1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2022, HiSilicon Technologies Co., Ltd. 4 * Kunpeng hardware accelerator hpre ecc algorithm implementation. 5 */ 6 #include <drvcrypt.h> 7 #include <drvcrypt_acipher.h> 8 #include <initcall.h> 9 #include <malloc.h> 10 #include <rng_support.h> 11 #include <stdlib_ext.h> 12 #include <string.h> 13 #include <string_ext.h> 14 #include <trace.h> 15 16 #include "hpre_main.h" 17 #include "hpre_ecc.h" 18 19 #define ECC_DH_IN_PARAM_NUM 2 20 #define ECC_DH_KEY_PARAM_NUM 4 21 #define ECC_DH_OUT_PARAM_NUM 2 22 #define ECC_DH_IN_SIZE(hsz) ((hsz) * ECC_DH_IN_PARAM_NUM) 23 #define ECC_DH_KEY_SIZE(hsz) ((hsz) * ECC_DH_KEY_PARAM_NUM) 24 #define ECC_DH_OUT_SIZE(hsz) ((hsz) * ECC_DH_OUT_PARAM_NUM) 25 26 #define ECC_SIGN_IN_PARAM_NUM 2 27 #define ECC_SIGN_KEY_PARAM_NUM 7 28 #define SM2_DEC_KEY_PARAM_NUM 4 29 #define SM2_DEC_IN_PARAM_NUM 4 30 #define ECC_SIGN_OUT_PARAM_NUM 2 31 #define ECC_SIGN_IN_SIZE(hsz) ((hsz) * ECC_SIGN_IN_PARAM_NUM) 32 #define ECC_SIGN_KEY_SIZE(hsz) ((hsz) * ECC_SIGN_KEY_PARAM_NUM) 33 #define ECC_SIGN_OUT_SIZE(hsz) ((hsz) * ECC_SIGN_OUT_PARAM_NUM) 34 35 #define ECC_VERIF_IN_PARAM_NUM 3 36 #define ECC_VERIF_KEY_PARAM_NUM 8 37 #define SM2_ENC_KEY_PARAM_NUM 8 38 #define ECC_VERIF_IN_SIZE(hsz) ((hsz) * ECC_VERIF_IN_PARAM_NUM) 39 #define ECC_VERIF_KEY_SIZE(hsz) ((hsz) * ECC_VERIF_KEY_PARAM_NUM) 40 #define SM2_ENC_KEY_SIZE(hsz) ((hsz) * SM2_ENC_KEY_PARAM_NUM) 41 #define SM2_DEC_KEY_SIZE(hsz) ((hsz) * SM2_DEC_KEY_PARAM_NUM) 42 #define ECC_POINT_PARAM_NUM 2 43 #define MAX_SM2_MLEN 512 44 45 #define HPRE_ECC_DH_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 8) 46 #define HPRE_ECC_SIGN_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 47 #define HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 48 #define HPRE_SM2_ENC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 49 ((key_bytes) * 12 + (sm2_mlen) * 2) 50 #define HPRE_SM2_DEC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 51 ((key_bytes) * 7 + (sm2_mlen) * 2) 52 53 #define SM2_X2Y2_LEN 64 54 55 struct hpre_ecc_curve { 56 const uint32_t id; 57 const uint32_t key_bits; 58 const uint8_t *p; 59 const uint8_t *a; 60 const uint8_t *b; 61 const uint8_t *x; 62 const uint8_t *y; 63 const uint8_t *n; 64 }; 65 66 /* NID_X9_62_prime192v1 */ 67 static const uint8_t g_prime192v1_p[] = { 68 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 69 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 70 }; 71 72 static const uint8_t g_prime192v1_a[] = { 73 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 74 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 75 }; 76 77 static const uint8_t g_prime192v1_b[] = { 78 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, 79 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 80 }; 81 82 static const uint8_t g_prime192v1_gx[] = { 83 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, 84 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 85 }; 86 87 static const uint8_t g_prime192v1_gy[] = { 88 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, 89 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11 90 }; 91 92 static const uint8_t g_prime192v1_n[] = { 93 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 94 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 95 }; 96 97 /* NID_secp224r1 */ 98 static const uint8_t g_secp224r1_p[] = { 99 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 100 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 101 0x00, 0x00, 0x00, 0x01 102 }; 103 104 static const uint8_t g_secp224r1_a[] = { 105 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 106 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 107 0xFF, 0xFF, 0xFF, 0xFE 108 }; 109 110 static const uint8_t g_secp224r1_b[] = { 111 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, 112 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, 113 0x23, 0x55, 0xFF, 0xB4 114 }; 115 116 static const uint8_t g_secp224r1_gx[] = { 117 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, 118 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, 119 0x11, 0x5C, 0x1D, 0x21 120 }; 121 122 static const uint8_t g_secp224r1_gy[] = { 123 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, 124 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, 125 0x85, 0x00, 0x7e, 0x34 126 }; 127 128 static const uint8_t g_secp224r1_n[] = { 129 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 130 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, 131 0x5C, 0x5C, 0x2A, 0x3D 132 }; 133 134 /* NID_X9_62_prime256v1 */ 135 static const uint8_t g_prime256v1_p[] = { 136 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 139 }; 140 141 static const uint8_t g_prime256v1_a[] = { 142 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 144 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 145 }; 146 147 static const uint8_t g_prime256v1_b[] = { 148 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 149 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 150 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B 151 }; 152 153 static const uint8_t g_prime256v1_gx[] = { 154 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 155 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 156 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 157 }; 158 159 static const uint8_t g_prime256v1_gy[] = { 160 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 161 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 