sgx_rsa_encryption.cpp 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. /**
  32. * File:
  33. * sgx_rsa_encryption.cpp
  34. * Description:
  35. * Wrapper for rsa operation functions
  36. *
  37. */
  38. #include <string.h>
  39. #include <stdint.h>
  40. #include <limits.h>
  41. #include "sgx_error.h"
  42. #include "sgx_trts.h"
  43. #include "ipp_wrapper.h"
  44. #include "sgx_tcrypto_common.h"
  45. sgx_status_t sgx_create_rsa_key_pair(int n_byte_size, int e_byte_size, unsigned char *p_n, unsigned char *p_d, unsigned char *p_e,
  46. unsigned char *p_p, unsigned char *p_q, unsigned char *p_dmp1,
  47. unsigned char *p_dmq1, unsigned char *p_iqmp)
  48. {
  49. if (n_byte_size <= 0 || e_byte_size <= 0 || p_n == NULL || p_d == NULL || p_e == NULL ||
  50. p_p == NULL || p_q == NULL || p_dmp1 == NULL || p_dmq1 == NULL || p_iqmp == NULL) {
  51. return SGX_ERROR_INVALID_PARAMETER;
  52. }
  53. IppsRSAPrivateKeyState *p_pri_key = NULL;
  54. IppsRSAPublicKeyState *p_pub_key = NULL;
  55. IppStatus error_code = ippStsNoErr;
  56. sgx_status_t ret_code = SGX_ERROR_UNEXPECTED;
  57. IppsPrimeState *p_prime = NULL;
  58. Ipp8u * scratch_buffer = NULL;
  59. int pri_size = 0;
  60. IppsBigNumState *bn_n = NULL, *bn_e = NULL, *bn_d = NULL, *bn_e_s = NULL, *bn_p = NULL, *bn_q = NULL, *bn_dmp1 = NULL, *bn_dmq1 = NULL, *bn_iqmp = NULL;
  61. int validate_keys = IPP_IS_INVALID;
  62. int size;
  63. IppsBigNumSGN sgn;
  64. do {
  65. //create a new prime number generator
  66. //
  67. error_code = sgx_ipp_newPrimeGen(n_byte_size * 8 / 2, &p_prime);
  68. ERROR_BREAK(error_code);
  69. //allocate and init private key of type 2
  70. //
  71. error_code = ippsRSA_GetSizePrivateKeyType2(n_byte_size / 2 * 8, n_byte_size / 2 * 8, &pri_size);
  72. ERROR_BREAK(error_code);
  73. p_pri_key = (IppsRSAPrivateKeyState *)malloc(pri_size);
  74. NULL_BREAK(p_pri_key);
  75. error_code = ippsRSA_InitPrivateKeyType2(n_byte_size / 2 * 8, n_byte_size / 2 * 8, p_pri_key, pri_size);
  76. ERROR_BREAK(error_code);
  77. //allocate scratch buffer, to be used as temp buffer
  78. //
  79. scratch_buffer = (Ipp8u *)malloc(pri_size);
  80. NULL_BREAK(scratch_buffer);
  81. memset(scratch_buffer, 0, pri_size);
  82. //allocate and initialize RSA BNs
  83. //
  84. error_code = sgx_ipp_newBN((const Ipp32u*)p_e, e_byte_size, &bn_e_s);
  85. ERROR_BREAK(error_code);
  86. error_code = sgx_ipp_newBN(NULL, n_byte_size, &bn_n);
  87. ERROR_BREAK(error_code);
  88. error_code = sgx_ipp_newBN(NULL, e_byte_size, &bn_e);
  89. ERROR_BREAK(error_code);
  90. error_code = sgx_ipp_newBN(NULL, n_byte_size, &bn_d);
  91. ERROR_BREAK(error_code);
  92. error_code = sgx_ipp_newBN(NULL, n_byte_size / 2, &bn_p);
  93. ERROR_BREAK(error_code);
  94. error_code = sgx_ipp_newBN(NULL, n_byte_size / 2, &bn_q);
