 0) { + off += static_cast<size_t>(n); + } + } while ((n > 0 && off < size) || (n == -1 && errno == EINTR)); + + if (off != size) { + perror("read"); + BORINGSSL_CLOSE(fd); + return false; + } + + BORINGSSL_CLOSE(fd); + + printf("Enter password: "); + fflush(stdout); + + char password[256]; + off = 0; + do { + n = BORINGSSL_READ(0, &password[off], sizeof(password) - 1 - off); + if (n >= 0) { + off += static_cast<size_t>(n); + } + } while ((n > 0 && OPENSSL_memchr(password, '\n', off) == NULL && + off < sizeof(password) - 1) || + (n == -1 && errno == EINTR)); + + char *newline = reinterpret_cast<char *>(OPENSSL_memchr(password, '\n', off)); + if (newline == NULL) { + return false; + } + *newline = 0; + + CBS pkcs12; + CBS_init(&pkcs12, contents.get(), size); + + EVP_PKEY *key; + bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null()); + + if (!PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, password)) { + fprintf(stderr, "Failed to parse PKCS#12 data:\n"); + ERR_print_errors_fp(stderr); + return false; + } + bssl::UniquePtr<EVP_PKEY> key_owned(key); + + if (key != NULL) { + PEM_write_PrivateKey(stdout, key, NULL, NULL, 0, NULL, NULL); + } + + for (size_t i = 0; i < sk_X509_num(certs.get()); i++) { + PEM_write_X509(stdout, sk_X509_value(certs.get(), i)); + } + + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/rand.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/rand.cc new file mode 100644 index 000000000..b442e0d0e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/rand.cc @@ -0,0 +1,96 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <string> +#include <vector> + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> + +#include <openssl/rand.h> + +#include "internal.h" + + +static const struct argument kArguments[] = { + { + "-hex", kBooleanArgument, + "Hex encoded output." + }, + { + "", kOptionalArgument, "", + }, +}; + +bool Rand(const std::vector<std::string> &args) { + bool forever = true, hex = false; + size_t len = 0; + + if (!args.empty()) { + std::vector<std::string> args_copy(args); + const std::string &last_arg = args.back(); + + if (last_arg.size() > 0 && last_arg[0] != '-') { + char *endptr; + unsigned long long num = strtoull(last_arg.c_str(), &endptr, 10); + if (*endptr == 0) { + len = num; + forever = false; + args_copy.pop_back(); + } + } + + std::map<std::string, std::string> args_map; + if (!ParseKeyValueArguments(&args_map, args_copy, kArguments)) { + PrintUsage(kArguments); + return false; + } + + hex = args_map.count("-hex") > 0; + } + + uint8_t buf[4096]; + uint8_t hex_buf[8192]; + + size_t done = 0; + while (forever || done < len) { + size_t todo = sizeof(buf); + if (!forever && todo > len - done) { + todo = len - done; + } + RAND_bytes(buf, todo); + if (hex) { + static const char hextable[16 + 1] = "0123456789abcdef"; + for (unsigned i = 0; i < todo; i++) { + hex_buf[i*2] = hextable[buf[i] >> 4]; + hex_buf[i*2 + 1] = hextable[buf[i] & 0xf]; + } + if (fwrite(hex_buf, todo*2, 1, stdout) != 1) { + return false; + } + } else { + if (fwrite(buf, todo, 1, stdout) != 1) { + return false; + } + } + done += todo; + } + + if (hex && fwrite("\n", 1, 1, stdout) != 1) { + return false; + } + + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/server.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/server.cc new file mode 100644 index 000000000..20c913c36 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/server.cc @@ -0,0 +1,252 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/base.h> + +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/ssl.h> + +#include "internal.h" +#include "transport_common.h" + + +static const struct argument kArguments[] = { + { + "-accept", kRequiredArgument, + "The port of the server to bind on; eg 45102", + }, + { + "-cipher", kOptionalArgument, + "An OpenSSL-style cipher suite string that configures the offered " + "ciphers", + }, + { + "-max-version", kOptionalArgument, + "The maximum acceptable protocol version", + }, + { + "-min-version", kOptionalArgument, + "The minimum acceptable protocol version", + }, + { + "-key", kOptionalArgument, + "PEM-encoded file containing the private key, leaf certificate and " + "optional certificate chain. A self-signed certificate is generated " + "at runtime if this argument is not provided.", + }, + { + "-ocsp-response", kOptionalArgument, "OCSP response file to send", + }, + { + "-loop", kBooleanArgument, + "The server will continue accepting new sequential connections.", + }, + { + "", kOptionalArgument, "", + }, +}; + +static bool LoadOCSPResponse(SSL_CTX *ctx, const char *filename) { + void *data = NULL; + bool ret = false; + size_t bytes_read; + long length; + + FILE *f = fopen(filename, "rb"); + + if (f == NULL || + fseek(f, 0, SEEK_END) != 0) { + goto out; + } + + length = ftell(f); + if (length < 0) { + goto out; + } + + data = malloc(length); + if (data == NULL) { + goto out; + } + rewind(f); + + bytes_read = fread(data, 1, length, f); + if (ferror(f) != 0 || + bytes_read != (size_t)length || + !SSL_CTX_set_ocsp_response(ctx, (uint8_t*)data, bytes_read)) { + goto out; + } + + ret = true; +out: + if (f != NULL) { + fclose(f); + } + free(data); + return ret; +} + +static bssl::UniquePtr<EVP_PKEY> MakeKeyPairForSelfSignedCert() { + bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + if (!ec_key || !EC_KEY_generate_key(ec_key.get())) { + fprintf(stderr, "Failed to generate key pair.\n"); + return nullptr; + } + bssl::UniquePtr<EVP_PKEY> evp_pkey(EVP_PKEY_new()); + if (!evp_pkey || !EVP_PKEY_assign_EC_KEY(evp_pkey.get(), ec_key.release())) { + fprintf(stderr, "Failed to assign key pair.\n"); + return nullptr; + } + return evp_pkey; +} + +static bssl::UniquePtr<X509> MakeSelfSignedCert(EVP_PKEY *evp_pkey, + const int valid_days) { + bssl::UniquePtr<X509> x509(X509_new()); + uint32_t serial; + RAND_bytes(reinterpret_cast<uint8_t*>(&serial), sizeof(serial)); + ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), serial >> 1); + X509_gmtime_adj(X509_get_notBefore(x509.get()), 0); + X509_gmtime_adj(X509_get_notAfter(x509.get()), 60 * 60 * 24 * valid_days); + + X509_NAME* subject = X509_get_subject_name(x509.get()); + X509_NAME_add_entry_by_txt(subject, "C", MBSTRING_ASC, + reinterpret_cast<const uint8_t *>("US"), -1, -1, + 0); + X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC, + reinterpret_cast<const uint8_t *>("BoringSSL"), -1, + -1, 0); + X509_set_issuer_name(x509.get(), subject); + + if (!X509_set_pubkey(x509.get(), evp_pkey)) { + fprintf(stderr, "Failed to set public key.