/*
* Use EC parameters to initialise an EC group
*
* ECParameters ::= CHOICE {
* namedCurve OBJECT IDENTIFIER
* specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
* -- implicitCurve NULL
*/
static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
{
int ret;
mbedtls_ecp_group_id grp_id;
if( params->tag == MBEDTLS_ASN1_OID )
{
if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
}
else
{
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
return( ret );
#else
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
#endif
}
/*
* grp may already be initilialized; if so, make sure IDs match
*/
if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
return( ret );
return( 0 );
}
int dslink_handshake_get_group(mbedtls_ecp_group *grp) {
mbedtls_ecp_group_init(grp);
const mbedtls_ecp_curve_info *info
= mbedtls_ecp_curve_info_from_grp_id(MBEDTLS_ECP_DP_SECP256R1);
if (!info) {
return DSLINK_CRYPT_MISSING_CURVE;
}
if ((errno = mbedtls_ecp_group_load(grp, info->grp_id)) != 0) {
return DSLINK_CRYPT_GROUP_LOAD_ERR;
}
return 0;
}
/*
* Find the group id associated with an (almost filled) group as generated by
* pk_group_from_specified(), or return an error if unknown.
*/
static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
{
int ret = 0;
mbedtls_ecp_group ref;
const mbedtls_ecp_group_id *id;
mbedtls_ecp_group_init( &ref );
for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
{
/* Load the group associated to that id */
mbedtls_ecp_group_free( &ref );
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
/* Compare to the group we were given, starting with easy tests */
if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
/* For Y we may only know the parity bit, so compare only that */
mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
{
break;
}
}
cleanup:
mbedtls_ecp_group_free( &ref );
*grp_id = *id;
if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
return( ret );
}
TEE_Result crypto_acipher_ecc_shared_secret(struct ecc_keypair *private_key,
struct ecc_public_key *public_key,
void *secret,
unsigned long *secret_len)
{
TEE_Result res = TEE_SUCCESS;
int lmd_res = 0;
uint8_t one[1] = { 1 };
mbedtls_ecdh_context ecdh;
size_t out_len = 0;
memset(&ecdh, 0, sizeof(ecdh));
mbedtls_ecdh_init(&ecdh);
lmd_res = mbedtls_ecp_group_load(&ecdh.grp, private_key->curve);
if (lmd_res != 0) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}
ecdh.d = *(mbedtls_mpi *)private_key->d;
ecdh.Qp.X = *(mbedtls_mpi *)public_key->x;
ecdh.Qp.Y = *(mbedtls_mpi *)public_key->y;
mbedtls_mpi_read_binary(&ecdh.Qp.Z, one, sizeof(one));
lmd_res = mbedtls_ecdh_calc_secret(&ecdh, &out_len, secret,
*secret_len, mbd_rand, NULL);
if (lmd_res != 0) {
res = get_tee_result(lmd_res);
goto out;
}
*secret_len = out_len;
out:
/* Reset mpi to skip freeing here, those mpis will be freed with key */
mbedtls_mpi_init(&ecdh.d);
mbedtls_mpi_init(&ecdh.Qp.X);
mbedtls_mpi_init(&ecdh.Qp.Y);
mbedtls_ecdh_free(&ecdh);
return res;
}
TEE_Result crypto_acipher_ecc_verify(uint32_t algo, struct ecc_public_key *key,
const uint8_t *msg, size_t msg_len,
const uint8_t *sig, size_t sig_len)
{
TEE_Result res = TEE_SUCCESS;
int lmd_res = 0;
mbedtls_ecdsa_context ecdsa;
size_t key_size_bytes, key_size_bits = 0;
uint8_t one[1] = { 1 };
mbedtls_mpi r;
mbedtls_mpi s;
memset(&ecdsa, 0, sizeof(ecdsa));
memset(&r, 0, sizeof(r));
memset(&s, 0, sizeof(s));
if (algo == 0)
return TEE_ERROR_BAD_PARAMETERS;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
mbedtls_ecdsa_init(&ecdsa);
lmd_res = mbedtls_ecp_group_load(&ecdsa.grp, key->curve);
if (lmd_res != 0) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}
ecdsa.Q.X = *(mbedtls_mpi *)key->x;
ecdsa.Q.Y = *(mbedtls_mpi *)key->y;
mbedtls_mpi_read_binary(&ecdsa.Q.Z, one, sizeof(one));
res = ecc_get_keysize(key->curve, algo,
&key_size_bytes, &key_size_bits);
if (res != TEE_SUCCESS) {
res = TEE_ERROR_BAD_PARAMETERS;
goto out;
}
/* check keysize vs sig_len */
if ((key_size_bytes * 2) != sig_len) {