  95. ERROR_BREAK(error_code);
  96. error_code = sgx_ipp_newBN(NULL, n_byte_size / 2, &bn_dmp1);
  97. ERROR_BREAK(error_code);
  98. error_code = sgx_ipp_newBN(NULL, n_byte_size / 2, &bn_dmq1);
  99. ERROR_BREAK(error_code);
  100. error_code = sgx_ipp_newBN(NULL, n_byte_size / 2, &bn_iqmp);
  101. ERROR_BREAK(error_code);
  102. //generate RSA key components with n_byte_size modulus and p_e public exponent
  103. //
  104. error_code = ippsRSA_GenerateKeys(bn_e_s,
  105. bn_n,
  106. bn_e,
  107. bn_d,
  108. p_pri_key,
  109. scratch_buffer,
  110. 1,
  111. p_prime,
  112. sgx_ipp_DRNGen,
  113. NULL);
  114. ERROR_BREAK(error_code);
  115. //extract private key components into BNs
  116. //
  117. error_code = ippsRSA_GetPrivateKeyType2(bn_p,
  118. bn_q,
  119. bn_dmp1,
  120. bn_dmq1,
  121. bn_iqmp,
  122. p_pri_key);
  123. ERROR_BREAK(error_code);
  124. //allocate and initialize public key
  125. //
  126. error_code = ippsRSA_GetSizePublicKey(n_byte_size * 8, e_byte_size * 8, &pri_size);
  127. ERROR_BREAK(error_code);
  128. p_pub_key = (IppsRSAPublicKeyState *)malloc(pri_size);
  129. NULL_BREAK(p_pub_key);
  130. error_code = ippsRSA_InitPublicKey(n_byte_size * 8, e_byte_size * 8, p_pub_key, pri_size);
  131. ERROR_BREAK(error_code);
  132. error_code = ippsRSA_SetPublicKey(bn_n, bn_e, p_pub_key);
  133. ERROR_BREAK(error_code);
  134. //validate generated keys
  135. //
  136. ippsRSA_ValidateKeys(&validate_keys, p_pub_key, p_pri_key, NULL, scratch_buffer, 10, p_prime, sgx_ipp_DRNGen, NULL);
  137. if (validate_keys != IPP_IS_VALID) {
  138. break;
  139. }
  140. //extract RSA components from BNs into output buffers
  141. //
  142. error_code = ippsGetSize_BN(bn_n, &size);
  143. ERROR_BREAK(error_code);
  144. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_n, bn_n);
  145. ERROR_BREAK(error_code);
  146. error_code = ippsGetSize_BN(bn_e, &size);
  147. ERROR_BREAK(error_code);
  148. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_e, bn_e);
  149. ERROR_BREAK(error_code);
  150. error_code = ippsGetSize_BN(bn_d, &size);
  151. ERROR_BREAK(error_code);
  152. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_d, bn_d);
  153. ERROR_BREAK(error_code);
  154. error_code = ippsGetSize_BN(bn_p, &size);
  155. ERROR_BREAK(error_code);
  156. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_p, bn_p);
  157. ERROR_BREAK(error_code);
  158. error_code = ippsGetSize_BN(bn_q, &size);
  159. ERROR_BREAK(error_code);
  160. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_q, bn_q);
  161. ERROR_BREAK(error_code);
  162. error_code = ippsGetSize_BN(bn_dmp1, &size);
  163. ERROR_BREAK(error_code);
  164. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_dmp1, bn_dmp1);
  165. ERROR_BREAK(error_code);