\n"); + return nullptr; + } + if (!X509_sign(x509.get(), evp_pkey, EVP_sha256())) { + fprintf(stderr, "Failed to sign certificate.\n"); + return nullptr; + } + return x509; +} + +bool Server(const std::vector<std::string> &args) { + if (!InitSocketLibrary()) { + return false; + } + + std::map<std::string, std::string> args_map; + + if (!ParseKeyValueArguments(&args_map, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); + SSL_CTX_set_options(ctx.get(), SSL_OP_NO_SSLv3); + + // Server authentication is required. + if (args_map.count("-key") != 0) { + std::string key_file = args_map["-key"]; + if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key_file.c_str(), SSL_FILETYPE_PEM)) { + fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str()); + return false; + } + if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key_file.c_str())) { + fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str()); + return false; + } + } else { + bssl::UniquePtr<EVP_PKEY> evp_pkey = MakeKeyPairForSelfSignedCert(); + if (!evp_pkey) { + return false; + } + bssl::UniquePtr<X509> cert = + MakeSelfSignedCert(evp_pkey.get(), 365 /* valid_days */); + if (!cert) { + return false; + } + if (!SSL_CTX_use_PrivateKey(ctx.get(), evp_pkey.get())) { + fprintf(stderr, "Failed to set private key.\n"); + return false; + } + if (!SSL_CTX_use_certificate(ctx.get(), cert.get())) { + fprintf(stderr, "Failed to set certificate.\n"); + return false; + } + } + + if (args_map.count("-cipher") != 0 && + !SSL_CTX_set_strict_cipher_list(ctx.get(), args_map["-cipher"].c_str())) { + fprintf(stderr, "Failed setting cipher list\n"); + return false; + } + + uint16_t max_version = TLS1_3_VERSION; + if (args_map.count("-max-version") != 0 && + !VersionFromString(&max_version, args_map["-max-version"])) { + fprintf(stderr, "Unknown protocol version: '%s'\n", + args_map["-max-version"].c_str()); + return false; + } + + if (!SSL_CTX_set_max_proto_version(ctx.get(), max_version)) { + return false; + } + + if (args_map.count("-min-version") != 0) { + uint16_t version; + if (!VersionFromString(&version, args_map["-min-version"])) { + fprintf(stderr, "Unknown protocol version: '%s'\n", + args_map["-min-version"].c_str()); + return false; + } + if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) { + return false; + } + } + + if (args_map.count("-ocsp-response") != 0 && + !LoadOCSPResponse(ctx.get(), args_map["-ocsp-response"].c_str())) { + fprintf(stderr, "Failed to load OCSP response: %s\n", args_map["-ocsp-response"].c_str()); + return false; + } + + bool result = true; + do { + int sock = -1; + if (!Accept(&sock, args_map["-accept"])) { + return false; + } + + BIO *bio = BIO_new_socket(sock, BIO_CLOSE); + bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get())); + SSL_set_bio(ssl.get(), bio, bio); + + int ret = SSL_accept(ssl.get()); + if (ret != 1) { + int ssl_err = SSL_get_error(ssl.get(), ret); + fprintf(stderr, "Error while connecting: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } + + fprintf(stderr, "Connected.\n"); + PrintConnectionInfo(ssl.get()); + + result = TransferData(ssl.get(), sock); + } while (result && args_map.count("-loop") != 0); + + return result; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/speed.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/speed.cc new file mode 100644 index 000000000..3e5952f1f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/speed.cc @@ -0,0 +1,690 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <string> +#include <functional> +#include <memory> +#include <vector> + +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/aead.h> +#include <openssl/bn.h> +#include <openssl/curve25519.h> +#include <openssl/digest.h> +#include <openssl/err.h> +#include <openssl/ec.h> +#include <openssl/ecdsa.h> +#include <openssl/ec_key.h> +#include <openssl/nid.h> +#include <openssl/rand.h> +#include <openssl/rsa.h> + +#if defined(OPENSSL_WINDOWS) +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include <windows.h> +OPENSSL_MSVC_PRAGMA(warning(pop)) +#elif defined(OPENSSL_APPLE) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#include "../crypto/internal.h" +#include "internal.h" + + +// TimeResults represents the results of benchmarking a function. +struct TimeResults { + // num_calls is the number of function calls done in the time period. + unsigned num_calls; + // us is the number of microseconds that elapsed in the time period. + unsigned us; + + void Print(const std::string &description) { + printf("Did %u %s operations in %uus (%.1f ops/sec)\n", num_calls, + description.c_str(), us, + (static_cast<double>(num_calls) / us) * 1000000); + } + + void PrintWithBytes(const std::string &description, size_t bytes_per_call) { + printf("Did %u %s operations in %uus (%.1f ops/sec): %.1f MB/s\n", + num_calls, description.c_str(), us, + (static_cast<double>(num_calls) / us) * 1000000, + static_cast<double>(bytes_per_call * num_calls) / us); + } +}; + +#if defined(OPENSSL_WINDOWS) +static uint64_t time_now() { return GetTickCount64() * 1000; } +#elif defined(OPENSSL_APPLE) +static uint64_t time_now() { + struct timeval tv; + uint64_t ret; + + gettimeofday(&tv, NULL); + ret = tv.tv_sec; + ret *= 1000000; + ret += tv.tv_usec; + return ret; +} +#else +static uint64_t time_now() { + struct timespec ts; + clock_gettime(CLOCK_MONOTONIC, &ts); + + uint64_t ret = ts.tv_sec; + ret *= 1000000; + ret += ts.tv_nsec / 1000; + return ret; +} +#endif + +static uint64_t g_timeout_seconds = 1; + +static bool TimeFunction(TimeResults *results, std::function<bool()> func) { + // total_us is the total amount of time that we'll aim to measure a function + // for. + const uint64_t total_us = g_timeout_seconds * 1000000; + uint64_t start = time_now(), now, delta; + unsigned done = 0, iterations_between_time_checks; + + if (!func()) { + return false; + } + now = time_now(); + delta = now - start; + if (delta == 0) { + iterations_between_time_checks = 250; + } else { + // Aim for about 100ms between time checks. + iterations_between_time_checks = + static_cast<double>(100000) / static_cast<double>(delta); + if (iterations_between_time_checks > 1000) { + iterations_between_time_checks = 1000; + } else if (iterations_between_time_checks < 1) { + iterations_between_time_checks = 1; + } + } + + for (;;) { + for (unsigned i = 0; i < iterations_between_time_checks; i++) { + if (!func()) { + return false; + } + done++; + } + + now = time_now(); + if (now - start > total_us) { + break; + } + } + + results->us = now - start; + results->num_calls = done; + return true; +} + +static bool SpeedRSA(const std::string &key_name, RSA *key, + const std::string &selected) { + if (!selected.empty() && key_name.find(selected) == std::string::npos) { + return true; + } + + std::unique_ptr<uint8_t[]> sig(new uint8_t[RSA_size(key)]); + const uint8_t fake_sha256_hash[32] = {0}; + unsigned sig_len; + + TimeResults results; + if (!TimeFunction(&results, + [key, &sig, &fake_sha256_hash, &sig_len]() -> bool { + /* Usually during RSA signing we're using a long-lived |RSA| that has + * already had all of its |BN_MONT_CTX|s constructed, so it makes + * sense to use |key| directly here. */ + return RSA_sign(NID_sha256, fake_sha256_hash, sizeof(fake_sha256_hash), + sig.get(), &sig_len, key); + })) { + fprintf(stderr, "RSA_sign failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + results.Print(key_name + " signing"); + + if (!TimeFunction(&results, + [key, &fake_sha256_hash, &sig, sig_len]() -> bool { + /* Usually during RSA verification we have to parse an RSA key from a + * certificate or similar, in which case we'd need to construct a new + * RSA key, with a new |BN_MONT_CTX| for the public modulus. If we were + * to use |key| directly instead, then these costs wouldn't be + * accounted for. */ + bssl::UniquePtr<RSA> verify_key(RSA_new()); + if (!verify_key) { + return false; + } + verify_key->n = BN_dup(key->n); + verify_key->e = BN_dup(key->e); + if (!verify_key->n || + !verify_key->e) { + return false; + } + return RSA_verify(NID_sha256, fake_sha256_hash, + sizeof(fake_sha256_hash), sig.get(), sig_len, key); + })) { + fprintf(stderr, "RSA_verify failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + results.Print(key_name + " verify"); + + return true; +} + +static uint8_t *align(uint8_t *in, unsigned alignment) { + return reinterpret_cast<uint8_t *>( + (reinterpret_cast<uintptr_t>(in) + alignment) & + ~static_cast<size_t>(alignment - 1)); +} + +static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, + size_t chunk_len, size_t ad_len, + evp_aead_direction_t direction) { + static const unsigned kAlignment = 16; + + bssl::ScopedEVP_AEAD_CTX ctx; + const size_t key_len = EVP_AEAD_key_length(aead); + const size_t nonce_len = EVP_AEAD_nonce_length(aead); + const size_t overhead_len = EVP_AEAD_max_overhead(aead); + + std::unique_ptr<uint8_t[]> key(new uint8_t[key_len]); + OPENSSL_memset(key.get(), 0, key_len); + std::unique_ptr<uint8_t[]> nonce(new uint8_t[nonce_len]); + OPENSSL_memset(nonce.get(), 0, nonce_len); + std::unique_ptr<uint8_t[]> in_storage(new uint8_t[chunk_len + kAlignment]); + std::unique_ptr<uint8_t[]> out_storage(new uint8_t[chunk_len + overhead_len + kAlignment]); + std::unique_ptr<uint8_t[]> in2_storage(new uint8_t[chunk_len + kAlignment]); + std::unique_ptr<uint8_t[]> ad(new uint8_t[ad_len]); + OPENSSL_memset(ad.get(), 0, ad_len); + + uint8_t *const in = align(in_storage.get(), kAlignment); + OPENSSL_memset(in, 0, chunk_len); + uint8_t *const out = align(out_storage.get(), kAlignment); + OPENSSL_memset(out, 0, chunk_len + overhead_len); + uint8_t *const in2 = align(in2_storage.get(), kAlignment); + + if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.get(), key_len, + EVP_AEAD_DEFAULT_TAG_LENGTH, + evp_aead_seal)) { + fprintf(stderr, "Failed to create EVP_AEAD_CTX.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + TimeResults results; + if (direction == evp_aead_seal) { + if (!TimeFunction(&results, [chunk_len, overhead_len, nonce_len, ad_len, in, + out, &ctx, &nonce, &ad]() -> bool { + size_t out_len; + return EVP_AEAD_CTX_seal(ctx.get(), out, &out_len, + chunk_len + overhead_len, nonce.get(), + nonce_len, in, chunk_len, ad.get(), ad_len); + })) { + fprintf(stderr, "EVP_AEAD_CTX_seal failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + } else { + size_t out_len; + EVP_AEAD_CTX_seal(ctx.get(), out, &out_len, chunk_len + overhead_len, + nonce.get(), nonce_len, in, chunk_len, ad.get(), ad_len); + + if (!TimeFunction(&results, [chunk_len, nonce_len, ad_len, in2, out, &ctx, + &nonce, &ad, out_len]() -> bool { + size_t in2_len; + return EVP_AEAD_CTX_open(ctx.get(), in2, &in2_len, chunk_len, + nonce.get(), nonce_len, out, out_len, + ad.get(), ad_len); + })) { + fprintf(stderr, "EVP_AEAD_CTX_open failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + } + + results.PrintWithBytes( + name + (direction == evp_aead_seal ? " seal" : " open"), chunk_len); + return true; +} + +static bool SpeedAEAD(const EVP_AEAD *aead, const std::string &name, + size_t ad_len, const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + return SpeedAEADChunk(aead, name + " (16 bytes)", 16, ad_len, + evp_aead_seal) && + SpeedAEADChunk(aead, name + " (1350 bytes)", 1350, ad_len, + evp_aead_seal) && + SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len, + evp_aead_seal); +} + +#if !defined(OPENSSL_SMALL) +static bool SpeedAEADOpen(const EVP_AEAD *aead, const std::string &name, + size_t ad_len, const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + return SpeedAEADChunk(aead, name + " (16 bytes)", 16, ad_len, + evp_aead_open) && + SpeedAEADChunk(aead, name + " (1350 bytes)", 1350, ad_len, + evp_aead_open) && + SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len, + evp_aead_open); +} +#endif /* !SMALL */ + +static bool SpeedHashChunk(const EVP_MD *md, const std::string &name, + size_t chunk_len) { + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + uint8_t scratch[8192]; + + if (chunk_len > sizeof(scratch)) { + return false; + } + + TimeResults results; + if (!TimeFunction(&results, [ctx, md, chunk_len, &scratch]() -> bool { + uint8_t digest[EVP_MAX_MD_SIZE]; + unsigned int md_len; + + return EVP_DigestInit_ex(ctx, md, NULL /* ENGINE */) && + EVP_DigestUpdate(ctx, scratch, chunk_len) && + EVP_DigestFinal_ex(ctx, digest, &md_len); + })) { + fprintf(stderr, "EVP_DigestInit_ex failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + results.PrintWithBytes(name, chunk_len); + + EVP_MD_CTX_destroy(ctx); + + return true; +} +static bool SpeedHash(const EVP_MD *md, const std::string &name, + const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + return SpeedHashChunk(md, name + " (16 bytes)", 16) && + SpeedHashChunk(md, name + " (256 bytes)", 256) && + SpeedHashChunk(md, name + " (8192 bytes)", 8192); +} + +static bool SpeedRandomChunk(const std::string &name, size_t chunk_len) { + uint8_t scratch[8192]; + + if (chunk_len > sizeof(scratch)) { + return false; + } + + TimeResults results; + if (!TimeFunction(&results, [chunk_len, &scratch]() -> bool { + RAND_bytes(scratch, chunk_len); + return true; + })) { + return false; + } + + results.PrintWithBytes(name, chunk_len); + return true; +} + +static bool SpeedRandom(const std::string &selected) { + if (!selected.empty() && selected != "RNG") { + return true; + } + + return SpeedRandomChunk("RNG (16 bytes)", 16) && + SpeedRandomChunk("RNG (256 bytes)", 256) && + SpeedRandomChunk("RNG (8192 bytes)", 8192); +} + +static bool SpeedECDHCurve(const std::string &name, int nid, + const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + TimeResults results; + if (!TimeFunction(&results, [nid]() -> bool { + bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid)); + if (!key || + !EC_KEY_generate_key(key.get())) { + return false; + } + const EC_GROUP *const group = EC_KEY_get0_group(key.get()); + bssl::UniquePtr<EC_POINT> point(EC_POINT_new(group)); + bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new()); + + bssl::UniquePtr<BIGNUM> x(BN_new()); + bssl::UniquePtr<BIGNUM> y(BN_new()); + + if (!point || !ctx || !x || !y || + !EC_POINT_mul(group, point.get(), NULL, + EC_KEY_get0_public_key(key.get()), + EC_KEY_get0_private_key(key.get()), ctx.get()) || + !EC_POINT_get_affine_coordinates_GFp(group, point.get(), x.get(), + y.get(), ctx.get())) { + return false; + } + + return true; + })) { + return false; + } + + results.Print(name); + return true; +} + +static bool SpeedECDSACurve(const std::string &name, int nid, + const std::string &selected) { + if (!selected.empty() && name.find(selected) == std::string::npos) { + return true; + } + + bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid)); + if (!key || + !EC_KEY_generate_key(key.get())) { + return false; + } + + uint8_t signature[256]; + if (ECDSA_size(key.get()) > sizeof(signature)) { + return false; + } + uint8_t digest[20]; + OPENSSL_memset(digest, 42, sizeof(digest)); + unsigned sig_len; + + TimeResults results; + if (!TimeFunction(&results, [&key, &signature, &digest, &sig_len]() -> bool { + return ECDSA_sign(0, digest, sizeof(digest), signature, &sig_len, + key.get()) == 1; + })) { + return false; + } + + results.Print(name + " signing"); + + if (!TimeFunction(&results, [&key, &signature, &digest, sig_len]() -> bool { + return ECDSA_verify(0, digest, sizeof(digest), signature, sig_len, + key.get()) == 1; + })) { + return false; + } + + results.Print(name + " verify"); + + return true; +} + +static bool SpeedECDH(const std::string &selected) { + return SpeedECDHCurve("ECDH P-224", NID_secp224r1, selected) && + SpeedECDHCurve("ECDH P-256", NID_X9_62_prime256v1, selected) && + SpeedECDHCurve("ECDH P-384", NID_secp384r1, selected) && + SpeedECDHCurve("ECDH P-521", NID_secp521r1, selected); +} + +static bool SpeedECDSA(const std::string &selected) { + return SpeedECDSACurve("ECDSA P-224", NID_secp224r1, selected) && + SpeedECDSACurve("ECDSA P-256", NID_X9_62_prime256v1, selected) && + SpeedECDSACurve("ECDSA P-384", NID_secp384r1, selected) && + SpeedECDSACurve("ECDSA P-521", NID_secp521r1, selected); +} + +static bool Speed25519(const std::string &selected) { + if (!selected.empty() && selected.find("25519") == std::string::npos) { + return true; + } + + TimeResults results; + + uint8_t public_key[32], private_key[64]; + + if (!TimeFunction(&results, [&public_key, &private_key]() -> bool { + ED25519_keypair(public_key, private_key); + return true; + })) { + return false; + } + + results.Print("Ed25519 key generation"); + + static const uint8_t kMessage[] = {0, 1, 2, 3, 4, 5}; + uint8_t signature[64]; + + if (!TimeFunction(&results, [&private_key, &signature]() -> bool { + return ED25519_sign(signature, kMessage, sizeof(kMessage), + private_key) == 1; + })) { + return false; + } + + results.Print("Ed25519 signing"); + + if (!TimeFunction(&results, [&public_key, &signature]() -> bool { + return ED25519_verify(kMessage, sizeof(kMessage), signature, + public_key) == 1; + })) { + fprintf(stderr, "Ed25519 verify failed.\n"); + return false; + } + + results.Print("Ed25519 verify"); + + if (!TimeFunction(&results, []() -> bool { + uint8_t out[32], in[32]; + OPENSSL_memset(in, 0, sizeof(in)); + X25519_public_from_private(out, in); + return true; + })) { + fprintf(stderr, "Curve25519 base-point multiplication failed.\n"); + return false; + } + + results.Print("Curve25519 base-point multiplication"); + + if (!TimeFunction(&results, []() -> bool { + uint8_t out[32], in1[32], in2[32]; + OPENSSL_memset(in1, 0, sizeof(in1)); + OPENSSL_memset(in2, 0, sizeof(in2)); + in1[0] = 1; + in2[0] = 9; + return X25519(out, in1, in2) == 1; + })) { + fprintf(stderr, "Curve25519 arbitrary point multiplication failed.