1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2022, HiSilicon Technologies Co., Ltd.
4 * Kunpeng hardware accelerator hpre ecc algorithm implementation.
5 */
6 #include <drvcrypt.h>
7 #include <drvcrypt_acipher.h>
8 #include <initcall.h>
9 #include <malloc.h>
10 #include <rng_support.h>
11 #include <stdlib_ext.h>
12 #include <string.h>
13 #include <string_ext.h>
14 #include <trace.h>
15
16 #include "hpre_main.h"
17 #include "hpre_ecc.h"
18
19 #define ECC_DH_IN_PARAM_NUM 2
20 #define ECC_DH_KEY_PARAM_NUM 4
21 #define ECC_DH_OUT_PARAM_NUM 2
22 #define ECC_DH_IN_SIZE(hsz) ((hsz) * ECC_DH_IN_PARAM_NUM)
23 #define ECC_DH_KEY_SIZE(hsz) ((hsz) * ECC_DH_KEY_PARAM_NUM)
24 #define ECC_DH_OUT_SIZE(hsz) ((hsz) * ECC_DH_OUT_PARAM_NUM)
25
26 #define ECC_SIGN_IN_PARAM_NUM 2
27 #define ECC_SIGN_KEY_PARAM_NUM 7
28 #define SM2_DEC_KEY_PARAM_NUM 4
29 #define SM2_DEC_IN_PARAM_NUM 4
30 #define ECC_SIGN_OUT_PARAM_NUM 2
31 #define ECC_SIGN_IN_SIZE(hsz) ((hsz) * ECC_SIGN_IN_PARAM_NUM)
32 #define ECC_SIGN_KEY_SIZE(hsz) ((hsz) * ECC_SIGN_KEY_PARAM_NUM)
33 #define ECC_SIGN_OUT_SIZE(hsz) ((hsz) * ECC_SIGN_OUT_PARAM_NUM)
34
35 #define ECC_VERIF_IN_PARAM_NUM 3
36 #define ECC_VERIF_KEY_PARAM_NUM 8
37 #define SM2_ENC_KEY_PARAM_NUM 8
38 #define ECC_VERIF_IN_SIZE(hsz) ((hsz) * ECC_VERIF_IN_PARAM_NUM)
39 #define ECC_VERIF_KEY_SIZE(hsz) ((hsz) * ECC_VERIF_KEY_PARAM_NUM)
40 #define SM2_ENC_KEY_SIZE(hsz) ((hsz) * SM2_ENC_KEY_PARAM_NUM)
41 #define SM2_DEC_KEY_SIZE(hsz) ((hsz) * SM2_DEC_KEY_PARAM_NUM)
42 #define ECC_POINT_PARAM_NUM 2
43 #define MAX_SM2_MLEN 512
44
45 #define HPRE_ECC_DH_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 8)
46 #define HPRE_ECC_SIGN_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11)
47 #define HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11)
48 #define HPRE_SM2_ENC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \
49 ((key_bytes) * 12 + (sm2_mlen) * 2)
50 #define HPRE_SM2_DEC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \
51 ((key_bytes) * 7 + (sm2_mlen) * 2)
52
53 #define SM2_X2Y2_LEN 64
54
55 struct hpre_ecc_curve {
56 const uint32_t id;
57 const uint32_t key_bits;
58 const uint8_t *p;
59 const uint8_t *a;
60 const uint8_t *b;
61 const uint8_t *x;
62 const uint8_t *y;
63 const uint8_t *n;
64 };
65
66 /* NID_X9_62_prime192v1 */
67 static const uint8_t g_prime192v1_p[] = {
68 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
69 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
70 };
71
72 static const uint8_t g_prime192v1_a[] = {
73 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
74 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC
75 };
76
77 static const uint8_t g_prime192v1_b[] = {
78 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB,
79 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1
80 };
81
82 static const uint8_t g_prime192v1_gx[] = {
83 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB,
84 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12
85 };
86
87 static const uint8_t g_prime192v1_gy[] = {
88 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed,
89 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11
90 };
91
92 static const uint8_t g_prime192v1_n[] = {
93 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
94 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
95 };
96
97 /* NID_secp224r1 */
98 static const uint8_t g_secp224r1_p[] = {
99 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
100 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101 0x00, 0x00, 0x00, 0x01
102 };
103
104 static const uint8_t g_secp224r1_a[] = {
105 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
106 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
107 0xFF, 0xFF, 0xFF, 0xFE
108 };
109
110 static const uint8_t g_secp224r1_b[] = {
111 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
112 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
113 0x23, 0x55, 0xFF, 0xB4
114 };
115
116 static const uint8_t g_secp224r1_gx[] = {
117 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
118 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
119 0x11, 0x5C, 0x1D, 0x21
120 };
121
122 static const uint8_t g_secp224r1_gy[] = {
123 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
124 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
125 0x85, 0x00, 0x7e, 0x34
126 };
127
128 static const uint8_t g_secp224r1_n[] = {
129 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
131 0x5C, 0x5C, 0x2A, 0x3D
132 };
133
134 /* NID_X9_62_prime256v1 */
135 static const uint8_t g_prime256v1_p[] = {
136 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
139 };
140
141 static const uint8_t g_prime256v1_a[] = {
142 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
144 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC
145 };
146
147 static const uint8_t g_prime256v1_b[] = {
148 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
149 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
150 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B
151 };
152
153 static const uint8_t g_prime256v1_gx[] = {
154 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
155 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
156 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96
157 };
158
159 static const uint8_t g_prime256v1_gy[] = {
160 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
161 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
162 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
163 };
164
165 static const uint8_t g_prime256v1_n[] = {
166 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
167 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
168 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
169 };
170
171 /* NID_secp384r1 */
172 static const uint8_t g_secp384r1_p[] = {
173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
174 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
175 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF
177 };
178
179 static const uint8_t g_secp384r1_a[] = {
180 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
181 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
182 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC
184 };
185
