Revert "VBoot Reference: Refactor Part 2 - Crypto Libraries"

This reverts commit e018a80a37aaa45681f45f5852f04d20aedd8b2d.

Review URL: http://codereview.chromium.org/1593002
diff --git a/crypto/genpadding.sh b/crypto/genpadding.sh
index e429ddc..6086c8d 100755
--- a/crypto/genpadding.sh
+++ b/crypto/genpadding.sh
@@ -172,18 +172,6 @@
 echo "};"
 echo
 
-# Generate signature algorithm to messge digest algorithm map.
-echo "const int hash_type_map[] = {"
-for rsaalgo in ${RSAAlgos[@]}
-do
-  for hashalgo in ${HashAlgos[@]}
-  do
-    echo ${hashalgo}_DIGEST_ALGORITHM,
-  done
-done
-echo "};"
-echo
-
 # Generate algorithm to message digest's output size map.
 echo "const int hash_size_map[NUMALGORITHMS] = {"
 for rsaalgo in ${RSAAlgos[@]}
diff --git a/crypto/padding.c b/crypto/padding.c
index 91424ba..5580d6e 100644
--- a/crypto/padding.c
+++ b/crypto/padding.c
@@ -5,7 +5,9 @@
  * arrays corresponding to various combinations of algorithms for RSA signatures.
  */
 
-#include "cryptolib.h"
+#include "rsa.h"
+#include "sha.h"
+
 
 /*
  * PKCS 1.5 padding (from the RSA PKCS#1 v2.1 standard)
@@ -168,21 +170,6 @@
 RSA8192NUMBYTES - SHA512_DIGEST_SIZE,
 };
 
-const int hash_type_map[] = {
-SHA1_DIGEST_ALGORITHM,
-SHA256_DIGEST_ALGORITHM,
-SHA512_DIGEST_ALGORITHM,
-SHA1_DIGEST_ALGORITHM,
-SHA256_DIGEST_ALGORITHM,
-SHA512_DIGEST_ALGORITHM,
-SHA1_DIGEST_ALGORITHM,
-SHA256_DIGEST_ALGORITHM,
-SHA512_DIGEST_ALGORITHM,
-SHA1_DIGEST_ALGORITHM,
-SHA256_DIGEST_ALGORITHM,
-SHA512_DIGEST_ALGORITHM,
-};
-
 const int hash_size_map[NUMALGORITHMS] = {
 SHA1_DIGEST_SIZE,
 SHA256_DIGEST_SIZE,
@@ -242,3 +229,4 @@
 "RSA8192 SHA256",
 "RSA8192 SHA512",
 };
+
diff --git a/crypto/rsa.c b/crypto/rsa.c
index bfc6446..c84ae4e 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -8,7 +8,10 @@
  * support multiple RSA key lengths and hash digest algorithms.
  */
 
-#include "cryptolib.h"
+#include <stdio.h>
+
+#include "padding.h"
+#include "rsa.h"
 #include "utility.h"
 
 /* a[] -= mod */
@@ -135,17 +138,17 @@
   int success = 1;
 
   if (sig_len != (key->len * sizeof(uint32_t))) {
-    debug("Signature is of incorrect length!\n");
+    fprintf(stderr, "Signature is of incorrect length!\n");
     return 0;
   }
 
   if (sig_type >= kNumAlgorithms) {
-    debug("Invalid signature type!\n");
+    fprintf(stderr, "Invalid signature type!\n");
     return 0;
   }
 
   if (key->len != siglen_map[sig_type] / sizeof(uint32_t)) {
-    debug("Wrong key passed in!\n");
+    fprintf(stderr, "Wrong key passed in!\n");
     return 0;
   }
 
@@ -162,7 +165,7 @@
     if (buf[i] != padding[i]) {
 #ifndef NDEBUG
 /* TODO(gauravsh): Replace with a macro call for logging. */
-      debug("Padding: Expecting = %02x Got = %02x\n", padding[i],
+      fprintf(stderr, "Padding: Expecting = %02x Got = %02x\n", padding[i],
               buf[i]);
 #endif
       success = 0;
@@ -174,7 +177,7 @@
     if (buf[i] != *hash++) {
 #ifndef NDEBUG
 /* TODO(gauravsh): Replace with a macro call for logging. */
-      debug("Digest: Expecting = %02x Got = %02x\n", padding[i],
+      fprintf(stderr, "Digest: Expecting = %02x Got = %02x\n", padding[i],
               buf[i]);
 #endif
       success = 0;
diff --git a/crypto/rsa_utility.c b/crypto/rsa_utility.c
index bf32284..5ac2db4 100644
--- a/crypto/rsa_utility.c
+++ b/crypto/rsa_utility.c
@@ -2,10 +2,12 @@
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
- * Implementation of RSA utility functions.
+ * Utility functions for message digest functions.
  */
 
