Initial RSA implementation.stabilize-7821.B

Includes support for encrypt / decrypt,
and sign / verify;  padding schemes OAEP /
PKCS1; supporting bignum library.

RSA key sizes must be a multiple of 32-bits
(with the top bit set).  Keying material,
input and output buffers are required to be
word-aligned.

BRANCH=none
TEST=added encrypt/decrypt sign/verify tests, compatibility with openssl tested
BUG=chrome-os-partner:43025,chrome-os-partner:47524
Change-Id: I6bc324c651e3178bb45bb75ab5935d9bc07efbce
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/316942
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>

3 files changed, 425 insertions, 59 deletions

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index 2e42b7b920..c2efe7e907 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -34,6 +34,7 @@ board-y += tpm2/aes.o
 board-y += tpm2/hash.o
 board-y += tpm2/hash_data.o
 board-y += tpm2/platform.o
+board-y += tpm2/rsa.o
 board-y += tpm2/stubs.o
 
 # Build and link with an external library
diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c
new file mode 100644
index 0000000000..dfc996bca4
--- /dev/null
+++ b/board/cr50/tpm2/rsa.c
@@ -0,0 +1,424 @@
+/* Copyright 2015 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "CryptoEngine.h"
+
+#include "dcrypto.h"
+
+#include <assert.h>
+
+static int check_key(const RSA_KEY *key)
+{
+	if (key->publicKey->size & 0x3)
+		/* Only word-multiple sizes supported. */
+		return 0;
+	return 1;
+}
+
+static int check_encrypt_params(TPM_ALG_ID padding_alg, TPM_ALG_ID hash_alg,
+				enum padding_mode *padding,
+				enum hashing_mode *hashing)
+{
+	if (padding_alg == TPM_ALG_RSAES) {
+		*padding = PADDING_MODE_PKCS1;
+	} else if (padding_alg == TPM_ALG_OAEP) {
+		/* Only SHA1 and SHA256 supported with OAEP. */
+		if (hash_alg == TPM_ALG_SHA1)
+			*hashing = HASH_SHA1;
+		else if (hash_alg == TPM_ALG_SHA256)
+			*hashing = HASH_SHA256;
+		else
+			/* Unsupported hash algorithm. */
+			return 0;
+		*padding = PADDING_MODE_OAEP;
+	} else {
+		return 0;  /* NULL padding unsupported. */
+	}
+	return 1;
+}
+
+static int check_sign_params(TPM_ALG_ID padding_alg, TPM_ALG_ID hash_alg,
+			enum padding_mode *padding,
+			enum hashing_mode *hashing)
+{
+	/* TODO: add support for PSS. */
+	if (padding_alg == TPM_ALG_RSASSA) {
+		if (hash_alg == TPM_ALG_SHA1)