162 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 163 }; 164 165 static const uint8_t g_prime256v1_n[] = { 166 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 167 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 168 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 169 }; 170 171 /* NID_secp384r1 */ 172 static const uint8_t g_secp384r1_p[] = { 173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 174 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 175 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF 177 }; 178 179 static const uint8_t g_secp384r1_a[] = { 180 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 181 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 182 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC 184 }; 185 186 static const uint8_t g_secp384r1_b[] = { 187 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, 188 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, 189 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 190 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF 191 }; 192 193 static const uint8_t g_secp384r1_gx[] = { 194 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, 195 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, 196 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 197 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 198 }; 199 200 static const uint8_t g_secp384r1_gy[] = { 201 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, 202 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, 203 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 204 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f 205 }; 206 207 static const uint8_t g_secp384r1_n[] = { 208 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 209 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 210 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 211 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 212 }; 213 214 /* NID_secp521r1 */ 215 static const uint8_t g_secp521r1_p[] = { 216 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 217 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 218 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 222 }; 223 224 static const uint8_t g_secp521r1_a[] = { 225 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 226 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 227 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 229 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 230 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 231 }; 232 233 static const uint8_t g_secp521r1_b[] = { 234 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, 235 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 236 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, 237 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 238 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, 239 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00 240 }; 241 242 static const uint8_t g_secp521r1_gx[] = { 243 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, 244 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 245 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, 246 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 247 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, 248 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66 249 }; 250 251 static const uint8_t g_secp521r1_gy[] = { 252 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 253 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 254 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 255 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 256 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 257 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50 258 }; 259 260 static const uint8_t g_secp521r1_n[] = { 261 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 262 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 263 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 264 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 265 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, 266 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 267 }; 268 269 /* NID_SM2 */ 270 static const uint8_t g_sm2_p[] = { 271 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 273 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 274 }; 275 276 static const uint8_t g_sm2_a[] = { 277 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 278 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc 280 }; 281 282 static const uint8_t g_sm2_b[] = { 283 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, 284 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, 285 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 286 }; 287 288 static const uint8_t g_sm2_gx[] = { 289 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, 290 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, 291 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 292 }; 293 294 static const uint8_t g_sm2_gy[] = { 295 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, 296 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, 297 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 298 }; 299 300 static const uint8_t g_sm2_n[] = { 301 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 302 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, 303 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 304 }; 305 306 static const struct