int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = 0;
CRYSError_t CrysRet = CRYS_OK;
void* pHeap = NULL;
size_t heapSize = 0;
uint32_t key_size = 2*MAX_KEY_SIZE_IN_BYTES + 1;
const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( gid ) );
mbedtls_rand_func_container cc_rand = { f_rng, p_rng };
if ( pDomain )
{
uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0};
cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_keygen_params_t) );
if ( kgParams == NULL )
return ( MBEDTLS_ERR_ECP_ALLOC_FAILED );
pHeap = kgParams;
heapSize = sizeof(cc_ecc_ws_keygen_params_t);
CrysRet = CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, pDomain,
&kgParams->privKey, &kgParams->pubKey,
&kgParams->kgTempData, NULL );
if ( CrysRet != CRYS_OK )
{
ret = convert_CrysError_to_mbedtls_err( CrysRet );
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, gid ) );
CrysRet = CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, CRYS_EC_PointUncompressed, temp_buf, &key_size );
if ( CrysRet != CRYS_OK )
{
ret = convert_CrysError_to_mbedtls_err( CrysRet );
goto cleanup;
}
ret = mbedtls_ecp_point_read_binary( &ctx->grp, &ctx->Q, temp_buf, key_size );
if ( ret != 0 )
goto cleanup;
memset ( temp_buf, 0 , sizeof(temp_buf) );
CrysRet = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (ctx->grp.nbits+7)/8,
kgParams->privKey.PrivKeyDbBuff,
4*((((ctx->grp.nbits+7)/8)+3)/4) );
if ( CrysRet != CRYS_OK )
{
ret = convert_CrysError_to_mbedtls_err( CrysRet );
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
goto cleanup;
}
ret = mbedtls_mpi_read_binary( &ctx->d, temp_buf, (ctx->grp.nbits+7)/8 );
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
if ( ret != 0 )
{
goto cleanup;
}
}
else
ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
cleanup:
if ( pHeap )
{
mbedtls_zeroize( pHeap, heapSize );
mbedtls_free ( pHeap );
}
return ( ret );
}
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int ( *f_rng )( void *, unsigned char *, size_t ),
void *p_rng )
{
int ret = 0;
void* pHeap = NULL;
size_t heapSize = 0;
uint32_t public_key_size = (2 * MAX_KEY_SIZE_IN_BYTES + 1);
const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) );
mbedtls_rand_func_container cc_rand = { f_rng, p_rng };
if ( pDomain )
{
uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0};
cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof( cc_ecc_ws_keygen_params_t ) );
if ( kgParams == NULL )
return ( MBEDTLS_ERR_ECP_ALLOC_FAILED );
pHeap = kgParams;
heapSize = sizeof( cc_ecc_ws_keygen_params_t );
ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand,
pDomain, &kgParams->privKey,
&kgParams->pubKey,
&kgParams->kgTempData, NULL ) );
if( ret != 0 )
{
goto cleanup;
}
ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_ExportPublKey( &kgParams->pubKey,
CRYS_EC_PointUncompressed,temp_buf, &public_key_size ) );
if( ret != 0 )
{
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( grp, Q, temp_buf, public_key_size ) );
memset ( temp_buf, 0 , sizeof(temp_buf) );
ret = convert_CrysError_to_mbedtls_err( CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (grp->nbits+7)/8,
kgParams->privKey.PrivKeyDbBuff,
4*((((grp->nbits+7)/8)+3)/4) ) );
if( ret != 0 )
{
mbedtls_zeroize( temp_buf, sizeof( temp_buf ) );
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary( d, temp_buf, (grp->nbits+7)/8 ) );
mbedtls_zeroize( temp_buf, sizeof( temp_buf ) );
}
/* if CRYS_ECPKI_GetEcDomain returns NULL, then the given curve is either Montgomery 25519
* or another curve which is not supported by CC310*/
else if ( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
{
size_t priv_key_size = public_key_size = CURVE_25519_KEY_SIZE ;
cc_ecc_25519_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_25519_keygen_params_t) );
if ( kgParams == NULL )
return ( MBEDTLS_ERR_ECP_ALLOC_FAILED );
pHeap = ( uint8_t* )kgParams;
heapSize = sizeof(cc_ecc_25519_keygen_params_t);
ret = convert_CrysError_to_mbedtls_err( CRYS_ECMONT_KeyPair( kgParams->pubKey, ( size_t* )&public_key_size, kgParams->privKey,
&priv_key_size, &cc_rand, convert_mbedtls_to_cc_rand,
&kgParams->kgTempData ) );
if( ret != 0 )
{
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, kgParams->privKey, priv_key_size ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Q->X, kgParams->pubKey, public_key_size ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Q->Z, 1 ) );
}
else
ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
cleanup:
if ( pHeap )
{
mbedtls_zeroize( pHeap, heapSize );
mbedtls_free( pHeap );
}
return ( ret );
}
/******************************************************************************************
@brief CRYS_RSA_Get_PubKey gets the e,n public key from the database.
