123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299 |
- /*
- * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- #include "sgx_tcrypto_common.h"
- const uint32_t sgx_nistp256_r[] = {
- 0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, 0xFFFFFFFF, 0xFFFFFFFF,
- 0x00000000, 0xFFFFFFFF };
- /* Computes signature for data based on private key
- * Parameters:
- * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
- * Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
- * sgx_ec256_private_t *p_private - Pointer to the private key - LITTLE ENDIAN
- * sgx_uint8_t *p_data - Pointer to the data to be signed
- * uint32_t data_size - Size of the data to be signed
- * Output: sgx_ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN */
- sgx_status_t sgx_ecdsa_sign(const uint8_t *p_data,
- uint32_t data_size,
- sgx_ec256_private_t *p_private,
- sgx_ec256_signature_t *p_signature,
- sgx_ecc_state_handle_t ecc_handle)
- {
- if ((ecc_handle == NULL) || (p_private == NULL) || (p_signature == NULL) || (p_data == NULL) || (data_size < 1))
- {
- return SGX_ERROR_INVALID_PARAMETER;
- }
- IppStatus ipp_ret = ippStsNoErr;
- IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
- IppsBigNumState* p_ecp_order = NULL;
- IppsBigNumState* p_hash_bn = NULL;
- IppsBigNumState* p_msg_bn = NULL;
- IppsBigNumState* p_eph_priv_bn = NULL;
- IppsECCPPointState* p_eph_pub = NULL;
- IppsBigNumState* p_reg_priv_bn = NULL;
- IppsBigNumState* p_signx_bn = NULL;
- IppsBigNumState* p_signy_bn = NULL;
- Ipp32u *p_sigx = NULL;
- Ipp32u *p_sigy = NULL;
- int ecp_size = 0;
- const int order_size = sizeof(sgx_nistp256_r);
- uint32_t hash[8] = { 0 };
- do
- {
- ipp_ret = sgx_ipp_newBN(sgx_nistp256_r, order_size, &p_ecp_order);
- ERROR_BREAK(ipp_ret);
- // Prepare the message used to sign.
- ipp_ret = ippsHashMessage_rmf(p_data, data_size, (Ipp8u*)hash, ippsHashMethod_SHA256_TT());
- ERROR_BREAK(ipp_ret);
- /* Byte swap in creation of Big Number from SHA256 hash output */
- ipp_ret = sgx_ipp_newBN(NULL, sizeof(hash), &p_hash_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsSetOctString_BN((Ipp8u*)hash, sizeof(hash), p_hash_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_msg_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsMod_BN(p_hash_bn, p_ecp_order, p_msg_bn);
- ERROR_BREAK(ipp_ret);
- // Get ephemeral key pair.
- ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_eph_priv_bn);
- ERROR_BREAK(ipp_ret);
- //init eccp point
- ipp_ret = ippsECCPPointGetSize(256, &ecp_size);
- ERROR_BREAK(ipp_ret);
- p_eph_pub = (IppsECCPPointState*)(malloc(ecp_size));
- if (!p_eph_pub)
- {
- ipp_ret = ippStsNoMemErr;
- break;
- }
- ipp_ret = ippsECCPPointInit(256, p_eph_pub);
- ERROR_BREAK(ipp_ret);
- // Generate ephemeral key pair for signing operation
- // Notice that IPP ensures the private key generated is non-zero
- ipp_ret = ippsECCPGenKeyPair(p_eph_priv_bn, p_eph_pub, p_ecc_state,
- (IppBitSupplier)sgx_ipp_DRNGen, NULL);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsECCPSetKeyPair(p_eph_priv_bn, p_eph_pub, ippFalse, p_ecc_state);
- ERROR_BREAK(ipp_ret);
- // Set the regular private key.
- ipp_ret = sgx_ipp_newBN((uint32_t *)p_private->r, sizeof(p_private->r),
- &p_reg_priv_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signx_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signy_bn);
- ERROR_BREAK(ipp_ret);
- // Sign the message.
