sgx_ecc256.cpp 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484
  1. /*
  2. * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "sgx_ecc256_common.h"
  32. /*
  33. * Elliptic Curve Crytpography - Based on GF(p), 256 bit
  34. */
  35. /* Allocates and initializes ecc context
  36. * Parameters:
  37. * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
  38. * Output: sgx_ecc_state_handle_t *p_ecc_handle - Pointer to the handle of ECC crypto system */
  39. sgx_status_t sgx_ecc256_open_context(sgx_ecc_state_handle_t* p_ecc_handle)
  40. {
  41. IppStatus ipp_ret = ippStsNoErr;
  42. IppsECCPState* p_ecc_state = NULL;
  43. // default use 256r1 parameter
  44. int ctx_size = 0;
  45. if (p_ecc_handle == NULL)
  46. return SGX_ERROR_INVALID_PARAMETER;
  47. ipp_ret = ippsECCPGetSize(256, &ctx_size);
  48. if (ipp_ret != ippStsNoErr)
  49. return SGX_ERROR_UNEXPECTED;
  50. p_ecc_state = (IppsECCPState*)(malloc(ctx_size));
  51. if (p_ecc_state == NULL)
  52. return SGX_ERROR_OUT_OF_MEMORY;
  53. ipp_ret = ippsECCPInit(256, p_ecc_state);
  54. if (ipp_ret != ippStsNoErr)
  55. {
  56. SAFE_FREE(p_ecc_state);
  57. *p_ecc_handle = NULL;
  58. return SGX_ERROR_UNEXPECTED;
  59. }
  60. ipp_ret = ippsECCPSetStd(IppECCPStd256r1, p_ecc_state);
  61. if (ipp_ret != ippStsNoErr)
  62. {
  63. SAFE_FREE(p_ecc_state);
  64. *p_ecc_handle = NULL;
  65. return SGX_ERROR_UNEXPECTED;
  66. }
  67. *p_ecc_handle = p_ecc_state;
  68. return SGX_SUCCESS;
  69. }
  70. /* Cleans up ecc context
  71. * Parameters:
  72. * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
  73. * Output: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system */
  74. sgx_status_t sgx_ecc256_close_context(sgx_ecc_state_handle_t ecc_handle)
  75. {
  76. if (ecc_handle == NULL)
  77. {
  78. return SGX_ERROR_INVALID_PARAMETER;
  79. }
  80. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  81. int ctx_size = 0;
  82. IppStatus ipp_ret = ippsECCPGetSize(256, &ctx_size);
  83. if (ipp_ret != ippStsNoErr)
  84. {
  85. free(p_ecc_state);
  86. return SGX_SUCCESS;
  87. }
  88. memset_s(p_ecc_state, ctx_size, 0, ctx_size);
  89. free(p_ecc_state);
  90. return SGX_SUCCESS;
  91. }
  92. /* Populates private/public key pair - caller code allocates memory
  93. * Parameters:
  94. * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
  95. * Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  96. * Outputs: sgx_ec256_private_t *p_private - Pointer to the private key
  97. * sgx_ec256_public_t *p_public - Pointer to the public key */
  98. sgx_status_t sgx_ecc256_create_key_pair(sgx_ec256_private_t *p_private,
  99. sgx_ec256_public_t *p_public,
  100. sgx_ecc_state_handle_t ecc_handle)
