IppsBigNumState* bnNew(const char* sBN, const int size){
// get the size of the Big Number context
int ctxSize;
const int strSize = (const int)(strlen(sBN)+7)/8;
if ( strSize > size ){
std::cerr << "Caution in IppsBigNumState* bnNew(const char* sBN, int size):\n\t size of string number representation greater then params size supplied\n";
std::cerr << sBN << std::endl;
}
IppStatus res;
res = ippsBigNumGetSize(size, &ctxSize);
if (res != ippStsNoErr )
std::cerr << res;
// allocate the Big Number context
IppsBigNumState* pBN = (IppsBigNumState*) ( new Ipp8u[ctxSize] );
// and initialize one
res = ippsBigNumInit(size, pBN);
if (res != ippStsNoErr )
std::cerr << res;
Ipp8u* octetStr = new Ipp8u[(strlen(sBN)-1)/2+1+1];
strtoIpp8u( sBN, octetStr);
res = ippsSetOctString_BN(octetStr, (int)(strlen(sBN)-1)/2+1, pBN);
if (res != ippStsNoErr )
std::cerr << res;
delete[] octetStr;
// return pointer to the Big Number context for future use
return pBN;
}
static int GenerateSing(const Ipp8u* pMsg, int msgLen, /* message representation */
const Ipp8u* pSalt, int saltLen, /* fied string */
Ipp8u* pSign,
const IppsRSAPrivateKeyState* pPrvKey,
const IppsRSAPublicKeyState* pPubKey,
Ipp8u* pBuffer)
{
/* size of RSA modulus in bytes and chunks */
cpSize rsaBits = RSA_PRV_KEY_BITSIZE_N(pPrvKey);
cpSize k = BITS2WORD8_SIZE(rsaBits);
cpSize nsN = BITS_BNU_CHUNK(rsaBits);
/* EMSA-PKCS-v1_5 encoding */
int result = EMSA_PKCSv15(pMsg,msgLen, pSalt,saltLen, pSign, k);
if(result) {
/* align buffer */
BNU_CHUNK_T* pScratchBuffer = (BNU_CHUNK_T*)(IPP_ALIGNED_PTR(pBuffer, (int)sizeof(BNU_CHUNK_T)) );
/* temporary BNs */
__ALIGN8 IppsBigNumState bnC;
__ALIGN8 IppsBigNumState bnP;
/* make BNs */
BN_Make(pScratchBuffer, pScratchBuffer+nsN+1, nsN, &bnC);
pScratchBuffer += (nsN+1)*2;
BN_Make(pScratchBuffer, pScratchBuffer+nsN+1, nsN, &bnP);
pScratchBuffer += (nsN+1)*2;
/*
// private-key operation
*/
ippsSetOctString_BN(pSign, k, &bnC);
if(RSA_PRV_KEY1_VALID_ID(pPrvKey))
gsRSAprv_cipher(&bnP, &bnC, pPrvKey, pScratchBuffer);
else
gsRSAprv_cipher_crt(&bnP, &bnC, pPrvKey, pScratchBuffer);
ippsGetOctString_BN(pSign, k, &bnP);
/* check the result before send it out (fault attack mitigatioin) */
if(pPubKey) {
gsRSApub_cipher(&bnP, &bnP, pPubKey, pScratchBuffer);
/* check signature before send it out (fault attack mitigatioin) */
if(0!=cpBN_cmp(&bnP, &bnC)) {
PaddBlock(0, pSign, k);
result = 0;
}
}
}
return result;
}
IppsBigNumState* bnNew(const int size, const Ipp8u *pData){
// get the size of the Big Number context
int ctxSize;
IppStatus res;
res = ippsBigNumGetSize(size, &ctxSize);
if (res != ippStsNoErr )
std::cerr << res;
// allocate the Big Number context
IppsBigNumState* pBN = (IppsBigNumState*) ( new Ipp8u[ctxSize] );
// and initialize one
res = ippsBigNumInit(size, pBN);
if (res != ippStsNoErr )
std::cerr << res;
res = ippsSetOctString_BN(pData, 4*size, pBN);
if (res != ippStsNoErr )
std::cerr << res;
// return pointer to the Big Number context for future use
return pBN;
}
/** Create an ECC public key based on a given ECC private key.