@param[in] UserPubKey_ptr - A pointer to the public key structure.
This structure is used as input to the CRYS_RSA_PRIM_Encrypt API.
@param[out] Exponent_ptr - A pointer to the exponent stream of bytes (Big-Endian format)
@param[in,out] ExponentSize_ptr - the size of the exponent buffer in bytes, it is updated to the
actual size of the exponent, in bytes.
@param[out] Modulus_ptr - A pointer to the modulus stream of bytes (Big-Endian format).
The MS (most significant) bit must be set to '1'.
@param[in,out] ModulusSize_ptr - the size of the modulus buffer in bytes, it is updated to the
actual size of the modulus, in bytes.
NOTE: All members of input UserPrivKey structure must be initialized, including public key
e pointer and it size.
*/
CEXPORT_C CRYSError_t CRYS_RSA_Get_PubKey(
CRYS_RSAUserPubKey_t *UserPubKey_ptr,
DxUint8_t *Exponent_ptr,
DxUint16_t *ExponentSize_ptr,
DxUint8_t *Modulus_ptr,
DxUint16_t *ModulusSize_ptr )
{
/* LOCAL DECLERATIONS */
/* the size in bytes of the modulus and the exponent */
DxUint32_t nSizeInBytes;
DxUint32_t eSizeInBytes;
/* the public key database pointer */
CRYSRSAPubKey_t *PubKey_ptr;
CRYSError_t Error;
/* FUNCTION DECLERATIONS */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserPubKey_ptr , Exponent_ptr , ExponentSize_ptr ,
Modulus_ptr , ModulusSize_ptr , nSizeInBytes ,
eSizeInBytes , PubKey_ptr , PubKey_ptr,
PubKey_ptr , PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr );
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
/* ...... checking the key database handle pointer .................... */
if(UserPubKey_ptr == DX_NULL)
return CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR;
/* ...... checking the validity of the exponent pointer ............... */
if(Exponent_ptr == DX_NULL)
return CRYS_RSA_INVALID_EXPONENT_POINTER_ERROR;
/* ...... checking the validity of the modulus pointer .............. */
if(Modulus_ptr == DX_NULL)
return CRYS_RSA_INVALID_MODULUS_POINTER_ERROR;
if(ExponentSize_ptr == DX_NULL)
return CRYS_RSA_INVALID_EXP_BUFFER_SIZE_POINTER;
if(ModulusSize_ptr == DX_NULL)
return CRYS_RSA_INVALID_MOD_BUFFER_SIZE_POINTER;
/* if the users TAG is illegal return an error - the context is invalid */
if(UserPubKey_ptr->valid_tag != CRYS_RSA_PUB_KEY_VALIDATION_TAG)
return CRYS_RSA_PUB_KEY_VALIDATION_TAG_ERROR;
#ifndef DX_OEM_FW
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPubKey_ptr, sizeof(CRYS_RSAUserPubKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, Exponent_ptr, *ExponentSize_ptr) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, Modulus_ptr, *ModulusSize_ptr) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, ExponentSize_ptr, sizeof(DxUint32_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ModulusSize_ptr, sizeof(DxUint32_t))){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* ...... checking the exponent size ................................ */
/* setting the pointer to the key database */
PubKey_ptr = ( CRYSRSAPubKey_t * )UserPubKey_ptr->PublicKeyDbBuff;
/* calculating the required size in bytes */
nSizeInBytes = (PubKey_ptr->nSizeInBits + 7) / 8;
eSizeInBytes = (PubKey_ptr->eSizeInBits + 7) / 8;
/* if the size of the modulus is to small return error */
if(nSizeInBytes > *ModulusSize_ptr)
return CRYS_RSA_INVALID_MODULUS_SIZE;
/* if the size of the exponent buffer is to small return error */
if(eSizeInBytes > *ExponentSize_ptr)
return CRYS_RSA_INVALID_EXPONENT_SIZE;
/* .............. loading the output arguments and buffers ............... */
/* ----------------------------------------------------------------------- */
/* loading the buffers */
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(Exponent_ptr, 4*((*ExponentSize_ptr+3)/4),
PubKey_ptr->e, eSizeInBytes );
if(Error != CRYS_OK)
return Error;
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(Modulus_ptr, 4*((*ModulusSize_ptr+3)/4),
PubKey_ptr->n, nSizeInBytes );
if(Error != CRYS_OK)
return Error;
/* updating the buffer sizes */
*ModulusSize_ptr = (DxUint16_t)nSizeInBytes;
*ExponentSize_ptr = (DxUint16_t)eSizeInBytes;
return CRYS_OK;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF CRYS_RSA_Get_PubKey */
/**
@brief The function converts an existed public key into the big endian and outputs it.
The function performs the following steps:
- checks input parameters,
- Converts the X,Y coordinates of public key EC point to big endianness.
- Sets the public key as follows:
In case "Uncompressed" point: PubKey = PC||X||Y, PC = 0x4 - single byte;
In other cases returns an error.
