1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12
13 #include "soft_ec_api.h"
14 #include <ec/ec_local.h>
15 #include <crypto/evp.h>
16 #include <crypto/ec.h>
17 #include <openssl/ecdh.h>
18 #include <openssl/ecdsa.h>
19 #include <openssl/bn.h>
20 #include <openssl/ec.h>
21 #include <openssl/evp.h>
22 #include <openssl/core_names.h>
23 #include <securec.h>
24 #include <tee_log.h>
25 #include "crypto_inner_interface.h"
26 #include "soft_gmssl.h"
27 #include "soft_common_api.h"
28 #include "soft_err.h"
29
30 #define KEY_SIZE_25519 256
31 #define ED25519_PUBLIC_KEY_LEN 32
32 #define ED25519_PRI_KEY_LEN 32
33 #define X25519_PUBLIC_KEY_LEN 32
34 #define X25519_PRIVATE_KEY_LEN 32
35 #define ECC224_DX_SIGN_FIX_LEN 56
36 #define ECC256_DX_SIGN_FIX_LEN 64
37 #define ECC384_DX_SIGN_FIX_LEN 96
38 #define ECC521_DX_SIGN_FIX_LEN 132
39
40
generate_evp_key(int32_t id)41 static EVP_PKEY *generate_evp_key(int32_t id)
42 {
43 EVP_PKEY *pkey = NULL;
44 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(id, NULL);
45 if (pctx == NULL) {
46 tloge("New evp ctx failed, id=%d\n", id);
47 return NULL;
48 }
49 int rc = EVP_PKEY_keygen_init(pctx);
50 if (rc <= 0) {
51 tloge("Evp init failed, id=%d\n", id);
52 EVP_PKEY_CTX_free(pctx);
53 return NULL;
54 }
55 rc = EVP_PKEY_keygen(pctx, &pkey);
56 EVP_PKEY_CTX_free(pctx);
57 if (rc <= 0) {
58 tloge("Generate evp failed, id=%d\n", id);
59 return NULL;
60 }
61
62 return pkey;
63 }
64
generate_ed25519_keypair(uint32_t key_size,struct ecc_pub_key_t * public_key,struct ecc_priv_key_t * private_key)65 static int32_t generate_ed25519_keypair(uint32_t key_size, struct ecc_pub_key_t *public_key,
66 struct ecc_priv_key_t *private_key)
67 {
68 if (key_size != KEY_SIZE_25519) {
69 tloge("key size is Invalid");
70 return CRYPTO_BAD_PARAMETERS;
71 }
72
73 EVP_PKEY *pkey = generate_evp_key(EVP_PKEY_ED25519);
74 if (pkey == NULL) {
75 tloge("Evp generate failed\n");
76 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
77 }
78
79 size_t pub_key_buf_len = ECC_KEY_LEN;
80 size_t prv_key_buf_len = ECC_KEY_LEN;
81
82 if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, private_key->r, sizeof(private_key->r), &prv_key_buf_len) == 0)
83 {
84 tloge("Get private key failed\n");
85 EVP_PKEY_free(pkey);
86 return CRYPTO_ERROR_SECURITY;
87 }
88
89 if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, public_key->x, sizeof(public_key->x), &pub_key_buf_len) == 0)
90 {
91 tloge("Get public key failed\n");
92 EVP_PKEY_free(pkey);
93 return CRYPTO_ERROR_SECURITY;
94 }
95
96 EVP_PKEY_free(pkey);
97
98 public_key->x_len = ED25519_PUBLIC_KEY_LEN;
99 private_key->r_len = ED25519_PRI_KEY_LEN;
100 return CRYPTO_SUCCESS;
101 }
102
generate_x25519_keypair(uint32_t key_size,struct ecc_pub_key_t * public_key,struct ecc_priv_key_t * private_key)103 static int32_t generate_x25519_keypair(uint32_t key_size, struct ecc_pub_key_t *public_key,
104 struct ecc_priv_key_t *private_key)
105 {
106 if (key_size != KEY_SIZE_25519) {
107 tloge("key size is Invalid");
108 return CRYPTO_BAD_PARAMETERS;
109 }
110
111 EVP_PKEY *pkey = generate_evp_key(EVP_PKEY_X25519);
112 if (pkey == NULL) {
113 tloge("Evp generate failed\n");
114 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
115 }
116 ECX_KEY *x25519_key = EVP_PKEY_get0(pkey);