  101. {
  102. if ((ecc_handle == NULL) || (p_private == NULL) || (p_public == NULL))
  103. {
  104. return SGX_ERROR_INVALID_PARAMETER;
  105. }
  106. IppsBigNumState* dh_priv_BN = NULL;
  107. IppsECCPPointState* point_pub = NULL;
  108. IppsBigNumState* pub_gx = NULL;
  109. IppsBigNumState* pub_gy = NULL;
  110. IppStatus ipp_ret = ippStsNoErr;
  111. int ecPointSize = 0;
  112. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  113. do
  114. {
  115. //init eccp point
  116. ipp_ret = ippsECCPPointGetSize(256, &ecPointSize);
  117. ERROR_BREAK(ipp_ret);
  118. point_pub = (IppsECCPPointState*)(malloc(ecPointSize));
  119. if (!point_pub)
  120. {
  121. ipp_ret = ippStsNoMemErr;
  122. break;
  123. }
  124. ipp_ret = ippsECCPPointInit(256, point_pub);
  125. ERROR_BREAK(ipp_ret);
  126. ipp_ret = sgx_ipp_newBN(NULL, SGX_ECP256_KEY_SIZE, &dh_priv_BN);
  127. ERROR_BREAK(ipp_ret);
  128. // Use the true random number (DRNG)
  129. // Notice that IPP ensures the private key generated is non-zero
  130. ipp_ret = ippsECCPGenKeyPair(dh_priv_BN, point_pub, p_ecc_state, (IppBitSupplier)sgx_ipp_DRNGen, NULL);
  131. ERROR_BREAK(ipp_ret);
  132. //convert point_result to oct string
  133. ipp_ret = sgx_ipp_newBN(NULL, SGX_ECP256_KEY_SIZE, &pub_gx);
  134. ERROR_BREAK(ipp_ret);
  135. ipp_ret = sgx_ipp_newBN(NULL, SGX_ECP256_KEY_SIZE, &pub_gy);
  136. ERROR_BREAK(ipp_ret);
  137. ipp_ret = ippsECCPGetPoint(pub_gx, pub_gy, point_pub, p_ecc_state);
  138. ERROR_BREAK(ipp_ret);
  139. IppsBigNumSGN sgn = IppsBigNumPOS;
  140. Ipp32u *pdata = NULL;
  141. // ippsRef_BN is in bits not bytes (versus old ippsGet_BN)
  142. int length = 0;
  143. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, pub_gx);
  144. ERROR_BREAK(ipp_ret);
  145. memset(p_public->gx, 0, sizeof(p_public->gx));
  146. ipp_ret = check_copy_size(sizeof(p_public->gx), ROUND_TO(length, 8) / 8);
  147. ERROR_BREAK(ipp_ret);
  148. memcpy(p_public->gx, pdata, ROUND_TO(length, 8) / 8);
  149. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, pub_gy);
  150. ERROR_BREAK(ipp_ret);
  151. memset(p_public->gy, 0, sizeof(p_public->gy));
  152. ipp_ret = check_copy_size(sizeof(p_public->gy), ROUND_TO(length, 8) / 8);
  153. ERROR_BREAK(ipp_ret);
  154. memcpy(p_public->gy, pdata, ROUND_TO(length, 8) / 8);
  155. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, dh_priv_BN);
  156. ERROR_BREAK(ipp_ret);
  157. memset(p_private->r, 0, sizeof(p_private->r));
  158. ipp_ret = check_copy_size(sizeof(p_private->r), ROUND_TO(length, 8) / 8);
  159. ERROR_BREAK(ipp_ret);
  160. memcpy(p_private->r, pdata, ROUND_TO(length, 8) / 8);
  161. } while (0);
  162. //Clear temp buffer before free.