- ipp_ret = ippsECCPSignDSA(p_msg_bn, p_reg_priv_bn, p_signx_bn, p_signy_bn,
- p_ecc_state);
- ERROR_BREAK(ipp_ret);
- IppsBigNumSGN sign;
- int length;
- ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigx, p_signx_bn);
- ERROR_BREAK(ipp_ret);
- memset(p_signature->x, 0, sizeof(p_signature->x));
- ipp_ret = check_copy_size(sizeof(p_signature->x), ROUND_TO(length, 8) / 8);
- ERROR_BREAK(ipp_ret);
- memcpy(p_signature->x, p_sigx, ROUND_TO(length, 8) / 8);
- memset_s(p_sigx, sizeof(p_signature->x), 0, ROUND_TO(length, 8) / 8);
- ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigy, p_signy_bn);
- ERROR_BREAK(ipp_ret);
- memset(p_signature->y, 0, sizeof(p_signature->y));
- ipp_ret = check_copy_size(sizeof(p_signature->y), ROUND_TO(length, 8) / 8);
- ERROR_BREAK(ipp_ret);
- memcpy(p_signature->y, p_sigy, ROUND_TO(length, 8) / 8);
- memset_s(p_sigy, sizeof(p_signature->y), 0, ROUND_TO(length, 8) / 8);
- } while (0);
- // Clear buffer before free.
- if (p_eph_pub)
- memset_s(p_eph_pub, ecp_size, 0, ecp_size);
- SAFE_FREE(p_eph_pub);
- sgx_ipp_secure_free_BN(p_ecp_order, order_size);
- sgx_ipp_secure_free_BN(p_hash_bn, sizeof(hash));
- sgx_ipp_secure_free_BN(p_msg_bn, order_size);
- sgx_ipp_secure_free_BN(p_eph_priv_bn, order_size);
- sgx_ipp_secure_free_BN(p_reg_priv_bn, sizeof(p_private->r));
- sgx_ipp_secure_free_BN(p_signx_bn, order_size);
- sgx_ipp_secure_free_BN(p_signy_bn, order_size);
- switch (ipp_ret)
- {
- case ippStsNoErr: return SGX_SUCCESS;
- case ippStsNoMemErr:
- case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
- case ippStsNullPtrErr:
- case ippStsLengthErr:
- case ippStsOutOfRangeErr:
- case ippStsSizeErr:
- case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
- default: return SGX_ERROR_UNEXPECTED;
- }
- }
- /* Verifies the signature for the given data based on the public key
- *
- * Parameters:
- * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
- * Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
- * sgx_ec256_public_t *p_public - Pointer to the public key - LITTLE ENDIAN
- * uint8_t *p_data - Pointer to the data to be signed
- * uint32_t data_size - Size of the data to be signed
- * sgx_ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN
- * Output: uint8_t *p_result - Pointer to the result of verification check */
- sgx_status_t sgx_ecdsa_verify(const uint8_t *p_data,
- uint32_t data_size,
- const sgx_ec256_public_t *p_public,
- sgx_ec256_signature_t *p_signature,
- uint8_t *p_result,
- sgx_ecc_state_handle_t ecc_handle)
- {
- if ((ecc_handle == NULL) || (p_public == NULL) || (p_signature == NULL) ||
- (p_data == NULL) || (data_size < 1) || (p_result == NULL))
- {
- return SGX_ERROR_INVALID_PARAMETER;
- }
- IppStatus ipp_ret = ippStsNoErr;
- IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
- IppECResult result = ippECInvalidSignature;
- *p_result = SGX_EC_INVALID_SIGNATURE;
- IppsBigNumState* p_ecp_order = NULL;
- IppsBigNumState* p_hash_bn = NULL;
- IppsBigNumState* p_msg_bn = NULL;
- IppsECCPPointState* p_reg_pub = NULL;
- IppsBigNumState* p_reg_pubx_bn = NULL;
- IppsBigNumState* p_reg_puby_bn = NULL;
- IppsBigNumState* p_signx_bn = NULL;
- IppsBigNumState* p_signy_bn = NULL;
- const int order_size = sizeof(sgx_nistp256_r);
- uint32_t hash[8] = { 0 };
- int ecp_size = 0;
- do
- {
- ipp_ret = sgx_ipp_newBN(sgx_nistp256_r, order_size, &p_ecp_order);
- ERROR_BREAK(ipp_ret);
- // Prepare the message used to sign.