*
* Parameters:
* Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
* Input: p_att_priv_key - Input private key
* Output: p_att_pub_key - Output public key - LITTLE ENDIAN
*
*/
sgx_status_t sgx_ecc256_calculate_pub_from_priv(const sgx_ec256_private_t *p_att_priv_key, sgx_ec256_public_t *p_att_pub_key)
{
if ((p_att_priv_key == NULL) || (p_att_pub_key == NULL)) {
return SGX_ERROR_INVALID_PARAMETER;
}
IppsECCPState* p_ecc_state = NULL;
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
int ctx_size = 0;
int point_size = 0;
IppsECCPPointState* public_key = NULL;
IppsBigNumState* bn_o = NULL;
IppsBigNumState* bn_x = NULL;
IppsBigNumState* bn_y = NULL;
sgx_ec256_private_t att_priv_key_be;
uint8_t* p_temp;
int size = 0;
IppsBigNumSGN sgn;
do {
//get the size of the IppsECCPState context
//
if (ippsECCPGetSize(ECC_FIELD_SIZE, &ctx_size) != ippStsNoErr) {
break;
}
//allocate ecc ctx
//
p_ecc_state = (IppsECCPState*)(malloc(ctx_size));
if (NULL == p_ecc_state) {
ret = SGX_ERROR_OUT_OF_MEMORY;
break;
}
//init ecc ctx
//
if (ippsECCPInit(ECC_FIELD_SIZE, p_ecc_state) != ippStsNoErr) {
break;
}
//set up elliptic curve domain parameters over GF(p)
//
if (ippsECCPSetStd(IppECCPStd256r1, p_ecc_state) != ippStsNoErr) {
break;
}
//get point (public key) size
//
if (ippsECCPPointGetSize(ECC_FIELD_SIZE, &point_size) != ippStsNoErr) {
break;
}
//allocate point of point_size size
//
public_key = (IppsECCPPointState*)(malloc(point_size));
if (NULL == public_key) {
ret = SGX_ERROR_OUT_OF_MEMORY;
break;
}
//init point
//
if (ippsECCPPointInit(ECC_FIELD_SIZE, public_key) != ippStsNoErr) {
break;
}
//allocate bn_o, will be used for private key
//
if (sgx_ipp_newBN(NULL, sizeof(sgx_ec256_private_t), &bn_o) != ippStsNoErr) {
break;
}
//convert private key into big endian
//
p_temp = (uint8_t*)p_att_priv_key;
for (uint32_t i = 0; i<sizeof(att_priv_key_be); i++) {
att_priv_key_be.r[i] = *(p_temp + sizeof(att_priv_key_be) - 1 - i);
}
//assign private key into bn_o
//
if (ippsSetOctString_BN(reinterpret_cast<Ipp8u *>(&att_priv_key_be), sizeof(sgx_ec256_private_t), bn_o) != ippStsNoErr) {
break;
}
//compute public key from the given private key (bn_o) of the elliptic cryptosystem (p_ecc_state) over GF(p).