hpre_ecc_curve g_curve_list[] = { 307 { 308 .id = TEE_ECC_CURVE_NIST_P192, 309 .key_bits = 192, 310 .p = g_prime192v1_p, 311 .a = g_prime192v1_a, 312 .b = g_prime192v1_b, 313 .x = g_prime192v1_gx, 314 .y = g_prime192v1_gy, 315 .n = g_prime192v1_n, 316 }, 317 { 318 .id = TEE_ECC_CURVE_NIST_P224, 319 .key_bits = 224, 320 .p = g_secp224r1_p, 321 .a = g_secp224r1_a, 322 .b = g_secp224r1_b, 323 .x = g_secp224r1_gx, 324 .y = g_secp224r1_gy, 325 .n = g_secp224r1_n, 326 }, 327 { 328 .id = TEE_ECC_CURVE_NIST_P256, 329 .key_bits = 256, 330 .p = g_prime256v1_p, 331 .a = g_prime256v1_a, 332 .b = g_prime256v1_b, 333 .x = g_prime256v1_gx, 334 .y = g_prime256v1_gy, 335 .n = g_prime256v1_n, 336 }, 337 { 338 .id = TEE_ECC_CURVE_NIST_P384, 339 .key_bits = 384, 340 .p = g_secp384r1_p, 341 .a = g_secp384r1_a, 342 .b = g_secp384r1_b, 343 .x = g_secp384r1_gx, 344 .y = g_secp384r1_gy, 345 .n = g_secp384r1_n, 346 }, 347 { 348 .id = TEE_ECC_CURVE_NIST_P521, 349 .key_bits = 521, 350 .p = g_secp521r1_p, 351 .a = g_secp521r1_a, 352 .b = g_secp521r1_b, 353 .x = g_secp521r1_gx, 354 .y = g_secp521r1_gy, 355 .n = g_secp521r1_n, 356 }, 357 { 358 .id = TEE_ECC_CURVE_SM2, 359 .key_bits = 256, 360 .p = g_sm2_p, 361 .a = g_sm2_a, 362 .b = g_sm2_b, 363 .x = g_sm2_gx, 364 .y = g_sm2_gy, 365 .n = g_sm2_n, 366 } 367 }; 368 369 static bool is_all_zero(uint8_t *data, uint32_t size, const char *p_name) 370 { 371 uint32_t i = 0; 372 373 for (i = 0; i < size; i++) { 374 if (data[i]) 375 return false; 376 } 377 378 EMSG("Error: %s all zero", p_name); 379 380 return true; 381 } 382 383 static enum hisi_drv_status hpre_ecc_curve_to_hpre_bin(uint8_t *p, uint8_t *a, 384 uint8_t *b, uint8_t *n, 385 uint8_t *gx, uint8_t *gy, 386 uint32_t curve_bytes, 387 uint32_t key_bytes) 388 { 389 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 390 391 ret = hpre_bin_from_crypto_bin(p, p, key_bytes, curve_bytes); 392 if (ret) { 393 EMSG("Fail to transfer p from crypto_bin to hpre_bin"); 394 return ret; 395 } 396 397 ret = hpre_bin_from_crypto_bin(a, a, key_bytes, curve_bytes); 398 if (ret) { 399 EMSG("Fail to transfer a from crypto_bin to hpre_bin"); 400 return ret; 401 } 402 403 ret = hpre_bin_from_crypto_bin(b, b, key_bytes, curve_bytes); 404 if (ret) { 405 EMSG("Fail to transfer b from crypto_bin to hpre_bin"); 406 return ret; 407 } 408 409 if (n) { 410 ret = hpre_bin_from_crypto_bin(n, n, key_bytes, curve_bytes); 411 if (ret) { 412 EMSG("Fail to transfer n from crypto_bin to hpre_bin"); 413 return ret; 414 } 415 } 416 417 if (gx) { 418 ret = hpre_bin_from_crypto_bin(gx, gx, key_bytes, curve_bytes); 419 if (ret) { 420 EMSG("Fail to transfer gx from crypto_bin to hpre_bin"); 421 return ret; 422 } 423 } 424 425 if (gy) { 426 ret = hpre_bin_from_crypto_bin(gy, gy, key_bytes, curve_bytes); 427 if (ret) 428 EMSG("Fail to transfer gy from crypto_bin to hpre_bin"); 429 } 430 431 return ret; 432 } 433 434 static enum hisi_drv_status hpre_ecc_fill_sqe(void *bd, void *info) 435 { 436 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 437 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 438 439 sqe->w0 = msg->alg_type | SHIFT_U32(0x1, HPRE_DONE_SHIFT); 440 sqe->task_len1 = TASK_LENGTH(msg->key_bytes); 441 sqe->ext1 = msg->sm2_sp << HPRE_SQE_BD_RSV2_SHIFT; 442 443 if (msg->alg_type == HPRE_ALG_SM2_ENC || 444 msg->alg_type == HPRE_ALG_SM2_DEC) 445 sqe->sm2enc_klen = msg->sm2_mlen - 1; 446 447 if (msg->alg_type == HPRE_ALG_SM2_SIGN || 448 msg->alg_type == HPRE_ALG_SM2_ENC) 449 sqe->ext1 |= SHIFT_U32(0x1, HPRE_SQE_SM2_KSEL_SHIFT); 450 451 sqe->key = msg->key_dma; 452 sqe->in = msg->in_dma; 453 if (msg->alg_type != HPRE_ALG_ECDSA_VERF && 454 msg->alg_type != HPRE_ALG_SM2_VERF) 455 sqe->out = msg->out_dma; 456 457 return HISI_QM_DRVCRYPT_NO_ERR; 458 } 459 460 static enum hisi_drv_status ecc_dh_out_to_crypto_bin(struct hpre_ecc_msg *msg) 461 { 462 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 463 uint8_t *rx = msg->out; 464 uint8_t *ry = rx + msg->key_bytes; 465 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 466 467 ret = hpre_bin_to_crypto_bin(rx, rx, msg->key_bytes, 468 ecc_dh->rx_bytes); 469 if (ret) { 470 EMSG("Fail to transfer ecc dh rx from hpre_bin to crypto_bin"); 471 return ret; 472 } 473 474 ret = hpre_bin_to_crypto_bin(ry, ry, msg->key_bytes, 475 ecc_dh->ry_bytes); 476 if (ret) 477 EMSG("Fail to transfer ecc dh ry from hpre_bin to crypto_bin"); 478 479 return ret; 480 } 481 482 static enum hisi_drv_status ecc_sign_out_to_crypto_bin(struct hpre_ecc_msg *msg) 483 { 484 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign; 485 uint8_t *r = msg->out; 486 uint8_t *s = r + msg->key_bytes; 487 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 488 489 ret = hpre_bin_to_crypto_bin(r, r, msg->key_bytes, 490 ecc_sign->r_bytes); 491 if (ret) { 492 EMSG("Fail to transfer ecc sign r from hpre_bin to crypto_bin"); 493 return ret; 494 } 495 496 ret = hpre_bin_to_crypto_bin(s, s, msg->key_bytes, 497 ecc_sign->s_bytes); 498 if (ret) 499 EMSG("Fail to transfer ecc sign s from hpre_bin to crypto_bin"); 500 501 return ret; 502 } 503 504 static enum hisi_drv_status hpre_ecc_verify_get_result(struct hpre_ecc_msg *msg, 505 struct hpre_sqe *sqe) 506 { 507 if (sqe->out & BIT64(1)) { 508 msg->result = ECC_VERIFY_SUCCESS; 509 return HISI_QM_DRVCRYPT_NO_ERR; 510 } 511 512 msg->result = ECC_VERIFY_ERR; 513 return HISI_QM_DRVCRYPT_VERIFY_ERR; 514 } 515 516 static enum hisi_drv_status 517 hpre_ecc_out_to_crypto_bin(struct hpre_ecc_msg *msg, struct hpre_sqe *sqe) 518 { 519 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 520 521 switch (msg->alg_type) { 522 case HPRE_ALG_ECDH_MULTIPLY: 523 ret = ecc_dh_out_to_crypto_bin(msg); 524 break; 525 case HPRE_ALG_ECDSA_SIGN: 526 case HPRE_ALG_SM2_SIGN: 527 ret = ecc_sign_out_to_crypto_bin(msg); 528 break; 529 case HPRE_ALG_ECDSA_VERF: 530 case HPRE_ALG_SM2_VERF: 531 ret = hpre_ecc_verify_get_result(msg, sqe); 532 break; 533 default: 534 EMSG("Invalid alg type."); 535 return HISI_QM_DRVCRYPT_EINVAL; 536 } 537 538 return ret; 539 } 540 541 static enum hisi_drv_status hpre_ecc_parse_sqe(void *bd, void *info) 542 { 543 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 544 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 545 uint16_t err = 0; 546 uint16_t err1 = 0; 547 uint16_t done = 0; 548 549 err = HPRE_TASK_ETYPE(sqe->w0); 550 err1 = HPRE_TASK_ETYPE1(sqe->w0); 551 done = HPRE_TASK_DONE(sqe->w0); 552 if (done != HPRE_HW_TASK_DONE || err || err1) { 553 EMSG("HPRE do ecc fail! done=0x%"PRIX16", etype=0x%"PRIX16 554 ",etype1=0x%"PRIX16, done, err, err1); 555 556 if (done == HPRE_HW_TASK_INIT) 557 return HISI_QM_DRVCRYPT_ENOPROC; 558 559 return HISI_QM_DRVCRYPT_IN_EPARA; 560 } 561 562 if (hpre_ecc_out_to_crypto_bin(msg, sqe)) { 563 EMSG("HPRE qm transfer ecc out fail."); 564 return HISI_QM_DRVCRYPT_EINVAL; 565 } 566 567 return HISI_QM_DRVCRYPT_NO_ERR; 568 } 569 570 static TEE_Result hpre_do_ecc_task(void *msg) 571 { 572 struct hisi_qp *ecc_qp = NULL; 573 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 574 575 ecc_qp = hpre_create_qp(HISI_QM_CHANNEL_TYPE1); 576 if (!ecc_qp) { 577 EMSG("Fail to create ecc qp"); 578 return TEE_ERROR_BUSY; 579 } 580 581 ecc_qp->fill_sqe = hpre_ecc_fill_sqe; 582 ecc_qp->parse_sqe = hpre_ecc_parse_sqe; 583 ret = hisi_qp_send(ecc_qp, msg); 584 if (ret) { 585 EMSG("Fail to send task, ret=%d", ret); 586 hisi_qm_release_qp(ecc_qp); 587 return TEE_ERROR_BAD_STATE; 588 } 589 590 ret = hisi_qp_recv_sync(ecc_qp, msg); 591 if (ret) { 592 EMSG("Recv task error, ret=%d", ret); 593 hisi_qm_release_qp(ecc_qp); 594 return TEE_ERROR_BAD_STATE; 595 } 596 597 hisi_qm_release_qp(ecc_qp); 598 599 return TEE_SUCCESS; 600 } 601 602 static bool key_size_is_supported(size_t key_bits) 603 { 604 return (key_bits == 192 || key_bits == 224 || key_bits == 256 || 605 key_bits == 384 || key_bits == 448 || key_bits == 512 || 606 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(521) || 607 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(225)); 608 } 609 610 static TEE_Result hpre_ecc_alloc_keypair(struct ecc_keypair *key, 611 uint32_t type __unused, 612 size_t size_bits) 613 { 614 if (!key || !key_size_is_supported(size_bits)) { 615 EMSG("Invalid input params."); 616 return TEE_ERROR_BAD_PARAMETERS; 617 } 618 619 memset(key, 0, sizeof(*key)); 620 621 key->d = crypto_bignum_allocate(size_bits); 622 if (!key->d) 623 goto d_err; 624 625 key->x = crypto_bignum_allocate(size_bits); 626 if (!key->x) 627 goto x_err; 628 629 key->y = crypto_bignum_allocate(size_bits); 630 if (!key->y) 631 goto y_err; 632 633 return TEE_SUCCESS; 634 635 y_err: 636 crypto_bignum_free(&key->x); 637 x_err: 638 crypto_bignum_free(&key->d); 639 d_err: 640 EMSG("Hpre ecc alloc key pair fail."); 641 642 return TEE_ERROR_OUT_OF_MEMORY; 643 } 644 645 static TEE_Result hpre_ecc_alloc_publickey(struct ecc_public_key *key, 646 uint32_t type __unused, 647 size_t size_bits) 648 { 649 if (!key || !key_size_is_supported(size_bits)) { 650 EMSG("Invalid input params."); 651 return TEE_ERROR_BAD_PARAMETERS; 652 } 653 654 memset(key, 0, sizeof(*key)); 655 656 key->x = crypto_bignum_allocate(size_bits); 657 if (!key->x) 658 goto x_err; 659 660 key->y = crypto_bignum_allocate(size_bits); 661 if (!key->y) 662 goto y_err; 663 664 return TEE_SUCCESS; 665 666 y_err: 667 crypto_bignum_free(&key->x); 668 x_err: 669 EMSG("Hpre ecc alloc publickey fail."); 670 671 return TEE_ERROR_OUT_OF_MEMORY; 672 } 673 674 static void hpre_ecc_free_publickey(struct ecc_public_key *key) 675 { 676 if (key) { 677 crypto_bignum_free(&key->x); 678 crypto_bignum_free(&key->y); 679 } 680 } 681 682 static const struct hpre_ecc_curve *get_curve_from_list(uint32_t curve_id) 683 { 684 size_t i = 0; 685 686 for (i = 0; i < ARRAY_SIZE(g_curve_list); i++) { 687 if (g_curve_list[i].id == curve_id) 688 return &g_curve_list[i]; 689 } 690 691 return NULL; 692 } 693 694 static size_t hpre_ecc_get_hw_kbytes(size_t key_bits) 695 { 696 size_t size = 0; 697 698 if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(256)) 699 size = BITS_TO_BYTES(256); 700 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(384)) 701 size = BITS_TO_BYTES(384); 702 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(576)) 703 size = BITS_TO_BYTES(576); 704 else 705 EMSG("Fail to get key buffer size."); 706 707 return size; 708 } 709 710 static enum hisi_drv_status hpre_ecc_dh_transfer_key(struct hpre_ecc_msg *msg) 711 { 712 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 713 uint8_t *p = msg->key; 714 uint8_t *a = p + msg->key_bytes; 715 uint8_t *d = a + msg->key_bytes; 716 uint8_t *b = d + msg->key_bytes; 717 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 718 719 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, NULL, NULL, NULL, 720 msg->curve_bytes, msg->key_bytes); 721 if (ret) 722 return ret; 723 724 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, ecc_dh->d_bytes); 725 if (ret) 726 EMSG("Fail to transfer