+			*hashing = HASH_SHA1;
+		else if (hash_alg == TPM_ALG_SHA256)
+			*hashing = HASH_SHA256;
+		else
+			return 0;
+		*padding = PADDING_MODE_PKCS1;
+	} else {
+		return 0;
+	}
+	return 1;
+}
+
+CRYPT_RESULT _cpri__EncryptRSA(uint32_t *out_len, uint8_t *out,
+			RSA_KEY *key, TPM_ALG_ID padding_alg,
+			uint32_t in_len, uint8_t *in,
+			TPM_ALG_ID hash_alg, const char *label)
+{
+	struct RSA rsa;
+	enum padding_mode padding;
+	enum hashing_mode hashing;
+
+	if (!check_key(key))
+		return CRYPT_FAIL;
+	if (!check_encrypt_params(padding_alg, hash_alg, &padding, &hashing))
+		return CRYPT_FAIL;
+
+	rsa.e = key->exponent;
+	rsa.N.dmax = key->publicKey->size / sizeof(uint32_t);
+	rsa.N.d = (uint32_t *) &key->publicKey->buffer;
+	rsa.d.dmax = 0;
+	rsa.d.d = NULL;
+
+	if (DCRYPTO_rsa_encrypt(&rsa, out, out_len, in, in_len, padding,
+					hashing, label))
+		return CRYPT_SUCCESS;
+	else
+		return CRYPT_FAIL;
+}
+
+CRYPT_RESULT _cpri__DecryptRSA(uint32_t *out_len, uint8_t *out,
+			RSA_KEY *key, TPM_ALG_ID padding_alg,
+			uint32_t in_len, uint8_t *in,
+			TPM_ALG_ID hash_alg, const char *label)
+{
+	struct RSA rsa;
+	enum padding_mode padding;
+	enum hashing_mode hashing;
+
+	if (!check_key(key))
+		return CRYPT_FAIL;
+	if (!check_encrypt_params(padding_alg, hash_alg, &padding, &hashing))
+		return CRYPT_FAIL;
+
+	rsa.e = key->exponent;
+	rsa.N.dmax = key->publicKey->size / sizeof(uint32_t);
+	rsa.N.d = (uint32_t *) &key->publicKey->buffer;
+	rsa.d.dmax = key->privateKey->size / sizeof(uint32_t);
+	rsa.d.d = (uint32_t *) &key->privateKey->buffer;
+
+	if (DCRYPTO_rsa_decrypt(&rsa, out, out_len, in, in_len, padding,
+					hashing, label))
+		return CRYPT_SUCCESS;
+	else
+		return CRYPT_FAIL;
+}
+
+CRYPT_RESULT _cpri__SignRSA(uint32_t *out_len, uint8_t *out,
+			RSA_KEY *key, TPM_ALG_ID padding_alg,
+			TPM_ALG_ID hash_alg, uint32_t in_len, uint8_t *in)
+{
+	struct RSA rsa;
+	enum padding_mode padding;
+	enum hashing_mode hashing;
+
+	if (!check_key(key))
+		return CRYPT_FAIL;
+	if (!check_sign_params(padding_alg, hash_alg, &padding, &hashing))
+		return CRYPT_FAIL;
+
+	rsa.e = key->exponent;
+	rsa.N.dmax = key->publicKey->size / sizeof(uint32_t);
+	rsa.N.d = (uint32_t *) &key->publicKey->buffer;
+	rsa.d.dmax = key->privateKey->size / sizeof(uint32_t);