117 bool check_null = (x25519_key == NULL) || (x25519_key->privkey == NULL);
118 if (check_null) {
119 tloge("Evp get failed\n");
120 EVP_PKEY_free(pkey);
121 return CRYPTO_BAD_PARAMETERS;
122 }
123 errno_t rc = memcpy_s(public_key->x, public_key->x_len, x25519_key->pubkey, X25519_PUBLIC_KEY_LEN);
124 if (rc != EOK) {
125 tloge("Copy failed, rc=%d\n", rc);
126 EVP_PKEY_free(pkey);
127 return CRYPTO_ERROR_SECURITY;
128 }
129 rc = memcpy_s(private_key->r, private_key->r_len, x25519_key->privkey, X25519_PRIVATE_KEY_LEN);
130 EVP_PKEY_free(pkey);
131 if (rc != EOK) {
132 tloge("Copy failed, rc=%d\n", rc);
133 return CRYPTO_ERROR_SECURITY;
134 }
135 public_key->x_len = X25519_PUBLIC_KEY_LEN;
136 private_key->r_len = X25519_PRIVATE_KEY_LEN;
137
138 return CRYPTO_SUCCESS;
139 }
140
soft_fill_zero_to_head(uint32_t keysize,uint8_t * x,uint32_t * x_len)141 static int32_t soft_fill_zero_to_head(uint32_t keysize, uint8_t *x, uint32_t *x_len)
142 {
143 errno_t rc;
144 uint32_t need_buffer_size = (keysize + BIT_NUMBER_SEVEN) >> BIT_TO_BYTE_MOVE_THREE;
145 if (*x_len < need_buffer_size) {
146 rc = memmove_s(x + (need_buffer_size - *x_len), EC_KEY_FIX_BUFFER_LEN - (need_buffer_size - *x_len),
147 x, *x_len);
148 if (rc != EOK) {
149 tloge("memove error in fill zero");
150 return CRYPTO_ERROR_SECURITY;
151 }
152
153 rc = memset_s(x, need_buffer_size - *x_len, 0, need_buffer_size - *x_len);
154 if (rc != EOK) {
155 tloge("memset error in fill zero");
156 return CRYPTO_ERROR_SECURITY;
157 }
158 *x_len = need_buffer_size;
159 }
160 return CRYPTO_SUCCESS;
161 }
162
config_crypto_engine_biringssl_judg(uint32_t key_size,struct ecc_pub_key_t * public_key,const BIGNUM * x,const BIGNUM * y)163 static int32_t config_crypto_engine_biringssl_judg(uint32_t key_size, struct ecc_pub_key_t *public_key,
164 const BIGNUM *x, const BIGNUM *y)
165 {
166 int32_t x_len = BN_bn2bin(x, public_key->x);
167 int32_t y_len = BN_bn2bin(y, public_key->y);
168
169 bool check = (x_len <= 0 || y_len <= 0);
170 if (check) {
171 tloge("x_len or y_len is no more than 0");
172 return CRYPTO_BAD_PARAMETERS;
173 }
174 public_key->x_len = (uint32_t)x_len;
175 public_key->y_len = (uint32_t)y_len;
176 int32_t ret = soft_fill_zero_to_head(key_size, public_key->x, &(public_key->x_len));
177 if (ret != CRYPTO_SUCCESS) {
178 tloge("ret is not CRYPTO_SUCCESS");
179 return ret;
180 }
181
182 ret = soft_fill_zero_to_head(key_size, public_key->y, &(public_key->y_len));
183 if (ret != CRYPTO_SUCCESS)
184 tloge("ret is not CRYPTO_SUCCESS");
185 return ret;
186 }
187
soft_ecpubkey_boring_to_tee(const EC_KEY * key,uint32_t key_size,struct ecc_pub_key_t * public_key)188 static int32_t soft_ecpubkey_boring_to_tee(const EC_KEY *key, uint32_t key_size, struct ecc_pub_key_t *public_key)
189 {
190 int32_t ret = CRYPTO_BAD_PARAMETERS;
191 BIGNUM *x = BN_new();
192 BIGNUM *y = BN_new();
193 bool check = (x == NULL || y == NULL);
194 if (check) {
195 tloge("new bn error in boring pub to tee pub");
196 goto error;
197 }
198
199 const EC_POINT *point = EC_KEY_get0_public_key(key);
200 if (point == NULL) {
201 tloge("boring ec key get public key error");
202 goto error;
203 }
204 ret = EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key), point, x, y, NULL);