-#include "cryptolib.h"
+#include "padding.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "utility.h"
 
 int RSAProcessedKeySize(int algorithm) {
diff --git a/crypto/sha1.c b/crypto/sha1.c
index 41b729b..5844ecc 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -1,14 +1,13 @@
 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
- *
- * SHA-1 implementation largely based on libmincrypt in the the Android
+ */
+
+/* SHA-1 implementation largely based on libmincrypt in the the Android
  * Open Source Project (platorm/system/core.git/libmincrypt/sha.c
  */
 
-#include "cryptolib.h"
-#include "utility.h"
-
+#include "sha.h"
 
 /* Some machines lack byteswap.h and endian.h. These have to use the
  * slower code, even if they're little-endian.
@@ -135,7 +134,7 @@
   ctx->count += len;
 
   while (len > sizeof(ctx->buf) - i) {
-    Memcpy(&ctx->buf.b[i], p, sizeof(ctx->buf) - i);
+    memcpy(&ctx->buf.b[i], p, sizeof(ctx->buf) - i);
     len -= sizeof(ctx->buf) - i;
     p += sizeof(ctx->buf) - i;
     SHA1_Transform(ctx);
diff --git a/crypto/sha2.c b/crypto/sha2.c
index 7f47656..320bccb 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -35,8 +35,8 @@
  * SUCH DAMAGE.
  */
 
-#include "cryptolib.h"
-#include "utility.h"
+#include "sha.h"
+#include <string.h>
 
 #define SHFR(x, n)    (x >> n)
 #define ROTR(x, n)   ((x >> n) | (x << ((sizeof(x) << 3) - n)))
@@ -340,7 +340,7 @@
     tmp_len = SHA256_BLOCK_SIZE - ctx->len;
     rem_len = len < tmp_len ? len : tmp_len;
 
-    Memcpy(&ctx->block[ctx->len], data, rem_len);
+    memcpy(&ctx->block[ctx->len], data, rem_len);
 
     if (ctx->len + len < SHA256_BLOCK_SIZE) {
         ctx->len += len;
@@ -357,7 +357,7 @@
 
     rem_len = new_len % SHA256_BLOCK_SIZE;
 
-    Memcpy(ctx->block, &shifted_data[block_nb << 6],
+    memcpy(ctx->block, &shifted_data[block_nb << 6],
            rem_len);
 
     ctx->len = rem_len;
@@ -528,7 +528,7 @@
     tmp_len = SHA512_BLOCK_SIZE - ctx->len;
     rem_len = len < tmp_len ? len : tmp_len;
 
-    Memcpy(&ctx->block[ctx->len], data, rem_len);
+    memcpy(&ctx->block[ctx->len], data, rem_len);
 
     if (ctx->len + len < SHA512_BLOCK_SIZE) {
         ctx->len += len;
@@ -545,7 +545,7 @@
 
     rem_len = new_len % SHA512_BLOCK_SIZE;
 
-    Memcpy(ctx->block, &shifted_data[block_nb << 7],
+    memcpy(ctx->block, &shifted_data[block_nb << 7],
            rem_len);
 
     ctx->len = rem_len;
diff --git a/crypto/sha_utility.c b/crypto/sha_utility.c
index 4e266f7..1478a7a 100644
--- a/crypto/sha_utility.c
+++ b/crypto/sha_utility.c
@@ -5,11 +5,36 @@
  * Utility functions for message digest functions.
  */
 
-#include "cryptolib.h"
+#include "sha_utility.h"
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "sha.h"
 #include "utility.h"
 