  166. error_code = ippsGetSize_BN(bn_dmq1, &size);
  167. ERROR_BREAK(error_code);
  168. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_dmq1, bn_dmq1);
  169. ERROR_BREAK(error_code);
  170. error_code = ippsGetSize_BN(bn_iqmp, &size);
  171. ERROR_BREAK(error_code);
  172. error_code = ippsGet_BN(&sgn, &size, (Ipp32u*)p_iqmp, bn_iqmp);
  173. ERROR_BREAK(error_code);
  174. ret_code = SGX_SUCCESS;
  175. } while (0);
  176. sgx_ipp_secure_free_BN(bn_e_s, e_byte_size);
  177. sgx_ipp_secure_free_BN(bn_e, e_byte_size);
  178. sgx_ipp_secure_free_BN(bn_d, n_byte_size);
  179. sgx_ipp_secure_free_BN(bn_n, n_byte_size);
  180. sgx_ipp_secure_free_BN(bn_p, n_byte_size / 2);
  181. sgx_ipp_secure_free_BN(bn_q, n_byte_size / 2);
  182. sgx_ipp_secure_free_BN(bn_dmp1, n_byte_size / 2);
  183. sgx_ipp_secure_free_BN(bn_dmq1, n_byte_size / 2);
  184. sgx_ipp_secure_free_BN(bn_iqmp, n_byte_size / 2);
  185. SAFE_FREE_MM(p_prime);
  186. secure_free_rsa_pri2_key(n_byte_size / 2, p_pri_key);
  187. secure_free_rsa_pub_key(n_byte_size, e_byte_size, p_pub_key);
  188. SAFE_FREE_MM(scratch_buffer);
  189. return ret_code;
  190. }
  191. sgx_status_t sgx_create_rsa_priv2_key(int mod_size, int exp_size, const unsigned char *p_rsa_key_e, const unsigned char *p_rsa_key_p, const unsigned char *p_rsa_key_q,
  192. const unsigned char *p_rsa_key_dmp1, const unsigned char *p_rsa_key_dmq1, const unsigned char *p_rsa_key_iqmp,
  193. void **new_pri_key2)
  194. {
  195. (void)(exp_size);
  196. (void)(p_rsa_key_e);
  197. IppsRSAPrivateKeyState *p_rsa2 = NULL;
  198. IppsBigNumState *p_p = NULL, *p_q = NULL, *p_dmp1 = NULL, *p_dmq1 = NULL, *p_iqmp = NULL;
  199. int rsa2_size = 0;
  200. sgx_status_t ret_code = SGX_ERROR_UNEXPECTED;
  201. if (mod_size <= 0 || p_rsa_key_p == NULL || p_rsa_key_q == NULL || p_rsa_key_dmp1 == NULL || p_rsa_key_dmq1 == NULL || p_rsa_key_iqmp == NULL || new_pri_key2 == NULL) {
  202. return SGX_ERROR_INVALID_PARAMETER;
  203. }
  204. IppStatus error_code = ippStsNoErr;
  205. do {
  206. //generate and assign RSA components BNs
  207. //
  208. error_code = sgx_ipp_newBN((const Ipp32u*)p_rsa_key_p, mod_size / 2, &p_p);
  209. ERROR_BREAK(error_code);
  210. error_code = sgx_ipp_newBN((const Ipp32u*)p_rsa_key_q, mod_size / 2, &p_q);
  211. ERROR_BREAK(error_code);
  212. error_code = sgx_ipp_newBN((const Ipp32u*)p_rsa_key_dmp1, mod_size / 2, &p_dmp1);
  213. ERROR_BREAK(error_code);
  214. error_code = sgx_ipp_newBN((const Ipp32u*)p_rsa_key_dmq1, mod_size / 2, &p_dmq1);
  215. ERROR_BREAK(error_code);
  216. error_code = sgx_ipp_newBN((const Ipp32u*)p_rsa_key_iqmp, mod_size / 2, &p_iqmp);
  217. ERROR_BREAK(error_code);
  218. //allocate and initialize private key of type 2
  219. //
  220. error_code = ippsRSA_GetSizePrivateKeyType2(mod_size / 2 * 8, mod_size / 2 * 8, &rsa2_size);
