sample_libcrypto.cpp 33 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. /*
  32. * Do NOT use this library in your actual product.
  33. * The purpose of this sample library is to aid the debugging of a
  34. * remote attestation service.
  35. * To achieve that goal, the sample remote attestation application
  36. * will use this sample library to generate reproducible messages.
  37. * If you have still not decided on whether you should use this library in a
  38. * released product, please refer to the implementation of __do_get_rand32.
  39. **/
  40. #include <string.h>
  41. #include <stdlib.h>
  42. #include <stdint.h>
  43. #include "ippcp.h"
  44. #include "sgx_memset_s.h"
  45. #include "se_memcpy.h"
  46. #include "sample_libcrypto.h"
  47. #include <errno.h>
  48. #ifdef __linux__
  49. /*
  50. * __memset_vp is a volatile pointer to a function.
  51. * It is initialised to point to memset, and should never be changed.
  52. */
  53. static void * (* const volatile __memset_vp)(void *, int, size_t)
  54. = (memset);
  55. #undef memset_s /* in case it was defined as a macro */
  56. extern "C" int memset_s(void *s, size_t smax, int c, size_t n)
  57. {
  58. int err = 0;
  59. if (s == NULL) {
  60. err = EINVAL;
  61. goto out;
  62. }
  63. if (n > smax) {
  64. err = EOVERFLOW;
  65. n = smax;
  66. }
  67. /* Calling through a volatile pointer should never be optimised away. */
  68. (*__memset_vp)(s, c, n);
  69. out:
  70. if (err == 0)
  71. return 0;
  72. else {
  73. errno = err;
  74. /* XXX call runtime-constraint handler */
  75. return err;
  76. }
  77. }
  78. #endif
  79. #ifndef ERROR_BREAK
  80. #define ERROR_BREAK(x) if(x){break;}
  81. #endif
  82. #ifndef SAFE_FREE
  83. #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr) = NULL;}}
  84. #endif
  85. #ifndef ROUND_TO
  86. #define ROUND_TO(x, align) (((x) + (align-1)) & ~(align-1))
  87. #endif
  88. #ifndef UNUSED
  89. #define UNUSED(val) (void)(val)
  90. #endif
  91. static uint32_t seed = (uint32_t)(9);
  92. // We are using this very non-random definition for reproducibility / debugging purposes.
  93. static inline sample_status_t __do_get_rand32(uint32_t* rand_num)
  94. {
  95. *rand_num = seed;
  96. return SAMPLE_SUCCESS;
  97. }
  98. static inline IppStatus check_copy_size(size_t target_size, size_t source_size)
  99. {
  100. if(target_size < source_size)
  101. return ippStsSizeErr;
  102. return ippStsNoErr;
  103. }
  104. /* The function should generate a random number properly, and the pseudo-rand
  105. implementation is only for demo purpose. */
  106. sample_status_t sample_read_rand(unsigned char *rand, size_t length_in_bytes)
  107. {
  108. // check parameters
  109. if(!rand || !length_in_bytes)
  110. {
  111. return SAMPLE_ERROR_INVALID_PARAMETER;
  112. }
  113. // loop to rdrand
  114. while(length_in_bytes > 0)
  115. {
  116. uint32_t rand_num = 0;
  117. sample_status_t status = __do_get_rand32(&rand_num);
  118. if(status != SAMPLE_SUCCESS)
  119. {
  120. return status;
  121. }
  122. size_t size = (length_in_bytes < sizeof(rand_num))
  123. ? length_in_bytes : sizeof(rand_num);
  124. if(memcpy_s(rand, size, &rand_num, size))
  125. {
  126. return SAMPLE_ERROR_UNEXPECTED;
  127. }
  128. rand += size;
  129. length_in_bytes -= size;
  130. }
  131. return SAMPLE_SUCCESS;
  132. }
  133. static IppStatus sgx_ipp_newBN(const Ipp32u *p_data, int size_in_bytes, IppsBigNumState **p_new_BN)
  134. {
  135. IppsBigNumState *pBN=0;
  136. int bn_size = 0;
  137. if(p_new_BN == NULL || (size_in_bytes <= 0) || ((size_in_bytes % sizeof(Ipp32u)) != 0))
  138. return ippStsBadArgErr;
  139. // Get the size of the IppsBigNumState context in bytes
  140. IppStatus error_code = ippsBigNumGetSize(size_in_bytes/(int)sizeof(Ipp32u), &bn_size);
  141. if(error_code != ippStsNoErr)
  142. {
  143. *p_new_BN = 0;
  144. return error_code;
  145. }
  146. pBN = (IppsBigNumState *) malloc(bn_size);
  147. if(!pBN)
  148. {
  149. error_code = ippStsMemAllocErr;
  150. *p_new_BN = 0;
  151. return error_code;
  152. }
  153. // Initialize context and partition allocated buffer
  154. error_code = ippsBigNumInit(size_in_bytes/(int)sizeof(Ipp32u), pBN);
  155. if(error_code != ippStsNoErr)
  156. {
  157. free(pBN);
  158. *p_new_BN = 0;
  159. return error_code;
  160. }
  161. if(p_data)
  162. {
  163. error_code = ippsSet_BN(IppsBigNumPOS, size_in_bytes/(int)sizeof(Ipp32u), p_data, pBN);
  164. if(error_code != ippStsNoErr)
  165. {
  166. *p_new_BN = 0;
  167. free(pBN);
  168. return error_code;
  169. }
  170. }
  171. *p_new_BN = pBN;
  172. return error_code;
  173. }
  174. static void sample_ipp_secure_free_BN(IppsBigNumState *pBN, int size_in_bytes)
  175. {
  176. if(pBN == NULL || size_in_bytes <= 0 || size_in_bytes/sizeof(Ipp32u) <= 0)
  177. {
  178. if(pBN)
  179. {
  180. free(pBN);
  181. }
  182. return;
  183. }
  184. int bn_size = 0;
  185. // Get the size of the IppsBigNumState context in bytes
  186. // Since we have checked the size_in_bytes before and the &bn_size is not NULL, ippsBigNumGetSize never returns failure
  187. ippsBigNumGetSize(size_in_bytes/(int)sizeof(Ipp32u), &bn_size);
  188. if (bn_size <= 0)
  189. {
  190. free(pBN);
  191. return;
  192. }
  193. // Clear the buffer before free.