+int digest_type_map[] = {
+  SHA1_DIGEST_ALGORITHM,  /* RSA 1024 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+  SHA1_DIGEST_ALGORITHM,  /* RSA 2048 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+  SHA1_DIGEST_ALGORITHM,  /* RSA 4096 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+  SHA1_DIGEST_ALGORITHM,  /* RSA 8192 */
+  SHA256_DIGEST_ALGORITHM,
+  SHA512_DIGEST_ALGORITHM,
+};
+
 void DigestInit(DigestContext* ctx, int sig_algorithm) {
-  ctx->algorithm = hash_type_map[sig_algorithm];
+  ctx->algorithm = digest_type_map[sig_algorithm];
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
       ctx->sha1_ctx = (SHA1_CTX*) Malloc(sizeof(SHA1_CTX));
@@ -62,6 +87,27 @@
   return digest;
 }
 
+uint8_t* DigestFile(char* input_file, int sig_algorithm) {
+  int input_fd, len;
+  uint8_t data[SHA1_BLOCK_SIZE];
+  uint8_t* digest = NULL;
+  DigestContext ctx;
+
+  if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
+    fprintf(stderr, "Couldn't open input file.\n");
+    return NULL;
+  }
+  DigestInit(&ctx, sig_algorithm);
+  while ( (len = read(input_fd, data, SHA1_BLOCK_SIZE)) ==
+          SHA1_BLOCK_SIZE)
+    DigestUpdate(&ctx, data, len);
+  if (len != -1)
+    DigestUpdate(&ctx, data, len);
+  digest = DigestFinal(&ctx);
+  close(input_fd);
+  return digest;
+}
+
 uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm) {
   uint8_t* digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE); /* Use the max. */
   /* Define an array mapping [sig_algorithm] to function pointers to the
diff --git a/include/cryptolib.h b/include/cryptolib.h
deleted file mode 100644
index b65a71d..0000000
--- a/include/cryptolib.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Firmware Cryptolib includes.
- */
-
-#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_
-#define VBOOT_REFERENCE_CRYPTOLIB_H_
-
-#include "padding.h"
-#include "rsa.h"
-#include "sha.h"
-
-#endif  /* VBOOT_REFERENCE_CRYPTOLIB_H_ */
diff --git a/include/file_keys.h b/include/file_keys.h
index eac4df0..6e3851c 100644
--- a/include/file_keys.h
+++ b/include/file_keys.h
@@ -8,7 +8,7 @@
 #ifndef VBOOT_REFERENCE_FILE_KEYS_H_
 #define VBOOT_REFERENCE_FILE_KEYS_H_
 
-#include "cryptolib.h"
+#include "rsa.h"
 
 /* Read file named [input_file] into a buffer and stores the length into
  * [len].
@@ -25,12 +25,6 @@
  */
 RSAPublicKey* RSAPublicKeyFromFile(const char* input_file);
 
-/* Returns the appropriate digest for the data in [input_file]
- * based on the signature [algorithm].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* DigestFile(char* input_file, int sig_algorithm);
-
 /* Helper function to invoke external program to calculate signature on
  * [input_file] using private key [key_file] and signature algorithm
  * [algorithm].
diff --git a/include/firmware_image_fw.h b/include/firmware_image_fw.h
index dc6db90..53b558a 100644
--- a/include/firmware_image_fw.h
+++ b/include/firmware_image_fw.h
@@ -10,7 +10,8 @@
 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_FW_H_
 
 #include <stdint.h>
-#include "cryptolib.h"
+#include "rsa.h"
+#include "sha.h"
 
 #define FIRMWARE_MAGIC "CHROMEOS"
 #define FIRMWARE_MAGIC_SIZE 8
diff --git a/include/kernel_image_fw.h b/include/kernel_image_fw.h
index 6446e8c..d299b5a 100644
--- a/include/kernel_image_fw.h
+++ b/include/kernel_image_fw.h
@@ -10,8 +10,8 @@
 #define VBOOT_REFERENCE_KERNEL_IMAGE_FW_H_
 
 #include <stdint.h>
-
-#include "cryptolib.h"
+#include "rsa.h"
+#include "sha.h"
 
 #define KERNEL_MAGIC "CHROMEOS"
 #define KERNEL_MAGIC_SIZE 8
diff --git a/include/padding.h b/include/padding.h
index 8d8fc95..938cec2 100644
--- a/include/padding.h
+++ b/include/padding.h
@@ -6,11 +6,7 @@
 #ifndef VBOOT_REFERENCE_PADDING_H_
 #define VBOOT_REFERENCE_PADDING_H_
 