  221. ERROR_BREAK(error_code);
  222. p_rsa2 = (IppsRSAPrivateKeyState *)malloc(rsa2_size);
  223. NULL_BREAK(p_rsa2);
  224. error_code = ippsRSA_InitPrivateKeyType2(mod_size / 2 * 8, mod_size / 2 * 8, p_rsa2, rsa2_size);
  225. ERROR_BREAK(error_code);
  226. //setup private key with values of input components
  227. //
  228. error_code = ippsRSA_SetPrivateKeyType2(p_p, p_q, p_dmp1, p_dmq1, p_iqmp, p_rsa2);
  229. ERROR_BREAK(error_code);
  230. *new_pri_key2 = (void*)p_rsa2;
  231. ret_code = SGX_SUCCESS;
  232. } while (0);
  233. sgx_ipp_secure_free_BN(p_p, mod_size / 2);
  234. sgx_ipp_secure_free_BN(p_q, mod_size / 2);
  235. sgx_ipp_secure_free_BN(p_dmp1, mod_size / 2);
  236. sgx_ipp_secure_free_BN(p_dmq1, mod_size / 2);
  237. sgx_ipp_secure_free_BN(p_iqmp, mod_size / 2);
  238. if (ret_code != SGX_SUCCESS) {
  239. secure_free_rsa_pri2_key(mod_size, p_rsa2);
  240. }
  241. return ret_code;
  242. }
  243. sgx_status_t sgx_create_rsa_pub1_key(int mod_size, int exp_size, const unsigned char *le_n, const unsigned char *le_e, void **new_pub_key1)
  244. {
  245. if (new_pub_key1 == NULL || mod_size <= 0 || exp_size <= 0 || le_n == NULL || le_e == NULL) {
  246. return SGX_ERROR_INVALID_PARAMETER;
  247. }
  248. IppsRSAPublicKeyState *p_pub_key = NULL;
  249. IppsBigNumState *p_n = NULL, *p_e = NULL;
  250. int rsa_size = 0;
  251. sgx_status_t ret_code = SGX_ERROR_UNEXPECTED;
  252. IppStatus error_code = ippStsNoErr;
  253. do {
  254. //generate and assign RSA components BNs
  255. //
  256. error_code = sgx_ipp_newBN((const Ipp32u*)le_n, mod_size, &p_n);
  257. ERROR_BREAK(error_code);
  258. error_code = sgx_ipp_newBN((const Ipp32u*)le_e, exp_size, &p_e);
  259. ERROR_BREAK(error_code);
  260. //allocate and initialize public key
  261. //
  262. error_code = ippsRSA_GetSizePublicKey(mod_size * 8, exp_size * 8, &rsa_size);
  263. ERROR_BREAK(error_code);
  264. p_pub_key = (IppsRSAPublicKeyState *)malloc(rsa_size);
  265. NULL_BREAK(p_pub_key);
  266. error_code = ippsRSA_InitPublicKey(mod_size * 8, exp_size * 8, p_pub_key, rsa_size);
  267. ERROR_BREAK(error_code);
  268. //setup public key with values of input components
  269. //
  270. error_code = ippsRSA_SetPublicKey(p_n, p_e, p_pub_key);
  271. ERROR_BREAK(error_code);
  272. *new_pub_key1 = (void*)p_pub_key;
  273. ret_code = SGX_SUCCESS;
  274. } while (0);
  275. sgx_ipp_secure_free_BN(p_n, mod_size);
  276. sgx_ipp_secure_free_BN(p_e, exp_size);
  277. if (ret_code != SGX_SUCCESS) {
  278. secure_free_rsa_pub_key(mod_size, exp_size, p_pub_key);
  279. }
  280. return ret_code;
  281. }
  282. sgx_status_t sgx_rsa_pub_encrypt_sha256(void* rsa_key, unsigned char* pout_data, size_t* pout_len, const unsigned char* pin_data,