205 if (ret == BORINGSSL_ERR) {
206 tloge("boring ec key get public x y error");
207 ret = get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
208 goto error;
209 }
210 check = (BN_num_bytes(x) > ECC_KEY_LEN || BN_num_bytes(y) > ECC_KEY_LEN);
211 if (check) {
212 tloge("buffer not enough");
213 ret = CRYPTO_BAD_PARAMETERS;
214 goto error;
215 }
216 ret = config_crypto_engine_biringssl_judg(key_size, public_key, x, y);
217 error:
218 BN_free(x);
219 BN_free(y);
220 return ret;
221 }
222
soft_eckey_boring_to_tee(const EC_KEY * key,uint32_t key_size,struct ecc_pub_key_t * public_key,struct ecc_priv_key_t * private_key)223 static int32_t soft_eckey_boring_to_tee(const EC_KEY *key, uint32_t key_size, struct ecc_pub_key_t *public_key,
224 struct ecc_priv_key_t *private_key)
225 {
226 const BIGNUM *priv_bn = EC_KEY_get0_private_key(key);
227 if (priv_bn == NULL) {
228 tloge("ec key error, get private fail");
229 return CRYPTO_BAD_PARAMETERS;
230 }
231 size_t private_len = (size_t)BN_num_bytes(priv_bn);
232 if (private_len > ECC_KEY_LEN) {
233 tloge("private key to buffer error, len %zu", private_len);
234 priv_bn = NULL;
235 return CRYPTO_BAD_PARAMETERS;
236 }
237
238 int32_t priv_key_len = BN_bn2bin(priv_bn, private_key->r);
239 if (priv_key_len <= 0)
240 return CRYPTO_BAD_PARAMETERS;
241
242 private_key->r_len = (uint32_t)priv_key_len;
243 if (key_size == ECDSA_KEY_521)
244 key_size = EC_KEY_FIX_BUFFER_LEN * BIT_TO_BYTE;
245
246 int32_t ret = soft_fill_zero_to_head(key_size, private_key->r, &(private_key->r_len));
247 if (ret != TEE_SUCCESS)
248 return ret;
249
250 /* change boringssl public key to buffer */
251 ret = soft_ecpubkey_boring_to_tee(key, key_size, public_key);
252 if (ret != TEE_SUCCESS) {
253 priv_bn = NULL;
254 tloge("boring public key to tee public error");
255 }
256
257 return ret;
258 }
259
get_ec_sign_size_by_domain(uint32_t domain)260 static int32_t get_ec_sign_size_by_domain(uint32_t domain)
261 {
262 uint32_t index = 0;
263 crypto_uint2uint domain_to_sig_len[] = {
264 { ECC_CURVE_NIST_P224, ECC224_DX_SIGN_FIX_LEN },
265 { ECC_CURVE_NIST_P256, ECC256_DX_SIGN_FIX_LEN },
266 { ECC_CURVE_NIST_P384, ECC384_DX_SIGN_FIX_LEN },
267 { ECC_CURVE_NIST_P521, ECC521_DX_SIGN_FIX_LEN },
268 };
269 for (; index < sizeof(domain_to_sig_len) / sizeof(crypto_uint2uint); index++) {
270 if (domain == domain_to_sig_len[index].src)
271 return domain_to_sig_len[index].dest;
272 }
273 tloge("invalid tee_domain 0x%x\n", domain);
274 return 0;
275 }
276
soft_ecc_sign_to_bin(const ECDSA_SIG * sig_data,void * signature,uint32_t signature_len)277 static int32_t soft_ecc_sign_to_bin(const ECDSA_SIG *sig_data, void *signature, uint32_t signature_len)
278 {
279 errno_t rc;
280 BIGNUM *out_r = NULL;
281 BIGNUM *out_s = NULL;
282 int32_t move_len;
283 int32_t fix_r_s_len = (int32_t)(signature_len / SOFT_NUMBER_TWO);
284 int32_t r_len;
285 int32_t s_len;
286
287 rc = memset_s(signature, signature_len, 0, signature_len);
288 if (rc != EOK) {
289 tloge("mem signature fail");
290 return CRYPTO_ERROR_SECURITY;
291 }
292 ECDSA_SIG_get0(sig_data, (const BIGNUM **)&out_r, (const BIGNUM **)&out_s);
293 if (out_r == NULL || out_s == NULL) {
294 tloge("bad ecc sign result");
295 return CRYPTO_BAD_PARAMETERS;
296 }
297 r_len = BN_num_bytes(out_r);