-#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_
-#error "Do not include this file directly. Use cryptolib.h instead."
-#endif
-
-#include <stdint.h>
+#include <inttypes.h>
 
 extern const uint8_t paddingRSA1024_SHA1[];
 extern const uint8_t paddingRSA1024_SHA256[];
@@ -31,7 +27,6 @@
 extern const int siglen_map[];
 extern const uint8_t* padding_map[];
 extern const int padding_size_map[];
-extern const int hash_type_map[];
 extern const int hash_size_map[];
 extern const int hash_blocksize_map[];
 extern const uint8_t* hash_digestinfo_map[];
diff --git a/include/rsa.h b/include/rsa.h
index 1a45803..8f2ede8 100644
--- a/include/rsa.h
+++ b/include/rsa.h
@@ -6,11 +6,7 @@
 #ifndef VBOOT_REFERENCE_RSA_H_
 #define VBOOT_REFERENCE_RSA_H_
 
-#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_
-#error "Do not include this file directly. Use cryptolib.h instead."
-#endif
-
-#include <stdint.h>
+#include <inttypes.h>
 
 #define RSA1024NUMBYTES 128  /* 1024 bit key length */
 #define RSA2048NUMBYTES 256  /* 2048 bit key length */
@@ -33,59 +29,9 @@
  * against an expected [hash] using [key]. Returns 0 on failure, 1 on success.
  */
 int RSAVerify(const RSAPublicKey *key,
-              const uint8_t* sig,
-              const int sig_len,
-              const uint8_t sig_type,
-              const uint8_t* hash);
-
-/* Perform RSA signature verification on [buf] of length [len] against expected
- * signature [sig] using signature algorithm [algorithm]. The public key used
- * for verification can either be in the form of a pre-process key blob
- * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must
- * be non-NULL, and the other NULL or the function will fail.
- *
- * Returns 1 on verification success, 0 on verification failure or invalid
- * arguments.
- *
- * Note: This function is for use in the firmware and assumes all pointers point
- * to areas in the memory of the right size.
- *
- */
-int RSAVerifyBinary_f(const uint8_t* key_blob,
-                      const RSAPublicKey* key,
-                      const uint8_t* buf,
-                      uint64_t len,
-                      const uint8_t* sig,
-                      int algorithm);
-
-/* Version of RSAVerifyBinary_f() where instead of the raw binary blob
- * of data, its digest is passed as the argument. */
-int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob,
-                                const RSAPublicKey* key,
-                                const uint8_t* digest,
-                                const uint8_t* sig,
-                                int algorithm);
-
-
-/* ----Some additional utility functions for RSA.---- */
-
-/* Returns the size of a pre-processed RSA public key in bytes with algorithm
- * [algorithm]. */
-int RSAProcessedKeySize(int algorithm);
-
-/* Allocate a new RSAPublicKey structure and initialize its pointer fields to
- * NULL */
-RSAPublicKey* RSAPublicKeyNew(void);
-
-/* Deep free the contents of [key]. */
-void RSAPublicKeyFree(RSAPublicKey* key);
-
-/* Create a RSAPublic key structure from binary blob [buf] of length
- * [len].
- *
- * Caller owns the returned key and must free it.
- */
-RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len);
-
+               const uint8_t* sig,
+               const int sig_len,
+               const uint8_t sig_type,
+               const uint8_t* hash);
 