186 static const uint8_t g_secp384r1_b[] = {
187 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
188 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
189 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
190 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF
191 };
192
193 static const uint8_t g_secp384r1_gx[] = {
194 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
195 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
196 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
197 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7
198 };
199
200 static const uint8_t g_secp384r1_gy[] = {
201 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
202 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
203 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
204 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
205 };
206
207 static const uint8_t g_secp384r1_n[] = {
208 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
209 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
210 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
211 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
212 };
213
214 /* NID_secp521r1 */
215 static const uint8_t g_secp521r1_p[] = {
216 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
217 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
218 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
222 };
223
224 static const uint8_t g_secp521r1_a[] = {
225 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
226 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
227 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
229 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
230 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC
231 };
232
233 static const uint8_t g_secp521r1_b[] = {
234 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
235 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
236 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
237 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
238 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
239 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00
240 };
241
242 static const uint8_t g_secp521r1_gx[] = {
243 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
244 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
245 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
246 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
247 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
248 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66
249 };
250
251 static const uint8_t g_secp521r1_gy[] = {
252 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
253 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
254 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
255 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
256 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
257 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50
258 };
259
260 static const uint8_t g_secp521r1_n[] = {
261 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
262 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
263 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
264 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
265 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
266 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
267 };
268
269 /* NID_SM2 */
270 static const uint8_t g_sm2_p[] = {
271 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
273 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
274 };
275
276 static const uint8_t g_sm2_a[] = {
277 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
278 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc
280 };
281
282 static const uint8_t g_sm2_b[] = {
283 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
284 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
285 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93
286 };
287
288 static const uint8_t g_sm2_gx[] = {
289 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
290 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
291 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7
292 };
293
294 static const uint8_t g_sm2_gy[] = {
295 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
296 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
297 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0
298 };
299
300 static const uint8_t g_sm2_n[] = {
301 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
302 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
303 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
304 };
305
306 static const struct hpre_ecc_curve g_curve_list[] = {
307 {
308 .id = TEE_ECC_CURVE_NIST_P192,
309 .key_bits = 192,
310 .p = g_prime192v1_p,
311 .a = g_prime192v1_a,
312 .b = g_prime192v1_b,
313 .x = g_prime192v1_gx,
314 .y = g_prime192v1_gy,
315 .n = g_prime192v1_n,
316 },
317 {
318 .id = TEE_ECC_CURVE_NIST_P224,
319 .key_bits = 224,
320 .p = g_secp224r1_p,
321 .a = g_secp224r1_a,
322 .b = g_secp224r1_b,
323 .x = g_secp224r1_gx,
324 .y = g_secp224r1_gy,
325 .n = g_secp224r1_n,
326 },
327 {
328 .id = TEE_ECC_CURVE_NIST_P256,
329 .key_bits = 256,
330 .p = g_prime256v1_p,
331 .a = g_prime256v1_a,
332 .b = g_prime256v1_b,
333 .x = g_prime256v1_gx,
334 .y = g_prime256v1_gy,
335 .n = g_prime256v1_n,
336 },
337 {
338 .id = TEE_ECC_CURVE_NIST_P384,
339 .key_bits = 384,
340 .p = g_secp384r1_p,
341 .a = g_secp384r1_a,
342 .b = g_secp384r1_b,
343 .x = g_secp384r1_gx,
344 .y = g_secp384r1_gy,
345 .n = g_secp384r1_n,
346 },
347 {
348 .id = TEE_ECC_CURVE_NIST_P521,
349 .key_bits = 521,
350 .p = g_secp521r1_p,
351 .a = g_secp521r1_a,
352 .b = g_secp521r1_b,
353 .x = g_secp521r1_gx,
354 .y = g_secp521r1_gy,
355 .n = g_secp521r1_n,
356 },
357 {
358 .id = TEE_ECC_CURVE_SM2,
359 .key_bits = 256,
360 .p = g_sm2_p,
361 .a = g_sm2_a,
362 .b = g_sm2_b,
363 .x = g_sm2_gx,
364 .y = g_sm2_gy,
365 .n = g_sm2_n,
366 }
367 };
368
is_all_zero(uint8_t * data,uint32_t size,const char * p_name)369 static bool is_all_zero(uint8_t *data, uint32_t size, const char *p_name)
370 {
371 uint32_t i = 0;
372
373 for (i = 0; i < size; i++) {
374 if (data[i])
375 return false;
376 }
377