  163. if (point_pub) memset_s(point_pub, ecPointSize, 0, ecPointSize);
  164. SAFE_FREE(point_pub);
  165. sgx_ipp_secure_free_BN(pub_gx, SGX_ECP256_KEY_SIZE);
  166. sgx_ipp_secure_free_BN(pub_gy, SGX_ECP256_KEY_SIZE);
  167. sgx_ipp_secure_free_BN(dh_priv_BN, SGX_ECP256_KEY_SIZE);
  168. switch (ipp_ret)
  169. {
  170. case ippStsNoErr: return SGX_SUCCESS;
  171. case ippStsNoMemErr:
  172. case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
  173. case ippStsNullPtrErr:
  174. case ippStsLengthErr:
  175. case ippStsOutOfRangeErr:
  176. case ippStsSizeErr:
  177. case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
  178. default: return SGX_ERROR_UNEXPECTED;
  179. }
  180. }
  181. /* Checks whether the input point is a valid point on the given elliptic curve
  182. * Parameters:
  183. * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
  184. * Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  185. * sgx_ec256_public_t *p_point - Pointer to perform validity check on - LITTLE ENDIAN
  186. * Output: int *p_valid - Return 0 if the point is an invalid point on ECC curve */
  187. sgx_status_t sgx_ecc256_check_point(const sgx_ec256_public_t *p_point,
  188. const sgx_ecc_state_handle_t ecc_handle,
  189. int *p_valid)
  190. {
  191. if ((ecc_handle == NULL) || (p_point == NULL) || (p_valid == NULL))
  192. {
  193. return SGX_ERROR_INVALID_PARAMETER;
  194. }
  195. IppsECCPPointState* point2check = NULL;
  196. IppStatus ipp_ret = ippStsNoErr;
  197. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  198. IppECResult ipp_result = ippECValid;
  199. int ecPointSize = 0;
  200. IppsBigNumState* BN_gx = NULL;
  201. IppsBigNumState* BN_gy = NULL;
  202. // Intialize return to false
  203. *p_valid = 0;
  204. do
  205. {
  206. ipp_ret = ippsECCPPointGetSize(256, &ecPointSize);
  207. ERROR_BREAK(ipp_ret);
  208. point2check = (IppsECCPPointState*)malloc(ecPointSize);
  209. if (!point2check)
  210. {
  211. ipp_ret = ippStsNoMemErr;
  212. break;
  213. }
  214. ipp_ret = ippsECCPPointInit(256, point2check);
  215. ERROR_BREAK(ipp_ret);
  216. ipp_ret = sgx_ipp_newBN((const Ipp32u *)p_point->gx, sizeof(p_point->gx), &BN_gx);
  217. ERROR_BREAK(ipp_ret);
  218. ipp_ret = sgx_ipp_newBN((const Ipp32u *)p_point->gy, sizeof(p_point->gy), &BN_gy);
  219. ERROR_BREAK(ipp_ret);
  220. ipp_ret = ippsECCPSetPoint(BN_gx, BN_gy, point2check, p_ecc_state);
  221. ERROR_BREAK(ipp_ret);
  222. // Check to see if the point is a valid point on the Elliptic curve and is not infinity
  223. ipp_ret = ippsECCPCheckPoint(point2check, &ipp_result, p_ecc_state);
  224. ERROR_BREAK(ipp_ret);
  225. if (ipp_result == ippECValid)
  226. {
  227. *p_valid = 1;
  228. }
  229. } while (0);
  230. // Clear temp buffer before free.