+	rsa.d.d = (uint32_t *) &key->privateKey->buffer;
+
+	if (DCRYPTO_rsa_sign(&rsa, out, out_len, in, in_len, padding, hashing))
+		return CRYPT_SUCCESS;
+	else
+		return CRYPT_FAIL;
+}
+
+CRYPT_RESULT _cpri__ValidateSignatureRSA(
+	RSA_KEY *key, TPM_ALG_ID padding_alg, TPM_ALG_ID hash_alg,
+	uint32_t digest_len, uint8_t *digest, uint32_t sig_len,
+	uint8_t *sig, uint16_t salt_len)
+{
+	struct RSA rsa;
+	enum padding_mode padding;
+	enum hashing_mode hashing;
+
+	if (!check_key(key))
+		return CRYPT_FAIL;
+	if (!check_sign_params(padding_alg, hash_alg, &padding, &hashing))
+		return CRYPT_FAIL;
+
+	rsa.e = key->exponent;
+	rsa.N.dmax = key->publicKey->size / sizeof(uint32_t);
+	rsa.N.d = (uint32_t *) &key->publicKey->buffer;
+	rsa.d.dmax = 0;
+	rsa.d.d = NULL;
+
+	if (DCRYPTO_rsa_verify(&rsa, digest, digest_len, sig, sig_len,
+				padding, hashing))
+		return CRYPT_SUCCESS;
+	else
+		return CRYPT_FAIL;
+}
+
+#ifdef CRYPTO_TEST_SETUP
+
+#include "extension.h"
+
+enum {
+	TEST_RSA_ENCRYPT = 0,
+	TEST_RSA_DECRYPT = 1,
+	TEST_RSA_SIGN = 2,
+	TEST_RSA_VERIFY = 3,
+	TEST_RSA_KEYGEN = 4
+};
+
+struct TPM2B_aligned {
+	uint16_t pad;
+	TPM2B_PUBLIC_KEY_RSA bn;
+} __packed __aligned(4);
+
+static const struct TPM2B_aligned RSA_768_N = {
+	.bn = {
+		.t = {96, {
+				0x69, 0x85, 0x39, 0x2d, 0x78, 0x2b, 0x90, 0x75,
+				0xe1, 0x7c, 0xc1, 0x7b, 0xbd, 0x5b, 0xdd, 0xfd,
+				0x00, 0x36, 0xf7, 0x38, 0x74, 0x33, 0x2b, 0xa8,
+				0x53, 0x89, 0x10, 0xa7, 0x2d, 0x3c, 0xe6, 0x00,
+				0xa3, 0xe5, 0x8b, 0x5f, 0xed, 0x77, 0x32, 0xc0,
+				0x0f, 0xe2, 0x2c, 0x51, 0x1b, 0x46, 0xba, 0x18,
+				0xc0, 0x4e, 0x1b, 0x44, 0xdf, 0x94, 0xcc, 0x15,
+				0xe1, 0x67, 0x48, 0x3a, 0x12, 0xc4, 0x0c, 0x82,
+				0xd2, 0xfa, 0xfe, 0x74, 0x6e, 0x49, 0xa4, 0x8b,
+				0x64, 0xc2, 0x3b, 0x33, 0x36, 0x72, 0x24, 0xdb,
+				0x17, 0x86, 0x5a, 0x35, 0xd2, 0x23, 0x20, 0xd4,
+				0x7c, 0xf0, 0x32, 0xd9, 0x46, 0xed, 0xdb, 0xb0
+			}
+		}
+	}
+};
+
+static const struct TPM2B_aligned RSA_768_D = {
+	.bn = {
+		.t = {96, {
+				0x01, 0x40, 0x76, 0x7b, 0x41, 0xd6, 0xd9, 0x17,
+				0xfe, 0x52, 0x6d, 0xdd, 0x24, 0x70, 0xbc, 0x97,
+				0x7e, 0xcf, 0x54, 0x22, 0x4c, 0x71, 0x29, 0xf5,
+				0xb2, 0xe2, 0xf6, 0xf8, 0x8b, 0x9e, 0x20, 0x1a,
+				0x1e, 0x67, 0xee, 0x59, 0xf9, 0x83, 0x6b, 0x91,
+				0x8d, 0xdf, 0x03, 0xfc, 0xdd, 0x0f, 0x35, 0xd7,