\n"); + return false; + } + + results.Print("Curve25519 arbitrary point multiplication"); + + return true; +} + +static bool SpeedSPAKE2(const std::string &selected) { + if (!selected.empty() && selected.find("SPAKE2") == std::string::npos) { + return true; + } + + TimeResults results; + + static const uint8_t kAliceName[] = {'A'}; + static const uint8_t kBobName[] = {'B'}; + static const uint8_t kPassword[] = "password"; + bssl::UniquePtr<SPAKE2_CTX> alice(SPAKE2_CTX_new(spake2_role_alice, + kAliceName, sizeof(kAliceName), kBobName, + sizeof(kBobName))); + uint8_t alice_msg[SPAKE2_MAX_MSG_SIZE]; + size_t alice_msg_len; + + if (!SPAKE2_generate_msg(alice.get(), alice_msg, &alice_msg_len, + sizeof(alice_msg), + kPassword, sizeof(kPassword))) { + fprintf(stderr, "SPAKE2_generate_msg failed.\n"); + return false; + } + + if (!TimeFunction(&results, [&alice_msg, alice_msg_len]() -> bool { + bssl::UniquePtr<SPAKE2_CTX> bob(SPAKE2_CTX_new(spake2_role_bob, + kBobName, sizeof(kBobName), kAliceName, + sizeof(kAliceName))); + uint8_t bob_msg[SPAKE2_MAX_MSG_SIZE], bob_key[64]; + size_t bob_msg_len, bob_key_len; + if (!SPAKE2_generate_msg(bob.get(), bob_msg, &bob_msg_len, + sizeof(bob_msg), kPassword, + sizeof(kPassword)) || + !SPAKE2_process_msg(bob.get(), bob_key, &bob_key_len, + sizeof(bob_key), alice_msg, alice_msg_len)) { + return false; + } + + return true; + })) { + fprintf(stderr, "SPAKE2 failed.\n"); + } + + results.Print("SPAKE2 over Ed25519"); + + return true; +} + +static const struct argument kArguments[] = { + { + "-filter", kOptionalArgument, + "A filter on the speed tests to run", + }, + { + "-timeout", kOptionalArgument, + "The number of seconds to run each test for (default is 1)", + }, + { + "", kOptionalArgument, "", + }, +}; + +bool Speed(const std::vector<std::string> &args) { + std::map<std::string, std::string> args_map; + if (!ParseKeyValueArguments(&args_map, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + std::string selected; + if (args_map.count("-filter") != 0) { + selected = args_map["-filter"]; + } + + if (args_map.count("-timeout") != 0) { + g_timeout_seconds = atoi(args_map["-timeout"].c_str()); + } + + bssl::UniquePtr<RSA> key( + RSA_private_key_from_bytes(kDERRSAPrivate2048, kDERRSAPrivate2048Len)); + if (key == nullptr) { + fprintf(stderr, "Failed to parse RSA key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (!SpeedRSA("RSA 2048", key.get(), selected)) { + return false; + } + + key.reset(RSA_private_key_from_bytes(kDERRSAPrivate3Prime2048, + kDERRSAPrivate3Prime2048Len)); + if (key == nullptr) { + fprintf(stderr, "Failed to parse RSA key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (!SpeedRSA("RSA 2048 (3 prime, e=3)", key.get(), selected)) { + return false; + } + + key.reset( + RSA_private_key_from_bytes(kDERRSAPrivate4096, kDERRSAPrivate4096Len)); + if (key == nullptr) { + fprintf(stderr, "Failed to parse 4096-bit RSA key.\n"); + ERR_print_errors_fp(stderr); + return 1; + } + + if (!SpeedRSA("RSA 4096", key.get(), selected)) { + return false; + } + + key.reset(); + + // kTLSADLen is the number of bytes of additional data that TLS passes to + // AEADs. + static const size_t kTLSADLen = 13; + // kLegacyADLen is the number of bytes that TLS passes to the "legacy" AEADs. + // These are AEADs that weren't originally defined as AEADs, but which we use + // via the AEAD interface. In order for that to work, they have some TLS + // knowledge in them and construct a couple of the AD bytes internally. + static const size_t kLegacyADLen = kTLSADLen - 2; + + if (!SpeedAEAD(EVP_aead_aes_128_gcm(), "AES-128-GCM", kTLSADLen, selected) || + !SpeedAEAD(EVP_aead_aes_256_gcm(), "AES-256-GCM", kTLSADLen, selected) || + !SpeedAEAD(EVP_aead_chacha20_poly1305(), "ChaCha20-Poly1305", kTLSADLen, + selected) || + !SpeedAEAD(EVP_aead_des_ede3_cbc_sha1_tls(), "DES-EDE3-CBC-SHA1", + kLegacyADLen, selected) || + !SpeedAEAD(EVP_aead_aes_128_cbc_sha1_tls(), "AES-128-CBC-SHA1", + kLegacyADLen, selected) || + !SpeedAEAD(EVP_aead_aes_256_cbc_sha1_tls(), "AES-256-CBC-SHA1", + kLegacyADLen, selected) || +#if !defined(OPENSSL_SMALL) + !SpeedAEAD(EVP_aead_aes_128_gcm_siv(), "AES-128-GCM-SIV", kTLSADLen, + selected) || + !SpeedAEAD(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen, + selected) || + !SpeedAEADOpen(EVP_aead_aes_128_gcm_siv(), "AES-128-GCM-SIV", kTLSADLen, + selected) || + !SpeedAEADOpen(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen, + selected) || +#endif + !SpeedHash(EVP_sha1(), "SHA-1", selected) || + !SpeedHash(EVP_sha256(), "SHA-256", selected) || + !SpeedHash(EVP_sha512(), "SHA-512", selected) || + !SpeedRandom(selected) || + !SpeedECDH(selected) || + !SpeedECDSA(selected) || + !Speed25519(selected) || + !SpeedSPAKE2(selected)) { + return false; + } + + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/tool.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/tool.cc new file mode 100644 index 000000000..34851b471 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/tool.cc @@ -0,0 +1,126 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <string> +#include <vector> + +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#if defined(OPENSSL_WINDOWS) +#include <fcntl.h> +#include <io.h> +#else +#include <libgen.h> +#endif + +#include "internal.h" + + +typedef bool (*tool_func_t)(const std::vector<std::string> &args); + +struct Tool { + const char *name; + tool_func_t func; +}; + +static const Tool kTools[] = { + { "ciphers", Ciphers }, + { "client", Client }, + { "generate-ed25519", GenerateEd25519Key }, + { "genrsa", GenerateRSAKey }, + { "md5sum", MD5Sum }, + { "pkcs12", DoPKCS12 }, + { "rand", Rand }, + { "s_client", Client }, + { "s_server", Server }, + { "server", Server }, + { "sha1sum", SHA1Sum }, + { "sha224sum", SHA224Sum }, + { "sha256sum", SHA256Sum }, + { "sha384sum", SHA384Sum }, + { "sha512sum", SHA512Sum }, + { "speed", Speed }, + { "", nullptr }, +}; + +static void usage(const char *name) { + printf("Usage: %s COMMAND\n", name); + printf("\n"); + printf("Available commands:\n"); + + for (size_t i = 0;; i++) { + const Tool &tool = kTools[i]; + if (tool.func == nullptr) { + break; + } + printf(" %s\n", tool.name); + } +} + +static tool_func_t FindTool(const std::string &name) { + for (size_t i = 0;; i++) { + const Tool &tool = kTools[i]; + if (tool.func == nullptr || name == tool.name) { + return tool.func; + } + } +} + +int main(int argc, char **argv) { +#if