//
if (ippsECCPPublicKey(bn_o, public_key, p_ecc_state) != ippStsNoErr) {
break;
}
//allocate BNs
//
if (sgx_ipp_newBN(NULL, sizeof(sgx_ec256_private_t), &bn_x) != ippStsNoErr) {
break;
}
if (sgx_ipp_newBN(NULL, sizeof(sgx_ec256_private_t), &bn_y) != ippStsNoErr) {
break;
}
//assign public key into BNs
//
if (ippsECCPGetPoint(bn_x, bn_y, public_key, p_ecc_state) != ippStsNoErr) {
break;
}
//output key in little endian order
//
//gx value
if (ippsGetSize_BN(bn_x, &size) != ippStsNoErr) {
break;
}
if (ippsGet_BN(&sgn, &size, reinterpret_cast<Ipp32u *>(p_att_pub_key->gx), bn_x) != ippStsNoErr) {
break;
}
//gy value
//
if (ippsGetSize_BN(bn_y, &size) != ippStsNoErr) {
break;
}
if (ippsGet_BN(&sgn, &size, reinterpret_cast<Ipp32u *>(p_att_pub_key->gy), bn_y) != ippStsNoErr) {
break;
}
ret = SGX_SUCCESS;
} while (0);
//in case of failure clear public key
//
if (ret != SGX_SUCCESS) {
(void)memset_s(p_att_pub_key, sizeof(sgx_ec256_public_t), 0, sizeof(sgx_ec256_public_t));
}
CLEAR_FREE_MEM(p_ecc_state, ctx_size);
CLEAR_FREE_MEM(public_key, point_size);
sgx_ipp_secure_free_BN(bn_o, sizeof(sgx_ec256_private_t));
sgx_ipp_secure_free_BN(bn_x, sizeof(sgx_ec256_private_t));
sgx_ipp_secure_free_BN(bn_y, sizeof(sgx_ec256_private_t));
return ret;
}
/* Computes signature for data based on private key
* Parameters:
* Return: sample_status_t - SAMPLE_SUCCESS, SAMPLE_SUCCESS on success, error code otherwise.
* Inputs: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
* sample_ec256_private_t *p_private - Pointer to the private key - LITTLE ENDIAN
* sample_uint8_t *p_data - Pointer to the data to be signed
* uint32_t data_size - Size of the data to be signed
* Output: sample_ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN */
sample_status_t sample_ecdsa_sign(const uint8_t *p_data,
uint32_t data_size,
sample_ec256_private_t *p_private,
sample_ec256_signature_t *p_signature,
sample_ecc_state_handle_t ecc_handle)
{
if ((ecc_handle == NULL) || (p_private == NULL) || (p_signature == NULL) || (p_data == NULL) || (data_size < 1))
{
return SAMPLE_ERROR_INVALID_PARAMETER;
}
IppStatus ipp_ret = ippStsNoErr;
IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
IppsBigNumState* p_ecp_order = NULL;
IppsBigNumState* p_hash_bn = NULL;
IppsBigNumState* p_msg_bn = NULL;
IppsBigNumState* p_eph_priv_bn = NULL;
IppsECCPPointState* p_eph_pub = NULL;
IppsBigNumState* p_reg_priv_bn = NULL;
IppsBigNumState* p_signx_bn = NULL;
IppsBigNumState* p_signy_bn = NULL;
Ipp32u *p_sigx = NULL;
Ipp32u *p_sigy = NULL;
int ecp_size = 0;
const int order_size = sizeof(sample_nistp256_r);
uint32_t hash[8] = {0};
do
{
ipp_ret = sgx_ipp_newBN(sample_nistp256_r, order_size, &p_ecp_order);
ERROR_BREAK(ipp_ret);
// Prepare the message used to sign.
ipp_ret = ippsHashMessage(p_data, data_size, (Ipp8u*)hash, IPP_ALG_HASH_SHA256);
ERROR_BREAK(ipp_ret);
/* Byte swap in creation of Big Number from SHA256 hash output */
ipp_ret = sgx_ipp_newBN(NULL, sizeof(hash), &p_hash_bn);
ERROR_BREAK(ipp_ret);
ipp_ret = ippsSetOctString_BN((Ipp8u*)hash, sizeof(hash), p_hash_bn);
ERROR_BREAK(ipp_ret);
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_msg_bn);
ERROR_BREAK(ipp_ret);
ipp_ret = ippsMod_BN(p_hash_bn, p_ecp_order, p_msg_bn);
ERROR_BREAK(ipp_ret);
// Get ephemeral key pair.