298 s_len = BN_num_bytes(out_s);
299 if (r_len > fix_r_s_len || s_len > fix_r_s_len) {
300 tloge("bad ecc sign result,it too large %d, %d", r_len, s_len);
301 return CRYPTO_BAD_PARAMETERS;
302 }
303
304 move_len = fix_r_s_len - r_len;
305 r_len = BN_bn2bin(out_r, signature + move_len);
306
307 move_len = (int32_t)signature_len - s_len;
308 s_len = BN_bn2bin(out_s, signature + move_len);
309 if (r_len <= 0 || s_len <= 0 || r_len > fix_r_s_len || s_len > fix_r_s_len) {
310 tloge("when fill res, bad ecc sign result,the len is %d, %d", r_len, s_len);
311 return CRYPTO_BAD_PARAMETERS;
312 }
313
314 return CRYPTO_SUCCESS;
315 }
316
ecdsa_sign_digest(const struct ecc_priv_key_t * priv,const struct memref_t * digest,struct memref_t * signature)317 static int32_t ecdsa_sign_digest(const struct ecc_priv_key_t *priv,
318 const struct memref_t *digest, struct memref_t *signature)
319 {
320 EC_KEY *eckey = NULL;
321 struct ecc_priv_key_t *private = (struct ecc_priv_key_t *)priv;
322 uint32_t tee_domain = priv->domain_id;
323 int32_t ret = get_boring_nid_by_tee_curve(priv->domain_id, &private->domain_id);
324 if (ret != CRYPTO_SUCCESS) {
325 tloge("change nid fail");
326 return ret;
327 }
328 ret = (int32_t)ecc_privkey_tee_to_boring(private, (void **)&eckey);
329 private->domain_id = tee_domain;
330 if (ret != CRYPTO_SUCCESS) {
331 tloge("Tee Private Key To Boring Key error");
332 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
333 }
334
335 uint8_t *signature_buffer = (uint8_t *)(uintptr_t)(signature->buffer);
336
337 ECDSA_SIG *sig_data = ECDSA_do_sign((const unsigned char *)(uintptr_t)digest->buffer, digest->size, eckey);
338 EC_KEY_free(eckey);
339 eckey = NULL;
340 if (sig_data == NULL) {
341 tloge("boring sign error");
342 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
343 }
344 uint32_t sig_size = (uint32_t)get_ec_sign_size_by_domain(tee_domain);
345 if (sig_size == 0) {
346 ECDSA_SIG_free(sig_data);
347 tloge("bad domain %u", tee_domain);
348 return CRYPTO_BAD_PARAMETERS;
349 }
350 ret = soft_ecc_sign_to_bin(sig_data, signature_buffer, sig_size);
351 ECDSA_SIG_free(sig_data);
352 signature->size = sig_size;
353 return ret;
354 }
355
356 #define COMPUTE_BYTE_LEN (BIT_TO_BYTE - 1)
soft_ecc_sign_to_boringssl(ECDSA_SIG * sig,const void * signature,uint32_t signature_len)357 static int32_t soft_ecc_sign_to_boringssl(ECDSA_SIG *sig, const void *signature, uint32_t signature_len)
358 {
359 bool check = (sig == NULL || signature_len == 0);
360 if (check) {
361 tloge("sig is null");
362 return CRYPTO_BAD_PARAMETERS;
363 }
364 int32_t r_s_len = (int32_t)(signature_len / SOFT_NUMBER_TWO);
365 BIGNUM *r = BN_bin2bn(signature, r_s_len, NULL);
366 BIGNUM *s = BN_bin2bn(signature + r_s_len, r_s_len, NULL);
367 check = (r == NULL || s == NULL);
368 if (check) {
369 BN_free(r);
370 BN_free(s);
371 tloge("bn to bn fail");
372 return CRYPTO_BAD_PARAMETERS;
373 }
374 if (ECDSA_SIG_set0(sig, r, s) == 0) {
375 BN_free(r);
376 BN_free(s);
377 tloge("set r s to ecdsa sig fail");
378 return CRYPTO_BAD_PARAMETERS;
379 }
380 return CRYPTO_SUCCESS;
381 }
382
soft_boring_ecc_verify(const struct ecc_pub_key_t * pub,const void * digest,uint32_t digest_len,const ECDSA_SIG * sig)383 static int32_t soft_boring_ecc_verify(const struct ecc_pub_key_t *pub, const void *digest, uint32_t digest_len,
