123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506 |
- /* kcapi_ecc.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #if defined(WOLFSSL_KCAPI_ECC) && defined(HAVE_ECC)
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
- #include <wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h>
- #include <wolfssl/wolfcrypt/ecc.h>
- #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- /* FIPS build has replaced ecc.h. */
- #define wc_ecc_key_get_priv(key) (&((key)->k))
- #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- #endif
- #ifndef ECC_CURVE_NIST_P256
- #define ECC_CURVE_NIST_P256 2
- #endif
- #ifndef ECC_CURVE_NIST_P384
- #define ECC_CURVE_NIST_P384 3
- #endif
- #ifndef ECC_CURVE_NIST_P521
- #define ECC_CURVE_NIST_P521 4
- #endif
- #define ECDSA_KEY_VERSION 1
- #define ECDH_KEY_VERSION 1
- static const char WC_NAME_ECDH[] = "ecdh";
- #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
- static const char WC_NAME_ECDSA[] = "ecdsa";
- #endif
- void KcapiEcc_Free(ecc_key* key)
- {
- if (key->handle != NULL) {
- kcapi_kpp_destroy(key->handle);
- key->handle = NULL;
- }
- }
- static int KcapiEcc_CurveId(int curve_id, word32* kcapiCurveId)
- {
- int ret = 0;
- switch (curve_id) {
- case ECC_SECP256R1:
- *kcapiCurveId = ECC_CURVE_NIST_P256;
- break;
- case ECC_SECP384R1:
- *kcapiCurveId = ECC_CURVE_NIST_P384;
- break;
- case ECC_SECP521R1:
- *kcapiCurveId = ECC_CURVE_NIST_P521;
- break;
- default:
- ret = BAD_FUNC_ARG;
- break;
- }
- return ret;
- }
- int KcapiEcc_LoadKey(ecc_key* key, byte* pubkey_raw, word32* pubkey_sz,
- int release_handle)
- {
- int ret = 0;
- word32 kcapiCurveId = 0;
- word32 keySz;
- int handleInit = 0;
- if (key == NULL || key->dp == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- keySz = key->dp->size;
- ret = KcapiEcc_CurveId(key->dp->id, &kcapiCurveId);
- }
- /* if handle doesn't exist create one */
- if (ret == 0 && key->handle == NULL) {
- ret = kcapi_kpp_init(&key->handle, WC_NAME_ECDH, 0);
- if (ret == 0) {
- handleInit = 1;
- ret = kcapi_kpp_ecdh_setcurve(key->handle, kcapiCurveId);
- if (ret >= 0) {
- ret = 0;
- }
- }
- }
- /* set the key */
- if (ret == 0) {
- if (mp_iszero(wc_ecc_key_get_priv(key)) != MP_YES) {
- /* if a private key value is set, load and use it */
- byte priv[MAX_ECC_BYTES];
- ret = wc_export_int(wc_ecc_key_get_priv(key), priv, &keySz, keySz,
- WC_TYPE_UNSIGNED_BIN);
- if (ret == 0) {
- ret = kcapi_kpp_setkey(key->handle, priv, keySz);
- }
- }
- else {
- /* generate new ephemeral key */
- ret = kcapi_kpp_setkey(key->handle, NULL, 0);
- }
- if (ret >= 0) {
- ret = 0;
- }
- }
- /* optionally export public key */
- if (ret == 0 && pubkey_raw != NULL && pubkey_sz != NULL) {
- if (*pubkey_sz < keySz*2) {
- ret = BUFFER_E;
- }
- if (ret == 0) {
- ret = (int)kcapi_kpp_keygen(key->handle, pubkey_raw, keySz*2,
- KCAPI_ACCESS_HEURISTIC);
- if (ret >= 0) {
- *pubkey_sz = ret;
- ret = 0;
- }
- }
- }
- if (handleInit && release_handle && key != NULL && key->handle != NULL) {
- kcapi_kpp_destroy(key->handle);
- key->handle = NULL;
- }
- return ret;
- }
- int KcapiEcc_MakeKey(ecc_key* key, int keysize, int curve_id)
- {
- int ret = 0;
- word32 pubkey_sz = (word32)sizeof(key->pubkey_raw);
- /* free existing handle */
- if (key != NULL && key->handle != NULL) {
- kcapi_kpp_destroy(key->handle);
- key->handle = NULL;
- }
- /* check arguments */
- if (key == NULL || key->dp == NULL) {
- ret = BAD_FUNC_ARG;
- }
- ret = KcapiEcc_LoadKey(key, key->pubkey_raw, &pubkey_sz, 0);
- if (ret == 0) {
- ret = mp_read_unsigned_bin(key->pubkey.x,
- key->pubkey_raw, pubkey_sz / 2);
- }
- if (ret == 0) {
- ret = mp_read_unsigned_bin(key->pubkey.y,