378 EMSG("Error: %s all zero", p_name);
379
380 return true;
381 }
382
hpre_ecc_curve_to_hpre_bin(uint8_t * p,uint8_t * a,uint8_t * b,uint8_t * n,uint8_t * gx,uint8_t * gy,uint32_t curve_bytes,uint32_t key_bytes)383 static enum hisi_drv_status hpre_ecc_curve_to_hpre_bin(uint8_t *p, uint8_t *a,
384 uint8_t *b, uint8_t *n,
385 uint8_t *gx, uint8_t *gy,
386 uint32_t curve_bytes,
387 uint32_t key_bytes)
388 {
389 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
390
391 ret = hpre_bin_from_crypto_bin(p, p, key_bytes, curve_bytes);
392 if (ret) {
393 EMSG("Fail to transfer p from crypto_bin to hpre_bin");
394 return ret;
395 }
396
397 ret = hpre_bin_from_crypto_bin(a, a, key_bytes, curve_bytes);
398 if (ret) {
399 EMSG("Fail to transfer a from crypto_bin to hpre_bin");
400 return ret;
401 }
402
403 ret = hpre_bin_from_crypto_bin(b, b, key_bytes, curve_bytes);
404 if (ret) {
405 EMSG("Fail to transfer b from crypto_bin to hpre_bin");
406 return ret;
407 }
408
409 if (n) {
410 ret = hpre_bin_from_crypto_bin(n, n, key_bytes, curve_bytes);
411 if (ret) {
412 EMSG("Fail to transfer n from crypto_bin to hpre_bin");
413 return ret;
414 }
415 }
416
417 if (gx) {
418 ret = hpre_bin_from_crypto_bin(gx, gx, key_bytes, curve_bytes);
419 if (ret) {
420 EMSG("Fail to transfer gx from crypto_bin to hpre_bin");
421 return ret;
422 }
423 }
424
425 if (gy) {
426 ret = hpre_bin_from_crypto_bin(gy, gy, key_bytes, curve_bytes);
427 if (ret)
428 EMSG("Fail to transfer gy from crypto_bin to hpre_bin");
429 }
430
431 return ret;
432 }
433
hpre_ecc_fill_sqe(void * bd,void * info)434 static enum hisi_drv_status hpre_ecc_fill_sqe(void *bd, void *info)
435 {
436 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info;
437 struct hpre_sqe *sqe = (struct hpre_sqe *)bd;
438
439 sqe->w0 = msg->alg_type | SHIFT_U32(0x1, HPRE_DONE_SHIFT);
440 sqe->task_len1 = TASK_LENGTH(msg->key_bytes);
441 sqe->ext1 = msg->sm2_sp << HPRE_SQE_BD_RSV2_SHIFT;
442
443 if (msg->alg_type == HPRE_ALG_SM2_ENC ||
444 msg->alg_type == HPRE_ALG_SM2_DEC)
445 sqe->sm2enc_klen = msg->sm2_mlen - 1;
446
447 if (msg->alg_type == HPRE_ALG_SM2_SIGN ||
448 msg->alg_type == HPRE_ALG_SM2_ENC)
449 sqe->ext1 |= SHIFT_U32(0x1, HPRE_SQE_SM2_KSEL_SHIFT);
450
451 sqe->key = msg->key_dma;
452 sqe->in = msg->in_dma;
453 if (msg->alg_type != HPRE_ALG_ECDSA_VERF &&
454 msg->alg_type != HPRE_ALG_SM2_VERF)
455 sqe->out = msg->out_dma;
456
457 return HISI_QM_DRVCRYPT_NO_ERR;
458 }
459
ecc_dh_out_to_crypto_bin(struct hpre_ecc_msg * msg)460 static enum hisi_drv_status ecc_dh_out_to_crypto_bin(struct hpre_ecc_msg *msg)
461 {
462 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh;
463 uint8_t *rx = msg->out;
464 uint8_t *ry = rx + msg->key_bytes;
465 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
466
467 ret = hpre_bin_to_crypto_bin(rx, rx, msg->key_bytes,
468 ecc_dh->rx_bytes);
469 if (ret) {
470 EMSG("Fail to transfer ecc dh rx from hpre_bin to crypto_bin");
471 return ret;
472 }
473
474 ret = hpre_bin_to_crypto_bin(ry, ry, msg->key_bytes,
475 ecc_dh->ry_bytes);
476 if (ret)
477 EMSG("Fail to transfer ecc dh ry from hpre_bin to crypto_bin");
478
479 return ret;
480 }
481
ecc_sign_out_to_crypto_bin(struct hpre_ecc_msg * msg)482 static enum hisi_drv_status ecc_sign_out_to_crypto_bin(struct hpre_ecc_msg *msg)
483 {
484 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign;
485 uint8_t *r = msg->out;
486 uint8_t *s = r + msg->key_bytes;
487 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
488
489 ret = hpre_bin_to_crypto_bin(r, r, msg->key_bytes,
490 ecc_sign->r_bytes);
491 if (ret) {
492 EMSG("Fail to transfer ecc sign r from hpre_bin to crypto_bin");
493 return ret;
494 }
495
496 ret = hpre_bin_to_crypto_bin(s, s, msg->key_bytes,
497 ecc_sign->s_bytes);
498 if (ret)
499 EMSG("Fail to transfer ecc sign s from hpre_bin to crypto_bin");
500
501 return ret;
502 }
503
hpre_ecc_verify_get_result(struct hpre_ecc_msg * msg,struct hpre_sqe * sqe)504 static enum hisi_drv_status hpre_ecc_verify_get_result(struct hpre_ecc_msg *msg,
505 struct hpre_sqe *sqe)
506 {
507 if (sqe->out & BIT64(1)) {
508 msg->result = ECC_VERIFY_SUCCESS;
509 return HISI_QM_DRVCRYPT_NO_ERR;
510 }
511
512 msg->result = ECC_VERIFY_ERR;
513 return HISI_QM_DRVCRYPT_VERIFY_ERR;
514 }
515
516 static enum hisi_drv_status
hpre_ecc_out_to_crypto_bin(struct hpre_ecc_msg * msg,struct hpre_sqe * sqe)517 hpre_ecc_out_to_crypto_bin(struct hpre_ecc_msg *msg, struct hpre_sqe *sqe)
518 {
519 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
520
521 switch (msg->alg_type) {
522 case HPRE_ALG_ECDH_MULTIPLY:
523 ret = ecc_dh_out_to_crypto_bin(msg);
524 break;
525 case HPRE_ALG_ECDSA_SIGN:
526 case HPRE_ALG_SM2_SIGN:
527 ret = ecc_sign_out_to_crypto_bin(msg);
528 break;
529 case HPRE_ALG_ECDSA_VERF:
530 case HPRE_ALG_SM2_VERF:
531 ret = hpre_ecc_verify_get_result(msg, sqe);
532 break;
533 default:
534 EMSG("Invalid alg type.");
535 return HISI_QM_DRVCRYPT_EINVAL;
536 }
537
538 return ret;
539 }
540
hpre_ecc_parse_sqe(void * bd,void * info)541 static enum hisi_drv_status hpre_ecc_parse_sqe(void *bd, void *info)
542 {
543 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info;
544 struct hpre_sqe *sqe = (struct hpre_sqe *)bd;
545 uint16_t err = 0;
546 uint16_t err1 = 0;
547 uint16_t done = 0;
548
549 err = HPRE_TASK_ETYPE(sqe->w0);
550 err1 = HPRE_TASK_ETYPE1(sqe->w0);
551 done = HPRE_TASK_DONE(sqe->w0);
552 if (done != HPRE_HW_TASK_DONE || err || err1) {
553 EMSG("HPRE do ecc fail! done=0x%"PRIX16", etype=0x%"PRIX16
554 ",etype1=0x%"PRIX16, done, err, err1);
555
556 if (done == HPRE_HW_TASK_INIT)
557 return HISI_QM_DRVCRYPT_ENOPROC;
558
559 return HISI_QM_DRVCRYPT_IN_EPARA;
560 }
561
562 if (hpre_ecc_out_to_crypto_bin(msg, sqe)) {
563 EMSG("HPRE qm transfer ecc out fail.");
564 return HISI_QM_DRVCRYPT_EINVAL;
565 }
566
567 return HISI_QM_DRVCRYPT_NO_ERR;
568 }
569
hpre_do_ecc_task(void * msg)570 static TEE_Result hpre_do_ecc_task(void *msg)
571 {
572 struct hisi_qp *ecc_qp = NULL;
573 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
574
575 ecc_qp = hpre_create_qp(HISI_QM_CHANNEL_TYPE1);
576 if (!ecc_qp) {
577 EMSG("Fail to create ecc qp");
578 return TEE_ERROR_BUSY;
579 }
580
581 ecc_qp->fill_sqe = hpre_ecc_fill_sqe;