384 const ECDSA_SIG *sig)
385 {
386 EC_KEY *eckey = NULL;
387 struct ecc_pub_key_t *public = (struct ecc_pub_key_t *)pub;
388 uint32_t tee_domain = pub->domain_id;
389
390 int32_t ret = get_boring_nid_by_tee_curve(pub->domain_id, &public->domain_id);
391 if (ret != CRYPTO_SUCCESS) {
392 tloge("change nid fail");
393 return ret;
394 }
395
396 ret = (int32_t)ecc_pubkey_tee_to_boring(public, &eckey);
397 public->domain_id = tee_domain;
398 if (ret != CRYPTO_SUCCESS) {
399 tloge("PubKeyToBoringKey key error");
400 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
401 }
402
403 ret = ECDSA_do_verify(digest, (int32_t)digest_len, sig, eckey);
404 EC_KEY_free(eckey);
405 eckey = NULL;
406 if (ret != BORINGSSL_OK) {
407 tloge("boring verify error");
408 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
409 }
410 return CRYPTO_SUCCESS;
411 }
412
ecdsa_verify_digest(const struct ecc_pub_key_t * public_key,const struct memref_t * digest,const struct memref_t * signature)413 static int32_t ecdsa_verify_digest(const struct ecc_pub_key_t *public_key,
414 const struct memref_t *digest, const struct memref_t *signature)
415 {
416 bool is_dx_sig = (signature->size == ECC224_DX_SIGN_FIX_LEN || signature->size == ECC256_DX_SIGN_FIX_LEN ||
417 signature->size == ECC384_DX_SIGN_FIX_LEN || signature->size == ECC521_DX_SIGN_FIX_LEN);
418 if (!is_dx_sig) {
419 tloge("not good sign len, sign len is 0x%x", signature->size);
420 return CRYPTO_BAD_PARAMETERS;
421 }
422 ECDSA_SIG *sig = ECDSA_SIG_new();
423 uint8_t *digest_buffer = (uint8_t *)(uintptr_t)(digest->buffer);
424 uint8_t *signature_buffer = (uint8_t *)(uintptr_t)(signature->buffer);
425
426 int32_t ret = soft_ecc_sign_to_boringssl(sig, signature_buffer, signature->size);
427 if (ret != CRYPTO_SUCCESS) {
428 ECDSA_SIG_free(sig);
429 tloge("ecc key convert fail");
430 return ret;
431 }
432
433 ret = soft_boring_ecc_verify(public_key, digest_buffer, digest->size, sig);
434 ECDSA_SIG_free(sig);
435 if (ret != CRYPTO_SUCCESS)
436 tloge("ecc verify fail");
437 return ret;
438 }
439
440 typedef int32_t (*copy_ctx_func)(struct ctx_handle_t *dest, const struct ctx_handle_t *src);
441 struct soft_ctx_copy {
442 uint32_t algorithm;
443 copy_ctx_func copy_call_back;
444 };
445
generate_ecc_keypair(uint32_t curve,uint32_t key_size,struct ecc_pub_key_t * public_key,struct ecc_priv_key_t * private_key)446 static int32_t generate_ecc_keypair(uint32_t curve, uint32_t key_size,
447 struct ecc_pub_key_t *public_key, struct ecc_priv_key_t *private_key)
448 {
449 uint32_t nid;
450 int32_t ret = get_boring_nid_by_tee_curve(curve, &nid);
451 if (ret != CRYPTO_SUCCESS) {
452 tloge("get boring nid error");
453 return ret;
454 }
455
456 EC_KEY *key = EC_KEY_new_by_curve_name(nid);
457 if (key == NULL) {
458 tloge("key is null, nid not support %u", nid);
459 return CRYPTO_BAD_PARAMETERS;
460 }
461 if (EC_KEY_generate_key(key) == 0) {
462 tloge("boring ssl generate key fail");
463 EC_KEY_free(key);
464 return get_soft_crypto_error(CRYPTO_BAD_PARAMETERS);
465 }
466 ret = soft_eckey_boring_to_tee(key, key_size, public_key, private_key);
467 EC_KEY_free(key);
468 return ret;
469 }
470