defined(OPENSSL_WINDOWS) + // Read and write in binary mode. This makes bssl on Windows consistent with + // bssl on other platforms, and also makes it consistent with MSYS's commands + // like diff(1) and md5sum(1). This is especially important for the digest + // commands. + if (_setmode(_fileno(stdin), _O_BINARY) == -1) { + perror("_setmode(_fileno(stdin), O_BINARY)"); + return 1; + } + if (_setmode(_fileno(stdout), _O_BINARY) == -1) { + perror("_setmode(_fileno(stdout), O_BINARY)"); + return 1; + } + if (_setmode(_fileno(stderr), _O_BINARY) == -1) { + perror("_setmode(_fileno(stderr), O_BINARY)"); + return 1; + } +#endif + + CRYPTO_library_init(); + + int starting_arg = 1; + tool_func_t tool = nullptr; +#if !defined(OPENSSL_WINDOWS) + tool = FindTool(basename(argv[0])); +#endif + if (tool == nullptr) { + starting_arg++; + if (argc > 1) { + tool = FindTool(argv[1]); + } + } + if (tool == nullptr) { + usage(argv[0]); + return 1; + } + + std::vector<std::string> args; + for (int i = starting_arg; i < argc; i++) { + args.push_back(argv[i]); + } + + return !tool(args); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/transport_common.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/transport_common.cc new file mode 100644 index 000000000..5f1a366ad --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/transport_common.cc @@ -0,0 +1,620 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/base.h> + +#include <string> +#include <vector> + +#include <errno.h> +#include <limits.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> + +#if !defined(OPENSSL_WINDOWS) +#include <arpa/inet.h> +#include <fcntl.h> +#include <netdb.h> +#include <netinet/in.h> +#include <sys/select.h> +#include <sys/socket.h> +#include <unistd.h> +#else +#include <io.h> +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include <winsock2.h> +#include <ws2tcpip.h> +OPENSSL_MSVC_PRAGMA(warning(pop)) + +typedef int ssize_t; +OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) +#endif + +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/x509.h> + +#include "../crypto/internal.h" +#include "internal.h" +#include "transport_common.h" + + +#if !defined(OPENSSL_WINDOWS) +static int closesocket(int sock) { + return close(sock); +} +#endif + +bool InitSocketLibrary() { +#if defined(OPENSSL_WINDOWS) + WSADATA wsaData; + int err = WSAStartup(MAKEWORD(2, 2), &wsaData); + if (err != 0) { + fprintf(stderr, "WSAStartup failed with error %d\n", err); + return false; + } +#endif + return true; +} + +// Connect sets |*out_sock| to be a socket connected to the destination given +// in |hostname_and_port|, which should be of the form "www.example.com:123". +// It returns true on success and false otherwise. +bool Connect(int *out_sock, const std::string &hostname_and_port) { + size_t colon_offset = hostname_and_port.find_last_of(':'); + const size_t bracket_offset = hostname_and_port.find_last_of(']'); + std::string hostname, port; + + // An IPv6 literal may have colons internally, guarded by square brackets. + if (bracket_offset != std::string::npos && + colon_offset != std::string::npos && bracket_offset > colon_offset) { + colon_offset = std::string::npos; + } + + if (colon_offset == std::string::npos) { + hostname = hostname_and_port; + port = "443"; + } else { + hostname = hostname_and_port.substr(0, colon_offset); + port = hostname_and_port.substr(colon_offset + 1); + } + + // Handle IPv6 literals. + if (hostname.size() >= 2 && hostname[0] == '[' && + hostname[hostname.size() - 1] == ']') { + hostname = hostname.substr(1, hostname.size() - 2); + } + + struct addrinfo hint, *result; + OPENSSL_memset(&hint, 0, sizeof(hint)); + hint.ai_family = AF_UNSPEC; + hint.ai_socktype = SOCK_STREAM; + + int ret = getaddrinfo(hostname.c_str(), port.c_str(), &hint, &result); + if (ret != 0) { + fprintf(stderr, "getaddrinfo returned: %s\n", gai_strerror(ret)); + return false; + } + + bool ok = false; + char buf[256]; + + *out_sock = + socket(result->ai_family, result->ai_socktype, result->ai_protocol); + if (*out_sock < 0) { + perror("socket"); + goto out; + } + + switch (result->ai_family) { + case AF_INET: { + struct sockaddr_in *sin = + reinterpret_cast<struct sockaddr_in *>(result->ai_addr); + fprintf(stderr, "Connecting to %s:%d\n", + inet_ntop(result->ai_family, &sin->sin_addr, buf, sizeof(buf)), + ntohs(sin->sin_port)); + break; + } + case AF_INET6: { + struct sockaddr_in6 *sin6 = + reinterpret_cast<struct sockaddr_in6 *>(result->ai_addr); + fprintf(stderr, "Connecting to [%s]:%d\n", + inet_ntop(result->ai_family, &sin6->sin6_addr, buf, sizeof(buf)), + ntohs(sin6->sin6_port)); + break; + } + } + + if (connect(*out_sock, result->ai_addr, result->ai_addrlen) != 0) { + perror("connect"); + goto out; + } + ok = true; + +out: + freeaddrinfo(result); + return ok; +} + +bool Accept(int *out_sock, const std::string &port) { + struct sockaddr_in6 addr, cli_addr; + socklen_t cli_addr_len = sizeof(cli_addr); + OPENSSL_memset(&addr, 0, sizeof(addr)); + + addr.sin6_family = AF_INET6; + addr.sin6_addr = IN6ADDR_ANY_INIT; + addr.sin6_port = htons(atoi(port.c_str())); + + bool ok = false; +#if defined(OPENSSL_WINDOWS) + const BOOL enable = TRUE; +#else + const int enable = 1; +#endif + int server_sock = -1; + + server_sock = + socket(addr.sin6_family, SOCK_STREAM, 0); + if (server_sock < 0) { + perror("socket"); + goto out; + } + + if (setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, (const char *)&enable, + sizeof(enable)) < 0) { + perror("setsockopt"); + goto out; + } + + if (bind(server_sock, (struct sockaddr*)&addr, sizeof(addr)) != 0) { + perror("connect"); + goto out; + } + listen(server_sock, 1); + *out_sock = accept(server_sock, (struct sockaddr*)&cli_addr, &cli_addr_len); + + ok = true; + +out: + closesocket(server_sock); + return ok; +} + +bool VersionFromString(uint16_t *out_version, const std::string &version) { + if (version == "ssl3") { + *out_version = SSL3_VERSION; + return true; + } else if (version == "tls1" || version == "tls1.0") { + *out_version = TLS1_VERSION; + return true; + } else if (version == "tls1.1") { + *out_version = TLS1_1_VERSION; + return