  231. if (point2check)
  232. memset_s(point2check, ecPointSize, 0, ecPointSize);
  233. SAFE_FREE(point2check);
  234. sgx_ipp_secure_free_BN(BN_gx, sizeof(p_point->gx));
  235. sgx_ipp_secure_free_BN(BN_gy, sizeof(p_point->gy));
  236. switch (ipp_ret)
  237. {
  238. case ippStsNoErr: return SGX_SUCCESS;
  239. case ippStsNoMemErr:
  240. case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
  241. case ippStsNullPtrErr:
  242. case ippStsLengthErr:
  243. case ippStsOutOfRangeErr:
  244. case ippStsSizeErr:
  245. case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
  246. default: return SGX_ERROR_UNEXPECTED;
  247. }
  248. }
  249. /* Computes DH shared key based on private B key (local) and remote public Ga Key
  250. * Parameters:
  251. * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
  252. * Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  253. * sgx_ec256_private_t *p_private_b - Pointer to the local private key - LITTLE ENDIAN
  254. * sgx_ec256_public_t *p_public_ga - Pointer to the remote public key - LITTLE ENDIAN
  255. * Output: sgx_ec256_dh_shared_t *p_shared_key - Pointer to the shared DH key - LITTLE ENDIAN
  256. x-coordinate of (privKeyB - pubKeyA) */
  257. sgx_status_t sgx_ecc256_compute_shared_dhkey(sgx_ec256_private_t *p_private_b,
  258. sgx_ec256_public_t *p_public_ga,
  259. sgx_ec256_dh_shared_t *p_shared_key,
  260. sgx_ecc_state_handle_t ecc_handle)
  261. {
  262. if ((ecc_handle == NULL) || (p_private_b == NULL) || (p_public_ga == NULL) || (p_shared_key == NULL))
  263. {
  264. return SGX_ERROR_INVALID_PARAMETER;
  265. }
  266. IppsBigNumState* BN_dh_privB = NULL;
  267. IppsBigNumState* BN_dh_share = NULL;
  268. IppsBigNumState* pubA_gx = NULL;
  269. IppsBigNumState* pubA_gy = NULL;
  270. IppsECCPPointState* point_pubA = NULL;
  271. IppStatus ipp_ret = ippStsNoErr;
  272. int ecPointSize = 0;
  273. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  274. IppECResult ipp_result = ippECValid;
  275. do
  276. {
  277. ipp_ret = sgx_ipp_newBN((Ipp32u*)p_private_b->r, sizeof(sgx_ec256_private_t), &BN_dh_privB);
  278. ERROR_BREAK(ipp_ret);
  279. ipp_ret = sgx_ipp_newBN((uint32_t*)p_public_ga->gx, sizeof(p_public_ga->gx), &pubA_gx);
  280. ERROR_BREAK(ipp_ret);
  281. ipp_ret = sgx_ipp_newBN((uint32_t*)p_public_ga->gy, sizeof(p_public_ga->gy), &pubA_gy);
  282. ERROR_BREAK(ipp_ret);
  283. ipp_ret = ippsECCPPointGetSize(256, &ecPointSize);
  284. ERROR_BREAK(ipp_ret);
  285. point_pubA = (IppsECCPPointState*)(malloc(ecPointSize));
  286. if (!point_pubA)
  287. {
  288. ipp_ret = ippStsNoMemErr;
  289. break;
  290. }
  291. ipp_ret = ippsECCPPointInit(256, point_pubA);
  292. ERROR_BREAK(ipp_ret);
  293. ipp_ret = ippsECCPSetPoint(pubA_gx, pubA_gy, point_pubA, p_ecc_state);
  294. ERROR_BREAK(ipp_ret);
  295. // Check to see if the point is a valid point on the Elliptic curve and is not infinity
  296. ipp_ret = ippsECCPCheckPoint(point_pubA, &ipp_result, p_ecc_state);
  297. if (ipp_result != ippECValid)
  298. {
  299. break;
  300. }
  301. ERROR_BREAK(ipp_ret);
  302. ipp_ret = sgx_ipp_newBN(NULL, sizeof(sgx_ec256_dh_shared_t), &BN_dh_share);
  303. ERROR_BREAK(ipp_ret);
  304. /* This API generates shareA = x-coordinate of (privKeyB*pubKeyA) */
  305. ipp_ret = ippsECCPSharedSecretDH(BN_dh_privB, point_pubA, BN_dh_share, p_ecc_state);
  306. ERROR_BREAK(ipp_ret);
  307. IppsBigNumSGN sgn = IppsBigNumPOS;
  308. int length = 0;
  309. Ipp32u * pdata = NULL;
  310. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, BN_dh_share);
  311. ERROR_BREAK(ipp_ret);
  312. memset(p_shared_key->s, 0, sizeof(p_shared_key->s));
  313. ipp_ret = check_copy_size(sizeof(p_shared_key->s), ROUND_TO(length, 8) / 8);
  314. ERROR_BREAK(ipp_ret);
  315. memcpy(p_shared_key->s, pdata, ROUND_TO(length, 8) / 8);
  316. } while (0);
  317. // Clear temp buffer before free.