 #endif  /* VBOOT_REFERENCE_RSA_H_ */
diff --git a/include/rsa_utility.h b/include/rsa_utility.h
new file mode 100644
index 0000000..652227c
--- /dev/null
+++ b/include/rsa_utility.h
@@ -0,0 +1,58 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Some utility functions for use with RSA signature verification.
+ */
+
+#ifndef VBOOT_REFERENCE_RSA_UTILITY_H_
+#define VBOOT_REFERENCE_RSA_UTILITY_H_
+
+#include "rsa.h"
+
+/* Returns the size of a pre-processed RSA public key in bytes with algorithm
+ * [algorithm]. */
+int RSAProcessedKeySize(int algorithm);
+
+/* Allocate a new RSAPublicKey structure and initialize its pointer fields to
+ * NULL */
+RSAPublicKey* RSAPublicKeyNew(void);
+
+/* Deep free the contents of [key]. */
+void RSAPublicKeyFree(RSAPublicKey* key);
+
+/* Create a RSAPublic key structure from binary blob [buf] of length
+ * [len].
+ *
+ * Caller owns the returned key and must free it.
+ */
+RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len);
+
+/* Perform RSA signature verification on [buf] of length [len] against expected
+ * signature [sig] using signature algorithm [algorithm]. The public key used
+ * for verification can either be in the form of a pre-process key blob
+ * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must
+ * be non-NULL, and the other NULL or the function will fail.
+ *
+ * Returns 1 on verification success, 0 on verification failure or invalid
+ * arguments.
+ *
+ * Note: This function is for use in the firmware and assumes all pointers point
+ * to areas in the memory of the right size.
+ *
+ */
+int RSAVerifyBinary_f(const uint8_t* key_blob,
+                      const RSAPublicKey* key,
+                      const uint8_t* buf,
+                      uint64_t len,
+                      const uint8_t* sig,
+                      int algorithm);
+
+/* Version of RSAVerifyBinary_f() where instead of the raw binary blob
+ * of data, its digest is passed as the argument. */
+int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob,
+                                const RSAPublicKey* key,
+                                const uint8_t* digest,
+                                const uint8_t* sig,
+                                int algorithm);
+#endif  /* VBOOT_REFERENCE_RSA_UTILITY_H_ */
diff --git a/include/sha.h b/include/sha.h
index 1686894..c3edcbc 100644
--- a/include/sha.h
+++ b/include/sha.h
@@ -8,11 +8,8 @@
 #ifndef VBOOT_REFERENCE_SHA_H_
 #define VBOOT_REFERENCE_SHA_H_
 
-#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_
-#error "Do not include this file directly. Use cryptolib.h instead."
-#endif
-
-#include <stdint.h>
+#include <inttypes.h>
+#include <string.h>
 
 #define SHA1_DIGEST_SIZE 20
 #define SHA1_BLOCK_SIZE 64
@@ -84,45 +81,4 @@
 uint8_t* SHA512(const uint8_t* data, uint64_t len, uint8_t* digest);
 
 
-/*---- Utility functions/wrappers for message digests. */
-
-#define SHA1_DIGEST_ALGORITHM 0
-#define SHA256_DIGEST_ALGORITHM 1
-#define SHA512_DIGEST_ALGORITHM 2
-
-/* A generic digest context structure which can be used to represent
- * the SHA*_CTX for multiple digest algorithms.
- */
-typedef struct DigestContext {
-  SHA1_CTX* sha1_ctx;
-  SHA256_CTX* sha256_ctx;
-  SHA512_CTX* sha512_ctx;
-  int algorithm;  /* Hashing algorithm to use. */
-} DigestContext;
-
-/* Wrappers for message digest algorithms. These are useful when the hashing
- * operation is being done in parallel with something else. DigestContext tracks
- * and stores the state of any digest algorithm (one at any given time).
- */
-
-/* Initialize a digest context for use with signature algorithm [algorithm]. */
-void DigestInit(DigestContext* ctx, int sig_algorithm);
-void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint64_t len);
-
-/* Caller owns the returned digest and must free it. */
-uint8_t* DigestFinal(DigestContext* ctx);
-
-/* Returns the appropriate digest for the data in [input_file]
- * based on the signature [algorithm].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* DigestFile(char* input_file, int sig_algorithm);
-
-/* Returns the appropriate digest of [buf] of length
- * [len] based on the signature [algorithm].
- * Caller owns the returned digest and must free it.
- */
-uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm);
-
-
 #endif  /* VBOOT_REFERENCE_SHA_H_ */
diff --git a/include/sha_utility.h b/include/sha_utility.h
new file mode 100644
index 0000000..21a5e18
--- /dev/null
+++ b/include/sha_utility.h
@@ -0,0 +1,53 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Utility functions for message digests.
+*/
+
+#ifndef VBOOT_REFERENCE_SHA_UTILITY_H_
+#define VBOOT_REFERENCE_SHA_UTILITY_H_
+
+#include <inttypes.h>
+
+#include "sha.h"
+
+#define SHA1_DIGEST_ALGORITHM 0
+#define SHA256_DIGEST_ALGORITHM 1
+#define SHA512_DIGEST_ALGORITHM 2
+
+/* A generic digest context structure which can be used to represent
+ * the SHA*_CTX for multiple digest algorithms.
+ */
+typedef struct DigestContext {
+  SHA1_CTX* sha1_ctx;
+  SHA256_CTX* sha256_ctx;
+  SHA512_CTX* sha512_ctx;
+  int algorithm;  /* Hashing algorithm to use. */
+} DigestContext;
+
+/* Wrappers for message digest algorithms. These are useful when the hashing
+ * operation is being done in parallel with something else. DigestContext tracks
+ * and stores the state of any digest algorithm (one at any given time).
+ */
+
+/* Initialize a digest context for use with signature algorithm [algorithm]. */
+void DigestInit(DigestContext* ctx, int sig_algorithm);
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint64_t len);
+
+/* Caller owns the returned digest and must free it. */
+uint8_t* DigestFinal(DigestContext* ctx);
+
+/* Returns the appropriate digest for the data in [input_file]
+ * based on the signature [algorithm].
+ * Caller owns the returned digest and must free it.
+ */
+uint8_t* DigestFile(char* input_file, int sig_algorithm);
+
+/* Returns the appropriate digest of [buf] of length
+ * [len] based on the signature [algorithm].
+ * Caller owns the returned digest and must free it.
+ */
+uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm);
+
+#endif  /* VBOOT_REFERENCE_SHA_UTILITY_H_ */
diff --git a/tests/big_firmware_tests.c b/tests/big_firmware_tests.c
index 44328ea..2368b47 100644
--- a/tests/big_firmware_tests.c
+++ b/tests/big_firmware_tests.c
@@ -9,9 +9,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "firmware_image.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "utility.h"
 