  283. const size_t pin_len) {
  284. (void)(pout_len);
  285. if (rsa_key == NULL || pin_data == NULL || pin_len < 1 || pin_len >= INT_MAX) {
  286. return SGX_ERROR_INVALID_PARAMETER;
  287. }
  288. uint8_t *p_scratch_buffer = NULL;
  289. Ipp8u seeds[RSA_SEED_SIZE_SHA256] = { 0 };
  290. int scratch_buff_size = 0;
  291. sgx_status_t ret_code = SGX_ERROR_UNEXPECTED;
  292. if (pout_data == NULL) {
  293. return SGX_SUCCESS;
  294. }
  295. do {
  296. //get scratch buffer size, to be used as temp buffer, and allocate it
  297. //
  298. if (ippsRSA_GetBufferSizePublicKey(&scratch_buff_size, (IppsRSAPublicKeyState*)rsa_key) != ippStsNoErr) {
  299. break;
  300. }
  301. p_scratch_buffer = (uint8_t *)malloc(8 * scratch_buff_size);
  302. NULL_BREAK(p_scratch_buffer);
  303. //get random seed
  304. //
  305. if (sgx_read_rand(seeds, RSA_SEED_SIZE_SHA256) != SGX_SUCCESS) {
  306. break;
  307. }
  308. //encrypt input data with public rsa_key and SHA256 padding
  309. //
  310. if (ippsRSAEncrypt_OAEP(pin_data, (int)pin_len, NULL, 0, seeds,
  311. pout_data, (IppsRSAPublicKeyState*)rsa_key, IPP_ALG_HASH_SHA256, p_scratch_buffer) != ippStsNoErr) {
  312. break;
  313. }
  314. ret_code = SGX_SUCCESS;
  315. } while (0);
  316. memset_s(seeds, RSA_SEED_SIZE_SHA256, 0, RSA_SEED_SIZE_SHA256);
  317. SAFE_FREE_MM(p_scratch_buffer);
  318. return ret_code;
  319. }
  320. sgx_status_t sgx_rsa_priv_decrypt_sha256(void* rsa_key, unsigned char* pout_data, size_t* pout_len, const unsigned char* pin_data,
  321. const size_t pin_len) {
  322. (void)(pin_len);
  323. if (rsa_key == NULL || pout_len == NULL || pin_data == NULL) {
  324. return SGX_ERROR_INVALID_PARAMETER;
  325. }
  326. sgx_status_t ret_code = SGX_ERROR_UNEXPECTED;
  327. uint8_t *p_scratch_buffer = NULL;
  328. int scratch_buff_size = 0;
  329. if (pout_data == NULL) {
  330. return SGX_SUCCESS;
  331. }
  332. do {
  333. //get scratch buffer size, to be used as temp buffer, and allocate it
  334. //
  335. if (ippsRSA_GetBufferSizePrivateKey(&scratch_buff_size, (IppsRSAPrivateKeyState*)rsa_key) != ippStsNoErr) {
  336. break;
  337. }
  338. p_scratch_buffer = (uint8_t *)malloc(scratch_buff_size);
  339. NULL_BREAK(p_scratch_buffer);
  340. //decrypt input ciphertext using private key rsa_key
  341. if (ippsRSADecrypt_OAEP(pin_data, NULL, 0, pout_data, (int*)pout_len, (IppsRSAPrivateKeyState*)rsa_key,
  342. IPP_ALG_HASH_SHA256, p_scratch_buffer) != ippStsNoErr) {
  343. break;
  344. }
  345. ret_code = SGX_SUCCESS;
  346. } while (0);
  347. SAFE_FREE_MM(p_scratch_buffer);
  348. return ret_code;
  349. }
  350. sgx_status_t sgx_free_rsa_key(void *p_rsa_key, sgx_rsa_key_type_t key_type, int mod_size, int exp_size) {
  351. if (key_type == SGX_RSA_PRIVATE_KEY) {
  352. (void)(exp_size);