ecc dh d from crypto_bin to hpre_bin"); 727 728 return ret; 729 } 730 731 static enum hisi_drv_status hpre_ecc_dh_transfer_in(struct hpre_ecc_msg *msg) 732 { 733 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 734 uint8_t *x = msg->in; 735 uint8_t *y = x + msg->key_bytes; 736 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 737 738 ret = hpre_bin_from_crypto_bin(x, x, msg->key_bytes, 739 ecc_dh->x_bytes); 740 if (ret) { 741 EMSG("Fail to transfer ecdh gx from crypto_bin to hpre_bin"); 742 return ret; 743 } 744 745 ret = hpre_bin_from_crypto_bin(y, y, msg->key_bytes, 746 ecc_dh->y_bytes); 747 if (ret) 748 EMSG("Fail to transfer ecdh gy from crypto_bin to hpre_bin"); 749 750 return ret; 751 } 752 753 static enum hisi_drv_status 754 hpre_ecc_dh_params_fill(const struct hpre_ecc_curve *curve, 755 struct hpre_ecc_msg *msg, struct bignum *privkey, 756 struct ecc_public_key *pubkey) 757 { 758 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 759 uint8_t *p = msg->key; 760 uint8_t *a = p + msg->key_bytes; 761 uint8_t *d = a + msg->key_bytes; 762 uint8_t *b = d + msg->key_bytes; 763 uint8_t *x = msg->in; 764 uint8_t *y = x + msg->key_bytes; 765 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 766 767 memcpy(p, curve->p, msg->curve_bytes); 768 memcpy(a, curve->a, msg->curve_bytes); 769 crypto_bignum_bn2bin(privkey, d); 770 ecc_dh->d_bytes = crypto_bignum_num_bytes(privkey); 771 if (is_all_zero(d, ecc_dh->d_bytes, "ecc dh d")) 772 return HISI_QM_DRVCRYPT_EINVAL; 773 774 memcpy(b, curve->b, msg->curve_bytes); 775 776 ecc_dh->x_bytes = msg->curve_bytes; 777 ecc_dh->y_bytes = msg->curve_bytes; 778 if (!pubkey) { 779 /* gen key pair */ 780 memcpy(x, curve->x, ecc_dh->x_bytes); 781 memcpy(y, curve->y, ecc_dh->y_bytes); 782 } else { 783 /* do shared secret */ 784 crypto_bignum_bn2bin(pubkey->x, x); 785 ecc_dh->x_bytes = crypto_bignum_num_bytes(pubkey->x); 786 crypto_bignum_bn2bin(pubkey->y, y); 787 ecc_dh->y_bytes = crypto_bignum_num_bytes(pubkey->y); 788 } 789 790 ret = hpre_ecc_dh_transfer_key(msg); 791 if (ret) 792 return ret; 793 794 return hpre_ecc_dh_transfer_in(msg); 795 } 796 797 static enum hisi_drv_status hpre_ecc_dh_params_alloc(struct hpre_ecc_msg *msg) 798 { 799 uint32_t size = HPRE_ECC_DH_TOTAL_BUF_SIZE(msg->key_bytes); 800 uint8_t *data = NULL; 801 802 data = calloc(1, size); 803 if (!data) { 804 EMSG("Fail to alloc ecc dh total buf"); 805 return HISI_QM_DRVCRYPT_ENOMEM; 806 } 807 808 msg->key = data; 809 msg->key_dma = virt_to_phys(msg->key); 810 811 msg->in = msg->key + ECC_DH_KEY_SIZE(msg->key_bytes); 812 msg->in_dma = msg->key_dma + ECC_DH_KEY_SIZE(msg->key_bytes); 813 msg->out = msg->in + ECC_DH_IN_SIZE(msg->key_bytes); 814 msg->out_dma = msg->in_dma + ECC_DH_IN_SIZE(msg->key_bytes); 815 816 return HISI_QM_DRVCRYPT_NO_ERR; 817 } 818 819 static void hpre_ecc_request_deinit(struct hpre_ecc_msg *msg) 820 { 821 if (msg->key) { 822 memzero_explicit(msg->key, ECC_DH_KEY_SIZE(msg->key_bytes)); 823 free(msg->key); 824 msg->key = NULL; 825 } 826 } 827 828 static TEE_Result hpre_ecc_request_init(const struct hpre_ecc_curve *curve, 829 struct hpre_ecc_msg *msg, 830 struct bignum *d, 831 struct ecc_public_key *pubkey) 832 { 833 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 834 835 msg->alg_type = HPRE_ALG_ECDH_MULTIPLY; 836 837 if (curve->id == TEE_ECC_CURVE_SM2) 838 msg->sm2_sp = true; 839 840 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 841 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 842 if (!msg->key_bytes) 843 return TEE_ERROR_BAD_PARAMETERS; 844 845 ret = hpre_ecc_dh_params_alloc(msg); 846 if (ret) 847 return TEE_ERROR_OUT_OF_MEMORY; 848 849 ret = hpre_ecc_dh_params_fill(curve, msg, d, pubkey); 850 if (ret) { 851 hpre_ecc_request_deinit(msg); 852 return TEE_ERROR_BAD_STATE; 853 } 854 855 msg->param_size.ecc_dh.rx_bytes = msg->curve_bytes; 856 msg->param_size.ecc_dh.ry_bytes = msg->curve_bytes; 857 858 return TEE_SUCCESS; 859 } 860 861 static TEE_Result gen_random_k(struct bignum *d, size_t key_bits, 862 const uint8_t *n) 863 { 864 size_t size = BITS_TO_BYTES(key_bits); 865 uint8_t *rand_k = NULL; 866 size_t i = 0; 867 size_t j = 0; 868 TEE_Result ret = TEE_SUCCESS; 869 870 if (!d || !n) { 871 EMSG("Input param is NULL."); 872 return TEE_ERROR_BAD_PARAMETERS; 873 } 874 875 rand_k = malloc(size); 876 if (!rand_k) { 877 EMSG("Fail to malloc rand_k buf."); 878 return TEE_ERROR_OUT_OF_MEMORY; 879 } 880 881 for (i = 0; i < size; i++) { 882 if (n[i] > 1) { 883 rand_k[i] = n[i] - 1; 884 break; 885 } 886 rand_k[i] = n[i]; 887 } 888 889 j = i + 1; 890 if (hw_get_random_bytes(rand_k + j, size - j)) { 891 EMSG("Fail to fill rand_k buf."); 892 free(rand_k); 893 return TEE_ERROR_NO_DATA; 894 } 895 896 ret = crypto_bignum_bin2bn(rand_k, size, d); 897 if (ret) 898 EMSG("Rand_k bin2bn fail."); 899 900 free(rand_k); 901 902 return ret; 903 } 904 905 static TEE_Result hpre_ecc_gen_keypair(struct ecc_keypair *key, 906 size_t size_bits) 907 { 908 struct hpre_ecc_msg msg = { }; 909 const struct hpre_ecc_curve *curve = NULL; 910 struct hpre_ecc_dh *ecc_dh = NULL; 911 TEE_Result ret = TEE_SUCCESS; 912 913 if (!key || !key->d || !key->x || !key->y) { 914 EMSG("Invalid ecc_gen_keypair input parameters."); 915 return TEE_ERROR_BAD_PARAMETERS; 916 } 917 918 curve = get_curve_from_list(key->curve); 919 if (!curve) { 920 EMSG("Fail to get valid curve, id %"PRIu32, key->curve); 921 return TEE_ERROR_NOT_SUPPORTED; 922 } 923 924 if (BITS_TO_BYTES(size_bits) != BITS_TO_BYTES(curve->key_bits)) { 925 EMSG("Invalid size_bits %zu.", size_bits); 926 return TEE_ERROR_BAD_PARAMETERS; 927 } 928 929 ret = gen_random_k(key->d, curve->key_bits, curve->n); 930 if (ret) 931 return ret; 932 933 ret = hpre_ecc_request_init(curve, &msg, key->d, NULL); 934 if (ret) { 935 EMSG("Ecc key pair request init fail."); 936 return ret; 937 } 938 939 ret = hpre_do_ecc_task(&msg); 940 if (ret) { 941 EMSG("Fail to do ecc key pair task! ret = 0x%"PRIX16, ret); 942 goto done; 943 } 944 945 ecc_dh = &msg.param_size.ecc_dh; 946 ret = crypto_bignum_bin2bn(msg.out, ecc_dh->rx_bytes, key->x); 947 if (ret) { 948 EMSG("Fail to trans res x to bn."); 949 goto done; 950 } 951 952 ret = crypto_bignum_bin2bn(msg.out + msg.key_bytes, 953 ecc_dh->ry_bytes, key->y); 954 if (ret) 955 EMSG("Fail to trans res y to bn."); 956 done: 957 hpre_ecc_request_deinit(&msg); 958 return ret; 959 } 960 961 static TEE_Result hpre_ecc_do_shared_secret(struct drvcrypt_secret_data *sdata) 962 { 963 struct hpre_ecc_msg msg = { }; 964 const struct hpre_ecc_curve *curve = NULL; 965 struct ecc_public_key *pubkey = NULL; 966 struct ecc_keypair *ecc_key = NULL; 967 struct hpre_ecc_dh *ecc_dh = NULL; 968 TEE_Result ret = TEE_SUCCESS; 969 970 if (!sdata || !sdata->key_priv || !sdata->key_pub) { 971 EMSG("Invalid ecc_do_shared_secret input parameters."); 972 return TEE_ERROR_BAD_PARAMETERS; 973 } 974 975 ecc_key = sdata->key_priv; 976 pubkey = sdata->key_pub; 977 978 curve = get_curve_from_list(ecc_key->curve); 979 if (!curve) { 980 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 981 return TEE_ERROR_NOT_SUPPORTED; 982 } 983 984 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 985 EMSG("Invalid sdata size_sec %zu.", sdata->size_sec); 986 return TEE_ERROR_BAD_PARAMETERS; 987 } 988 989 ret = hpre_ecc_request_init(curve, &msg, ecc_key->d, pubkey); 990 if (ret) { 991 EMSG("Ecc shared secret request init fail."); 992 return ret; 993 } 994 995 ret = hpre_do_ecc_task(&msg); 996 if (ret) { 997 EMSG("Fail to do ecc shared secret task! ret = 0x%"PRIX32, 998 ret); 999 goto done; 1000 } 1001 1002 ecc_dh = &msg.param_size.ecc_dh; 1003 /* 1004 * Only take the x coordinate as the output result, according to 1005 * soft computing implementation. 1006 */ 1007 memcpy(sdata->secret.data, msg.out, ecc_dh->rx_bytes); 1008 sdata->secret.length = ecc_dh->rx_bytes; 1009 memzero_explicit(msg.out, ECC_DH_OUT_SIZE(msg.key_bytes)); 1010 1011 done: 1012 hpre_ecc_request_deinit(&msg); 1013 return ret; 1014 } 1015 1016 static enum hisi_drv_status 1017 hpre_ecc_sign_params_fill(const struct hpre_ecc_curve *curve, 1018 struct hpre_ecc_msg *msg, 1019 struct drvcrypt_sign_data *sdata, 1020 struct bignum *rand_k) 1021 { 1022 struct ecc_keypair *ecc_key = sdata->key; 1023 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign; 1024 uint8_t *p = msg->key; 1025 uint8_t *a = p + msg->key_bytes; 1026 uint8_t *d = a + msg->key_bytes; 1027 uint8_t *b = d + msg->key_bytes; 1028 uint8_t *n = b + msg->key_bytes; 1029 uint8_t *gx = n + msg->key_bytes; 1030 uint8_t *gy = gx + msg->key_bytes; 1031 uint8_t *e = msg->in; 1032 uint8_t *k = e + msg->key_bytes; 1033 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1034 1035 memcpy(p, curve->p, msg->curve_bytes); 1036 memcpy(a, curve->a, msg->curve_bytes); 1037 crypto_bignum_bn2bin(ecc_key->d, d); 1038 ecc_sign->d_bytes = crypto_bignum_num_bytes(ecc_key->d); 1039 memcpy(b, curve->b, msg->curve_bytes); 1040 memcpy(n, curve->n, msg->curve_bytes); 1041 memcpy(gx, curve->x, msg->curve_bytes); 1042 memcpy(gy, curve->y, msg->curve_bytes); 1043 crypto_bignum_bn2bin(rand_k, k); 1044 ecc_sign->k_bytes = crypto_bignum_num_bytes(rand_k); 1045 1046 ecc_sign->e_bytes = MIN(sdata->message.length, msg->curve_bytes); 1047 memcpy(e, sdata->message.data, ecc_sign->e_bytes); 1048 if (is_all_zero(e, ecc_sign->e_bytes, "ecc sign msg_e")) 1049 return HISI_QM_DRVCRYPT_EINVAL; 1050 1051 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes, 1052 msg->key_bytes); 1053 if (ret) 1054 return ret; 1055 1056 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, 1057 ecc_sign->d_bytes); 1058 if (ret) { 1059 EMSG("Fail to transfer ecdsa sign d"); 1060 return ret; 1061 } 1062 1063 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes, 1064 ecc_sign->e_bytes); 1065 if (ret) { 1066 EMSG("Fail to transfer ecdsa sign e"); 1067 return ret; 1068 } 1069 1070 ret = hpre_bin_from_crypto_bin(k, k, msg->key_bytes, 1071 ecc_sign->k_bytes); 1072 if (ret) 1073 EMSG("Fail to transfer ecdsa sign k"); 1074 1075 return ret; 1076 } 1077 1078 static enum hisi_drv_status hpre_ecc_sign_params_alloc(struct hpre_ecc_msg *msg) 1079 { 1080 uint32_t size = HPRE_ECC_SIGN_TOTAL_BUF_SIZE(msg->key_bytes); 1081 uint8_t *data = NULL; 1082 1083 data = calloc(1, size); 1084 if (!data) { 1085 EMSG("Fail to alloc ecc sign total buf"); 1086 return HISI_QM_DRVCRYPT_ENOMEM; 1087 } 1088 1089 msg->key = data; 1090 msg->key_dma = virt_to_phys(msg->key); 1091 if (!msg->key_dma) { 1092 EMSG("Fail to get key dma addr"); 1093 free(data); 1094 return HISI_QM_DRVCRYPT_EFAULT; 1095 } 1096 1097 msg->in = msg->key + ECC_SIGN_KEY_SIZE(msg->key_bytes); 1098 msg->in_dma = msg->key_dma + ECC_SIGN_KEY_SIZE(msg->key_bytes); 1099 msg->out = msg->in + ECC_SIGN_IN_SIZE(msg->key_bytes); 1100 msg->out_dma = msg->in_dma + ECC_SIGN_IN_SIZE(msg->key_bytes); 1101 1102 return HISI_QM_DRVCRYPT_NO_ERR; 1103 } 1104 1105 static void hpre_ecc_sign_request_deinit(struct