582 ecc_qp->parse_sqe = hpre_ecc_parse_sqe;
583 ret = hisi_qp_send(ecc_qp, msg);
584 if (ret) {
585 EMSG("Fail to send task, ret=%d", ret);
586 hisi_qm_release_qp(ecc_qp);
587 return TEE_ERROR_BAD_STATE;
588 }
589
590 ret = hisi_qp_recv_sync(ecc_qp, msg);
591 if (ret) {
592 EMSG("Recv task error, ret=%d", ret);
593 hisi_qm_release_qp(ecc_qp);
594 return TEE_ERROR_BAD_STATE;
595 }
596
597 hisi_qm_release_qp(ecc_qp);
598
599 return TEE_SUCCESS;
600 }
601
key_size_is_supported(size_t key_bits)602 static bool key_size_is_supported(size_t key_bits)
603 {
604 return (key_bits == 192 || key_bits == 224 || key_bits == 256 ||
605 key_bits == 384 || key_bits == 448 || key_bits == 512 ||
606 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(521) ||
607 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(225));
608 }
609
hpre_ecc_alloc_keypair(struct ecc_keypair * key,uint32_t type __unused,size_t size_bits)610 static TEE_Result hpre_ecc_alloc_keypair(struct ecc_keypair *key,
611 uint32_t type __unused,
612 size_t size_bits)
613 {
614 if (!key || !key_size_is_supported(size_bits)) {
615 EMSG("Invalid input params.");
616 return TEE_ERROR_BAD_PARAMETERS;
617 }
618
619 memset(key, 0, sizeof(*key));
620
621 key->d = crypto_bignum_allocate(size_bits);
622 if (!key->d)
623 goto d_err;
624
625 key->x = crypto_bignum_allocate(size_bits);
626 if (!key->x)
627 goto x_err;
628
629 key->y = crypto_bignum_allocate(size_bits);
630 if (!key->y)
631 goto y_err;
632
633 return TEE_SUCCESS;
634
635 y_err:
636 crypto_bignum_free(&key->x);
637 x_err:
638 crypto_bignum_free(&key->d);
639 d_err:
640 EMSG("Hpre ecc alloc key pair fail.");
641
642 return TEE_ERROR_OUT_OF_MEMORY;
643 }
644
hpre_ecc_alloc_publickey(struct ecc_public_key * key,uint32_t type __unused,size_t size_bits)645 static TEE_Result hpre_ecc_alloc_publickey(struct ecc_public_key *key,
646 uint32_t type __unused,
647 size_t size_bits)
648 {
649 if (!key || !key_size_is_supported(size_bits)) {
650 EMSG("Invalid input params.");
651 return TEE_ERROR_BAD_PARAMETERS;
652 }
653
654 memset(key, 0, sizeof(*key));
655
656 key->x = crypto_bignum_allocate(size_bits);
657 if (!key->x)
658 goto x_err;
659
660 key->y = crypto_bignum_allocate(size_bits);
661 if (!key->y)
662 goto y_err;
663
664 return TEE_SUCCESS;
665
666 y_err:
667 crypto_bignum_free(&key->x);
668 x_err:
669 EMSG("Hpre ecc alloc publickey fail.");
670
671 return TEE_ERROR_OUT_OF_MEMORY;
672 }
673
hpre_ecc_free_publickey(struct ecc_public_key * key)674 static void hpre_ecc_free_publickey(struct ecc_public_key *key)
675 {
676 if (key) {
677 crypto_bignum_free(&key->x);
678 crypto_bignum_free(&key->y);
679 }
680 }
681
get_curve_from_list(uint32_t curve_id)682 static const struct hpre_ecc_curve *get_curve_from_list(uint32_t curve_id)
683 {
684 size_t i = 0;
685
686 for (i = 0; i < ARRAY_SIZE(g_curve_list); i++) {
687 if (g_curve_list[i].id == curve_id)
688 return &g_curve_list[i];
689 }
690
691 return NULL;
692 }
693
hpre_ecc_get_hw_kbytes(size_t key_bits)694 static size_t hpre_ecc_get_hw_kbytes(size_t key_bits)
695 {
696 size_t size = 0;
697
698 if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(256))
699 size = BITS_TO_BYTES(256);
700 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(384))
701 size = BITS_TO_BYTES(384);
702 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(576))
703 size = BITS_TO_BYTES(576);
704 else
705 EMSG("Fail to get key buffer size.");
706
707 return size;
708 }
709
hpre_ecc_dh_transfer_key(struct hpre_ecc_msg * msg)710 static enum hisi_drv_status hpre_ecc_dh_transfer_key(struct hpre_ecc_msg *msg)
711 {
712 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh;
713 uint8_t *p = msg->key;
714 uint8_t *a = p + msg->key_bytes;
715 uint8_t *d = a + msg->key_bytes;
716 uint8_t *b = d + msg->key_bytes;
717 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
718
719 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, NULL, NULL, NULL,
720 msg->curve_bytes, msg->key_bytes);
721 if (ret)
722 return ret;
723
724 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, ecc_dh->d_bytes);
725 if (ret)
726 EMSG("Fail to transfer ecc dh d from crypto_bin to hpre_bin");
727
728 return ret;
729 }
730
hpre_ecc_dh_transfer_in(struct hpre_ecc_msg * msg)731 static enum hisi_drv_status hpre_ecc_dh_transfer_in(struct hpre_ecc_msg *msg)
732 {
733 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh;
734 uint8_t *x = msg->in;
735 uint8_t *y = x + msg->key_bytes;
736 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
737
738 ret = hpre_bin_from_crypto_bin(x, x, msg->key_bytes,
739 ecc_dh->x_bytes);
740 if (ret) {
741 EMSG("Fail to transfer ecdh gx from crypto_bin to hpre_bin");
742 return ret;
743 }
744
745 ret = hpre_bin_from_crypto_bin(y, y, msg->key_bytes,
746 ecc_dh->y_bytes);
747 if (ret)
748 EMSG("Fail to transfer ecdh gy from crypto_bin to hpre_bin");
749
750 return ret;
751 }
752
753 static enum hisi_drv_status
hpre_ecc_dh_params_fill(const struct hpre_ecc_curve * curve,struct hpre_ecc_msg * msg,struct bignum * privkey,struct ecc_public_key * pubkey)754 hpre_ecc_dh_params_fill(const struct hpre_ecc_curve *curve,
755 struct hpre_ecc_msg *msg, struct bignum *privkey,
756 struct ecc_public_key *pubkey)
757 {
758 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh;
759 uint8_t *p = msg->key;
760 uint8_t *a = p + msg->key_bytes;
761 uint8_t *d = a + msg->key_bytes;
762 uint8_t *b = d + msg->key_bytes;
763 uint8_t *x = msg->in;
764 uint8_t *y = x + msg->key_bytes;
765 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
766
767 memcpy(p, curve->p, msg->curve_bytes);
768 memcpy(a, curve->a, msg->curve_bytes);
769 crypto_bignum_bn2bin(privkey, d);
770 ecc_dh->d_bytes = crypto_bignum_num_bytes(privkey);
771 if (is_all_zero(d, ecc_dh->d_bytes, "ecc dh d"))
772 return HISI_QM_DRVCRYPT_EINVAL;
773
774 memcpy(b, curve->b, msg->curve_bytes);
775
776 ecc_dh->x_bytes = msg->curve_bytes;
777 ecc_dh->y_bytes = msg->curve_bytes;
778 if (!pubkey) {
779 /* gen key pair */
780 memcpy(x, curve->x, ecc_dh->x_bytes);
781 memcpy(y, curve->y, ecc_dh->y_bytes);
782 } else {
783 /* do shared secret */
784 crypto_bignum_bn2bin(pubkey->x, x);
785 ecc_dh->x_bytes = crypto_bignum_num_bytes(pubkey->x);