- Exits.
NOTE: - At this stage supported only uncompressed point form,
- Size of output X and Y coordinates is equal to ModSizeInBytes.
@param[in] UserPublKey_ptr - A pointer to the public key structure initialized by CRYS.
@param[in] Compression - An enumerator parameter, defines point compression.
@param[out] ExternPublKey_ptr - A pointer to the buffer for export the public key bytes array in big
endian order of bytes. Size of buffer must be not less than:
2*ModSiseInBytes+1 bytes.
@param[in/out] PublKeySizeInBytes - A pointer to size of user passed public key buffer (in) and
the actual size of exported public key (out).
@return CRYSError_t - CRYS_OK,
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR
*/
CEXPORT_C CRYSError_t CRYS_ECPKI_ExportPublKey(
CRYS_ECPKI_UserPublKey_t *UserPublKey_ptr, /*in*/
CRYS_ECPKI_PointCompression_t Compression, /*in*/
DxUint8_t *ExternPublKey_ptr, /*in*/
DxUint32_t *PublKeySizeInBytes_ptr /*in/out*/)
{
/*-------------------- FUNCTION DECLARATIONS ------------------------*/
/* the private key structure pointer */
CRYS_ECPKI_PublKey_t *PublKey_ptr;
/* Domain ID and DomainInfo - structure containing part of domain information */
CRYS_ECPKI_DomainID_t DomainID;
CRYS_ECPKI_DomainInfo_t DomainInfo;
/* EC modulus size in words and in bytes*/
DxUint32_t ModSizeInBytes;
/* the Error return code identifier */
CRYSError_t Error;
/* FUNCTION LOGIC */
/* .................. if not supported exit .............................. */
RETURN_IF_ECPKI_UNSUPPORTED( UserPublKey_ptr, Compression, ExternPublKey_ptr,
PublKeySizeInBytes_ptr, PublKey_ptr, DomainInfo.EC_ModulusSizeInBits,
DomainID, ModSizeInBytes, Error, Error, Error, Error, Error, Error,
Error, Error, Error, Error, Error, Error, Error, Error );
#ifndef CRYS_NO_ECPKI_SUPPORT
/* .................. INITIALIZATIONS ................................. */
Error = CRYS_OK; /* Error initialization */
/*............. Checking input parameters ..............................*/
/* ...... checking the key database handle pointer .................... */
if( UserPublKey_ptr == DX_NULL )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR;
/* ...... checking the validity of the extern Public Key pointer ........ */
if( ExternPublKey_ptr == DX_NULL )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR;
/* ... checking the validity of the extern Public Key size pointer ...... */
if( PublKeySizeInBytes_ptr == DX_NULL )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR;
PublKey_ptr = (CRYS_ECPKI_PublKey_t *)((void*)UserPublKey_ptr->PublKeyDbBuff);
DomainID = PublKey_ptr->DomainID;
/* ...... checking the EC domain ID...................................... */
if( DomainID >= CRYS_ECPKI_DomainID_OffMode )
return CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR;
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPublKey_ptr, sizeof(CRYS_ECPKI_UserPublKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ExternPublKey_ptr, *PublKeySizeInBytes_ptr) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, PublKeySizeInBytes_ptr, sizeof(DxUint32_t))){
return CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
/*------------------------ FUNCTION LOGIC --------------------------------*/
/* get domain info and modulus size */
Error = LLF_ECPKI_GetDomainInfo(DomainID, &DomainInfo);
if(Error != CRYS_OK)
return Error;
ModSizeInBytes = (DomainInfo.EC_ModulusSizeInBits + 7)/8;
/* Convert public key to big endianness export form */
switch( Compression ){
case CRYS_EC_PointUncompressed:
/* check uzer passed size of buffer for public key*/
if( *PublKeySizeInBytes_ptr < 2*ModSizeInBytes + 1 )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR;
/* Set ExternPublKey[0] = PC = 4 */
ExternPublKey_ptr[0] = 4;
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(
ExternPublKey_ptr + 1, 4*((ModSizeInBytes+3)/4),
PublKey_ptr->PublKeyX, ModSizeInBytes );
if(Error != CRYS_OK)
return Error;
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(
ExternPublKey_ptr + 1 + ModSizeInBytes, 4*((ModSizeInBytes+3)/4),
PublKey_ptr->PublKeyY, ModSizeInBytes );
if(Error != CRYS_OK)
return Error;
/* Set PublKeySizeInBytes */
*PublKeySizeInBytes_ptr = 2*ModSizeInBytes + 1;
break;
case CRYS_EC_PointHybrid:
case CRYS_EC_PointCompressed:
case CRYS_EC_PointContWrong:
case CRYS_EC_PointCompresOffMode:
default:
return CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR;
}
return Error;
#endif /* !CRYS_NO_ECPKI_SUPPORT */
} /* End of CRYS_ECPKI_ExportPublKey */