res = TEE_ERROR_BAD_PARAMETERS;
goto out;
}
mbedtls_mpi_read_binary(&r, sig, sig_len / 2);
mbedtls_mpi_read_binary(&s, sig + sig_len / 2, sig_len / 2);
lmd_res = mbedtls_ecdsa_verify(&ecdsa.grp, msg, msg_len, &ecdsa.Q,
&r, &s);
if (lmd_res != 0) {
FMSG("mbedtls_ecdsa_verify failed, returned 0x%x", -lmd_res);
res = get_tee_result(lmd_res);
}
out:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
/* Reset mpi to skip freeing here, those mpis will be freed with key */
mbedtls_mpi_init(&ecdsa.Q.X);
mbedtls_mpi_init(&ecdsa.Q.Y);
mbedtls_ecdsa_free(&ecdsa);
return res;
}
TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key,
const uint8_t *msg, size_t msg_len,
uint8_t *sig, size_t *sig_len)
{
TEE_Result res = TEE_SUCCESS;
int lmd_res = 0;
const mbedtls_pk_info_t *pk_info = NULL;
mbedtls_ecdsa_context ecdsa;
size_t key_size_bytes = 0;
size_t key_size_bits = 0;
mbedtls_mpi r;
mbedtls_mpi s;
memset(&ecdsa, 0, sizeof(ecdsa));
memset(&r, 0, sizeof(r));
memset(&s, 0, sizeof(s));
if (algo == 0)
return TEE_ERROR_BAD_PARAMETERS;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
mbedtls_ecdsa_init(&ecdsa);
lmd_res = mbedtls_ecp_group_load(&ecdsa.grp, key->curve);
if (lmd_res != 0) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}
ecdsa.d = *(mbedtls_mpi *)key->d;
res = ecc_get_keysize(key->curve, algo, &key_size_bytes,
&key_size_bits);
if (res != TEE_SUCCESS)
goto out;
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA);
if (pk_info == NULL) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}
lmd_res = mbedtls_ecdsa_sign(&ecdsa.grp, &r, &s, &ecdsa.d, msg,
msg_len, mbd_rand, NULL);
if (lmd_res == 0) {
*sig_len = 2 * key_size_bytes;
memset(sig, 0, *sig_len);
mbedtls_mpi_write_binary(&r, sig + *sig_len / 2 -
mbedtls_mpi_size(&r),
mbedtls_mpi_size(&r));
mbedtls_mpi_write_binary(&s, sig + *sig_len -
mbedtls_mpi_size(&s),
mbedtls_mpi_size(&s));
res = TEE_SUCCESS;
} else {
FMSG("mbedtls_ecdsa_sign failed, returned 0x%x\n", -lmd_res);
res = TEE_ERROR_GENERIC;
}
out:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
/* Reset mpi to skip freeing here, those mpis will be freed with key */
mbedtls_mpi_init(&ecdsa.d);
mbedtls_ecdsa_free(&ecdsa);
return res;
}
/*
* Generate key pair
*/
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
}
int main( int argc, char *argv[] )
{
int ret;
mbedtls_ecdh_context ctx_cli, ctx_srv;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char cli_to_srv[32], srv_to_cli[32];
const char pers[] = "ecdh";
((void) argc);
((void) argv);
mbedtls_ecdh_init( &ctx_cli );
mbedtls_ecdh_init( &ctx_srv );
mbedtls_ctr_drbg_init( &ctr_drbg );
/*
* Initialize random number generation
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
sizeof pers ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* Client: inialize context and generate keypair
*/
mbedtls_printf( " . Setting up client context..." );
fflush( stdout );
ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_gen_public returned %d\n", ret );
goto exit;
}
ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* Server: initialize context and generate keypair
*/
mbedtls_printf( " . Setting up server context..." );
fflush( stdout );
ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_gen_public returned %d\n", ret );
goto exit;
}
ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* Server: read peer's key and generate shared secret
*/
mbedtls_printf( " . Server reading client key and computing secret..." );
fflush( stdout );
ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z,
&ctx_srv.Qp, &ctx_srv.d,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* Client: read peer's key and generate shared secret
*/
mbedtls_printf( " . Client reading server key and computing secret..." );
fflush( stdout );
ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z,
&ctx_cli.Qp, &ctx_cli.d,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* Verification: are the computed secret equal?
