sgx_rsa3072.cpp 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "sgx_ecc256_common.h"
  32. sgx_status_t sgx_rsa3072_sign(const uint8_t * p_data,
  33. uint32_t data_size,
  34. const sgx_rsa3072_key_t * p_key,
  35. sgx_rsa3072_signature_t * p_signature)
  36. {
  37. if ((p_data == NULL) || (data_size < 1) || (p_key == NULL) ||
  38. (p_signature == NULL) )
  39. {
  40. return SGX_ERROR_INVALID_PARAMETER;
  41. }
  42. IppStatus ipp_ret = ippStsNoErr;
  43. IppHashAlgId hash_alg = ippHashAlg_SHA256;
  44. IppsRSAPrivateKeyState* p_rsa_privatekey_ctx = NULL;
  45. Ipp8u *temp_buff = NULL;
  46. IppsBigNumState* p_prikey_mod_bn = NULL;
  47. IppsBigNumState* p_prikey_d_bn = NULL;
  48. do
  49. {
  50. // Initializa IPP BN from the private key
  51. ipp_ret = sgx_ipp_newBN((const Ipp32u *)p_key->mod, sizeof(p_key->mod), &p_prikey_mod_bn);
  52. ERROR_BREAK(ipp_ret);
  53. ipp_ret = sgx_ipp_newBN((const Ipp32u *)p_key->d, sizeof(p_key->d), &p_prikey_d_bn);
  54. ERROR_BREAK(ipp_ret);
  55. // allocate private key context
  56. int private_key_ctx_size = 0;
  57. ipp_ret = ippsRSA_GetSizePrivateKeyType1(SGX_RSA3072_KEY_SIZE * 8, SGX_RSA3072_PRI_EXP_SIZE * 8,
  58. &private_key_ctx_size);
  59. ERROR_BREAK(ipp_ret);
  60. p_rsa_privatekey_ctx = (IppsRSAPrivateKeyState*)malloc(private_key_ctx_size);
  61. if (!p_rsa_privatekey_ctx) {
  62. ipp_ret = ippStsMemAllocErr;
  63. break;
  64. }
  65. // initialize the private key context
  66. ipp_ret = ippsRSA_InitPrivateKeyType1(SGX_RSA3072_KEY_SIZE * 8, SGX_RSA3072_PRI_EXP_SIZE * 8,
  67. p_rsa_privatekey_ctx, private_key_ctx_size);
  68. ERROR_BREAK(ipp_ret);
  69. ipp_ret = ippsRSA_SetPrivateKeyType1(p_prikey_mod_bn, p_prikey_d_bn, p_rsa_privatekey_ctx);
  70. ERROR_BREAK(ipp_ret);
  71. // allocate temp buffer for RSA calculation
  72. int private_key_buffer_size = 0;
  73. ipp_ret = ippsRSA_GetBufferSizePrivateKey(&private_key_buffer_size, p_rsa_privatekey_ctx);
  74. ERROR_BREAK(ipp_ret);
  75. temp_buff = (Ipp8u*)malloc(private_key_buffer_size);
  76. if (!temp_buff) {
  77. ipp_ret = ippStsMemAllocErr;
  78. break;
  79. }
  80. // sign the data buffer
  81. ipp_ret = ippsRSASign_PKCS1v15(p_data, data_size, *p_signature, p_rsa_privatekey_ctx, NULL, hash_alg, temp_buff);
  82. } while (0);
  83. sgx_ipp_secure_free_BN(p_prikey_mod_bn, sizeof(p_key->mod));
  84. sgx_ipp_secure_free_BN(p_prikey_d_bn, sizeof(p_key->d));
  85. SAFE_FREE(p_rsa_privatekey_ctx);
  86. SAFE_FREE(temp_buff);
  87. switch (ipp_ret)
  88. {
  89. case ippStsNoErr: return SGX_SUCCESS;
  90. case ippStsNoMemErr:
  91. case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
  92. case ippStsNullPtrErr:
  93. case ippStsLengthErr:
  94. case ippStsOutOfRangeErr:
  95. case ippStsSizeErr:
  96. case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
  97. default: return SGX_ERROR_UNEXPECTED;
  98. }
  99. }
  100. sgx_status_t sgx_rsa3072_verify(const uint8_t *p_data,
  101. uint32_t data_size,
  102. const sgx_rsa3072_public_key_t *p_public,