  194. memset_s(pBN, bn_size, 0, bn_size);
  195. free(pBN);
  196. return;
  197. }
  198. IppStatus __STDCALL sample_ipp_DRNGen(Ipp32u* pRandBNU, int nBits, void* pCtx_unused)
  199. {
  200. sample_status_t sample_ret;
  201. UNUSED(pCtx_unused);
  202. if(0 != nBits%8)
  203. {
  204. // Must be byte aligned
  205. return ippStsSizeErr;
  206. }
  207. if(!pRandBNU)
  208. {
  209. return ippStsNullPtrErr;
  210. }
  211. sample_ret = sample_read_rand((uint8_t*)pRandBNU, (uint32_t)nBits/8);
  212. if(SAMPLE_SUCCESS != sample_ret)
  213. {
  214. return ippStsErr;
  215. }
  216. return ippStsNoErr;
  217. }
  218. /* Rijndael AES-GCM
  219. * Parameters:
  220. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  221. * Inputs: sample_aes_gcm_128bit_key_t *p_key - Pointer to key used in encryption/decryption operation
  222. * uint8_t *p_src - Pointer to input stream to be encrypted/decrypted
  223. * uint32_t src_len - Length of input stream to be encrypted/decrypted
  224. * uint8_t *p_iv - Pointer to initialization vector to use
  225. * uint32_t iv_len - Length of initialization vector
  226. * uint8_t *p_aad - Pointer to input stream of additional authentication data
  227. * uint32_t aad_len - Length of additional authentication data stream
  228. * sample_aes_gcm_128bit_tag_t *p_in_mac - Pointer to expected MAC in decryption process
  229. * Output: uint8_t *p_dst - Pointer to cipher text. Size of buffer should be >= src_len.
  230. * sample_aes_gcm_128bit_tag_t *p_out_mac - Pointer to MAC generated from encryption process
  231. * NOTE: Wrapper is responsible for confirming decryption tag matches encryption tag */
  232. sample_status_t sample_rijndael128GCM_encrypt(const sample_aes_gcm_128bit_key_t *p_key, const uint8_t *p_src, uint32_t src_len,
  233. uint8_t *p_dst, const uint8_t *p_iv, uint32_t iv_len, const uint8_t *p_aad, uint32_t aad_len,
  234. sample_aes_gcm_128bit_tag_t *p_out_mac)
  235. {
  236. IppStatus error_code = ippStsNoErr;
  237. IppsAES_GCMState* pState = NULL;
  238. int ippStateSize = 0;
  239. if ((p_key == NULL) || ((src_len > 0) && (p_dst == NULL)) || ((src_len > 0) && (p_src == NULL))
  240. || (p_out_mac == NULL) || (iv_len != SAMPLE_AESGCM_IV_SIZE) || ((aad_len > 0) && (p_aad == NULL))
  241. || (p_iv == NULL) || ((p_src == NULL) && (p_aad == NULL)))
  242. {
  243. return SAMPLE_ERROR_INVALID_PARAMETER;
  244. }
  245. error_code = ippsAES_GCMGetSize(&ippStateSize);
  246. if (error_code != ippStsNoErr)
  247. {
  248. return SAMPLE_ERROR_UNEXPECTED;
  249. }
  250. pState = (IppsAES_GCMState*)malloc(ippStateSize);
  251. if(pState == NULL)
  252. {
  253. return SAMPLE_ERROR_OUT_OF_MEMORY;
  254. }
  255. error_code = ippsAES_GCMInit((const Ipp8u *)p_key, SAMPLE_AESGCM_KEY_SIZE, pState, ippStateSize);
  256. if (error_code != ippStsNoErr)
  257. {
  258. // Clear temp State before free.