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_eph_priv_bn);
ERROR_BREAK(ipp_ret);
//init eccp point
ipp_ret = ippsECCPPointGetSize(256, &ecp_size);
ERROR_BREAK(ipp_ret);
p_eph_pub = (IppsECCPPointState*)(malloc(ecp_size));
if(!p_eph_pub)
{
ipp_ret = ippStsNoMemErr;
break;
}
ipp_ret = ippsECCPPointInit(256, p_eph_pub);
ERROR_BREAK(ipp_ret);
// generate ephemeral key pair for signing operation
ipp_ret = ippsECCPGenKeyPair(p_eph_priv_bn, p_eph_pub, p_ecc_state,
(IppBitSupplier)sample_ipp_DRNGen, NULL);
ERROR_BREAK(ipp_ret);
ipp_ret = ippsECCPSetKeyPair(p_eph_priv_bn, p_eph_pub, ippFalse, p_ecc_state);
ERROR_BREAK(ipp_ret);
// Set the regular private key.
ipp_ret = sgx_ipp_newBN((uint32_t *)p_private->r, sizeof(p_private->r),
&p_reg_priv_bn);
ERROR_BREAK(ipp_ret);
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signx_bn);
ERROR_BREAK(ipp_ret);
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signy_bn);
ERROR_BREAK(ipp_ret);
// Sign the message.
ipp_ret = ippsECCPSignDSA(p_msg_bn, p_reg_priv_bn, p_signx_bn, p_signy_bn,
p_ecc_state);
ERROR_BREAK(ipp_ret);
IppsBigNumSGN sign;
int length;
ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigx, p_signx_bn);
ERROR_BREAK(ipp_ret);
memset(p_signature->x, 0, sizeof(p_signature->x));
ipp_ret = check_copy_size(sizeof(p_signature->x), ROUND_TO(length, 8)/8);
ERROR_BREAK(ipp_ret);
memcpy(p_signature->x, p_sigx, ROUND_TO(length, 8)/8);
memset_s(p_sigx, sizeof(p_signature->x), 0, ROUND_TO(length, 8)/8);
ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigy, p_signy_bn);
ERROR_BREAK(ipp_ret);
memset(p_signature->y, 0, sizeof(p_signature->y));
ipp_ret = check_copy_size(sizeof(p_signature->y), ROUND_TO(length, 8)/8);
ERROR_BREAK(ipp_ret);
memcpy(p_signature->y, p_sigy, ROUND_TO(length, 8)/8);
memset_s(p_sigy, sizeof(p_signature->y), 0, ROUND_TO(length, 8)/8);
}while(0);
// Clear buffer before free.
if(p_eph_pub)
memset_s(p_eph_pub, ecp_size, 0, ecp_size);
SAFE_FREE(p_eph_pub);
sample_ipp_secure_free_BN(p_ecp_order, order_size);
sample_ipp_secure_free_BN(p_hash_bn, sizeof(hash));
sample_ipp_secure_free_BN(p_msg_bn, order_size);
sample_ipp_secure_free_BN(p_eph_priv_bn, order_size);
sample_ipp_secure_free_BN(p_reg_priv_bn, sizeof(p_private->r));
sample_ipp_secure_free_BN(p_signx_bn, order_size);
sample_ipp_secure_free_BN(p_signy_bn, order_size);
switch (ipp_ret)
{
case ippStsNoErr: return SAMPLE_SUCCESS;
case ippStsNoMemErr:
case ippStsMemAllocErr: return SAMPLE_ERROR_OUT_OF_MEMORY;
case ippStsNullPtrErr:
case ippStsLengthErr:
case ippStsOutOfRangeErr:
case ippStsSizeErr:
case ippStsBadArgErr: return SAMPLE_ERROR_INVALID_PARAMETER;
default: return SAMPLE_ERROR_UNEXPECTED;
}
}
void bnSet( IppsBigNumState *pBN, const char * sBN){
Ipp8u* octetStr = new Ipp8u[strlen(sBN)/2];
strtoIpp8u( sBN, octetStr);
ippsSetOctString_BN(octetStr, (int)strlen(sBN)/2, pBN);
delete[] octetStr;
}