- key->pubkey_raw + pubkey_sz / 2, pubkey_sz / 2);
- }
- if (ret == 0) {
- ret = mp_set(key->pubkey.z, 1);
- }
- if (ret == 0) {
- key->type = ECC_PRIVATEKEY;
- }
- /* if error release handle now */
- if (ret != 0 && key->handle != NULL) {
- kcapi_kpp_destroy(key->handle);
- key->handle = NULL;
- }
- /* These are not used. The key->dp is set */
- (void)keysize;
- (void)curve_id;
- return ret;
- }
- #ifdef HAVE_ECC_DHE
- int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out,
- word32* outlen)
- {
- int ret = 0;
- word32 kcapiCurveId = 0;
- byte* buf_aligned = NULL;
- byte* pub = NULL;
- word32 keySz;
- #ifndef KCAPI_USE_XMALLOC
- size_t pageSz = (size_t)sysconf(_SC_PAGESIZE);
- #endif
- if (private_key == NULL || private_key->dp == NULL || public_key == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- pub = public_key->pubkey_raw;
- keySz = private_key->dp->size;
- ret = KcapiEcc_CurveId(private_key->dp->id, &kcapiCurveId);
- }
- if (ret == 0 && private_key->handle == NULL) {
- ret = kcapi_kpp_init(&private_key->handle, WC_NAME_ECDH, 0);
- if (ret == 0) {
- ret = kcapi_kpp_ecdh_setcurve(private_key->handle, kcapiCurveId);
- if (ret >= 0) {
- ret = 0;
- }
- }
- }
- /* if a private key value is set, load and use it */
- if (ret == 0 && mp_iszero(wc_ecc_key_get_priv(private_key)) != MP_YES) {
- byte priv[MAX_ECC_BYTES];
- ret = wc_export_int(wc_ecc_key_get_priv(private_key), priv, &keySz,
- keySz, WC_TYPE_UNSIGNED_BIN);
- if (ret == 0) {
- ret = kcapi_kpp_setkey(private_key->handle, priv, keySz);
- if (ret >= 0) {
- ret = 0;
- }
- }
- }
- if (ret == 0) {
- #ifdef KCAPI_USE_XMALLOC
- buf_aligned = (byte*)XMALLOC(keySz * 2, private_key->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (buf_aligned == NULL) {
- ret = MEMORY_E;
- }
- #else
- ret = posix_memalign((void*)&buf_aligned, pageSz, keySz * 2);
- if (ret != 0) {
- ret = MEMORY_E;
- }
- #endif
- }
- if (ret == 0) {
- XMEMCPY(buf_aligned, pub, keySz * 2);
- ret = (int)kcapi_kpp_ssgen(private_key->handle, buf_aligned,
- keySz * 2, buf_aligned, keySz * 2, KCAPI_ACCESS_HEURISTIC);
- if (ret >= 0) {
- *outlen = ret / 2;
- XMEMCPY(out, buf_aligned, *outlen);
- ret = 0; /* success */
- }
- }
- if (buf_aligned != NULL) {
- #ifdef KCAPI_USE_XMALLOC
- XFREE(buf_aligned, private_key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- free(buf_aligned);
- #endif
- }
- return ret;
- }
- #endif
- #ifdef HAVE_ECC_SIGN
- static int KcapiEcc_SetPrivKey(ecc_key* key)
- {
- int ret;
- byte priv[KCAPI_PARAM_SZ + MAX_ECC_BYTES];
- word32 keySz = key->dp->size;
- word32 kcapiCurveId;
- ret = KcapiEcc_CurveId(key->dp->id, &kcapiCurveId);
- if (ret == 0) {
- priv[0] = ECDSA_KEY_VERSION;
- priv[1] = kcapiCurveId;
- #ifdef WOLF_PRIVATE_KEY_ID
- if (key->idLen > 0) {
- WOLFSSL_MSG("Using ID based private key");
- keySz = key->idLen;
- XMEMCPY(priv + KCAPI_PARAM_SZ, key->id, keySz);
- }
- else
- #endif
- {
- ret = wc_export_int(wc_ecc_key_get_priv(key), priv + KCAPI_PARAM_SZ,
- &keySz, keySz, WC_TYPE_UNSIGNED_BIN);
- }
- }
- if (ret == 0) {
- /* call with NULL to so KCAPI treats incoming data as hash */
- ret = kcapi_akcipher_setkey(key->handle, NULL, 0);
- if (ret >= 0) {
- ret = kcapi_akcipher_setkey(key->handle, priv, KCAPI_PARAM_SZ + keySz);
- if (ret >= 0) {
- ret = 0;
- }
- }
- }
- return ret;
- }
- int KcapiEcc_Sign(ecc_key* key, const byte* hash, word32 hashLen, byte* sig,
- word32 sigLen)
- {
- int ret = 0;
- byte* buf_aligned = NULL;
- int handleInit = 0;
- word32 keySz;
- word32 maxBufSz;
- #ifndef KCAPI_USE_XMALLOC
- size_t pageSz = (size_t)sysconf(_SC_PAGESIZE);
- #endif