  259. memset_s(pState, ippStateSize, 0, ippStateSize);
  260. free(pState);
  261. switch (error_code)
  262. {
  263. case ippStsMemAllocErr: return SAMPLE_ERROR_OUT_OF_MEMORY;
  264. case ippStsNullPtrErr:
  265. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  266. default: return SAMPLE_ERROR_UNEXPECTED;
  267. }
  268. }
  269. error_code = ippsAES_GCMStart(p_iv, SAMPLE_AESGCM_IV_SIZE, p_aad, aad_len, pState);
  270. if (error_code != ippStsNoErr)
  271. {
  272. // Clear temp State before free.
  273. memset_s(pState, ippStateSize, 0, ippStateSize);
  274. free(pState);
  275. switch (error_code)
  276. {
  277. case ippStsNullPtrErr:
  278. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  279. default: return SAMPLE_ERROR_UNEXPECTED;
  280. }
  281. }
  282. if (src_len > 0) {
  283. error_code = ippsAES_GCMEncrypt(p_src, p_dst, src_len, pState);
  284. if (error_code != ippStsNoErr)
  285. {
  286. // Clear temp State before free.
  287. memset_s(pState, ippStateSize, 0, ippStateSize);
  288. free(pState);
  289. switch (error_code)
  290. {
  291. case ippStsNullPtrErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  292. default: return SAMPLE_ERROR_UNEXPECTED;
  293. }
  294. }
  295. }
  296. error_code = ippsAES_GCMGetTag((Ipp8u *)p_out_mac, SAMPLE_AESGCM_MAC_SIZE, pState);
  297. if (error_code != ippStsNoErr)
  298. {
  299. // Clear temp State before free.
  300. memset_s(pState, ippStateSize, 0, ippStateSize);
  301. free(pState);
  302. switch (error_code)
  303. {
  304. case ippStsNullPtrErr:
  305. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  306. default: return SAMPLE_ERROR_UNEXPECTED;
  307. }
  308. }
  309. // Clear temp State before free.
  310. memset_s(pState, ippStateSize, 0, ippStateSize);
  311. free(pState);
  312. return SAMPLE_SUCCESS;
  313. }
  314. /* Message Authentication - Rijndael 128 CMAC
  315. * Parameters:
  316. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  317. * Inputs: sample_cmac_128bit_key_t *p_key - Pointer to key used in encryption/decryption operation
  318. * uint8_t *p_src - Pointer to input stream to be MACed
  319. * uint32_t src_len - Length of input stream to be MACed
  320. * Output: sample_cmac_gcm_128bit_tag_t *p_mac - Pointer to resultant MAC */
  321. sample_status_t sample_rijndael128_cmac_msg(const sample_cmac_128bit_key_t *p_key, const uint8_t *p_src,
  322. uint32_t src_len, sample_cmac_128bit_tag_t *p_mac)
  323. {
  324. IppsAES_CMACState* pState = NULL;
  325. int ippStateSize = 0;
  326. IppStatus error_code = ippStsNoErr;
  327. if ((p_key == NULL) || (p_src == NULL) || (p_mac == NULL))
  328. {
  329. return SAMPLE_ERROR_INVALID_PARAMETER;
  330. }
  331. error_code = ippsAES_CMACGetSize(&ippStateSize);
  332. if (error_code != ippStsNoErr)
  333. {
  334. return SAMPLE_ERROR_UNEXPECTED;
  335. }
  336. pState = (IppsAES_CMACState*)malloc(ippStateSize);
  337. if(pState == NULL)
  338. {
  339. return SAMPLE_ERROR_OUT_OF_MEMORY;
  340. }
  341. error_code = ippsAES_CMACInit((const Ipp8u *)p_key, SAMPLE_CMAC_KEY_SIZE, pState, ippStateSize);
  342. if (error_code != ippStsNoErr)
  343. {
  344. // Clear temp State before free.
  345. memset_s(pState, ippStateSize, 0, ippStateSize);
  346. free(pState);
  347. switch (error_code)
  348. {
  349. case ippStsMemAllocErr: return SAMPLE_ERROR_OUT_OF_MEMORY;
  350. case ippStsNullPtrErr:
  351. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  352. default: return SAMPLE_ERROR_UNEXPECTED;
  353. }
  354. }
  355. error_code = ippsAES_CMACUpdate((const Ipp8u *)p_src, src_len, pState);
  356. if (error_code != ippStsNoErr)
  357. {
  358. // Clear temp State before free.
  359. memset_s(pState, ippStateSize, 0, ippStateSize);
  360. free(pState);
  361. switch (error_code)
  362. {
  363. case ippStsNullPtrErr:
  364. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  365. default: return SAMPLE_ERROR_UNEXPECTED;
  366. }
  367. }
  368. error_code = ippsAES_CMACFinal((Ipp8u *)p_mac, SAMPLE_CMAC_MAC_SIZE, pState);
  369. if (error_code != ippStsNoErr)
  370. {
  371. // Clear temp State before free.
  372. memset_s(pState, ippStateSize, 0, ippStateSize);
  373. free(pState);
  374. switch (error_code)
  375. {
  376. case ippStsNullPtrErr:
  377. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  378. default: return SAMPLE_ERROR_UNEXPECTED;
  379. }
  380. }
  381. // Clear temp State before free.