  353. secure_free_rsa_pri2_key(mod_size, (IppsRSAPrivateKeyState*)p_rsa_key);
  354. } else if (key_type == SGX_RSA_PUBLIC_KEY) {
  355. secure_free_rsa_pub_key(mod_size, exp_size, (IppsRSAPublicKeyState*)p_rsa_key);
  356. }
  357. return SGX_SUCCESS;
  358. }
  359. sgx_status_t sgx_calculate_ecdsa_priv_key(const unsigned char* hash_drg, int hash_drg_len,
  360. const unsigned char* sgx_nistp256_r_m1, int sgx_nistp256_r_m1_len,
  361. unsigned char* out_key, int out_key_len) {
  362. if (out_key == NULL || hash_drg_len <= 0 || sgx_nistp256_r_m1_len <= 0 ||
  363. out_key_len <= 0 || hash_drg == NULL || sgx_nistp256_r_m1 == NULL) {
  364. return SGX_ERROR_INVALID_PARAMETER;
  365. }
  366. sgx_status_t ret_code = SGX_ERROR_UNEXPECTED;
  367. IppStatus ipp_status = ippStsNoErr;
  368. IppsBigNumState *bn_d = NULL;
  369. IppsBigNumState *bn_m = NULL;
  370. IppsBigNumState *bn_o = NULL;
  371. IppsBigNumState *bn_one = NULL;
  372. Ipp32u i = 1;
  373. do {
  374. //allocate and initialize BNs
  375. //
  376. ipp_status = sgx_ipp_newBN(reinterpret_cast<const Ipp32u *>(hash_drg), hash_drg_len, &bn_d);
  377. ERROR_BREAK(ipp_status);
  378. //generate mod to be n-1 where n is order of ECC Group
  379. //
  380. ipp_status = sgx_ipp_newBN(reinterpret_cast<const Ipp32u *>(sgx_nistp256_r_m1), sgx_nistp256_r_m1_len, &bn_m);
  381. ERROR_BREAK(ipp_status);
  382. //allocate memory for output BN
  383. //
  384. ipp_status = sgx_ipp_newBN(NULL, sgx_nistp256_r_m1_len, &bn_o);
  385. ERROR_BREAK(ipp_status);
  386. //create big number with value of 1
  387. //
  388. ipp_status = sgx_ipp_newBN(&i, sizeof(Ipp32u), &bn_one);
  389. ERROR_BREAK(ipp_status);
  390. //calculate output's BN value
  391. ipp_status = ippsMod_BN(bn_d, bn_m, bn_o);
  392. ERROR_BREAK(ipp_status)
  393. //increase by 1
  394. //
  395. ipp_status = ippsAdd_BN(bn_o, bn_one, bn_o);
  396. ERROR_BREAK(ipp_status);
  397. /*Unmatched size*/
  398. if (sgx_nistp256_r_m1_len != sizeof(sgx_ec256_private_t)) {
  399. break;
  400. }
  401. //convert BN_o into octet string
  402. ipp_status = ippsGetOctString_BN(reinterpret_cast<Ipp8u *>(out_key), sgx_nistp256_r_m1_len, bn_o);//output data in bigendian order
  403. ERROR_BREAK(ipp_status);
  404. ret_code = SGX_SUCCESS;
  405. } while (0);
  406. if (NULL != bn_d) {
  407. sgx_ipp_secure_free_BN(bn_d, hash_drg_len);
  408. }
  409. if (NULL != bn_m) {
  410. sgx_ipp_secure_free_BN(bn_m, sgx_nistp256_r_m1_len);
  411. }
  412. if (NULL != bn_o) {
  413. sgx_ipp_secure_free_BN(bn_o, sgx_nistp256_r_m1_len);
  414. }
  415. if (NULL != bn_one) {
  416. sgx_ipp_secure_free_BN(bn_one, sizeof(uint32_t));
  417. }
  418. if (ret_code != SGX_SUCCESS) {
  419. (void)memset_s(out_key, out_key_len, 0, out_key_len);
  420. }
  421. return ret_code;
  422. }