+				0xa2, 0x5d, 0x06, 0x3f, 0x45, 0xb9, 0xb0, 0x23,
+				0x90, 0x7b, 0x11, 0x32, 0xc1, 0xf2, 0x12, 0xdb,
+				0x61, 0xf9, 0xa7, 0x31, 0x24, 0xc8, 0x66, 0x4e,
+				0x49, 0x72, 0xb9, 0xce, 0xa6, 0x5b, 0xab, 0x46,
+				0x45, 0xdf, 0x75, 0x76, 0x3e, 0xd3, 0x42, 0x9f,
+				0x5c, 0x1b, 0x8c, 0x25, 0x50, 0xb9, 0xad, 0xae
+			}
+		}
+	}
+};
+
+static const struct TPM2B_aligned RSA_2048_N = {
+	.bn = {
+		.t = {256, {
+				0x99, 0xa9, 0x93, 0xdf, 0xe8, 0xde, 0x41, 0x07,
+				0xe9, 0xb1, 0x4f, 0x53, 0xa6, 0x11, 0xe3, 0x67,
+				0x88, 0xc5, 0x9a, 0x57, 0xa5, 0x38, 0x1f, 0x69,
+				0x51, 0xf2, 0xa7, 0xb5, 0x6a, 0xd2, 0x1a, 0xf2,
+				0x0c, 0x62, 0xad, 0x33, 0x1f, 0x82, 0x21, 0x4a,
+				0x72, 0xb3, 0x6e, 0xba, 0xfd, 0x66, 0x3e, 0xef,
+				0x40, 0x78, 0xa7, 0x37, 0x97, 0x4a, 0x74, 0x63,
+				0x23, 0x05, 0x2e, 0x55, 0x6d, 0x36, 0xd0, 0xb7,
+				0x8c, 0xb7, 0x83, 0x60, 0x3b, 0xa1, 0x58, 0x5d,
+				0xdc, 0xef, 0xf7, 0x2c, 0x5e, 0x05, 0x27, 0xbc,
+				0xb0, 0x4d, 0xc9, 0xff, 0x04, 0x50, 0x22, 0x97,
+				0xe7, 0x15, 0x66, 0xa5, 0x24, 0x0e, 0x86, 0xa6,
+				0x36, 0x9c, 0x92, 0xa2, 0x16, 0x51, 0xed, 0xc2,
+				0xea, 0xbf, 0xf4, 0xb2, 0x5e, 0x3a, 0xd7, 0xc5,
+				0xa3, 0xfa, 0xf0, 0xcf, 0xcf, 0x7b, 0xc8, 0x5c,
+				0x07, 0xe2, 0xcc, 0xa8, 0xb8, 0x36, 0x76, 0xb1,
+				0xc9, 0xbb, 0x48, 0x38, 0xbe, 0x0b, 0x57, 0xce,
+				0x05, 0x2d, 0xf1, 0xdb, 0x7b, 0x94, 0xb6, 0xcd,
+				0x3a, 0xa8, 0x50, 0x49, 0xca, 0x18, 0xb3, 0x52,
+				0x18, 0x49, 0xde, 0x10, 0xf8, 0x41, 0x40, 0x6e,
+				0x51, 0xaf, 0xdd, 0x06, 0xc3, 0x30, 0xc7, 0x57,
+				0x6b, 0xd4, 0xdc, 0x10, 0x46, 0x30, 0x04, 0x23,
+				0x98, 0xc0, 0xf0, 0xb4, 0xeb, 0x5d, 0xc9, 0x6e,
+				0x50, 0x1f, 0xd7, 0xd9, 0xac, 0xf2, 0x0d, 0x06,
+				0xe3, 0x9b, 0x5e, 0xde, 0x2a, 0xaa, 0xb1, 0xaf,
+				0xd6, 0x97, 0x68, 0x2d, 0xeb, 0x0c, 0x7b, 0x75,
+				0x49, 0x23, 0x64, 0xbe, 0x90, 0x53, 0x82, 0x99,
+				0xa2, 0x50, 0x78, 0x0c, 0x9f, 0x72, 0xc1, 0x0a,
+				0x0f, 0x32, 0x75, 0xed, 0x1f, 0x6e, 0xef, 0x2c,
+				0x2e, 0x1d, 0x4c, 0x19, 0x85, 0x5c, 0x90, 0x95,
+				0xe3, 0x4b, 0x86, 0xf5, 0xb7, 0x9f, 0x73, 0xcd,
+				0xbe, 0x15, 0x8e, 0x43, 0x2e, 0x61, 0xd7, 0x9c
+			}
+		}
+	}
+};
+
+static const struct TPM2B_aligned RSA_2048_D = {
+	.bn = {
+		.t  = {256, {
+				0xf5, 0x95, 0x99, 0xca, 0x31, 0x84, 0x66, 0x4c,
+				0xa9, 0x29, 0x24, 0x74, 0x22, 0x29, 0xb4, 0x64,
+				0x5b, 0x22, 0xeb, 0x5d, 0x2f, 0xe3, 0x62, 0x21,