diff --git a/tests/big_kernel_tests.c b/tests/big_kernel_tests.c
index c78f622..7fc5fb3 100644
--- a/tests/big_kernel_tests.c
+++ b/tests/big_kernel_tests.c
@@ -9,9 +9,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "kernel_image.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "utility.h"
 
diff --git a/tests/firmware_image_tests.c b/tests/firmware_image_tests.c
index a2ce472..fd19560 100644
--- a/tests/firmware_image_tests.c
+++ b/tests/firmware_image_tests.c
@@ -8,9 +8,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "firmware_image.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "utility.h"
 
diff --git a/tests/firmware_rollback_tests.c b/tests/firmware_rollback_tests.c
index 3608db7..9973ec7 100644
--- a/tests/firmware_rollback_tests.c
+++ b/tests/firmware_rollback_tests.c
@@ -8,9 +8,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "firmware_image.h"
+#include "rsa_utility.h"
 #include "utility.h"
 #include "rollback_index.h"
 #include "test_common.h"
diff --git a/tests/firmware_splicing_tests.c b/tests/firmware_splicing_tests.c
index c3259b7..c71b8b4 100644
--- a/tests/firmware_splicing_tests.c
+++ b/tests/firmware_splicing_tests.c
@@ -8,9 +8,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "firmware_image.h"
+#include "padding.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "utility.h"
 
diff --git a/tests/firmware_verify_benchmark.c b/tests/firmware_verify_benchmark.c
index 3d06dc9..8eafc70 100644
--- a/tests/firmware_verify_benchmark.c
+++ b/tests/firmware_verify_benchmark.c
@@ -8,9 +8,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "firmware_image.h"
+#include "padding.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "timer_utils.h"
 #include "utility.h"
diff --git a/tests/kernel_image_tests.c b/tests/kernel_image_tests.c
index eee0417..c8f8035 100644
--- a/tests/kernel_image_tests.c
+++ b/tests/kernel_image_tests.c
@@ -8,9 +8,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "kernel_image.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "utility.h"
 
diff --git a/tests/kernel_rollback_tests.c b/tests/kernel_rollback_tests.c
index 08f874c..eafbaaa 100644
--- a/tests/kernel_rollback_tests.c
+++ b/tests/kernel_rollback_tests.c
@@ -8,9 +8,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "kernel_image.h"
+#include "rsa_utility.h"
 #include "rollback_index.h"
 #include "test_common.h"
 #include "utility.h"
diff --git a/tests/kernel_splicing_tests.c b/tests/kernel_splicing_tests.c
index d4c9bb5..da29eb1 100644
--- a/tests/kernel_splicing_tests.c
+++ b/tests/kernel_splicing_tests.c
@@ -8,9 +8,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "kernel_image.h"
+#include "padding.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "utility.h"
 
