miti
/
linux-sgx-trts-modified


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
							/*
 * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */


#include "stdlib.h"
#include "string.h"
#include "ipp_wrapper.h"
#include "se_ecdsa_verify_internal.h"

#if !defined(SWAP_ENDIAN_DW)
#define SWAP_ENDIAN_DW(dw)	((((dw) & 0x000000ff) << 24)                    \
                            | (((dw) & 0x0000ff00) << 8)                    \
                            | (((dw) & 0x00ff0000) >> 8)                    \
                            | (((dw) & 0xff000000) >> 24))
#endif

// LE<->BE translation of 32 byte big number
#if !defined(SWAP_ENDIAN_32B)
#define SWAP_ENDIAN_32B(ptr)												\
{																			\
    unsigned int temp = 0;													\
    temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[0]);						\
    ((unsigned int*)(ptr))[0] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[7]);	\
    ((unsigned int*)(ptr))[7] = temp;										\
    temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[1]);						\
    ((unsigned int*)(ptr))[1] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[6]);	\
    ((unsigned int*)(ptr))[6] = temp;										\
    temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[2]);						\
    ((unsigned int*)(ptr))[2] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[5]);	\
    ((unsigned int*)(ptr))[5] = temp;										\
    temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[3]);						\
    ((unsigned int*)(ptr))[3] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[4]);	\
    ((unsigned int*)(ptr))[4] = temp;										\
}
#endif

#if !defined(ntohs)
#define ntohs(u16)                                      \
  ((uint16_t)(((((unsigned char*)&(u16))[0]) << 8)        \
            + (((unsigned char*)&(u16))[1])))
#endif


static const uint32_t g_nistp256_r[] = {
   0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, 0xFFFFFFFF, 0xFFFFFFFF,
   0x00000000, 0xFFFFFFFF};

/*
 * An utility function used to verify ecc signature.
 *
 * @param p_ecp Pointer to ecc context.
 * @param p_pubkey The ecc public key.
 * @param p_signature The signature, in little endian
 * @param p_sig_rl_hash Output from sgx_sha256_get_hash
 * @param p_result Verify result
 * @return sgx_status_t Return SGX_SUCCESS if p_result is valid. Need to check
 * the p_result for detailed result. ippECValid means signature match.
 * ippECInvalidSignature means the input signature is invalid.
 */
sgx_status_t se_ecdsa_verify_internal(
    IppsECCPState *p_ecp,
    sgx_ec256_public_t *p_pubkey,
    sgx_ec256_signature_t *p_signature,
    const se_ae_ecdsa_hash_t *p_sig_rl_hash,
    IppECResult *p_result)
{
    sgx_status_t ret = SGX_SUCCESS;
    IppStatus ipp_ret = ippStsNoErr;
    Ipp32u cmpZeroResult = 0;
    IppsBigNumState* p_bn_ecp_order = NULL;
    IppsBigNumState* p_bn_sig_rl_hash = NULL;
    IppsBigNumState* p_bn_sig_rl_msg = NULL;
    IppsBigNumState* p_bn_sign_x = NULL;
    IppsBigNumState* p_bn_sign_y = NULL;
    IppsBigNumState* p_bn_p_x = NULL;
    IppsBigNumState* p_bn_p_y = NULL;
    IppsECCPPointState *p_reg_pub_key = NULL;
    int ctxSize = 0;
    IppECResult ecc_result = ippECValid;
    uint32_t sig_rl_hash_le[8] = {0};
    const uint32_t zero = 0;
    IppsBigNumState* p_bn_zero = NULL;

    if(NULL == p_ecp || NULL == p_pubkey || NULL == p_signature
       || NULL == p_sig_rl_hash || NULL == p_result)
        return SGX_ERROR_INVALID_PARAMETER;

    const int order_size = sizeof(g_nistp256_r);

    ipp_ret = newBN(g_nistp256_r, order_size, &p_bn_ecp_order);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    memcpy(sig_rl_hash_le, p_sig_rl_hash->hash, sizeof(sig_rl_hash_le));
    SWAP_ENDIAN_32B(sig_rl_hash_le);
    ipp_ret = newBN(sig_rl_hash_le, sizeof(sig_rl_hash_le),
                    &p_bn_sig_rl_hash);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = newBN(0, order_size, &p_bn_sig_rl_msg);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = ippsMod_BN(p_bn_sig_rl_hash, p_bn_ecp_order, p_bn_sig_rl_msg);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = newBN(p_signature->x, order_size, &p_bn_sign_x);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    // Create a Big Number whose value is zero
    ipp_ret = newBN(&zero, sizeof(zero), &p_bn_zero);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    // Make sure none of the 2 signature big numbers is 0.
    ipp_ret = ippsCmp_BN(p_bn_sign_x, p_bn_zero, &cmpZeroResult);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }
    if(IS_ZERO == cmpZeroResult)
    {
        // Return SGX_SUCCESS and *p_result to be ippECInvalidSignature to report invalid signature.
        ret = SGX_SUCCESS;
        *p_result = ippECInvalidSignature;
        goto CLEANUP;
    }

    ipp_ret = newBN(p_signature->y, order_size, &p_bn_sign_y);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = ippsCmp_BN(p_bn_sign_y, p_bn_zero, &cmpZeroResult);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }
    if(IS_ZERO == cmpZeroResult)
    {
        // Return SGX_SUCCESS and  *p_result to be ippECInvalidSignature to report invalid signature
        ret = SGX_SUCCESS;
        *p_result = ippECInvalidSignature;
        goto CLEANUP;
    }

    ipp_ret = newBN((Ipp32u *)p_pubkey->gx, order_size, &p_bn_p_x);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = newBN((Ipp32u *)p_pubkey->gy, order_size, &p_bn_p_y);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = ippsECCPPointGetSize(256, &ctxSize);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    p_reg_pub_key = (IppsECCPPointState *)malloc(ctxSize);
    if(NULL == p_reg_pub_key)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = ippsECCPPointInit(256, p_reg_pub_key);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = ippsECCPSetPoint(p_bn_p_x, p_bn_p_y, p_reg_pub_key, p_ecp);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    /* Set the regular pub key. */
    ipp_ret = ippsECCPSetKeyPair(NULL, p_reg_pub_key, ippTrue, p_ecp);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    ipp_ret = ippsECCPVerifyDSA(p_bn_sig_rl_msg, p_bn_sign_x, p_bn_sign_y,
                                &ecc_result, p_ecp);
    if(ipp_ret != ippStsNoErr)
    {
        ret = SGX_ERROR_UNEXPECTED;
        goto CLEANUP;
    }

    *p_result = ecc_result;

CLEANUP:
    if(p_bn_ecp_order)
        free(p_bn_ecp_order);
    if(p_bn_sig_rl_hash)
        free(p_bn_sig_rl_hash);
    if(p_bn_sig_rl_msg)
        free(p_bn_sig_rl_msg);
    if(p_bn_sign_x)
        free(p_bn_sign_x);
    if(p_bn_sign_y)
        free(p_bn_sign_y);
    if(p_bn_p_x)
        free(p_bn_p_x);
    if(p_bn_p_y)
        free(p_bn_p_y);
    if(p_reg_pub_key)
        free(p_reg_pub_key);
    if(p_bn_zero)
        free(p_bn_zero);
    return ret;
}