  382. memset_s(pState, ippStateSize, 0, ippStateSize);
  383. free(pState);
  384. return SAMPLE_SUCCESS;
  385. }
  386. extern "C" int some_function()
  387. {
  388. return 1234;
  389. }
  390. /*
  391. * Elliptic Curve Crytpography - Based on GF(p), 256 bit
  392. */
  393. /* Allocates and initializes ecc context
  394. * Parameters:
  395. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  396. * Output: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system */
  397. sample_status_t sample_ecc256_open_context(sample_ecc_state_handle_t* ecc_handle)
  398. {
  399. IppStatus ipp_ret = ippStsNoErr;
  400. IppsECCPState* p_ecc_state = NULL;
  401. // default use 256r1 parameter
  402. int ctx_size = 0;
  403. if (ecc_handle == NULL)
  404. return SAMPLE_ERROR_INVALID_PARAMETER;
  405. ipp_ret = ippsECCPGetSize(256, &ctx_size);
  406. if (ipp_ret != ippStsNoErr)
  407. return SAMPLE_ERROR_UNEXPECTED;
  408. p_ecc_state = (IppsECCPState*)(malloc(ctx_size));
  409. if (p_ecc_state == NULL)
  410. return SAMPLE_ERROR_OUT_OF_MEMORY;
  411. ipp_ret = ippsECCPInit(256, p_ecc_state);
  412. if (ipp_ret != ippStsNoErr)
  413. {
  414. SAFE_FREE(p_ecc_state);
  415. *ecc_handle = NULL;
  416. return SAMPLE_ERROR_UNEXPECTED;
  417. }
  418. ipp_ret = ippsECCPSetStd(IppECCPStd256r1, p_ecc_state);
  419. if (ipp_ret != ippStsNoErr)
  420. {
  421. SAFE_FREE(p_ecc_state);
  422. *ecc_handle = NULL;
  423. return SAMPLE_ERROR_UNEXPECTED;
  424. }
  425. *ecc_handle = p_ecc_state;
  426. return SAMPLE_SUCCESS;
  427. }
  428. /* Cleans up ecc context
  429. * Parameters:
  430. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  431. * Output: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system */
  432. sample_status_t sample_ecc256_close_context(sample_ecc_state_handle_t ecc_handle)
  433. {
  434. if (ecc_handle == NULL)
  435. {
  436. return SAMPLE_ERROR_INVALID_PARAMETER;
  437. }
  438. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  439. int ctx_size = 0;
  440. IppStatus ipp_ret = ippsECCPGetSize(256, &ctx_size);
  441. if (ipp_ret != ippStsNoErr)
  442. {
  443. free(p_ecc_state);
  444. return SAMPLE_SUCCESS;
  445. }
  446. memset_s(p_ecc_state, ctx_size, 0, ctx_size);
  447. free(p_ecc_state);
  448. return SAMPLE_SUCCESS;
  449. }
  450. /* Populates private/public key pair - caller code allocates memory
  451. * Parameters:
  452. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  453. * Inputs: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  454. * Outputs: sample_ec256_private_t *p_private - Pointer to the private key
  455. * sample_ec256_public_t *p_public - Pointer to the public key */
  456. sample_status_t sample_ecc256_create_key_pair(sample_ec256_private_t *p_private,
  457. sample_ec256_public_t *p_public,
  458. sample_ecc_state_handle_t ecc_handle)
  459. {
  460. if ((ecc_handle == NULL) || (p_private == NULL) || (p_public == NULL))
  461. {
  462. return SAMPLE_ERROR_INVALID_PARAMETER;
  463. }
  464. IppsBigNumState* dh_priv_BN = NULL;
  465. IppsECCPPointState* point_pub = NULL;
  466. IppsBigNumState* pub_gx = NULL;
  467. IppsBigNumState* pub_gy = NULL;
  468. IppStatus ipp_ret = ippStsNoErr;
  469. int ecPointSize = 0;
  470. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  471. do
  472. {
  473. //init eccp point
  474. ipp_ret = ippsECCPPointGetSize(256, &ecPointSize);
  475. ERROR_BREAK(ipp_ret);
  476. point_pub = (IppsECCPPointState*)( malloc(ecPointSize) );
  477. if(!point_pub)
  478. {
  479. ipp_ret = ippStsNoMemErr;
  480. break;
  481. }
  482. ipp_ret = ippsECCPPointInit(256, point_pub);
  483. ERROR_BREAK(ipp_ret);
  484. ipp_ret = sgx_ipp_newBN(NULL, SAMPLE_ECP256_KEY_SIZE, &dh_priv_BN);
  485. ERROR_BREAK(ipp_ret);
  486. // Use the true random number (DRNG)
  487. ipp_ret = ippsECCPGenKeyPair(dh_priv_BN, point_pub, p_ecc_state, (IppBitSupplier)sample_ipp_DRNGen, NULL);
  488. ERROR_BREAK(ipp_ret);
  489. //convert point_result to oct string
  490. ipp_ret = sgx_ipp_newBN(NULL, SAMPLE_ECP256_KEY_SIZE, &pub_gx);
  491. ERROR_BREAK(ipp_ret);
  492. ipp_ret = sgx_ipp_newBN(NULL, SAMPLE_ECP256_KEY_SIZE, &pub_gy);