  318. if (point_pubA) memset_s(point_pubA, ecPointSize, 0, ecPointSize);
  319. SAFE_FREE(point_pubA);
  320. sgx_ipp_secure_free_BN(pubA_gx, sizeof(p_public_ga->gx));
  321. sgx_ipp_secure_free_BN(pubA_gy, sizeof(p_public_ga->gy));
  322. sgx_ipp_secure_free_BN(BN_dh_privB, sizeof(sgx_ec256_private_t));
  323. sgx_ipp_secure_free_BN(BN_dh_share, sizeof(sgx_ec256_dh_shared_t));
  324. if (ipp_result != ippECValid)
  325. {
  326. return SGX_ERROR_INVALID_PARAMETER;
  327. }
  328. switch (ipp_ret)
  329. {
  330. case ippStsNoErr: return SGX_SUCCESS;
  331. case ippStsNoMemErr:
  332. case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
  333. case ippStsNullPtrErr:
  334. case ippStsLengthErr:
  335. case ippStsOutOfRangeErr:
  336. case ippStsSizeErr:
  337. case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
  338. default: return SGX_ERROR_UNEXPECTED;
  339. }
  340. }
  341. /* Computes 512-bit DH shared key based on private B key (local) and remote public Ga Key
  342. * Parameters:
  343. * Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
  344. * Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
  345. * sgx_ec256_private_t *p_private_b - Pointer to the local private key - LITTLE ENDIAN
  346. * sgx_ec256_public_t *p_public_ga - Pointer to the remote public key - LITTLE ENDIAN
  347. * Output: sgx_ec256_dh_shared_t *p_shared_key - Pointer to the shared DH key - LITTLE ENDIAN
  348. x-coordinate of (privKeyB - pubKeyA) */
  349. sgx_status_t sgx_ecc256_compute_shared_dhkey512(sgx_ec256_private_t *p_private_b,
  350. sgx_ec256_public_t *p_public_ga,
  351. sgx_ec256_dh_shared512_t *p_shared_key,
  352. sgx_ecc_state_handle_t ecc_handle)
  353. {
  354. if ((ecc_handle == NULL) || (p_private_b == NULL) || (p_public_ga == NULL) || (p_shared_key == NULL))
  355. {
  356. return SGX_ERROR_INVALID_PARAMETER;
  357. }
  358. IppsBigNumState* BN_dh_privB = NULL;
  359. IppsBigNumState* BN_dh_share512_x = NULL;
  360. IppsBigNumState* BN_dh_share512_y = NULL;
  361. IppsBigNumState* pubA_gx = NULL;
  362. IppsBigNumState* pubA_gy = NULL;
  363. IppsECCPPointState* point_pubA = NULL;
  364. IppsECCPPointState* point_R = NULL;
  365. IppStatus ipp_ret = ippStsNoErr;
  366. int ecPointSize = 0;
  367. IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
  368. do
  369. {
  370. ipp_ret = sgx_ipp_newBN((Ipp32u*)p_private_b->r, sizeof(sgx_ec256_private_t), &BN_dh_privB);
  371. ERROR_BREAK(ipp_ret);
  372. ipp_ret = sgx_ipp_newBN((uint32_t*)p_public_ga->gx, sizeof(p_public_ga->gx), &pubA_gx);
  373. ERROR_BREAK(ipp_ret);
  374. ipp_ret = sgx_ipp_newBN((uint32_t*)p_public_ga->gy, sizeof(p_public_ga->gy), &pubA_gy);
  375. ERROR_BREAK(ipp_ret);
  376. ipp_ret = ippsECCPPointGetSize(256, &ecPointSize);
  377. ERROR_BREAK(ipp_ret);