diff --git a/tests/kernel_verify_benchmark.c b/tests/kernel_verify_benchmark.c
index 369785c..c3259fc 100644
--- a/tests/kernel_verify_benchmark.c
+++ b/tests/kernel_verify_benchmark.c
@@ -8,9 +8,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "kernel_image.h"
+#include "padding.h"
+#include "rsa_utility.h"
 #include "test_common.h"
 #include "timer_utils.h"
 #include "utility.h"
diff --git a/tests/rollback_index_mock.c b/tests/rollback_index_mock.c
index 37dde48..6317214 100644
--- a/tests/rollback_index_mock.c
+++ b/tests/rollback_index_mock.c
@@ -7,8 +7,8 @@
 
 #include "rollback_index.h"
 
-#include <stdint.h>
 #include <stdio.h>
+#include <stdint.h>
 
 uint16_t g_firmware_key_version = 0;
 uint16_t g_firmware_version = 0;
diff --git a/tests/rsa_padding_test.c b/tests/rsa_padding_test.c
index 4ccb4b4..b565e78 100644
--- a/tests/rsa_padding_test.c
+++ b/tests/rsa_padding_test.c
@@ -7,8 +7,8 @@
 
 #include <stdio.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
+#include "rsa_utility.h"
 
 int main(int argc, char* argv[]) {
   int i;
diff --git a/tests/rsa_padding_test.h b/tests/rsa_padding_test.h
index ce1ab24..2257784 100644
--- a/tests/rsa_padding_test.h
+++ b/tests/rsa_padding_test.h
@@ -12,7 +12,9 @@
 #ifndef VBOOT_REFERENCE_RSA_PADDING_TEST_H_
 #define VBOOT_REFERENCE_RSA_PADDING_TEST_H_
 
-#include "cryptolib.h"
+#include <inttypes.h>
+
+#include "rsa.h"
 
 /* The modulus of the public key (RSA-1024). */
 static const uint8_t pubkey_n[] = {
diff --git a/tests/rsa_verify_benchmark.c b/tests/rsa_verify_benchmark.c
index ccd6eaf..ba108be 100644
--- a/tests/rsa_verify_benchmark.c
+++ b/tests/rsa_verify_benchmark.c
@@ -6,8 +6,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
+#include "padding.h"
+#include "rsa.h"
+#include "rsa_utility.h"
 #include "timer_utils.h"
 #include "utility.h"
 
diff --git a/tests/sha_benchmark.c b/tests/sha_benchmark.c
index 8532ffa..b36695b 100644
--- a/tests/sha_benchmark.c
+++ b/tests/sha_benchmark.c
@@ -6,7 +6,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "cryptolib.h"
+#include "sha.h"
 #include "timer_utils.h"
 #include "utility.h"
 
diff --git a/tests/sha_tests.c b/tests/sha_tests.c
index 2b75a03..2c07b3f 100644
--- a/tests/sha_tests.c
+++ b/tests/sha_tests.c
@@ -9,7 +9,8 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "cryptolib.h"
+#include "sha.h"
+
 #include "sha_test_vectors.h"
 
 int SHA1_tests(void) {
diff --git a/tests/test_common.c b/tests/test_common.c
index 2591310..b57f6ed 100644
--- a/tests/test_common.c
+++ b/tests/test_common.c
@@ -9,8 +9,8 @@
 
 #include <stdio.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
+#include "rsa_utility.h"
 #include "utility.h"
 
 /* ANSI Color coding sequences. */
diff --git a/utils/file_keys.c b/utils/file_keys.c
index 275ca6b..8438351 100644
--- a/utils/file_keys.c
+++ b/utils/file_keys.c
@@ -15,7 +15,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-#include "cryptolib.h"
+#include "padding.h"
+#include "rsa_utility.h"
 #include "signature_digest.h"
 #include "utility.h"
 