  493. ERROR_BREAK(ipp_ret);
  494. ipp_ret = ippsECCPGetPoint(pub_gx, pub_gy, point_pub, p_ecc_state);
  495. ERROR_BREAK(ipp_ret);
  496. IppsBigNumSGN sgn = IppsBigNumPOS;
  497. Ipp32u *pdata = NULL;
  498. // ippsRef_BN is in bits not bytes (versus old ippsGet_BN)
  499. int length = 0;
  500. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, pub_gx);
  501. ERROR_BREAK(ipp_ret);
  502. memset(p_public->gx, 0, sizeof(p_public->gx));
  503. ipp_ret = check_copy_size(sizeof(p_public->gx), ROUND_TO(length, 8)/8);
  504. ERROR_BREAK(ipp_ret);
  505. memcpy(p_public->gx, pdata, ROUND_TO(length, 8)/8);
  506. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, pub_gy);
  507. ERROR_BREAK(ipp_ret);
  508. memset(p_public->gy, 0, sizeof(p_public->gy));
  509. ipp_ret = check_copy_size(sizeof(p_public->gy), ROUND_TO(length, 8)/8);
  510. ERROR_BREAK(ipp_ret);
  511. memcpy(p_public->gy, pdata, ROUND_TO(length, 8)/8);
  512. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, dh_priv_BN);
  513. ERROR_BREAK(ipp_ret);
  514. memset(p_private->r, 0, sizeof(p_private->r));
  515. ipp_ret = check_copy_size(sizeof(p_private->r), ROUND_TO(length, 8)/8);
  516. ERROR_BREAK(ipp_ret);
  517. memcpy(p_private->r, pdata, ROUND_TO(length, 8)/8);
  518. }while(0);
  519. //Clear temp buffer before free.
  520. if(point_pub) memset_s(point_pub, ecPointSize, 0, ecPointSize);
  521. SAFE_FREE(point_pub);
  522. sample_ipp_secure_free_BN(pub_gx, SAMPLE_ECP256_KEY_SIZE);
  523. sample_ipp_secure_free_BN(pub_gy, SAMPLE_ECP256_KEY_SIZE);
  524. sample_ipp_secure_free_BN(dh_priv_BN, SAMPLE_ECP256_KEY_SIZE);
  525. switch (ipp_ret)
  526. {
  527. case ippStsNoErr: return SAMPLE_SUCCESS;
  528. case ippStsNoMemErr:
  529. case ippStsMemAllocErr: return SAMPLE_ERROR_OUT_OF_MEMORY;
  530. case ippStsNullPtrErr:
  531. case ippStsLengthErr:
  532. case ippStsOutOfRangeErr:
  533. case ippStsSizeErr:
  534. case ippStsBadArgErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  535. default: return SAMPLE_ERROR_UNEXPECTED;
  536. }
  537. }
  538. /* Computes DH shared key based on private B key (local) and remote public Ga Key
  539. * Parameters:
  540. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  541. * Inputs: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  542. * sample_ec256_private_t *p_private_b - Pointer to the local private key - LITTLE ENDIAN
  543. * sample_ec256_public_t *p_public_ga - Pointer to the remote public key - LITTLE ENDIAN
  544. * Output: sample_ec256_dh_shared_t *p_shared_key - Pointer to the shared DH key - LITTLE ENDIAN
  545. *x-coordinate of (privKeyB - pubKeyA) */
  546. sample_status_t sample_ecc256_compute_shared_dhkey(sample_ec256_private_t *p_private_b,
  547. sample_ec256_public_t *p_public_ga,
  548. sample_ec256_dh_shared_t *p_shared_key,
  549. sample_ecc_state_handle_t ecc_handle)
  550. {
  551. if ((ecc_handle == NULL) || (p_private_b == NULL) || (p_public_ga == NULL) || (p_shared_key == NULL))
  552. {
  553. return SAMPLE_ERROR_INVALID_PARAMETER;
  554. }
  555. IppsBigNumState* BN_dh_privB = NULL;
  556. IppsBigNumState* BN_dh_share = NULL;
  557. IppsBigNumState* pubA_gx = NULL;
  558. IppsBigNumState* pubA_gy = NULL;
  559. IppsECCPPointState* point_pubA = NULL;
  560. IppStatus ipp_ret = ippStsNoErr;
  561. int ecPointSize = 0;
  562. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  563. IppECResult ipp_result = ippECValid;
  564. do
  565. {
  566. ipp_ret = sgx_ipp_newBN((Ipp32u*)p_private_b->r, sizeof(sample_ec256_private_t), &BN_dh_privB);
  567. ERROR_BREAK(ipp_ret);
  568. ipp_ret = sgx_ipp_newBN((uint32_t*)p_public_ga->gx, sizeof(p_public_ga->gx), &pubA_gx);
  569. ERROR_BREAK(ipp_ret);
  570. ipp_ret = sgx_ipp_newBN((uint32_t*)p_public_ga->gy, sizeof(p_public_ga->gy), &pubA_gy);
  571. ERROR_BREAK(ipp_ret);
  572. ipp_ret = ippsECCPPointGetSize(256, &ecPointSize);
  573. ERROR_BREAK(ipp_ret);
  574. point_pubA = (IppsECCPPointState*)( malloc(ecPointSize) );
  575. if(!point_pubA)
  576. {
  577. ipp_ret = ippStsNoMemErr;
  578. break;
  579. }