true; + } else if (version == "tls1.2") { + *out_version = TLS1_2_VERSION; + return true; + } else if (version == "tls1.3") { + *out_version = TLS1_3_VERSION; + return true; + } + return false; +} + +static const char *SignatureAlgorithmToString(uint16_t version, uint16_t sigalg) { + const bool is_tls12 = version == TLS1_2_VERSION || version == DTLS1_2_VERSION; + switch (sigalg) { + case SSL_SIGN_RSA_PKCS1_SHA1: + return "rsa_pkcs1_sha1"; + case SSL_SIGN_RSA_PKCS1_SHA256: + return "rsa_pkcs1_sha256"; + case SSL_SIGN_RSA_PKCS1_SHA384: + return "rsa_pkcs1_sha384"; + case SSL_SIGN_RSA_PKCS1_SHA512: + return "rsa_pkcs1_sha512"; + case SSL_SIGN_ECDSA_SHA1: + return "ecdsa_sha1"; + case SSL_SIGN_ECDSA_SECP256R1_SHA256: + return is_tls12 ? "ecdsa_sha256" : "ecdsa_secp256r1_sha256"; + case SSL_SIGN_ECDSA_SECP384R1_SHA384: + return is_tls12 ? "ecdsa_sha384" : "ecdsa_secp384r1_sha384"; + case SSL_SIGN_ECDSA_SECP521R1_SHA512: + return is_tls12 ? "ecdsa_sha512" : "ecdsa_secp521r1_sha512"; + case SSL_SIGN_RSA_PSS_SHA256: + return "rsa_pss_sha256"; + case SSL_SIGN_RSA_PSS_SHA384: + return "rsa_pss_sha384"; + case SSL_SIGN_RSA_PSS_SHA512: + return "rsa_pss_sha512"; + default: + return "(unknown)"; + } +} + +void PrintConnectionInfo(const SSL *ssl) { + const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); + + fprintf(stderr, " Version: %s\n", SSL_get_version(ssl)); + fprintf(stderr, " Resumed session: %s\n", + SSL_session_reused(ssl) ? "yes" : "no"); + fprintf(stderr, " Cipher: %s\n", SSL_CIPHER_get_name(cipher)); + uint16_t curve = SSL_get_curve_id(ssl); + if (curve != 0) { + fprintf(stderr, " ECDHE curve: %s\n", SSL_get_curve_name(curve)); + } + uint16_t sigalg = SSL_get_peer_signature_algorithm(ssl); + if (sigalg != 0) { + fprintf(stderr, " Signature algorithm: %s\n", + SignatureAlgorithmToString(SSL_version(ssl), sigalg)); + } + fprintf(stderr, " Secure renegotiation: %s\n", + SSL_get_secure_renegotiation_support(ssl) ? "yes" : "no"); + fprintf(stderr, " Extended master secret: %s\n", + SSL_get_extms_support(ssl) ? "yes" : "no"); + + const uint8_t *next_proto; + unsigned next_proto_len; + SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); + fprintf(stderr, " Next protocol negotiated: %.*s\n", next_proto_len, + next_proto); + + const uint8_t *alpn; + unsigned alpn_len; + SSL_get0_alpn_selected(ssl, &alpn, &alpn_len); + fprintf(stderr, " ALPN protocol: %.*s\n", alpn_len, alpn); + + const char *host_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (host_name != nullptr && SSL_is_server(ssl)) { + fprintf(stderr, " Client sent SNI: %s\n", host_name); + } + + if (!SSL_is_server(ssl)) { + const uint8_t *ocsp_staple; + size_t ocsp_staple_len; + SSL_get0_ocsp_response(ssl, &ocsp_staple, &ocsp_staple_len); + fprintf(stderr, " OCSP staple: %s\n", ocsp_staple_len > 0 ? "yes" : "no"); + + const uint8_t *sct_list; + size_t sct_list_len; + SSL_get0_signed_cert_timestamp_list(ssl, &sct_list, &sct_list_len); + fprintf(stderr, " SCT list: %s\n", sct_list_len > 0 ? "yes" : "no"); + } + + // Print the server cert subject and issuer names. + bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(ssl)); + if (peer != nullptr) { + fprintf(stderr, " Cert subject: "); + X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer.get()), 0, + XN_FLAG_ONELINE); + fprintf(stderr, "\n Cert issuer: "); + X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer.get()), 0, + XN_FLAG_ONELINE); + fprintf(stderr, "\n"); + } +} + +bool SocketSetNonBlocking(int sock, bool is_non_blocking) { + bool ok; + +#if defined(OPENSSL_WINDOWS) + u_long arg = is_non_blocking; + ok = 0 == ioctlsocket(sock, FIONBIO, &arg); +#else + int flags = fcntl(sock, F_GETFL, 0); + if (flags < 0) { + return false; + } + if (is_non_blocking) { + flags |= O_NONBLOCK; + } else { + flags &= ~O_NONBLOCK; + } + ok = 0 == fcntl(sock, F_SETFL, flags); +#endif + if (!ok) { + fprintf(stderr, "Failed to set socket non-blocking.\n"); + } + return ok; +} + +// PrintErrorCallback is a callback function from OpenSSL's +// |ERR_print_errors_cb| that writes errors to a given |FILE*|. +int PrintErrorCallback(const char *str, size_t len, void *ctx) { + fwrite(str, len, 1, reinterpret_cast<FILE*>(ctx)); + return 1; +} + +bool TransferData(SSL *ssl, int sock) { + bool stdin_open = true; + + fd_set read_fds; + FD_ZERO(&read_fds); + + if (!SocketSetNonBlocking(sock, true)) { + return false; + } + + for (;;) { + if (stdin_open) { + FD_SET(0, &read_fds); + } + FD_SET(sock, &read_fds); + + int ret = select(sock + 1, &read_fds, NULL, NULL, NULL); + if (ret <= 0) { + perror("select"); + return false; + } + + if (FD_ISSET(0, &read_fds)) { + uint8_t buffer[512]; + ssize_t n; + + do { + n = BORINGSSL_READ(0, buffer, sizeof(buffer)); + } while (n == -1 && errno == EINTR); + + if (n == 0) { + FD_CLR(0, &read_fds); + stdin_open = false; +#if !defined(OPENSSL_WINDOWS) + shutdown(sock, SHUT_WR); +#else + shutdown(sock, SD_SEND); +#endif + continue; + } else if (n < 0) { + perror("read from stdin"); + return false; + } + + if (!SocketSetNonBlocking(sock, false)) { + return false; + } + int ssl_ret = SSL_write(ssl, buffer, n); + if (!SocketSetNonBlocking(sock, true)) { + return false; + } + + if (ssl_ret <= 0) { + int ssl_err = SSL_get_error(ssl, ssl_ret); + fprintf(stderr, "Error while writing: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } else if (ssl_ret != n) { + fprintf(stderr, "Short write from SSL_write.\n"); + return false; + } + } + + if (FD_ISSET(sock, &read_fds)) { + uint8_t buffer[512]; + int ssl_ret = SSL_read(ssl, buffer, sizeof(buffer)); + + if (ssl_ret < 0) { + int ssl_err = SSL_get_error(ssl, ssl_ret); + if (ssl_err == SSL_ERROR_WANT_READ) { + continue; + } + fprintf(stderr, "Error while reading: %d\n", ssl_err); + ERR_print_errors_cb(PrintErrorCallback, stderr); + return false; + } else if (ssl_ret == 0) { + return true; + } + + ssize_t n; + do { + n = BORINGSSL_WRITE(1, buffer, ssl_ret); + } while (n == -1 && errno == EINTR); + + if (n != ssl_ret) { + fprintf(stderr, "Short write to stderr.