+				0x02, 0x16, 0x33, 0x16, 0xe4, 0xad, 0x10, 0x52,
+				0x3f, 0xf0, 0xf1, 0x86, 0x68, 0x54, 0x47, 0x24,
+				0xcc, 0x5c, 0x08, 0x82, 0x0f, 0x68, 0xdd, 0x79,
+				0x55, 0x11, 0x07, 0x6d, 0x56, 0x89, 0x30, 0xf1,
+				0x7f, 0xaf, 0xb1, 0xb8, 0x41, 0xe8, 0x7a, 0x82,
+				0x03, 0x1a, 0x95, 0xd7, 0x00, 0x7c, 0xb7, 0x04,
+				0xee, 0x8e, 0x9b, 0xbc, 0x4f, 0xdf, 0xa8, 0x38,
+				0xea, 0xbf, 0xfb, 0x79, 0xa0, 0xd3, 0xd6, 0xc2,
+				0x1f, 0x67, 0xa2, 0x88, 0x2b, 0x1d, 0x23, 0xc6,
+				0x19, 0xfc, 0x27, 0x45, 0xcf, 0xbd, 0xc7, 0xe9,
+				0x6e, 0x7a, 0xe2, 0x84, 0x4c, 0x9c, 0x16, 0x65,
+				0xb0, 0xa6, 0x88, 0xc5, 0xbe, 0x30, 0x70, 0xb9,
+				0xc6, 0x6d, 0x3f, 0xf5, 0xcd, 0x52, 0x97, 0x54,
+				0x15, 0x26, 0xd2, 0x06, 0x82, 0xcc, 0xe7, 0x02,
+				0x1a, 0x23, 0xb8, 0x0a, 0x71, 0xde, 0x91, 0x82,
+				0xe4, 0x1e, 0xbe, 0x67, 0xeb, 0x94, 0x24, 0x22,
+				0xe7, 0x27, 0xfa, 0x52, 0xf2, 0x94, 0x5e, 0x6e,
+				0x85, 0xc1, 0x47, 0x42, 0xdc, 0xae, 0x8b, 0xaf,
+				0x4e, 0x32, 0xc6, 0x8d, 0xd3, 0xc0, 0xa2, 0x6b,
+				0x02, 0x96, 0x76, 0x0a, 0x96, 0x87, 0x16, 0x35,
+				0xc1, 0xea, 0xf7, 0x91, 0xa4, 0xa3, 0x1b, 0x40,
+				0xc0, 0x95, 0x20, 0x14, 0x9f, 0x32, 0xad, 0x39,
+				0x19, 0x29, 0xea, 0x80, 0x33, 0x2c, 0x31, 0x86,
+				0xca, 0x5e, 0x89, 0xf0, 0x74, 0xdf, 0x8f, 0xdc,
+				0xa3, 0xf3, 0xbe, 0x26, 0xd0, 0xa3, 0xb4, 0x7c,
+				0x6e, 0xdf, 0xad, 0xdb, 0x26, 0xf3, 0xaa, 0xfb,
+				0x68, 0x56, 0x43, 0xb9, 0x7f, 0x19, 0x70, 0x67,
+				0x5a, 0x66, 0x15, 0x6f, 0xe2, 0x14, 0x8f, 0xbc,
+				0x89, 0x8b, 0x4a, 0xdf, 0x1f, 0x02, 0x9d, 0x4e
+			}
+		}
+	}
+};
+
+static const RSA_KEY RSA_768 = {
+	65537, (TPM2B *) &RSA_768_N.bn.b, (TPM2B *) &RSA_768_D.bn.b
+};
+static const RSA_KEY RSA_2048 = {
+	65537, (TPM2B *) &RSA_2048_N.bn.b, (TPM2B *) &RSA_2048_D.bn.b
+};
+
+#define MAX_MSG_BYTES RSA_MAX_BYTES
+
+static void rsa_command_handler(void *cmd_body,
+				size_t cmd_size,
+				size_t *response_size_out)
+{
+	uint8_t *cmd;
+	uint8_t op;
+	uint8_t padding_alg;
+	uint8_t hashing_alg;
+	uint16_t key_len;
+	uint16_t in_len;
+	uint8_t in[MAX_MSG_BYTES];
+	uint16_t digest_len;
+	uint8_t digest[SHA_DIGEST_MAX_BYTES];
+	uint8_t *out = (uint8_t *) cmd_body;
+	RSA_KEY *key;
+	uint32_t *response_size = (uint32_t *) response_size_out;
+
+	assert(sizeof(size_t) == sizeof(uint32_t));
+
+	/* Command format.