  580. ipp_ret = ippsECCPPointInit(256, point_pubA);
  581. ERROR_BREAK(ipp_ret);
  582. ipp_ret = ippsECCPSetPoint(pubA_gx, pubA_gy, point_pubA, p_ecc_state);
  583. ERROR_BREAK(ipp_ret);
  584. // Check to see if the point is a valid point on the Elliptic curve and is not infinity
  585. ipp_ret = ippsECCPCheckPoint(point_pubA, &ipp_result, p_ecc_state);
  586. if (ipp_result != ippECValid)
  587. {
  588. break;
  589. }
  590. ERROR_BREAK(ipp_ret);
  591. ipp_ret = sgx_ipp_newBN(NULL, sizeof(sample_ec256_dh_shared_t), &BN_dh_share);
  592. ERROR_BREAK(ipp_ret);
  593. /* This API generates shareA = x-coordinate of (privKeyB - pubKeyA) */
  594. ipp_ret = ippsECCPSharedSecretDH(BN_dh_privB, point_pubA, BN_dh_share, p_ecc_state);
  595. ERROR_BREAK(ipp_ret);
  596. IppsBigNumSGN sgn = IppsBigNumPOS;
  597. int length = 0;
  598. Ipp32u * pdata = NULL;
  599. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, BN_dh_share);
  600. ERROR_BREAK(ipp_ret);
  601. memset(p_shared_key->s, 0, sizeof(p_shared_key->s));
  602. ipp_ret = check_copy_size(sizeof(p_shared_key->s), ROUND_TO(length, 8)/8);
  603. ERROR_BREAK(ipp_ret);
  604. memcpy(p_shared_key->s, pdata, ROUND_TO(length, 8)/8);
  605. }while(0);
  606. // Clear temp buffer before free.
  607. if(point_pubA)
  608. memset_s(point_pubA, ecPointSize, 0, ecPointSize);
  609. SAFE_FREE(point_pubA);
  610. sample_ipp_secure_free_BN(pubA_gx, sizeof(p_public_ga->gx));
  611. sample_ipp_secure_free_BN(pubA_gy, sizeof(p_public_ga->gy));
  612. sample_ipp_secure_free_BN(BN_dh_privB, sizeof(sample_ec256_private_t));
  613. sample_ipp_secure_free_BN(BN_dh_share, sizeof(sample_ec256_dh_shared_t));
  614. if (ipp_result != ippECValid)
  615. {
  616. return SAMPLE_ERROR_INVALID_PARAMETER;
  617. }
  618. switch (ipp_ret)
  619. {
  620. case ippStsNoErr: return SAMPLE_SUCCESS;
  621. case ippStsNoMemErr:
  622. case ippStsMemAllocErr: return SAMPLE_ERROR_OUT_OF_MEMORY;
  623. case ippStsNullPtrErr:
  624. case ippStsLengthErr:
  625. case ippStsOutOfRangeErr:
  626. case ippStsSizeErr:
  627. case ippStsBadArgErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  628. default: return SAMPLE_ERROR_UNEXPECTED;
  629. }
  630. }
  631. const uint32_t sample_nistp256_r[] = {
  632. 0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, 0xFFFFFFFF, 0xFFFFFFFF,
  633. 0x00000000, 0xFFFFFFFF};
  634. #include <stdio.h>
  635. /* Computes signature for data based on private key
  636. * Parameters:
  637. * Return: sample_status_t - SAMPLE_SUCCESS, SAMPLE_SUCCESS on success, error code otherwise.
  638. * Inputs: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  639. * sample_ec256_private_t *p_private - Pointer to the private key - LITTLE ENDIAN
  640. * sample_uint8_t *p_data - Pointer to the data to be signed
  641. * uint32_t data_size - Size of the data to be signed
  642. * Output: sample_ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN */
  643. sample_status_t sample_ecdsa_sign(const uint8_t *p_data,
  644. uint32_t data_size,
  645. sample_ec256_private_t *p_private,
  646. sample_ec256_signature_t *p_signature,
  647. sample_ecc_state_handle_t ecc_handle)
  648. {
  649. if ((ecc_handle == NULL) || (p_private == NULL) || (p_signature == NULL) || (p_data == NULL) || (data_size < 1))
  650. {
  651. return SAMPLE_ERROR_INVALID_PARAMETER;
  652. }
  653. IppStatus ipp_ret = ippStsNoErr;
  654. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  655. IppsBigNumState* p_ecp_order = NULL;
  656. IppsBigNumState* p_hash_bn = NULL;
  657. IppsBigNumState* p_msg_bn = NULL;
  658. IppsBigNumState* p_eph_priv_bn = NULL;
  659. IppsECCPPointState* p_eph_pub = NULL;
  660. IppsBigNumState* p_reg_priv_bn = NULL;
  661. IppsBigNumState* p_signx_bn = NULL;
  662. IppsBigNumState* p_signy_bn = NULL;
  663. Ipp32u *p_sigx = NULL;
  664. Ipp32u *p_sigy = NULL;
  665. int ecp_size = 0;
  666. const int order_size = sizeof(sample_nistp256_r);
  667. uint32_t hash[8] = {0};
  668. do
  669. {
  670. ipp_ret = sgx_ipp_newBN(sample_nistp256_r, order_size, &p_ecp_order);
  671. ERROR_BREAK(ipp_ret);
  672. // Prepare the message used to sign.