  103. const sgx_rsa3072_signature_t *p_signature,
  104. sgx_rsa_result_t *p_result)
  105. {
  106. if ((p_data == NULL) || (data_size < 1) || (p_public == NULL) ||
  107. (p_signature == NULL) || (p_result == NULL))
  108. {
  109. return SGX_ERROR_INVALID_PARAMETER;
  110. }
  111. *p_result = SGX_RSA_INVALID_SIGNATURE;
  112. IppStatus ipp_ret = ippStsNoErr;
  113. IppHashAlgId hash_alg = ippHashAlg_SHA256;
  114. IppsRSAPublicKeyState* p_rsa_publickey_ctx = NULL;
  115. Ipp8u *temp_buff = NULL;
  116. IppsBigNumState* p_pubkey_mod_bn = NULL;
  117. IppsBigNumState* p_pubkey_exp_bn = NULL;
  118. int result = 0;
  119. do
  120. {
  121. // Initializa IPP BN from the public key
  122. ipp_ret = sgx_ipp_newBN((const Ipp32u *)p_public->mod, sizeof(p_public->mod), &p_pubkey_mod_bn);
  123. ERROR_BREAK(ipp_ret);
  124. ipp_ret = sgx_ipp_newBN((const Ipp32u *)&p_public->exp, sizeof(p_public->exp), &p_pubkey_exp_bn);
  125. ERROR_BREAK(ipp_ret);
  126. // allocate public key context
  127. int public_key_ctx_size = 0;
  128. ipp_ret = ippsRSA_GetSizePublicKey(SGX_RSA3072_KEY_SIZE * 8, SGX_RSA3072_PUB_EXP_SIZE * 8,
  129. &public_key_ctx_size);
  130. ERROR_BREAK(ipp_ret);
  131. p_rsa_publickey_ctx = (IppsRSAPublicKeyState*)malloc(public_key_ctx_size);
  132. if (!p_rsa_publickey_ctx) {
  133. ipp_ret = ippStsMemAllocErr;
  134. break;
  135. }
  136. // initialize the public key context
  137. ipp_ret = ippsRSA_InitPublicKey(SGX_RSA3072_KEY_SIZE * 8, SGX_RSA3072_PUB_EXP_SIZE * 8,
  138. p_rsa_publickey_ctx, public_key_ctx_size);
  139. ERROR_BREAK(ipp_ret);
  140. ipp_ret = ippsRSA_SetPublicKey(p_pubkey_mod_bn, p_pubkey_exp_bn, p_rsa_publickey_ctx);
  141. ERROR_BREAK(ipp_ret);
  142. // allocate temp buffer for RSA calculation
  143. int public_key_buffer_size = 0;
  144. ipp_ret = ippsRSA_GetBufferSizePublicKey(&public_key_buffer_size, p_rsa_publickey_ctx);
  145. ERROR_BREAK(ipp_ret);
  146. temp_buff = (Ipp8u*)malloc(public_key_buffer_size);
  147. if (!temp_buff) {
  148. ipp_ret = ippStsMemAllocErr;
  149. break;
  150. }
  151. // verify the signature
  152. ipp_ret = ippsRSAVerify_PKCS1v15(p_data, data_size, *p_signature, &result, p_rsa_publickey_ctx, hash_alg, temp_buff);
  153. } while (0);
  154. if ((result != 0) && (ipp_ret == ippStsNoErr))
  155. {
  156. /* validation pass successfully */
  157. *p_result = SGX_RSA_VALID;
  158. }
  159. sgx_ipp_secure_free_BN(p_pubkey_mod_bn, sizeof(p_public->mod));
  160. sgx_ipp_secure_free_BN(p_pubkey_exp_bn, sizeof(p_public->exp));
  161. SAFE_FREE(p_rsa_publickey_ctx);
  162. SAFE_FREE(temp_buff);
  163. switch (ipp_ret)
  164. {
  165. case ippStsNoErr: return SGX_SUCCESS;
  166. case ippStsNoMemErr:
  167. case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
  168. case ippStsNullPtrErr:
  169. case ippStsLengthErr:
  170. case ippStsOutOfRangeErr:
  171. case ippStsSizeErr:
  172. case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
  173. default: return SGX_ERROR_UNEXPECTED;
  174. }
  175. }