- ipp_ret = ippsHashMessage_rmf(p_data, data_size, (Ipp8u*)hash, ippsHashMethod_SHA256_TT());
- ERROR_BREAK(ipp_ret);
- /* Byte swap in creation of Big Number from SHA256 hash output */
- ipp_ret = sgx_ipp_newBN(NULL, sizeof(hash), &p_hash_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsSetOctString_BN((Ipp8u*)hash, sizeof(hash), p_hash_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_msg_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsMod_BN(p_hash_bn, p_ecp_order, p_msg_bn);
- ERROR_BREAK(ipp_ret);
- //Init eccp point
- ipp_ret = ippsECCPPointGetSize(256, &ecp_size);
- ERROR_BREAK(ipp_ret);
- p_reg_pub = (IppsECCPPointState*)(malloc(ecp_size));
- if (!p_reg_pub)
- {
- ipp_ret = ippStsNoMemErr;
- break;
- }
- ipp_ret = ippsECCPPointInit(256, p_reg_pub);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN((const uint32_t *)p_public->gx, sizeof(p_public->gx),
- &p_reg_pubx_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN((const uint32_t *)p_public->gy, sizeof(p_public->gy),
- &p_reg_puby_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsECCPSetPoint(p_reg_pubx_bn, p_reg_puby_bn, p_reg_pub,
- p_ecc_state);
- ERROR_BREAK(ipp_ret);
- ipp_ret = ippsECCPSetKeyPair(NULL, p_reg_pub, ippTrue, p_ecc_state);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN(p_signature->x, order_size, &p_signx_bn);
- ERROR_BREAK(ipp_ret);
- ipp_ret = sgx_ipp_newBN(p_signature->y, order_size, &p_signy_bn);
- ERROR_BREAK(ipp_ret);
- // Verify the message.
- ipp_ret = ippsECCPVerifyDSA(p_msg_bn, p_signx_bn, p_signy_bn, &result,
- p_ecc_state);
- ERROR_BREAK(ipp_ret);
- } while (0);
- // Clear buffer before free.
- if (p_reg_pub)
- memset_s(p_reg_pub, ecp_size, 0, ecp_size);
- SAFE_FREE(p_reg_pub);
- sgx_ipp_secure_free_BN(p_ecp_order, order_size);
- sgx_ipp_secure_free_BN(p_hash_bn, sizeof(hash));
- sgx_ipp_secure_free_BN(p_msg_bn, order_size);
- sgx_ipp_secure_free_BN(p_reg_pubx_bn, sizeof(p_public->gx));
- sgx_ipp_secure_free_BN(p_reg_puby_bn, sizeof(p_public->gy));
- sgx_ipp_secure_free_BN(p_signx_bn, order_size);
- sgx_ipp_secure_free_BN(p_signy_bn, order_size);
- switch (result) {
- case ippECValid: *p_result = SGX_EC_VALID; break; /* validation pass successfully */
- case ippECInvalidSignature: *p_result = SGX_EC_INVALID_SIGNATURE; break; /* invalid signature */
- default: *p_result = SGX_EC_INVALID_SIGNATURE; break;
- }
- switch (ipp_ret)
- {
- case ippStsNoErr: return SGX_SUCCESS;
- case ippStsNoMemErr:
- case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
- case ippStsNullPtrErr:
- case ippStsLengthErr:
- case ippStsOutOfRangeErr:
- case ippStsSizeErr:
- case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
- default: return SGX_ERROR_UNEXPECTED;
- }
- }
|