  673. ipp_ret = ippsHashMessage(p_data, data_size, (Ipp8u*)hash, IPP_ALG_HASH_SHA256);
  674. ERROR_BREAK(ipp_ret);
  675. /* Byte swap in creation of Big Number from SHA256 hash output */
  676. ipp_ret = sgx_ipp_newBN(NULL, sizeof(hash), &p_hash_bn);
  677. ERROR_BREAK(ipp_ret);
  678. ipp_ret = ippsSetOctString_BN((Ipp8u*)hash, sizeof(hash), p_hash_bn);
  679. ERROR_BREAK(ipp_ret);
  680. ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_msg_bn);
  681. ERROR_BREAK(ipp_ret);
  682. ipp_ret = ippsMod_BN(p_hash_bn, p_ecp_order, p_msg_bn);
  683. ERROR_BREAK(ipp_ret);
  684. // Get ephemeral key pair.
  685. ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_eph_priv_bn);
  686. ERROR_BREAK(ipp_ret);
  687. //init eccp point
  688. ipp_ret = ippsECCPPointGetSize(256, &ecp_size);
  689. ERROR_BREAK(ipp_ret);
  690. p_eph_pub = (IppsECCPPointState*)(malloc(ecp_size));
  691. if(!p_eph_pub)
  692. {
  693. ipp_ret = ippStsNoMemErr;
  694. break;
  695. }
  696. ipp_ret = ippsECCPPointInit(256, p_eph_pub);
  697. ERROR_BREAK(ipp_ret);
  698. // generate ephemeral key pair for signing operation
  699. ipp_ret = ippsECCPGenKeyPair(p_eph_priv_bn, p_eph_pub, p_ecc_state,
  700. (IppBitSupplier)sample_ipp_DRNGen, NULL);
  701. ERROR_BREAK(ipp_ret);
  702. ipp_ret = ippsECCPSetKeyPair(p_eph_priv_bn, p_eph_pub, ippFalse, p_ecc_state);
  703. ERROR_BREAK(ipp_ret);
  704. // Set the regular private key.
  705. ipp_ret = sgx_ipp_newBN((uint32_t *)p_private->r, sizeof(p_private->r),
  706. &p_reg_priv_bn);
  707. ERROR_BREAK(ipp_ret);
  708. ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signx_bn);
  709. ERROR_BREAK(ipp_ret);
  710. ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signy_bn);
  711. ERROR_BREAK(ipp_ret);
  712. // Sign the message.
  713. ipp_ret = ippsECCPSignDSA(p_msg_bn, p_reg_priv_bn, p_signx_bn, p_signy_bn,
  714. p_ecc_state);
  715. ERROR_BREAK(ipp_ret);
  716. IppsBigNumSGN sign;
  717. int length;
  718. ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigx, p_signx_bn);
  719. ERROR_BREAK(ipp_ret);
  720. memset(p_signature->x, 0, sizeof(p_signature->x));
  721. ipp_ret = check_copy_size(sizeof(p_signature->x), ROUND_TO(length, 8)/8);
  722. ERROR_BREAK(ipp_ret);
  723. memcpy(p_signature->x, p_sigx, ROUND_TO(length, 8)/8);
  724. memset_s(p_sigx, sizeof(p_signature->x), 0, ROUND_TO(length, 8)/8);
  725. ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigy, p_signy_bn);
  726. ERROR_BREAK(ipp_ret);
  727. memset(p_signature->y, 0, sizeof(p_signature->y));
  728. ipp_ret = check_copy_size(sizeof(p_signature->y), ROUND_TO(length, 8)/8);
  729. ERROR_BREAK(ipp_ret);
  730. memcpy(p_signature->y, p_sigy, ROUND_TO(length, 8)/8);
  731. memset_s(p_sigy, sizeof(p_signature->y), 0, ROUND_TO(length, 8)/8);
  732. }while(0);
  733. // Clear buffer before free.