@@ -59,27 +60,6 @@
   return key;
 }
 
-uint8_t* DigestFile(char* input_file, int sig_algorithm) {
-  int input_fd, len;
-  uint8_t data[SHA1_BLOCK_SIZE];
-  uint8_t* digest = NULL;
-  DigestContext ctx;
-
-  if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
-    debug("Couldn't open input file.\n");
-    return NULL;
-  }
-  DigestInit(&ctx, sig_algorithm);
-  while ( (len = read(input_fd, data, SHA1_BLOCK_SIZE)) ==
-          SHA1_BLOCK_SIZE)
-    DigestUpdate(&ctx, data, len);
-  if (len != -1)
-    DigestUpdate(&ctx, data, len);
-  digest = DigestFinal(&ctx);
-  close(input_fd);
-  return digest;
-}
-
 uint8_t* SignatureFile(const char* input_file, const char* key_file,
                        int algorithm) {
   char* sign_utility = "./sign_data.sh";
diff --git a/utils/firmware_image.c b/utils/firmware_image.c
index b633d1a..803ef89 100644
--- a/utils/firmware_image.c
+++ b/utils/firmware_image.c
@@ -7,13 +7,16 @@
 
 #include "firmware_image.h"
 
+#include <fcntl.h>
+#include <limits.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <fcntl.h>
 #include <unistd.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
+#include "padding.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "signature_digest.h"
 #include "utility.h"
 
diff --git a/utils/firmware_image_fw.c b/utils/firmware_image_fw.c
index 5387d95..f5c7d89 100644
--- a/utils/firmware_image_fw.c
+++ b/utils/firmware_image_fw.c
@@ -8,8 +8,10 @@
 
 #include "firmware_image_fw.h"
 
-#include "cryptolib.h"
+#include "padding.h"
 #include "rollback_index.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "utility.h"
 
 /* Macro to determine the size of a field structure in the FirmwareImage
diff --git a/utils/firmware_utility.cc b/utils/firmware_utility.cc
index 85275e7..6b543f5 100644
--- a/utils/firmware_utility.cc
+++ b/utils/firmware_utility.cc
@@ -17,9 +17,11 @@
 #include <iostream>
 
 extern "C" {
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "firmware_image.h"
+#include "padding.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "utility.h"
 }
 
diff --git a/utils/kernel_image.c b/utils/kernel_image.c
index 8c8c092..e66ce38 100644
--- a/utils/kernel_image.c
+++ b/utils/kernel_image.c
@@ -14,9 +14,11 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
+#include "padding.h"
 #include "rollback_index.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "signature_digest.h"
 #include "utility.h"
 
diff --git a/utils/kernel_image_fw.c b/utils/kernel_image_fw.c
index 734111c..466d34a 100644
--- a/utils/kernel_image_fw.c
+++ b/utils/kernel_image_fw.c
@@ -8,8 +8,10 @@
 
 #include "kernel_image_fw.h"
 
-#include "cryptolib.h"
+#include "padding.h"
 #include "rollback_index.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "utility.h"
 
 /* Macro to determine the size of a field structure in the KernelImage
diff --git a/utils/kernel_utility.cc b/utils/kernel_utility.cc
index 9fedeb5..9a4f34b 100644
--- a/utils/kernel_utility.cc
+++ b/utils/kernel_utility.cc
@@ -17,9 +17,11 @@
 #include <iostream>
 
 extern "C" {
-#include "cryptolib.h"
 #include "file_keys.h"
 #include "kernel_image.h"
+#include "padding.h"
+#include "rsa_utility.h"
+#include "sha_utility.h"
 #include "utility.h"
 }
 
diff --git a/utils/signature_digest.c b/utils/signature_digest.c
index d8d425b..8f4c238 100644
--- a/utils/signature_digest.c
+++ b/utils/signature_digest.c
@@ -13,7 +13,9 @@
 #include <stdlib.h>
 #include <unistd.h>
 
-#include "cryptolib.h"
+#include "padding.h"
+#include "sha.h"
+#include "sha_utility.h"
 #include "utility.h"
 
 uint8_t* PrependDigestInfo(int algorithm, uint8_t* digest) {
diff --git a/utils/verify_data.c b/utils/verify_data.c
index e6cc852..4b0b785 100644
--- a/utils/verify_data.c
+++ b/utils/verify_data.c
@@ -15,8 +15,11 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-#include "cryptolib.h"
 #include "file_keys.h"
+#include "sha_utility.h"
+#include "padding.h"
+#include "rsa.h"
+#include "rsa_utility.h"
 #include "verify_data.h"
 
 /* ANSI Color coding sequences. */