soft_crypto_ecc_generate_keypair(uint32_t key_size,uint32_t curve,struct ecc_pub_key_t * public_key,struct ecc_priv_key_t * private_key)471 int32_t soft_crypto_ecc_generate_keypair(uint32_t key_size, uint32_t curve,
472 struct ecc_pub_key_t *public_key, struct ecc_priv_key_t *private_key)
473 {
474 bool check = (public_key == NULL || private_key == NULL);
475 if (check) {
476 tloge("bad params");
477 return CRYPTO_BAD_PARAMETERS;
478 }
479
480 if (curve == ECC_CURVE_ED25519)
481 return generate_ed25519_keypair(key_size, public_key, private_key);
482
483 if (curve == ECC_CURVE_X25519)
484 return generate_x25519_keypair(key_size, public_key, private_key);
485
486 check = (curve == ECC_CURVE_NIST_P192 || curve == ECC_CURVE_NIST_P224 ||
487 curve == ECC_CURVE_NIST_P256 || curve == ECC_CURVE_NIST_P384 || curve == ECC_CURVE_NIST_P521);
488 if (check)
489 return generate_ecc_keypair(curve, key_size, public_key, private_key);
490
491 return CRYPTO_NOT_SUPPORTED;
492 }
493
soft_crypto_ecc_encrypt(uint32_t alg_type,const struct ecc_pub_key_t * public_key,const struct asymmetric_params_t * ec_params,const struct memref_t * data_in,struct memref_t * data_out)494 int32_t soft_crypto_ecc_encrypt(uint32_t alg_type, const struct ecc_pub_key_t *public_key,
495 const struct asymmetric_params_t *ec_params, const struct memref_t *data_in, struct memref_t *data_out)
496 {
497 (void)ec_params;
498 bool check = (public_key == NULL || data_in == NULL || data_out == NULL || data_in->buffer == 0 ||
499 data_out->buffer == 0);
500 if (check) {
501 tloge("bad params");
502 return CRYPTO_BAD_PARAMETERS;
503 }
504
505 if (alg_type == CRYPTO_TYPE_SM2_PKE)
506 return CRYPTO_NOT_SUPPORTED;
507
508 return CRYPTO_NOT_SUPPORTED;
509 }
510
soft_crypto_ecc_decrypt(uint32_t alg_type,const struct ecc_priv_key_t * private_key,const struct asymmetric_params_t * ec_params,const struct memref_t * data_in,struct memref_t * data_out)511 int32_t soft_crypto_ecc_decrypt(uint32_t alg_type, const struct ecc_priv_key_t *private_key,
512 const struct asymmetric_params_t *ec_params, const struct memref_t *data_in, struct memref_t *data_out)
513 {
514 (void)ec_params;
515 bool check = (private_key == NULL || data_in == NULL || data_out == NULL || data_in->buffer == 0 ||
516 data_out->buffer == 0);
517 if (check) {
518 tloge("bad params");
519 return CRYPTO_BAD_PARAMETERS;
520 }
521
522 if (alg_type == CRYPTO_TYPE_SM2_PKE)
523 return CRYPTO_NOT_SUPPORTED;
524
525 return CRYPTO_NOT_SUPPORTED;
526 }
527
ed25519_sign_digest(struct memref_t * signature,const struct memref_t * digest,const struct ecc_priv_key_t * private_key)528 static int32_t ed25519_sign_digest(struct memref_t *signature, const struct memref_t *digest,
529 const struct ecc_priv_key_t *private_key)
530 {
531 #ifdef CRYPTO_SSL_SUPPORT_EC25519
532 if (signature->size < ED25519_SIGN_LEN) {
533 tloge("sign out len too small 0x%x", signature->size);
534 return CRYPTO_BAD_PARAMETERS;
535 }
536 int32_t sign_ret;
537 uint8_t *digest_buffer = (uint8_t *)(uintptr_t)(digest->buffer);
538 uint8_t *signature_buffer = (uint8_t *)(uintptr_t)(signature->buffer);
539
540 #ifdef OPENSSL3_ENABLE
541 sign_ret = ossl_ed25519_sign(signature_buffer, digest_buffer, digest->size,
542 private_key->r + X25519_SHARE_KEY_LEN, private_key->r, NULL, NULL);