hpre_ecc_msg *msg) 1106 { 1107 if (msg->key) { 1108 free_wipe(msg->key); 1109 msg->key = NULL; 1110 } 1111 } 1112 1113 static TEE_Result 1114 hpre_ecc_sign_request_init(const struct hpre_ecc_curve *curve, 1115 struct hpre_ecc_msg *msg, 1116 struct drvcrypt_sign_data *sdata, 1117 struct bignum *rand_k) 1118 { 1119 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1120 1121 if (curve->id == TEE_ECC_CURVE_SM2) 1122 msg->alg_type = HPRE_ALG_SM2_SIGN; 1123 else 1124 msg->alg_type = HPRE_ALG_ECDSA_SIGN; 1125 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 1126 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 1127 if (!msg->key_bytes) 1128 return TEE_ERROR_BAD_PARAMETERS; 1129 1130 ret = hpre_ecc_sign_params_alloc(msg); 1131 if (ret) 1132 return TEE_ERROR_OUT_OF_MEMORY; 1133 1134 ret = hpre_ecc_sign_params_fill(curve, msg, sdata, rand_k); 1135 if (ret) { 1136 hpre_ecc_sign_request_deinit(msg); 1137 return TEE_ERROR_BAD_STATE; 1138 } 1139 1140 msg->param_size.ecc_sign.r_bytes = msg->curve_bytes; 1141 msg->param_size.ecc_sign.s_bytes = msg->curve_bytes; 1142 1143 return TEE_SUCCESS; 1144 } 1145 1146 static TEE_Result hpre_ecdsa_param_check(struct drvcrypt_sign_data *sdata, 1147 const struct hpre_ecc_curve *curve) 1148 { 1149 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 1150 EMSG("Invalid sdata size_sec %zu", sdata->size_sec); 1151 return TEE_ERROR_BAD_PARAMETERS; 1152 } 1153 1154 return TEE_SUCCESS; 1155 } 1156 1157 static void hpre_ecc_sign_get_data_out(struct hpre_ecc_msg *msg, 1158 struct drvcrypt_sign_data *sdata) 1159 { 1160 struct hpre_ecc_sign *ecc_sign; 1161 1162 ecc_sign = &msg->param_size.ecc_sign; 1163 sdata->signature.length = ecc_sign->r_bytes + ecc_sign->s_bytes; 1164 memcpy(sdata->signature.data, msg->out, ecc_sign->r_bytes); 1165 memcpy(sdata->signature.data + ecc_sign->r_bytes, msg->out + 1166 msg->key_bytes, ecc_sign->s_bytes); 1167 } 1168 1169 static TEE_Result hpre_ecc_sign(struct drvcrypt_sign_data *sdata) 1170 { 1171 struct hpre_ecc_msg msg = { }; 1172 const struct hpre_ecc_curve *curve = NULL; 1173 struct ecc_keypair *ecc_key = NULL; 1174 struct bignum *rand_k = NULL; 1175 TEE_Result ret = TEE_SUCCESS; 1176 1177 if (!sdata || !sdata->key) { 1178 EMSG("Invalid ecc_sign input parameters"); 1179 return TEE_ERROR_BAD_PARAMETERS; 1180 } 1181 1182 ecc_key = sdata->key; 1183 1184 curve = get_curve_from_list(ecc_key->curve); 1185 if (!curve) { 1186 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 1187 return TEE_ERROR_NOT_SUPPORTED; 1188 } 1189 1190 ret = hpre_ecdsa_param_check(sdata, curve); 1191 if (ret) 1192 return ret; 1193 1194 rand_k = crypto_bignum_allocate(curve->key_bits); 1195 if (!rand_k) { 1196 EMSG("Fail to alloc private k"); 1197 return TEE_ERROR_OUT_OF_MEMORY; 1198 } 1199 1200 ret = gen_random_k(rand_k, curve->key_bits, curve->n); 1201 if (ret) 1202 goto free_key; 1203 1204 ret = hpre_ecc_sign_request_init(curve, &msg, sdata, rand_k); 1205 if (ret) { 1206 EMSG("Ecc sign request init fail"); 1207 goto free_key; 1208 } 1209 1210 ret = hpre_do_ecc_task(&msg); 1211 if (ret) { 1212 EMSG("Fail to do ecc sign task! ret = 0x%"PRIX16, ret); 1213 goto done; 1214 } 1215 1216 hpre_ecc_sign_get_data_out(&msg, sdata); 1217 1218 done: 1219 hpre_ecc_sign_request_deinit(&msg); 1220 free_key: 1221 crypto_bignum_free(&rand_k); 1222 1223 return ret; 1224 } 1225 1226 static enum hisi_drv_status 1227 hpre_ecc_verify_transfer_key(struct hpre_ecc_msg *msg) 1228 { 1229 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1230 uint8_t *p = msg->key; 1231 uint8_t *a = p + msg->key_bytes; 1232 uint8_t *b = a + msg->key_bytes; 1233 uint8_t *n = b + msg->key_bytes; 1234 uint8_t *gx = n + msg->key_bytes; 1235 uint8_t *gy = gx + msg->key_bytes; 1236 uint8_t *pubx = gy + msg->key_bytes; 1237 uint8_t *puby = pubx + msg->key_bytes; 1238 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1239 1240 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes, 1241 msg->key_bytes); 1242 if (ret) 1243 return ret; 1244 1245 ret = hpre_bin_from_crypto_bin(pubx, pubx, msg->key_bytes, 1246 ecc_verify->pubx_bytes); 1247 if (ret) { 1248 EMSG("Fail to transfer ecdsa verify pub_x"); 1249 return ret; 1250 } 1251 1252 ret = hpre_bin_from_crypto_bin(puby, puby, msg->key_bytes, 1253 ecc_verify->puby_bytes); 1254 if (ret) 1255 EMSG("Fail to transfer ecdsa verify pub_y"); 1256 1257 return ret; 1258 } 1259 1260 static enum hisi_drv_status 1261 hpre_ecc_verify_transfer_in(struct hpre_ecc_msg *msg) 1262 { 1263 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1264 uint8_t *e = msg->in; 1265 uint8_t *s = e + msg->key_bytes; 1266 uint8_t *r = s + msg->key_bytes; 1267 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1268 1269 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes, 1270 ecc_verify->e_bytes); 1271 if (ret) { 1272 EMSG("Fail to transfer ecdsa verify e"); 1273 return ret; 1274 } 1275 1276 ret = hpre_bin_from_crypto_bin(s, s, msg->key_bytes, 1277 ecc_verify->s_bytes); 1278 if (ret) { 1279 EMSG("Fail to transfer ecdsa verify s"); 1280 return ret; 1281 } 1282 1283 ret = hpre_bin_from_crypto_bin(r, r, msg->key_bytes, 1284 ecc_verify->r_bytes); 1285 if (ret) 1286 EMSG("Fail to transfer ecdsa verify r"); 1287 1288 return ret; 1289 } 1290 1291 static TEE_Result 1292 hpre_ecc_verify_params_fill(const struct hpre_ecc_curve *curve, 1293 struct hpre_ecc_msg *msg, 1294 struct drvcrypt_sign_data *sdata) 1295 { 1296 struct ecc_public_key *ecc_key = sdata->key; 1297 