  734. if(p_eph_pub)
  735. memset_s(p_eph_pub, ecp_size, 0, ecp_size);
  736. SAFE_FREE(p_eph_pub);
  737. sample_ipp_secure_free_BN(p_ecp_order, order_size);
  738. sample_ipp_secure_free_BN(p_hash_bn, sizeof(hash));
  739. sample_ipp_secure_free_BN(p_msg_bn, order_size);
  740. sample_ipp_secure_free_BN(p_eph_priv_bn, order_size);
  741. sample_ipp_secure_free_BN(p_reg_priv_bn, sizeof(p_private->r));
  742. sample_ipp_secure_free_BN(p_signx_bn, order_size);
  743. sample_ipp_secure_free_BN(p_signy_bn, order_size);
  744. switch (ipp_ret)
  745. {
  746. case ippStsNoErr: return SAMPLE_SUCCESS;
  747. case ippStsNoMemErr:
  748. case ippStsMemAllocErr: return SAMPLE_ERROR_OUT_OF_MEMORY;
  749. case ippStsNullPtrErr:
  750. case ippStsLengthErr:
  751. case ippStsOutOfRangeErr:
  752. case ippStsSizeErr:
  753. case ippStsBadArgErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  754. default: return SAMPLE_ERROR_UNEXPECTED;
  755. }
  756. }
  757. /* Allocates and initializes sha256 state
  758. * Parameters:
  759. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  760. * Output: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state */
  761. sample_status_t sample_sha256_init(sample_sha_state_handle_t* p_sha_handle)
  762. {
  763. IppStatus ipp_ret = ippStsNoErr;
  764. IppsHashState* p_temp_state = NULL;
  765. if (p_sha_handle == NULL)
  766. return SAMPLE_ERROR_INVALID_PARAMETER;
  767. int ctx_size = 0;
  768. ipp_ret = ippsHashGetSize(&ctx_size);
  769. if (ipp_ret != ippStsNoErr)
  770. return SAMPLE_ERROR_UNEXPECTED;
  771. p_temp_state = (IppsHashState*)(malloc(ctx_size));
  772. if (p_temp_state == NULL)
  773. return SAMPLE_ERROR_OUT_OF_MEMORY;
  774. ipp_ret = ippsHashInit(p_temp_state, IPP_ALG_HASH_SHA256);
  775. if (ipp_ret != ippStsNoErr)
  776. {
  777. SAFE_FREE(p_temp_state);
  778. *p_sha_handle = NULL;
  779. switch (ipp_ret)
  780. {
  781. case ippStsNullPtrErr:
  782. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  783. default: return SAMPLE_ERROR_UNEXPECTED;
  784. }
  785. }
  786. *p_sha_handle = p_temp_state;
  787. return SAMPLE_SUCCESS;
  788. }
  789. /* Updates sha256 has calculation based on the input message
  790. * Parameters:
  791. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  792. * Input: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state
  793. * uint8_t *p_src - Pointer to the input stream to be hashed
  794. * uint32_t src_len - Length of the input stream to be hashed */
  795. sample_status_t sample_sha256_update(const uint8_t *p_src, uint32_t src_len, sample_sha_state_handle_t sha_handle)
  796. {
  797. if ((p_src == NULL) || (sha_handle == NULL))
  798. {
  799. return SAMPLE_ERROR_INVALID_PARAMETER;
  800. }
  801. IppStatus ipp_ret = ippStsNoErr;
  802. ipp_ret = ippsHashUpdate(p_src, src_len, (IppsHashState*)sha_handle);
  803. switch (ipp_ret)
  804. {
  805. case ippStsNoErr: return SAMPLE_SUCCESS;
  806. case ippStsNullPtrErr:
  807. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  808. default: return SAMPLE_ERROR_UNEXPECTED;
  809. }
  810. }
  811. /* Returns Hash calculation
  812. * Parameters:
  813. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  814. * Input: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state
  815. * Output: sample_sha256_hash_t *p_hash - Resultant hash from operation */
  816. sample_status_t sample_sha256_get_hash(sample_sha_state_handle_t sha_handle, sample_sha256_hash_t *p_hash)
  817. {
  818. if ((sha_handle == NULL) || (p_hash == NULL))
  819. {
  820. return SAMPLE_ERROR_INVALID_PARAMETER;
  821. }
  822. IppStatus ipp_ret = ippStsNoErr;
  823. ipp_ret = ippsHashGetTag((Ipp8u*)p_hash, SAMPLE_SHA256_HASH_SIZE, (IppsHashState*)sha_handle);
  824. switch (ipp_ret)
  825. {
  826. case ippStsNoErr: return SAMPLE_SUCCESS;
  827. case ippStsNullPtrErr:
  828. case ippStsLengthErr: return SAMPLE_ERROR_INVALID_PARAMETER;
  829. default: return SAMPLE_ERROR_UNEXPECTED;
  830. }
  831. }
  832. /* Cleans up sha state
  833. * Parameters:
  834. * Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise.
  835. * Input: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state */
  836. sample_status_t sample_sha256_close(sample_sha_state_handle_t sha_handle)
  837. {
  838. if (sha_handle == NULL)
  839. {
  840. return SAMPLE_ERROR_INVALID_PARAMETER;
  841. }
  842. SAFE_FREE(sha_handle);
  843. return SAMPLE_SUCCESS;
  844. }