786 crypto_bignum_bn2bin(pubkey->y, y);
787 ecc_dh->y_bytes = crypto_bignum_num_bytes(pubkey->y);
788 }
789
790 ret = hpre_ecc_dh_transfer_key(msg);
791 if (ret)
792 return ret;
793
794 return hpre_ecc_dh_transfer_in(msg);
795 }
796
hpre_ecc_dh_params_alloc(struct hpre_ecc_msg * msg)797 static enum hisi_drv_status hpre_ecc_dh_params_alloc(struct hpre_ecc_msg *msg)
798 {
799 uint32_t size = HPRE_ECC_DH_TOTAL_BUF_SIZE(msg->key_bytes);
800 uint8_t *data = NULL;
801
802 data = calloc(1, size);
803 if (!data) {
804 EMSG("Fail to alloc ecc dh total buf");
805 return HISI_QM_DRVCRYPT_ENOMEM;
806 }
807
808 msg->key = data;
809 msg->key_dma = virt_to_phys(msg->key);
810
811 msg->in = msg->key + ECC_DH_KEY_SIZE(msg->key_bytes);
812 msg->in_dma = msg->key_dma + ECC_DH_KEY_SIZE(msg->key_bytes);
813 msg->out = msg->in + ECC_DH_IN_SIZE(msg->key_bytes);
814 msg->out_dma = msg->in_dma + ECC_DH_IN_SIZE(msg->key_bytes);
815
816 return HISI_QM_DRVCRYPT_NO_ERR;
817 }
818
hpre_ecc_request_deinit(struct hpre_ecc_msg * msg)819 static void hpre_ecc_request_deinit(struct hpre_ecc_msg *msg)
820 {
821 if (msg->key) {
822 free_wipe(msg->key);
823 msg->key = NULL;
824 }
825 }
826
hpre_ecc_request_init(const struct hpre_ecc_curve * curve,struct hpre_ecc_msg * msg,struct bignum * d,struct ecc_public_key * pubkey)827 static TEE_Result hpre_ecc_request_init(const struct hpre_ecc_curve *curve,
828 struct hpre_ecc_msg *msg,
829 struct bignum *d,
830 struct ecc_public_key *pubkey)
831 {
832 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
833
834 msg->alg_type = HPRE_ALG_ECDH_MULTIPLY;
835
836 if (curve->id == TEE_ECC_CURVE_SM2)
837 msg->sm2_sp = true;
838
839 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits);
840 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits);
841 if (!msg->key_bytes)
842 return TEE_ERROR_BAD_PARAMETERS;
843
844 ret = hpre_ecc_dh_params_alloc(msg);
845 if (ret)
846 return TEE_ERROR_OUT_OF_MEMORY;
847
848 ret = hpre_ecc_dh_params_fill(curve, msg, d, pubkey);
849 if (ret) {
850 hpre_ecc_request_deinit(msg);
851 return TEE_ERROR_BAD_STATE;
852 }
853
854 msg->param_size.ecc_dh.rx_bytes = msg->curve_bytes;
855 msg->param_size.ecc_dh.ry_bytes = msg->curve_bytes;
856
857 return TEE_SUCCESS;
858 }
859
gen_random_k(struct bignum * d,size_t key_bits,const uint8_t * n)860 static TEE_Result gen_random_k(struct bignum *d, size_t key_bits,
861 const uint8_t *n)
862 {
863 size_t size = BITS_TO_BYTES(key_bits);
864 uint8_t *rand_k = NULL;
865 size_t i = 0;
866 size_t j = 0;
867 TEE_Result ret = TEE_SUCCESS;
868
869 if (!d || !n) {
870 EMSG("Input param is NULL.");
871 return TEE_ERROR_BAD_PARAMETERS;
872 }
873
874 rand_k = malloc(size);
875 if (!rand_k) {
876 EMSG("Fail to malloc rand_k buf.");
877 return TEE_ERROR_OUT_OF_MEMORY;
878 }
879
880 for (i = 0; i < size; i++) {
881 if (n[i] > 1) {
882 rand_k[i] = n[i] - 1;
883 break;
884 }
885 rand_k[i] = n[i];
886 }
887
888 j = i + 1;
889 if (hw_get_random_bytes(rand_k + j, size - j)) {
890 EMSG("Fail to fill rand_k buf.");
891 free(rand_k);
892 return TEE_ERROR_NO_DATA;
893 }
894
895 ret = crypto_bignum_bin2bn(rand_k, size, d);
896 if (ret)
897 EMSG("Rand_k bin2bn fail.");
898
899 free(rand_k);
900
901 return ret;
902 }
903
hpre_ecc_gen_keypair(struct ecc_keypair * key,size_t size_bits)904 static TEE_Result hpre_ecc_gen_keypair(struct ecc_keypair *key,
905 size_t size_bits)
906 {
907 struct hpre_ecc_msg msg = { };
908 const struct hpre_ecc_curve *curve = NULL;
909 struct hpre_ecc_dh *ecc_dh = NULL;
910 TEE_Result ret = TEE_SUCCESS;
911
912 if (!key || !key->d || !key->x || !key->y) {
913 EMSG("Invalid ecc_gen_keypair input parameters.");
914 return TEE_ERROR_BAD_PARAMETERS;
915 }
916
917 curve = get_curve_from_list(key->curve);
918 if (!curve) {
919 EMSG("Fail to get valid curve, id %"PRIu32, key->curve);
920 return TEE_ERROR_NOT_SUPPORTED;
921 }
922
923 if (BITS_TO_BYTES(size_bits) != BITS_TO_BYTES(curve->key_bits)) {
924 EMSG("Invalid size_bits %zu.", size_bits);
925 return TEE_ERROR_BAD_PARAMETERS;
926 }
927
928 ret = gen_random_k(key->d, curve->key_bits, curve->n);
929 if (ret)
930 return ret;
931
932 ret = hpre_ecc_request_init(curve, &msg, key->d, NULL);
933 if (ret) {
934 EMSG("Ecc key pair request init fail.");
935 return ret;
936 }
937
938 ret = hpre_do_ecc_task(&msg);
939 if (ret) {
940 EMSG("Fail to do ecc key pair task! ret = 0x%"PRIX16, ret);
941 goto done;
942 }
943
944 ecc_dh = &msg.param_size.ecc_dh;
945 ret = crypto_bignum_bin2bn(msg.out, ecc_dh->rx_bytes, key->x);
946 if (ret) {
947 EMSG("Fail to trans res x to bn.");
948 goto done;
949 }
950
951 ret = crypto_bignum_bin2bn(msg.out + msg.key_bytes,
952 ecc_dh->ry_bytes, key->y);
953 if (ret)
954 EMSG("Fail to trans res y to bn.");
955 done:
956 hpre_ecc_request_deinit(&msg);
957 return ret;
958 }
959
hpre_ecc_do_shared_secret(struct drvcrypt_secret_data * sdata)960 static TEE_Result hpre_ecc_do_shared_secret(struct drvcrypt_secret_data *sdata)
961 {
962 struct hpre_ecc_msg msg = { };
963 const struct hpre_ecc_curve *curve = NULL;
964 struct ecc_public_key *pubkey = NULL;
965 struct ecc_keypair *ecc_key = NULL;
966 struct hpre_ecc_dh *ecc_dh = NULL;
967 TEE_Result ret = TEE_SUCCESS;
968
969 if (!sdata || !sdata->key_priv || !sdata->key_pub) {
970 EMSG("Invalid ecc_do_shared_secret input parameters.");
971 return TEE_ERROR_BAD_PARAMETERS;
972 }
973
974 ecc_key = sdata->key_priv;
975 pubkey = sdata->key_pub;
976
977 curve = get_curve_from_list(ecc_key->curve);
978 if (!curve) {
979 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve);
980 return TEE_ERROR_NOT_SUPPORTED;
981 }
982
983 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) {
984 EMSG("Invalid sdata size_sec %zu.", sdata->size_sec);
985 return TEE_ERROR_BAD_PARAMETERS;
986 }
987
988 ret = hpre_ecc_request_init(curve, &msg, ecc_key->d, pubkey);
989 if (ret) {
990 EMSG("Ecc shared secret request init fail.");
991 return ret;
992 }
993
994 ret = hpre_do_ecc_task(&msg);
995 if (ret) {
996 EMSG("Fail to do ecc shared secret task! ret = 0x%"PRIX32,
997 ret);
998 goto done;
999 }
1000
1001 ecc_dh = &msg.param_size.ecc_dh;
1002 /*
1003 * Only take the x coordinate as the output result, according to
1004 * soft computing implementation.