+	 *
+	 *   OFFSET       FIELD
+	 *   0            OP
+	 *   1            PADDING
+	 *   2            HASHING
+	 *   3            MSB KEY LEN
+	 *   4            LSB KEY LEN
+	 *   5            MSB IN LEN
+	 *   6            LSB IN LEN
+	 *   7            IN
+	 *   7 + IN_LEN   MSB DIGEST LEN
+	 *   8 + IN_LEN   LSB DIGEST LEN
+	 *   9 + IN_LEN   DIGEST
+	 */
+	cmd = (uint8_t *) cmd_body;
+	op = *cmd++;
+	padding_alg = *cmd++;
+	hashing_alg = *cmd++;
+	key_len = ((uint16_t) (cmd[0] << 8)) | cmd[1];
+	cmd += 2;
+	in_len = ((uint16_t) (cmd[0] << 8)) | cmd[1];
+	cmd += 2;
+	if (in_len > sizeof(in)) {
+		*response_size = 0;
+		return;
+	}
+	memcpy(in, cmd, in_len);
+	if (op == TEST_RSA_VERIFY) {
+		cmd += in_len;
+		digest_len = ((uint16_t) (cmd[0] << 8)) | cmd[1];
+		cmd += 2;
+		if (digest_len > sizeof(digest)) {
+			*response_size = 0;
+			return;
+		}
+		memcpy(digest, cmd, digest_len);
+	}
+
+	switch (key_len) {
+	case 768:
+		key = (RSA_KEY *) &RSA_768;
+		break;
+	case 2048:
+		key = (RSA_KEY *) &RSA_2048;
+		break;
+	default:
+		*response_size = 0;
+		return;
+	}
+
+	switch (op) {
+	case TEST_RSA_ENCRYPT:
+		if (_cpri__EncryptRSA(
+				response_size, out, key,
+				padding_alg, in_len, in, hashing_alg, "")
+			!= CRYPT_SUCCESS)
+			*response_size = 0;
+		return;
+	case TEST_RSA_DECRYPT:
+		if (_cpri__DecryptRSA(
+				response_size, out, key,
+				padding_alg, in_len, in, hashing_alg, "")
+			!= CRYPT_SUCCESS)
+			*response_size = 0;
+		return;
+	case TEST_RSA_SIGN:
+		if (_cpri__SignRSA(
+				response_size, out, key,
+				padding_alg, hashing_alg, in_len, in)
+			!= CRYPT_SUCCESS)
+			*response_size = 0;
+		return;
+	case TEST_RSA_VERIFY:
+		if (_cpri__ValidateSignatureRSA(
+				key, padding_alg, hashing_alg, digest_len,
+				digest, in_len, in, 0)
+			!= CRYPT_SUCCESS) {
+			*response_size = 0;
+		} else {
+			*out = 1;
+			*response_size = 1;
+		}
+		return;
+	case TEST_RSA_KEYGEN:
+		*response_size = 0;
+		break;
+	}
+}
+
+DECLARE_EXTENSION_COMMAND(EXTENSION_RSA, rsa_command_handler);
+
+#endif   /* CRYPTO_TEST_SETUP */
diff --git a/board/cr50/tpm2/stubs.c b/board/cr50/tpm2/stubs.c
index 7d78d5cef4..08ea641d61 100644
--- a/board/cr50/tpm2/stubs.c
+++ b/board/cr50/tpm2/stubs.c
@@ -33,21 +33,6 @@ UINT16 _cpri__CompleteHMAC(
   return -1;
 }
 
-CRYPT_RESULT _cpri__DecryptRSA(
-  UINT32 * dOutSize,            //   OUT: the size of the decrypted data
-  BYTE * dOut,                  //   OUT: the decrypted data
-  RSA_KEY * key,                //   IN: the key to use for decryption
-  TPM_ALG_ID padType,           //   IN: the type of padding
-  UINT32 cInSize,               //   IN: the amount of data to decrypt
-  BYTE * cIn,                   //   IN: the data to decrypt