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1298 uint8_t *p = msg->key; 1299 uint8_t *a = p + msg->key_bytes; 1300 uint8_t *b = a + msg->key_bytes; 1301 uint8_t *n = b + msg->key_bytes; 1302 uint8_t *gx = n + msg->key_bytes; 1303 uint8_t *gy = gx + msg->key_bytes; 1304 uint8_t *pubx = gy + msg->key_bytes; 1305 uint8_t *puby = pubx + msg->key_bytes; 1306 uint8_t *e = msg->in; 1307 uint8_t *s = e + msg->key_bytes; 1308 uint8_t *r = s + msg->key_bytes; 1309 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1310 1311 memcpy(p, curve->p, msg->curve_bytes); 1312 memcpy(a, curve->a, msg->curve_bytes); 1313 memcpy(b, curve->b, msg->curve_bytes); 1314 memcpy(n, curve->n, msg->curve_bytes); 1315 memcpy(gx, curve->x, msg->curve_bytes); 1316 memcpy(gy, curve->y, msg->curve_bytes); 1317 crypto_bignum_bn2bin(ecc_key->x, pubx); 1318 ecc_verify->pubx_bytes = crypto_bignum_num_bytes(ecc_key->x); 1319 crypto_bignum_bn2bin(ecc_key->y, puby); 1320 ecc_verify->puby_bytes = crypto_bignum_num_bytes(ecc_key->y); 1321 1322 ecc_verify->e_bytes = MIN(sdata->message.length, msg->curve_bytes); 1323 memcpy(e, sdata->message.data, ecc_verify->e_bytes); 1324 if (is_all_zero(e, ecc_verify->e_bytes, "ecc verify msg_e")) 1325 return TEE_ERROR_BAD_PARAMETERS; 1326 1327 /* user should make param r and s be full width */ 1328 ecc_verify->r_bytes = sdata->signature.length >> 1; 1329 memcpy(r, sdata->signature.data, ecc_verify->r_bytes); 1330 ecc_verify->s_bytes = ecc_verify->r_bytes; 1331 memcpy(s, sdata->signature.data + ecc_verify->r_bytes, 1332 ecc_verify->s_bytes); 1333 1334 ret = hpre_ecc_verify_transfer_key(msg); 1335 if (ret) 1336 return TEE_ERROR_BAD_STATE; 1337 1338 ret = hpre_ecc_verify_transfer_in(msg); 1339 if (ret) 1340 return TEE_ERROR_BAD_STATE; 1341 1342 return TEE_SUCCESS; 1343 } 1344 1345 static enum hisi_drv_status 1346 hpre_ecc_verify_params_alloc(struct hpre_ecc_msg *msg) 1347 { 1348 uint32_t size = HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(msg->key_bytes); 1349 uint8_t *data = NULL; 1350 1351 data = calloc(1, size); 1352 if (!data) { 1353 EMSG("Fail to alloc ecc verify total buf"); 1354 return HISI_QM_DRVCRYPT_ENOMEM; 1355 } 1356 1357 msg->key = data; 1358 msg->key_dma = virt_to_phys(msg->key); 1359 if (!msg->key_dma) { 1360 EMSG("Fail to get key dma addr"); 1361 free(data); 1362 return HISI_QM_DRVCRYPT_EFAULT; 1363 } 1364 1365 msg->in = msg->key + ECC_VERIF_KEY_SIZE(msg->key_bytes); 1366 msg->in_dma = msg->key_dma + ECC_VERIF_KEY_SIZE(msg->key_bytes); 1367 msg->out = msg->in + ECC_VERIF_IN_SIZE(msg->key_bytes); 1368 msg->out_dma = msg->in_dma + ECC_VERIF_IN_SIZE(msg->key_bytes); 1369 1370 return HISI_QM_DRVCRYPT_NO_ERR; 1371 } 1372 1373 static void hpre_ecc_verify_request_deinit(struct hpre_ecc_msg *msg) 1374 { 1375 if (msg->key) { 1376 free_wipe(msg->key); 1377 msg->key = NULL; 1378 } 1379 } 1380 1381 static TEE_Result 1382 hpre_ecc_verify_request_init(const struct hpre_ecc_curve *curve, 1383 struct hpre_ecc_msg *msg, 1384 struct drvcrypt_sign_data *sdata) 1385 { 1386 int32_t ret = 0; 1387 1388 if (curve->id == TEE_ECC_CURVE_SM2) 1389 msg->alg_type = HPRE_ALG_SM2_VERF; 1390 else 1391 msg->alg_type = HPRE_ALG_ECDSA_VERF; 1392 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 1393 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 1394 if (!msg->key_bytes) 1395 return TEE_ERROR_BAD_PARAMETERS; 1396 1397 ret = hpre_ecc_verify_params_alloc(msg); 1398 if (ret) 1399 return TEE_ERROR_OUT_OF_MEMORY; 1400 1401 ret = hpre_ecc_verify_params_fill(curve, msg, sdata); 1402 if (ret) { 1403 hpre_ecc_verify_request_deinit(msg); 1404 return TEE_ERROR_BAD_STATE; 1405 } 1406 1407 return TEE_SUCCESS; 1408 } 1409 1410 static TEE_Result hpre_ecc_verify(struct drvcrypt_sign_data *sdata) 1411 { 1412 struct hpre_ecc_msg msg = { }; 1413 const struct hpre_ecc_curve *curve = NULL; 1414 struct ecc_public_key *pub_key = NULL; 1415 TEE_Result ret = TEE_SUCCESS; 1416 1417 if (!sdata || !sdata->key) { 1418 EMSG("Invalid ecc_verify input parameters"); 1419 return TEE_ERROR_BAD_PARAMETERS; 1420 } 1421 1422 pub_key = sdata->key; 1423 1424 curve = get_curve_from_list(pub_key->curve); 1425 if (!curve) { 1426 EMSG("Fail to get valid curve, id %"PRIu32, pub_key->curve); 1427 return TEE_ERROR_NOT_SUPPORTED; 1428 } 1429 1430 ret = hpre_ecdsa_param_check(sdata, curve); 1431 if (ret) 1432 return ret; 1433 1434 ret = hpre_ecc_verify_request_init(curve, &msg, sdata); 1435 if (ret) { 1436 EMSG("Ecc verify request init fail"); 1437 return ret; 1438 } 1439 1440 ret = hpre_do_ecc_task(&msg); 1441 if (ret) { 1442 EMSG("Fail to do ecc verify task! ret = 0x%"PRIX16, ret); 1443 goto done; 1444 } 1445 1446 if (msg.result == ECC_VERIFY_ERR) { 1447 EMSG("Hpre ecc verify fail"); 1448 ret = TEE_ERROR_SIGNATURE_INVALID; 1449 } 1450 1451 done: 1452 hpre_ecc_verify_request_deinit(&msg); 1453 return ret; 1454 } 1455 1456 static struct drvcrypt_ecc driver_ecc = { 1457 .alloc_keypair = hpre_ecc_alloc_keypair, 1458 .alloc_publickey = hpre_ecc_alloc_publickey, 1459 .free_publickey = hpre_ecc_free_publickey, 1460 .gen_keypair = hpre_ecc_gen_keypair, 1461 .shared_secret = hpre_ecc_do_shared_secret, 1462 .sign = hpre_ecc_sign, 1463 .verify = hpre_ecc_verify, 1464 }; 1465 1466 static TEE_Result hpre_ecc_init(void) 1467 { 1468 TEE_Result ret = drvcrypt_register_ecc(&driver_ecc); 1469 1470 if (ret != TEE_SUCCESS) 1471 EMSG("Hpre ecc register to crypto fail"); 1472 1473 return ret; 1474 } 1475 1476 driver_init(hpre_ecc_init); 1477