1005 */
1006 memcpy(sdata->secret.data, msg.out, ecc_dh->rx_bytes);
1007 sdata->secret.length = ecc_dh->rx_bytes;
1008 memzero_explicit(msg.out, ECC_DH_OUT_SIZE(msg.key_bytes));
1009
1010 done:
1011 hpre_ecc_request_deinit(&msg);
1012 return ret;
1013 }
1014
1015 static enum hisi_drv_status
hpre_ecc_sign_params_fill(const struct hpre_ecc_curve * curve,struct hpre_ecc_msg * msg,struct drvcrypt_sign_data * sdata,struct bignum * rand_k)1016 hpre_ecc_sign_params_fill(const struct hpre_ecc_curve *curve,
1017 struct hpre_ecc_msg *msg,
1018 struct drvcrypt_sign_data *sdata,
1019 struct bignum *rand_k)
1020 {
1021 struct ecc_keypair *ecc_key = sdata->key;
1022 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign;
1023 uint8_t *p = msg->key;
1024 uint8_t *a = p + msg->key_bytes;
1025 uint8_t *d = a + msg->key_bytes;
1026 uint8_t *b = d + msg->key_bytes;
1027 uint8_t *n = b + msg->key_bytes;
1028 uint8_t *gx = n + msg->key_bytes;
1029 uint8_t *gy = gx + msg->key_bytes;
1030 uint8_t *e = msg->in;
1031 uint8_t *k = e + msg->key_bytes;
1032 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
1033
1034 memcpy(p, curve->p, msg->curve_bytes);
1035 memcpy(a, curve->a, msg->curve_bytes);
1036 crypto_bignum_bn2bin(ecc_key->d, d);
1037 ecc_sign->d_bytes = crypto_bignum_num_bytes(ecc_key->d);
1038 memcpy(b, curve->b, msg->curve_bytes);
1039 memcpy(n, curve->n, msg->curve_bytes);
1040 memcpy(gx, curve->x, msg->curve_bytes);
1041 memcpy(gy, curve->y, msg->curve_bytes);
1042 crypto_bignum_bn2bin(rand_k, k);
1043 ecc_sign->k_bytes = crypto_bignum_num_bytes(rand_k);
1044
1045 ecc_sign->e_bytes = MIN(sdata->message.length, msg->curve_bytes);
1046 memcpy(e, sdata->message.data, ecc_sign->e_bytes);
1047 if (is_all_zero(e, ecc_sign->e_bytes, "ecc sign msg_e"))
1048 return HISI_QM_DRVCRYPT_EINVAL;
1049
1050 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes,
1051 msg->key_bytes);
1052 if (ret)
1053 return ret;
1054
1055 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes,
1056 ecc_sign->d_bytes);
1057 if (ret) {
1058 EMSG("Fail to transfer ecdsa sign d");
1059 return ret;
1060 }
1061
1062 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes,
1063 ecc_sign->e_bytes);
1064 if (ret) {
1065 EMSG("Fail to transfer ecdsa sign e");
1066 return ret;
1067 }
1068
1069 ret = hpre_bin_from_crypto_bin(k, k, msg->key_bytes,
1070 ecc_sign->k_bytes);
1071 if (ret)
1072 EMSG("Fail to transfer ecdsa sign k");
1073
1074 return ret;
1075 }
1076
hpre_ecc_sign_params_alloc(struct hpre_ecc_msg * msg)1077 static enum hisi_drv_status hpre_ecc_sign_params_alloc(struct hpre_ecc_msg *msg)
1078 {
1079 uint32_t size = HPRE_ECC_SIGN_TOTAL_BUF_SIZE(msg->key_bytes);
1080 uint8_t *data = NULL;
1081
1082 data = calloc(1, size);
1083 if (!data) {
1084 EMSG("Fail to alloc ecc sign total buf");
1085 return HISI_QM_DRVCRYPT_ENOMEM;
1086 }
1087
1088 msg->key = data;
1089 msg->key_dma = virt_to_phys(msg->key);
1090 if (!msg->key_dma) {
1091 EMSG("Fail to get key dma addr");
1092 free(data);
1093 return HISI_QM_DRVCRYPT_EFAULT;
1094 }
1095
1096 msg->in = msg->key + ECC_SIGN_KEY_SIZE(msg->key_bytes);
1097 msg->in_dma = msg->key_dma + ECC_SIGN_KEY_SIZE(msg->key_bytes);
1098 msg->out = msg->in + ECC_SIGN_IN_SIZE(msg->key_bytes);
1099 msg->out_dma = msg->in_dma + ECC_SIGN_IN_SIZE(msg->key_bytes);
1100
1101 return HISI_QM_DRVCRYPT_NO_ERR;
1102 }
1103
hpre_ecc_sign_request_deinit(struct hpre_ecc_msg * msg)1104 static void hpre_ecc_sign_request_deinit(struct hpre_ecc_msg *msg)
1105 {
1106 if (msg->key) {
1107 free_wipe(msg->key);
1108 msg->key = NULL;
1109 }
1110 }
1111
1112 static TEE_Result
hpre_ecc_sign_request_init(const struct hpre_ecc_curve * curve,struct hpre_ecc_msg * msg,struct drvcrypt_sign_data * sdata,struct bignum * rand_k)1113 hpre_ecc_sign_request_init(const struct hpre_ecc_curve *curve,
1114 struct hpre_ecc_msg *msg,
1115 struct drvcrypt_sign_data *sdata,
1116 struct bignum *rand_k)
1117 {
1118 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
1119
1120 if (curve->id == TEE_ECC_CURVE_SM2)
1121 msg->alg_type = HPRE_ALG_SM2_SIGN;
1122 else
1123 msg->alg_type = HPRE_ALG_ECDSA_SIGN;
1124 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits);
1125 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits);
1126 if (!msg->key_bytes)
1127 return TEE_ERROR_BAD_PARAMETERS;
1128
1129 ret = hpre_ecc_sign_params_alloc(msg);
1130 if (ret)
1131 return TEE_ERROR_OUT_OF_MEMORY;
1132
1133 ret = hpre_ecc_sign_params_fill(curve, msg, sdata, rand_k);
1134 if (ret) {
1135 hpre_ecc_sign_request_deinit(msg);
1136 return TEE_ERROR_BAD_STATE;
1137 }
1138
1139 msg->param_size.ecc_sign.r_bytes = msg->curve_bytes;
1140 msg->param_size.ecc_sign.s_bytes = msg->curve_bytes;
1141
1142 return TEE_SUCCESS;
1143 }
1144
hpre_ecdsa_param_check(struct drvcrypt_sign_data * sdata,const struct hpre_ecc_curve * curve)1145 static TEE_Result hpre_ecdsa_param_check(struct drvcrypt_sign_data *sdata,
1146 const struct hpre_ecc_curve *curve)
1147 {
1148 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) {
1149 EMSG("Invalid sdata size_sec %zu", sdata->size_sec);
1150 return TEE_ERROR_BAD_PARAMETERS;
1151 }