  378. point_pubA = (IppsECCPPointState*)( malloc(ecPointSize) );
  379. if(!point_pubA)
  380. {
  381. ipp_ret = ippStsNoMemErr;
  382. break;
  383. }
  384. ipp_ret = ippsECCPPointInit(256, point_pubA);
  385. ERROR_BREAK(ipp_ret);
  386. ipp_ret = ippsECCPSetPoint(pubA_gx, pubA_gy, point_pubA, p_ecc_state);
  387. ERROR_BREAK(ipp_ret);
  388. point_R = (IppsECCPPointState*)( malloc(ecPointSize) );
  389. if(!point_R)
  390. {
  391. ipp_ret = ippStsNoMemErr;
  392. break;
  393. }
  394. ipp_ret = ippsECCPPointInit(256, point_R);
  395. ERROR_BREAK(ipp_ret);
  396. ipp_ret = sgx_ipp_newBN(NULL, sizeof(sgx_ec256_dh_shared_t), &BN_dh_share512_x);
  397. ERROR_BREAK(ipp_ret);
  398. ipp_ret = sgx_ipp_newBN(NULL, sizeof(sgx_ec256_dh_shared_t), &BN_dh_share512_y);
  399. ERROR_BREAK(ipp_ret);
  400. ipp_ret = ippsECCPMulPointScalar(point_pubA, BN_dh_privB, point_R, p_ecc_state);
  401. ERROR_BREAK(ipp_ret);
  402. ipp_ret = ippsECCPGetPoint(BN_dh_share512_x, BN_dh_share512_y, point_R, p_ecc_state);
  403. ERROR_BREAK(ipp_ret);
  404. IppsBigNumSGN sgn = IppsBigNumPOS;
  405. int length = 0;
  406. Ipp32u *pdata = NULL;
  407. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, BN_dh_share512_x);
  408. ERROR_BREAK(ipp_ret);
  409. memset(p_shared_key->x, 0, sizeof(p_shared_key->x));
  410. memcpy(p_shared_key->x, pdata, ROUND_TO(length, 8)/8);
  411. // Clear memory securely
  412. memset_s(pdata, sizeof(p_shared_key->x), 0, ROUND_TO(length, 8)/8);
  413. ipp_ret = ippsRef_BN(&sgn, &length, &pdata, BN_dh_share512_y);
  414. ERROR_BREAK(ipp_ret);
  415. memset(p_shared_key->y, 0, sizeof(p_shared_key->y));
  416. memcpy(p_shared_key->y, pdata, ROUND_TO(length, 8)/8);
  417. // Clear memory securely
  418. memset_s(pdata, sizeof(p_shared_key->x), 0, ROUND_TO(length, 8)/8);
  419. }while(0);
  420. // Clear temp buffer before free.
  421. if (point_pubA) memset_s(point_pubA, ecPointSize, 0, ecPointSize);
  422. SAFE_FREE(point_pubA);
  423. if (point_R) memset_s(point_R, ecPointSize, 0, ecPointSize);
  424. SAFE_FREE(point_R);
  425. sgx_ipp_secure_free_BN(pubA_gx, sizeof(p_public_ga->gx));
  426. sgx_ipp_secure_free_BN(pubA_gy, sizeof(p_public_ga->gy));
  427. sgx_ipp_secure_free_BN(BN_dh_privB, sizeof(sgx_ec256_private_t));
  428. sgx_ipp_secure_free_BN(BN_dh_share512_x, sizeof(sgx_ec256_dh_shared_t));
  429. sgx_ipp_secure_free_BN(BN_dh_share512_y, sizeof(sgx_ec256_dh_shared_t));
  430. switch (ipp_ret)
  431. {
  432. case ippStsNoErr: return SGX_SUCCESS;
  433. case ippStsNoMemErr:
  434. case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
  435. case ippStsNullPtrErr:
  436. case ippStsLengthErr:
  437. case ippStsOutOfRangeErr:
  438. case ippStsSizeErr:
  439. case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
  440. default: return SGX_ERROR_UNEXPECTED;
  441. }
  442. }