-  TPM_ALG_ID hashAlg,           //   IN: in case this is needed for the scheme
-  const char *label             //   IN: in case it is needed for the scheme
-  )
-{
-  ecprintf("%s called\n", __func__);
-  return CRYPT_FAIL;
-}
-
 CRYPT_RESULT _cpri__DrbgGetPutState(
   GET_PUT direction,
   int bufferSize,
@@ -109,21 +94,6 @@ CRYPT_RESULT _cpri__EccPointMultiply(
   return CRYPT_FAIL;
 }
 
-CRYPT_RESULT _cpri__EncryptRSA(
-  UINT32 * cOutSize,            //   OUT: the size of the encrypted data
-  BYTE * cOut,                  //   OUT: the encrypted data
-  RSA_KEY * key,                //   IN: the key to use for encryption
-  TPM_ALG_ID padType,           //   IN: the type of padding
-  UINT32 dInSize,               //   IN: the amount of data to encrypt
-  BYTE * dIn,                   //   IN: the data to encrypt
-  TPM_ALG_ID hashAlg,           //   IN: in case this is needed
-  const char *label             //   IN: in case it is needed
-  )
-{
-  ecprintf("%s called\n", __func__);
-  return CRYPT_FAIL;
-}
-
 CRYPT_RESULT _cpri__GenerateKeyEcc(
   TPMS_ECC_POINT * Qout,        //   OUT: the public point
   TPM2B_ECC_PARAMETER * dOut,   //   OUT: the private scalar
@@ -246,20 +216,6 @@ CRYPT_RESULT _cpri__SignEcc(
   return CRYPT_FAIL;
 }
 
-CRYPT_RESULT _cpri__SignRSA(
-  UINT32 * sigOutSize,          //   OUT: size of signature
-  BYTE * sigOut,                //   OUT: signature
-  RSA_KEY * key,                //   IN: key to use
-  TPM_ALG_ID scheme,            //   IN: the scheme to use
-  TPM_ALG_ID hashAlg,           //   IN: hash algorithm for PKSC1v1_5
-  UINT32 hInSize,               //   IN: size of digest to be signed
-  BYTE * hIn                    //   IN: digest buffer
-  )
-{
-  ecprintf("%s called\n", __func__);
-  return CRYPT_FAIL;
-}
-
 UINT16 _cpri__StartHMAC(
   TPM_ALG_ID hashAlg,           //   IN: the algorithm to use
   BOOL sequence,                //   IN: indicates if the state should be saved
@@ -329,21 +285,6 @@ CRYPT_RESULT _cpri__ValidateSignatureEcc(
   return CRYPT_FAIL;
 }
 
-CRYPT_RESULT _cpri__ValidateSignatureRSA(
-  RSA_KEY * key,                //   IN:   key to use
-  TPM_ALG_ID scheme,            //   IN:   the scheme to use
-  TPM_ALG_ID hashAlg,           //   IN:   hash algorithm
-  UINT32 hInSize,               //   IN:   size of digest to be checked
-  BYTE * hIn,                   //   IN:   digest buffer
-  UINT32 sigInSize,             //   IN:   size of signature
-  BYTE * sigIn,                 //   IN:   signature
-  UINT16 saltSize               //   IN:   salt size for PSS
-  )
-{
-  ecprintf("%s called\n", __func__);
-  return CRYPT_FAIL;
-}
-
 int _math__Comp(
   const UINT32 aSize,           //   IN:   size of a
   const BYTE * a,               //   IN:   a buffer