1152
1153 return TEE_SUCCESS;
1154 }
1155
hpre_ecc_sign_get_data_out(struct hpre_ecc_msg * msg,struct drvcrypt_sign_data * sdata)1156 static void hpre_ecc_sign_get_data_out(struct hpre_ecc_msg *msg,
1157 struct drvcrypt_sign_data *sdata)
1158 {
1159 struct hpre_ecc_sign *ecc_sign;
1160
1161 ecc_sign = &msg->param_size.ecc_sign;
1162 sdata->signature.length = ecc_sign->r_bytes + ecc_sign->s_bytes;
1163 memcpy(sdata->signature.data, msg->out, ecc_sign->r_bytes);
1164 memcpy(sdata->signature.data + ecc_sign->r_bytes, msg->out +
1165 msg->key_bytes, ecc_sign->s_bytes);
1166 }
1167
hpre_ecc_sign(struct drvcrypt_sign_data * sdata)1168 static TEE_Result hpre_ecc_sign(struct drvcrypt_sign_data *sdata)
1169 {
1170 struct hpre_ecc_msg msg = { };
1171 const struct hpre_ecc_curve *curve = NULL;
1172 struct ecc_keypair *ecc_key = NULL;
1173 struct bignum *rand_k = NULL;
1174 TEE_Result ret = TEE_SUCCESS;
1175
1176 if (!sdata || !sdata->key) {
1177 EMSG("Invalid ecc_sign input parameters");
1178 return TEE_ERROR_BAD_PARAMETERS;
1179 }
1180
1181 ecc_key = sdata->key;
1182
1183 curve = get_curve_from_list(ecc_key->curve);
1184 if (!curve) {
1185 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve);
1186 return TEE_ERROR_NOT_SUPPORTED;
1187 }
1188
1189 ret = hpre_ecdsa_param_check(sdata, curve);
1190 if (ret)
1191 return ret;
1192
1193 rand_k = crypto_bignum_allocate(curve->key_bits);
1194 if (!rand_k) {
1195 EMSG("Fail to alloc private k");
1196 return TEE_ERROR_OUT_OF_MEMORY;
1197 }
1198
1199 ret = gen_random_k(rand_k, curve->key_bits, curve->n);
1200 if (ret)
1201 goto free_key;
1202
1203 ret = hpre_ecc_sign_request_init(curve, &msg, sdata, rand_k);
1204 if (ret) {
1205 EMSG("Ecc sign request init fail");
1206 goto free_key;
1207 }
1208
1209 ret = hpre_do_ecc_task(&msg);
1210 if (ret) {
1211 EMSG("Fail to do ecc sign task! ret = 0x%"PRIX16, ret);
1212 goto done;
1213 }
1214
1215 hpre_ecc_sign_get_data_out(&msg, sdata);
1216
1217 done:
1218 hpre_ecc_sign_request_deinit(&msg);
1219 free_key:
1220 crypto_bignum_free(&rand_k);
1221
1222 return ret;
1223 }
1224
1225 static enum hisi_drv_status
hpre_ecc_verify_transfer_key(struct hpre_ecc_msg * msg)1226 hpre_ecc_verify_transfer_key(struct hpre_ecc_msg *msg)
1227 {
1228 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify;
1229 uint8_t *p = msg->key;
1230 uint8_t *a = p + msg->key_bytes;
1231 uint8_t *b = a + msg->key_bytes;
1232 uint8_t *n = b + msg->key_bytes;
1233 uint8_t *gx = n + msg->key_bytes;
1234 uint8_t *gy = gx + msg->key_bytes;
1235 uint8_t *pubx = gy + msg->key_bytes;
1236 uint8_t *puby = pubx + msg->key_bytes;
1237 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
1238
1239 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes,
1240 msg->key_bytes);
1241 if (ret)
1242 return ret;
1243
1244 ret = hpre_bin_from_crypto_bin(pubx, pubx, msg->key_bytes,
1245 ecc_verify->pubx_bytes);
1246 if (ret) {
1247 EMSG("Fail to transfer ecdsa verify pub_x");
1248 return ret;
1249 }
1250
1251 ret = hpre_bin_from_crypto_bin(puby, puby, msg->key_bytes,
1252 ecc_verify->puby_bytes);
1253 if (ret)
1254 EMSG("Fail to transfer ecdsa verify pub_y");
1255
1256 return ret;
1257 }
1258
1259 static enum hisi_drv_status
hpre_ecc_verify_transfer_in(struct hpre_ecc_msg * msg)1260 hpre_ecc_verify_transfer_in(struct hpre_ecc_msg *msg)
1261 {
1262 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify;
1263 uint8_t *e = msg->in;
1264 uint8_t *s = e + msg->key_bytes;
1265 uint8_t *r = s + msg->key_bytes;
1266 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
1267
1268 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes,
1269 ecc_verify->e_bytes);
1270 if (ret) {
1271 EMSG("Fail to transfer ecdsa verify e");
1272 return ret;
1273 }
1274
1275 ret = hpre_bin_from_crypto_bin(s, s, msg->key_bytes,
1276 ecc_verify->s_bytes);
1277 if (ret) {
1278 EMSG("Fail to transfer ecdsa verify s");
1279 return ret;
1280 }
1281
1282 ret = hpre_bin_from_crypto_bin(r, r, msg->key_bytes,
1283 ecc_verify->r_bytes);
1284 if (ret)
1285 EMSG("Fail to transfer ecdsa verify r");
1286
1287 return ret;
1288 }
1289
1290 static TEE_Result
hpre_ecc_verify_params_fill(const struct hpre_ecc_curve * curve,struct hpre_ecc_msg * msg,struct drvcrypt_sign_data * sdata)1291 hpre_ecc_verify_params_fill(const struct hpre_ecc_curve *curve,
1292 struct hpre_ecc_msg *msg,
1293 struct drvcrypt_sign_data *sdata)
1294 {
1295 struct ecc_public_key *ecc_key = sdata->key;
1296 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify;
1297 uint8_t *p = msg->key;
1298 uint8_t *a = p + msg->key_bytes;
1299 uint8_t *b = a + msg->key_bytes;
1300 uint8_t *n = b + msg->key_bytes;
1301 uint8_t *gx = n + msg->key_bytes;
1302 uint8_t *gy = gx + msg->key_bytes;
1303 uint8_t *pubx = gy + msg->key_bytes;
1304 uint8_t *puby = pubx + msg->key_bytes;
1305 uint8_t *e = msg->in;
1306 uint8_t *s = e + msg->key_bytes;
1307 uint8_t *r = s + msg->key_bytes;
1308 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR;
1309
1310 memcpy(p, curve->p, msg->curve_bytes);
1311 memcpy(a, curve->a, msg->curve_bytes);
1312 memcpy(b, curve->b, msg->curve_bytes);