*/
mbedtls_printf( " . Checking if both computed secrets are equal..." );
fflush( stdout );
ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
exit:
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
mbedtls_ecdh_free( &ctx_srv );
mbedtls_ecdh_free( &ctx_cli );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
return( ret != 0 );
}
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = 0;
CRYSError_t CrysRet = CRYS_OK;
void* pHeap = NULL;
size_t heapSize = 0;
uint32_t key_size = 2*MAX_KEY_SIZE_IN_BYTES + 1;
const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( gid ) );
mbedtls_rand_func_container cc_rand = { f_rng, p_rng };
if ( pDomain )
{
uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0};
cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_keygen_params_t) );
if ( kgParams == NULL )
return ( MBEDTLS_ERR_ECP_ALLOC_FAILED );
pHeap = kgParams;
heapSize = sizeof(cc_ecc_ws_keygen_params_t);
CrysRet = CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, pDomain,
&kgParams->privKey, &kgParams->pubKey,
&kgParams->kgTempData, NULL );
if ( CrysRet != CRYS_OK )
{
ret = convert_CrysError_to_mbedtls_err( CrysRet );
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, gid ) );
CrysRet = CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, CRYS_EC_PointUncompressed, temp_buf, &key_size );
if ( CrysRet != CRYS_OK )
{
ret = convert_CrysError_to_mbedtls_err( CrysRet );
goto cleanup;
}
ret = mbedtls_ecp_point_read_binary( &ctx->grp, &ctx->Q, temp_buf, key_size );
if ( ret != 0 )
goto cleanup;
memset ( temp_buf, 0 , sizeof(temp_buf) );
CrysRet = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (ctx->grp.nbits+7)/8,
kgParams->privKey.PrivKeyDbBuff,
4*((((ctx->grp.nbits+7)/8)+3)/4) );
if ( CrysRet != CRYS_OK )
{
ret = convert_CrysError_to_mbedtls_err( CrysRet );
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
goto cleanup;
}
ret = mbedtls_mpi_read_binary( &ctx->d, temp_buf, (ctx->grp.nbits+7)/8 );
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
if ( ret != 0 )
{
goto cleanup;
}
}
else
ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
cleanup:
if ( pHeap )
{
mbedtls_zeroize( pHeap, heapSize );
mbedtls_free ( pHeap );
}
return ( ret );
}
bool ECKey_From(const cn_cbor * pKey, mbedtls_ecp_keypair *keypair, cose_errback * perr)
{
byte rgbKey[MBEDTLS_ECP_MAX_PT_LEN];
int cbKey;
int cbGroup;
const cn_cbor * p;
mbedtls_ecp_group_id groupId;
p = cn_cbor_mapget_int(pKey, COSE_Key_Type);
CHECK_CONDITION(p != NULL, COSE_ERR_INVALID_PARAMETER);
if(p->type == CN_CBOR_UINT) {
CHECK_CONDITION(p->v.uint == COSE_Key_Type_EC2, COSE_ERR_INVALID_PARAMETER);
}
else {
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
p = cn_cbor_mapget_int(pKey, COSE_Key_EC_Curve);
CHECK_CONDITION((p != NULL) && (p->type == CN_CBOR_UINT), COSE_ERR_INVALID_PARAMETER);
switch (p->v.uint) {
case 1: // P-256
groupId = MBEDTLS_ECP_DP_SECP256R1;
break;
case 2: // P-384
groupId = MBEDTLS_ECP_DP_SECP384R1;
break;
case 3: // P-521
groupId = MBEDTLS_ECP_DP_SECP521R1;
break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
CHECK_CONDITION(mbedtls_ecp_group_load(&keypair->grp, groupId) == 0, COSE_ERR_INVALID_PARAMETER);
cbGroup = (keypair->grp.nbits + 7) / 8;
p = cn_cbor_mapget_int(pKey, COSE_Key_EC_X);
CHECK_CONDITION((p != NULL) && (p->type == CN_CBOR_BYTES), COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(p->length == cbGroup, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbKey+1, p->v.str, p->length);
p = cn_cbor_mapget_int(pKey, COSE_Key_EC_Y);
CHECK_CONDITION((p != NULL), COSE_ERR_INVALID_PARAMETER);
if (p->type == CN_CBOR_BYTES) {
rgbKey[0] = 0x04;
cbKey = cbGroup * 2 + 1;
CHECK_CONDITION(p->length == cbGroup, COSE_ERR_INVALID_PARAMETER);
memcpy(rgbKey + p->length + 1, p->v.str, p->length);
}
else if (p->type == CN_CBOR_TRUE) {
cbKey = cbGroup + 1;
rgbKey[0] = 0x03;
}
else if (p->type == CN_CBOR_FALSE) {
cbKey = cbGroup + 1;
rgbKey[0] = 0x02;
}
else FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(mbedtls_ecp_point_read_binary(&keypair->grp, &keypair->Q, rgbKey, cbKey) == 0, COSE_ERR_INVALID_PARAMETER);
p = cn_cbor_mapget_int(pKey, COSE_Key_EC_d);
if (p != NULL) {
CHECK_CONDITION(p->type == CN_CBOR_BYTES, COSE_ERR_INVALID_PARAMETER);
CHECK_CONDITION(mbedtls_mpi_read_binary( &keypair->d, p->v.bytes, p->length) == 0, COSE_ERR_CRYPTO_FAIL);
}
return true;
errorReturn:
return false;
}