\n"); + return false; + } + } + } +} + +// SocketLineReader wraps a small buffer around a socket for line-orientated +// protocols. +class SocketLineReader { + public: + explicit SocketLineReader(int sock) : sock_(sock) {} + + // Next reads a '\n'- or '\r\n'-terminated line from the socket and, on + // success, sets |*out_line| to it and returns true. Otherwise it returns + // false. + bool Next(std::string *out_line) { + for (;;) { + for (size_t i = 0; i < buf_len_; i++) { + if (buf_[i] != '\n') { + continue; + } + + size_t length = i; + if (i > 0 && buf_[i - 1] == '\r') { + length--; + } + + out_line->assign(buf_, length); + buf_len_ -= i + 1; + OPENSSL_memmove(buf_, &buf_[i + 1], buf_len_); + + return true; + } + + if (buf_len_ == sizeof(buf_)) { + fprintf(stderr, "Received line too long!\n"); + return false; + } + + ssize_t n; + do { + n = recv(sock_, &buf_[buf_len_], sizeof(buf_) - buf_len_, 0); + } while (n == -1 && errno == EINTR); + + if (n < 0) { + fprintf(stderr, "Read error from socket\n"); + return false; + } + + buf_len_ += n; + } + } + + // ReadSMTPReply reads one or more lines that make up an SMTP reply. On + // success, it sets |*out_code| to the reply's code (e.g. 250) and + // |*out_content| to the body of the reply (e.g. "OK") and returns true. + // Otherwise it returns false. + // + // See https://tools.ietf.org/html/rfc821#page-48 + bool ReadSMTPReply(unsigned *out_code, std::string *out_content) { + out_content->clear(); + + // kMaxLines is the maximum number of lines that we'll accept in an SMTP + // reply. + static const unsigned kMaxLines = 512; + for (unsigned i = 0; i < kMaxLines; i++) { + std::string line; + if (!Next(&line)) { + return false; + } + + if (line.size() < 4) { + fprintf(stderr, "Short line from SMTP server: %s\n", line.c_str()); + return false; + } + + const std::string code_str = line.substr(0, 3); + char *endptr; + const unsigned long code = strtoul(code_str.c_str(), &endptr, 10); + if (*endptr || code > UINT_MAX) { + fprintf(stderr, "Failed to parse code from line: %s\n", line.c_str()); + return false; + } + + if (i == 0) { + *out_code = code; + } else if (code != *out_code) { + fprintf(stderr, + "Reply code varied within a single reply: was %u, now %u\n", + *out_code, static_cast<unsigned>(code)); + return false; + } + + if (line[3] == ' ') { + // End of reply. + *out_content += line.substr(4, std::string::npos); + return true; + } else if (line[3] == '-') { + // Another line of reply will follow this one. + *out_content += line.substr(4, std::string::npos); + out_content->push_back('\n'); + } else { + fprintf(stderr, "Bad character after code in SMTP reply: %s\n", + line.c_str()); + return false; + } + } + + fprintf(stderr, "Rejected SMTP reply of more then %u lines\n", kMaxLines); + return false; + } + + private: + const int sock_; + char buf_[512]; + size_t buf_len_ = 0; +}; + +// SendAll writes |data_len| bytes from |data| to |sock|. It returns true on +// success and false otherwise. +static bool SendAll(int sock, const char *data, size_t data_len) { + size_t done = 0; + + while (done < data_len) { + ssize_t n; + do { + n = send(sock, &data[done], data_len - done, 0); + } while (n == -1 && errno == EINTR); + + if (n < 0) { + fprintf(stderr, "Error while writing to socket\n"); + return false; + } + + done += n; + } + + return true; +} + +bool DoSMTPStartTLS(int sock) { + SocketLineReader line_reader(sock); + + unsigned code_220 = 0; + std::string reply_220; + if (!line_reader.ReadSMTPReply(&code_220, &reply_220)) { + return false; + } + + if (code_220 != 220) { + fprintf(stderr, "Expected 220 line from SMTP server but got code %u\n", + code_220); + return false; + } + + static const char kHelloLine[] = "EHLO BoringSSL\r\n"; + if (!SendAll(sock, kHelloLine, sizeof(kHelloLine) - 1)) { + return false; + } + + unsigned code_250 = 0; + std::string reply_250; + if (!line_reader.ReadSMTPReply(&code_250, &reply_250)) { + return false; + } + + if (code_250 != 250) { + fprintf(stderr, "Expected 250 line after EHLO but got code %u\n", code_250); + return false; + } + + // https://tools.ietf.org/html/rfc1869#section-4.3 + if (("\n" + reply_250 + "\n").find("\nSTARTTLS\n") == std::string::npos) { + fprintf(stderr, "Server does not support STARTTLS\n"); + return false; + } + + static const char kSTARTTLSLine[] = "STARTTLS\r\n"; + if (!SendAll(sock, kSTARTTLSLine, sizeof(kSTARTTLSLine) - 1)) { + return false; + } + + if (!line_reader.ReadSMTPReply(&code_220, &reply_220)) { + return false; + } + + if (code_220 != 220) { + fprintf( + stderr, + "Expected 220 line from SMTP server after STARTTLS, but got code %u\n", + code_220); + return false; + } + + return true; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/transport_common.h b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/transport_common.h new file mode 100644 index 000000000..7595f4565 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/tool/transport_common.h @@ -0,0 +1,48 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_TOOL_TRANSPORT_COMMON_H +#define OPENSSL_HEADER_TOOL_TRANSPORT_COMMON_H + +#include <openssl/ssl.h> +#include <string.h> + +// InitSocketLibrary calls the Windows socket init functions, if needed. +bool InitSocketLibrary(); + +// Connect sets |*out_sock| to be a socket connected to the destination given +// in |hostname_and_port|, which should be of the form "www.example.com:123". +// It returns true on success and false otherwise. +bool Connect(int *out_sock, const std::string &hostname_and_port); + +// Accept sets |*out_sock| to be a socket connected to the port given +// in |port|, which should be of the form "123". +// It returns true on success and false otherwise. +bool Accept(int *out_sock, const std::string &port); + +bool VersionFromString(uint16_t *out_version, const std::string &version); + +void PrintConnectionInfo(const SSL *ssl); + +bool SocketSetNonBlocking(int sock, bool is_non_blocking); + +int PrintErrorCallback(const char *str, size_t len, void *ctx); + +bool TransferData(SSL *ssl, int sock); + +// DoSMTPStartTLS performs the SMTP STARTTLS mini-protocol over |sock|. It +// returns true on success and false otherwise. +bool DoSMTPStartTLS(int sock); + +#endif /* !OPENSSL_HEADER_TOOL_TRANSPORT_COMMON_H */ |