- if (key == NULL || key->dp == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0 && key->handle == NULL) {
- ret = kcapi_akcipher_init(&key->handle, WC_NAME_ECDSA, 0);
- if (ret != 0) {
- WOLFSSL_MSG("KcapiEcc_Sign: Failed to initialize");
- }
- if (ret == 0) {
- handleInit = 1;
- ret = KcapiEcc_SetPrivKey(key);
- }
- }
- if (ret == 0) {
- /* make sure signature output is large enough */
- keySz = key->dp->size;
- if (sigLen < keySz*2) {
- ret = BUFFER_E;
- }
- }
- if (ret == 0) {
- maxBufSz = (hashLen > keySz * 2) ? hashLen : (keySz * 2);
- #ifdef KCAPI_USE_XMALLOC
- buf_aligned = (unsigned char*)XMALLOC(maxBufSz, key->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (buf_aligned == NULL) {
- ret = MEMORY_E;
- }
- #else
- ret = posix_memalign((void*)&buf_aligned, pageSz, maxBufSz);
- if (ret != 0) {
- ret = MEMORY_E;
- }
- #endif
- }
- if (ret == 0) {
- XMEMCPY(buf_aligned, hash, hashLen);
- ret = (int)kcapi_akcipher_sign(key->handle, buf_aligned, hashLen,
- buf_aligned, keySz * 2, KCAPI_ACCESS_HEURISTIC);
- if (ret >= 0) {
- XMEMCPY(sig, buf_aligned, ret);
- ret = 0; /* mark success */
- }
- }
- if (buf_aligned != NULL) {
- #ifdef KCAPI_USE_XMALLOC
- XFREE(buf_aligned, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- free(buf_aligned);
- #endif
- }
- if (handleInit) {
- kcapi_kpp_destroy(key->handle);
- key->handle = NULL;
- }
- return ret;
- }
- #endif
- #ifdef HAVE_ECC_VERIFY
- static int KcapiEcc_SetPubKey(ecc_key* key)
- {
- int ret;
- word32 kcapiCurveId;
- word32 keySz = key->dp->size;
- byte pub[KCAPI_PARAM_SZ + (MAX_ECC_BYTES * 2)];
- int pubLen;
- ret = KcapiEcc_CurveId(key->dp->id, &kcapiCurveId);
- if (ret == 0) {
- pub[0] = ECDSA_KEY_VERSION;
- pub[1] = kcapiCurveId;
- XMEMCPY(&pub[KCAPI_PARAM_SZ], key->pubkey_raw, keySz * 2);
- pubLen = KCAPI_PARAM_SZ + (keySz * 2);
- /* call with NULL to so KCAPI treats incoming data as hash */
- ret = kcapi_akcipher_setpubkey(key->handle, NULL, 0);
- if (ret >= 0) {
- ret = kcapi_akcipher_setpubkey(key->handle, pub, pubLen);
- if (ret >= 0) {
- ret = 0;
- }
- }
- }
- return ret;
- }
- int KcapiEcc_Verify(ecc_key* key, const byte* hash, word32 hashLen, byte* sig,
- word32 sigLen)
- {
- int ret = 0;
- byte* buf_aligned = NULL;
- int handleInit = 0;
- word32 keySz = 0;
- #ifndef KCAPI_USE_XMALLOC
- size_t pageSz = (size_t)sysconf(_SC_PAGESIZE);
- #endif
- if (key == NULL || key->dp == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0 && key->handle == NULL) {
- ret = kcapi_akcipher_init(&key->handle, WC_NAME_ECDSA, 0);
- if (ret != 0) {
- WOLFSSL_MSG("KcapiEcc_Verify: Failed to initialize");
- }
- if (ret == 0) {
- handleInit = 1;
- ret = KcapiEcc_SetPubKey(key);
- }
- }
- if (ret == 0) {
- keySz = key->dp->size;
- #ifdef KCAPI_USE_XMALLOC
- buf_aligned = (byte*)XMALLOC(sigLen + hashLen, key->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (buf_aligned == NULL) {
- ret = MEMORY_E;
- }
- #else
- ret = posix_memalign((void*)&buf_aligned, pageSz, sigLen + hashLen);
- if (ret != 0) {
- ret = MEMORY_E;
- }
- #endif
- }
- if (ret == 0) {
- XMEMCPY(buf_aligned, sig, sigLen);
- XMEMCPY(buf_aligned + sigLen, hash, hashLen);
- ret = (int)kcapi_akcipher_verify(key->handle, buf_aligned,
- sigLen + hashLen, buf_aligned, keySz * 2,
- KCAPI_ACCESS_HEURISTIC);
- if (ret >= 0) {
- /* verify output in buf_aligned is not used */
- ret = 0;
- }
- }
- if (buf_aligned != NULL) {
- #ifdef KCAPI_USE_XMALLOC
- XFREE(buf_aligned, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- free(buf_aligned);
- #endif
- }
- if (handleInit) {
- kcapi_kpp_destroy(key->handle);
- key->handle = NULL;
- }
- return ret;
- }
- #endif
- #endif /* WOLFSSL_KCAPI_ECC && HAVE_ECC */
|