1313 memcpy(n, curve->n, msg->curve_bytes);
1314 memcpy(gx, curve->x, msg->curve_bytes);
1315 memcpy(gy, curve->y, msg->curve_bytes);
1316 crypto_bignum_bn2bin(ecc_key->x, pubx);
1317 ecc_verify->pubx_bytes = crypto_bignum_num_bytes(ecc_key->x);
1318 crypto_bignum_bn2bin(ecc_key->y, puby);
1319 ecc_verify->puby_bytes = crypto_bignum_num_bytes(ecc_key->y);
1320
1321 ecc_verify->e_bytes = MIN(sdata->message.length, msg->curve_bytes);
1322 memcpy(e, sdata->message.data, ecc_verify->e_bytes);
1323 if (is_all_zero(e, ecc_verify->e_bytes, "ecc verify msg_e"))
1324 return TEE_ERROR_BAD_PARAMETERS;
1325
1326 /* user should make param r and s be full width */
1327 ecc_verify->r_bytes = sdata->signature.length >> 1;
1328 memcpy(r, sdata->signature.data, ecc_verify->r_bytes);
1329 ecc_verify->s_bytes = ecc_verify->r_bytes;
1330 memcpy(s, sdata->signature.data + ecc_verify->r_bytes,
1331 ecc_verify->s_bytes);
1332
1333 ret = hpre_ecc_verify_transfer_key(msg);
1334 if (ret)
1335 return TEE_ERROR_BAD_STATE;
1336
1337 ret = hpre_ecc_verify_transfer_in(msg);
1338 if (ret)
1339 return TEE_ERROR_BAD_STATE;
1340
1341 return TEE_SUCCESS;
1342 }
1343
1344 static enum hisi_drv_status
hpre_ecc_verify_params_alloc(struct hpre_ecc_msg * msg)1345 hpre_ecc_verify_params_alloc(struct hpre_ecc_msg *msg)
1346 {
1347 uint32_t size = HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(msg->key_bytes);
1348 uint8_t *data = NULL;
1349
1350 data = calloc(1, size);
1351 if (!data) {
1352 EMSG("Fail to alloc ecc verify total buf");
1353 return HISI_QM_DRVCRYPT_ENOMEM;
1354 }
1355
1356 msg->key = data;
1357 msg->key_dma = virt_to_phys(msg->key);
1358 if (!msg->key_dma) {
1359 EMSG("Fail to get key dma addr");
1360 free(data);
1361 return HISI_QM_DRVCRYPT_EFAULT;
1362 }
1363
1364 msg->in = msg->key + ECC_VERIF_KEY_SIZE(msg->key_bytes);
1365 msg->in_dma = msg->key_dma + ECC_VERIF_KEY_SIZE(msg->key_bytes);
1366 msg->out = msg->in + ECC_VERIF_IN_SIZE(msg->key_bytes);
1367 msg->out_dma = msg->in_dma + ECC_VERIF_IN_SIZE(msg->key_bytes);
1368
1369 return HISI_QM_DRVCRYPT_NO_ERR;
1370 }
1371
hpre_ecc_verify_request_deinit(struct hpre_ecc_msg * msg)1372 static void hpre_ecc_verify_request_deinit(struct hpre_ecc_msg *msg)
1373 {
1374 if (msg->key) {
1375 free_wipe(msg->key);
1376 msg->key = NULL;
1377 }
1378 }
1379
1380 static TEE_Result
hpre_ecc_verify_request_init(const struct hpre_ecc_curve * curve,struct hpre_ecc_msg * msg,struct drvcrypt_sign_data * sdata)1381 hpre_ecc_verify_request_init(const struct hpre_ecc_curve *curve,
1382 struct hpre_ecc_msg *msg,
1383 struct drvcrypt_sign_data *sdata)
1384 {
1385 int32_t ret = 0;
1386
1387 if (curve->id == TEE_ECC_CURVE_SM2)
1388 msg->alg_type = HPRE_ALG_SM2_VERF;
1389 else
1390 msg->alg_type = HPRE_ALG_ECDSA_VERF;
1391 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits);
1392 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits);
1393 if (!msg->key_bytes)
1394 return TEE_ERROR_BAD_PARAMETERS;
1395
1396 ret = hpre_ecc_verify_params_alloc(msg);
1397 if (ret)
1398 return TEE_ERROR_OUT_OF_MEMORY;
1399
1400 ret = hpre_ecc_verify_params_fill(curve, msg, sdata);
1401 if (ret) {
1402 hpre_ecc_verify_request_deinit(msg);
1403 return TEE_ERROR_BAD_STATE;
1404 }
1405
1406 return TEE_SUCCESS;
1407 }
1408
hpre_ecc_verify(struct drvcrypt_sign_data * sdata)1409 static TEE_Result hpre_ecc_verify(struct drvcrypt_sign_data *sdata)
1410 {
1411 struct hpre_ecc_msg msg = { };
1412 const struct hpre_ecc_curve *curve = NULL;
1413 struct ecc_public_key *pub_key = NULL;
1414 TEE_Result ret = TEE_SUCCESS;
1415
1416 if (!sdata || !sdata->key) {
1417 EMSG("Invalid ecc_verify input parameters");
1418 return TEE_ERROR_BAD_PARAMETERS;
1419 }
1420
1421 pub_key = sdata->key;
1422
1423 curve = get_curve_from_list(pub_key->curve);
1424 if (!curve) {
1425 EMSG("Fail to get valid curve, id %"PRIu32, pub_key->curve);
1426 return TEE_ERROR_NOT_SUPPORTED;
1427 }
1428
1429 ret = hpre_ecdsa_param_check(sdata, curve);
1430 if (ret)
1431 return ret;
1432
1433 ret = hpre_ecc_verify_request_init(curve, &msg, sdata);
1434 if (ret) {
1435 EMSG("Ecc verify request init fail");
1436 return ret;
1437 }
1438
1439 ret = hpre_do_ecc_task(&msg);
1440 if (ret) {
1441 EMSG("Fail to do ecc verify task! ret = 0x%"PRIX16, ret);
1442 goto done;
1443 }
1444
1445 if (msg.result == ECC_VERIFY_ERR) {
1446 EMSG("Hpre ecc verify fail");
1447 ret = TEE_ERROR_SIGNATURE_INVALID;
1448 }
1449
1450 done:
1451 hpre_ecc_verify_request_deinit(&msg);
1452 return ret;
1453 }
1454
1455 static struct drvcrypt_ecc driver_ecc = {
1456 .alloc_keypair = hpre_ecc_alloc_keypair,
1457 .alloc_publickey = hpre_ecc_alloc_publickey,
1458 .free_publickey = hpre_ecc_free_publickey,
1459 .gen_keypair = hpre_ecc_gen_keypair,
1460 .shared_secret = hpre_ecc_do_shared_secret,
1461 .sign = hpre_ecc_sign,
1462 .verify = hpre_ecc_verify,
1463 };
1464
hpre_ecc_init(void)1465 static TEE_Result hpre_ecc_init(void)
1466 {
1467 TEE_Result ret = drvcrypt_register_ecc(&driver_ecc);
1468
1469 if (ret != TEE_SUCCESS)
1470 EMSG("Hpre ecc register to crypto fail");
1471
1472 return ret;
1473 }
1474
1475 driver_init(hpre_ecc_init);
1476