543 #else
544 sign_ret = ED25519_sign(signature_buffer, digest_buffer, digest->size,
545 private_key->r + X25519_SHARE_KEY_LEN, private_key->r);
546 #endif
547 if (sign_ret != BORINGSSL_OK) {
548 tloge("ed25519 sign fail");
549 return CRYPTO_BAD_PARAMETERS;
550 }
551 signature->size = ED25519_SIGN_LEN;
552 return CRYPTO_SUCCESS;
553 #else
554 (void)signature;
555 (void)digest;
556 (void)private_key;
557 return CRYPTO_NOT_SUPPORTED;
558 #endif
559 }
560
soft_crypto_ecc_sign_digest(uint32_t alg_type,const struct ecc_priv_key_t * private_key,const struct asymmetric_params_t * ec_params,const struct memref_t * digest,struct memref_t * signature)561 int32_t soft_crypto_ecc_sign_digest(uint32_t alg_type, const struct ecc_priv_key_t *private_key,
562 const struct asymmetric_params_t *ec_params, const struct memref_t *digest,
563 struct memref_t *signature)
564 {
565 (void)ec_params;
566 bool check = (private_key == NULL || digest == NULL || signature == NULL || digest->buffer == 0 ||
567 signature->buffer == 0);
568 if (check) {
569 tloge("bad params");
570 return CRYPTO_BAD_PARAMETERS;
571 }
572
573 if (alg_type == CRYPTO_TYPE_ED25519)
574 return ed25519_sign_digest(signature, digest, private_key);
575
576 return ecdsa_sign_digest(private_key, digest, signature);
577 }
578
ed25519_verify_digest(const struct memref_t * signature,const struct memref_t * digest,const struct ecc_pub_key_t * public_key)579 static int32_t ed25519_verify_digest(const struct memref_t *signature, const struct memref_t *digest,
580 const struct ecc_pub_key_t *public_key)
581 {
582 #ifdef CRYPTO_SSL_SUPPORT_EC25519
583 if (signature->size != ED25519_SIGN_LEN) {
584 tloge("sign len error 0x%x", signature->size);
585 return CRYPTO_BAD_PARAMETERS;
586 }
587
588 uint8_t *signature_buffer = (uint8_t *)(uintptr_t)(signature->buffer);
589
590 #ifdef OPENSSL3_ENABLE
591 int32_t verf_ret = ossl_ed25519_verify((const uint8_t *)(uintptr_t)digest->buffer,
592 digest->size, signature_buffer, public_key->x, NULL, NULL);
593 #else
594 int32_t verf_ret = ED25519_verify((const uint8_t *)(uintptr_t)digest->buffer,
595 digest->size, signature_buffer, public_key->x);
596 #endif
597 if (verf_ret != BORINGSSL_OK) {
598 tloge("soft verify fail");
599 return CRYPTO_BAD_PARAMETERS;
600 }
601 return CRYPTO_SUCCESS;
602 #else
603 (void)signature;
604 (void)digest;
605 (void)public_key;
606 return CRYPTO_NOT_SUPPORTED;
607 #endif
608 }
609
soft_crypto_ecc_verify_digest(uint32_t alg_type,const struct ecc_pub_key_t * public_key,const struct asymmetric_params_t * ec_params,const struct memref_t * digest,const struct memref_t * signature)610 int32_t soft_crypto_ecc_verify_digest(uint32_t alg_type, const struct ecc_pub_key_t *public_key,
611 const struct asymmetric_params_t *ec_params, const struct memref_t *digest,
612 const struct memref_t *signature)
613 {
614 (void)ec_params;
615 bool check = (public_key == NULL || digest == NULL || signature == NULL || digest->buffer == 0 ||
616 signature->buffer == 0);
617 if (check) {
618 tloge("bad params");
619 return CRYPTO_BAD_PARAMETERS;
620 }
621
622 if (alg_type == CRYPTO_TYPE_ED25519)
623 return ed25519_verify_digest(signature, digest, public_key);
624
625 return ecdsa_verify_digest(public_key, digest, signature);
626 }
627