1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2022, HiSilicon Technologies Co., Ltd. 4 * Kunpeng hardware accelerator hpre ecc algorithm implementation. 5 */ 6 #include <drvcrypt.h> 7 #include <drvcrypt_acipher.h> 8 #include <initcall.h> 9 #include <malloc.h> 10 #include <rng_support.h> 11 #include <stdlib_ext.h> 12 #include <string.h> 13 #include <string_ext.h> 14 #include <trace.h> 15 16 #include "hpre_main.h" 17 #include "hpre_ecc.h" 18 19 #define ECC_DH_IN_PARAM_NUM 2 20 #define ECC_DH_KEY_PARAM_NUM 4 21 #define ECC_DH_OUT_PARAM_NUM 2 22 #define ECC_DH_IN_SIZE(hsz) ((hsz) * ECC_DH_IN_PARAM_NUM) 23 #define ECC_DH_KEY_SIZE(hsz) ((hsz) * ECC_DH_KEY_PARAM_NUM) 24 #define ECC_DH_OUT_SIZE(hsz) ((hsz) * ECC_DH_OUT_PARAM_NUM) 25 26 #define ECC_SIGN_IN_PARAM_NUM 2 27 #define ECC_SIGN_KEY_PARAM_NUM 7 28 #define SM2_DEC_KEY_PARAM_NUM 4 29 #define SM2_DEC_IN_PARAM_NUM 4 30 #define ECC_SIGN_OUT_PARAM_NUM 2 31 #define ECC_SIGN_IN_SIZE(hsz) ((hsz) * ECC_SIGN_IN_PARAM_NUM) 32 #define ECC_SIGN_KEY_SIZE(hsz) ((hsz) * ECC_SIGN_KEY_PARAM_NUM) 33 #define ECC_SIGN_OUT_SIZE(hsz) ((hsz) * ECC_SIGN_OUT_PARAM_NUM) 34 35 #define ECC_VERIF_IN_PARAM_NUM 3 36 #define ECC_VERIF_KEY_PARAM_NUM 8 37 #define SM2_ENC_KEY_PARAM_NUM 8 38 #define ECC_VERIF_IN_SIZE(hsz) ((hsz) * ECC_VERIF_IN_PARAM_NUM) 39 #define ECC_VERIF_KEY_SIZE(hsz) ((hsz) * ECC_VERIF_KEY_PARAM_NUM) 40 #define SM2_ENC_KEY_SIZE(hsz) ((hsz) * SM2_ENC_KEY_PARAM_NUM) 41 #define SM2_DEC_KEY_SIZE(hsz) ((hsz) * SM2_DEC_KEY_PARAM_NUM) 42 #define ECC_POINT_PARAM_NUM 2 43 #define MAX_SM2_MLEN 512 44 45 #define HPRE_ECC_DH_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 8) 46 #define HPRE_ECC_SIGN_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 47 #define HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 48 #define HPRE_SM2_ENC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 49 ((key_bytes) * 12 + (sm2_mlen) * 2) 50 #define HPRE_SM2_DEC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 51 ((key_bytes) * 7 + (sm2_mlen) * 2) 52 53 #define SM2_X2Y2_LEN 64 54 55 struct hpre_ecc_curve { 56 const uint32_t id; 57 const uint32_t key_bits; 58 const uint8_t *p; 59 const uint8_t *a; 60 const uint8_t *b; 61 const uint8_t *x; 62 const uint8_t *y; 63 const uint8_t *n; 64 }; 65 66 /* NID_X9_62_prime192v1 */ 67 static const uint8_t g_prime192v1_p[] = { 68 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 69 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 70 }; 71 72 static const uint8_t g_prime192v1_a[] = { 73 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 74 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 75 }; 76 77 static const uint8_t g_prime192v1_b[] = { 78 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, 79 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 80 }; 81 82 static const uint8_t g_prime192v1_gx[] = { 83 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, 84 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 85 }; 86 87 static const uint8_t g_prime192v1_gy[] = { 88 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, 89 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11 90 }; 91 92 static const uint8_t g_prime192v1_n[] = { 93 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 94 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 95 }; 96 97 /* NID_secp224r1 */ 98 static const uint8_t g_secp224r1_p[] = { 99 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 100 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 101 0x00, 0x00, 0x00, 0x01 102 }; 103 104 static const uint8_t g_secp224r1_a[] = { 105 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 106 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 107 0xFF, 0xFF, 0xFF, 0xFE 108 }; 109 110 static const uint8_t g_secp224r1_b[] = { 111 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, 112 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, 113 0x23, 0x55, 0xFF, 0xB4 114 }; 115 116 static const uint8_t g_secp224r1_gx[] = { 117 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, 118 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, 119 0x11, 0x5C, 0x1D, 0x21 120 }; 121 122 static const uint8_t g_secp224r1_gy[] = { 123 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, 124 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, 125 0x85, 0x00, 0x7e, 0x34 126 }; 127 128 static const uint8_t g_secp224r1_n[] = { 129 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 130 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, 131 0x5C, 0x5C, 0x2A, 0x3D 132 }; 133 134 /* NID_X9_62_prime256v1 */ 135 static const uint8_t g_prime256v1_p[] = { 136 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 139 }; 140 141 static const uint8_t g_prime256v1_a[] = { 142 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 144 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 145 }; 146 147 static const uint8_t g_prime256v1_b[] = { 148 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 149 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 150 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B 151 }; 152 153 static const uint8_t g_prime256v1_gx[] = { 154 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 155 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 156 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 157 }; 158 159 static const uint8_t g_prime256v1_gy[] = { 160 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 161 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 162 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 163 }; 164 165 static const uint8_t g_prime256v1_n[] = { 166 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 167 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 168 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 169 }; 170 171 /* NID_secp384r1 */ 172 static const uint8_t g_secp384r1_p[] = { 173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 174 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 175 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF 177 }; 178 179 static const uint8_t g_secp384r1_a[] = { 180 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 181 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 182 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC 184 }; 185 186 static const uint8_t g_secp384r1_b[] = { 187 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, 188 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, 189 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 190 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF 191 }; 192 193 static const uint8_t g_secp384r1_gx[] = { 194 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, 195 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, 196 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 197 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 198 }; 199 200 static const uint8_t g_secp384r1_gy[] = { 201 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, 202 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, 203 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 204 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f 205 }; 206 207 static const uint8_t g_secp384r1_n[] = { 208 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 209 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 210 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 211 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 212 }; 213 214 /* NID_secp521r1 */ 215 static const uint8_t g_secp521r1_p[] = { 216 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 217 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 218 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 222 }; 223 224 static const uint8_t g_secp521r1_a[] = { 225 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 226 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 227 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 229 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 230 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 231 }; 232 233 static const uint8_t g_secp521r1_b[] = { 234 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, 235 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 236 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, 237 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 238 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, 239 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00 240 }; 241 242 static const uint8_t g_secp521r1_gx[] = { 243 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, 244 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 245 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, 246 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 247 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, 248 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66 249 }; 250 251 static const uint8_t g_secp521r1_gy[] = { 252 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 253 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 254 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 255 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 256 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 257 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50 258 }; 259 260 static const uint8_t g_secp521r1_n[] = { 261 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 262 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 263 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 264 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 265 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, 266 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 267 }; 268 269 /* NID_SM2 */ 270 static const uint8_t g_sm2_p[] = { 271 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 273 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 274 }; 275 276 static const uint8_t g_sm2_a[] = { 277 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 278 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc 280 }; 281 282 static const uint8_t g_sm2_b[] = { 283 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, 284 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, 285 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 286 }; 287 288 static const uint8_t g_sm2_gx[] = { 289 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, 290 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, 291 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 292 }; 293 294 static const uint8_t g_sm2_gy[] = { 295 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, 296 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, 297 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 298 }; 299 300 static const uint8_t g_sm2_n[] = { 301 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 302 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, 303 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 304 }; 305 306 static const struct hpre_ecc_curve g_curve_list[] = { 307 { 308 .id = TEE_ECC_CURVE_NIST_P192, 309 .key_bits = 192, 310 .p = g_prime192v1_p, 311 .a = g_prime192v1_a, 312 .b = g_prime192v1_b, 313 .x = g_prime192v1_gx, 314 .y = g_prime192v1_gy, 315 .n = g_prime192v1_n, 316 }, 317 { 318 .id = TEE_ECC_CURVE_NIST_P224, 319 .key_bits = 224, 320 .p = g_secp224r1_p, 321 .a = g_secp224r1_a, 322 .b = g_secp224r1_b, 323 .x = g_secp224r1_gx, 324 .y = g_secp224r1_gy, 325 .n = g_secp224r1_n, 326 }, 327 { 328 .id = TEE_ECC_CURVE_NIST_P256, 329 .key_bits = 256, 330 .p = g_prime256v1_p, 331 .a = g_prime256v1_a, 332 .b = g_prime256v1_b, 333 .x = g_prime256v1_gx, 334 .y = g_prime256v1_gy, 335 .n = g_prime256v1_n, 336 }, 337 { 338 .id = TEE_ECC_CURVE_NIST_P384, 339 .key_bits = 384, 340 .p = g_secp384r1_p, 341 .a = g_secp384r1_a, 342 .b = g_secp384r1_b, 343 .x = g_secp384r1_gx, 344 .y = g_secp384r1_gy, 345 .n = g_secp384r1_n, 346 }, 347 { 348 .id = TEE_ECC_CURVE_NIST_P521, 349 .key_bits = 521, 350 .p = g_secp521r1_p, 351 .a = g_secp521r1_a, 352 .b = g_secp521r1_b, 353 .x = g_secp521r1_gx, 354 .y = g_secp521r1_gy, 355 .n = g_secp521r1_n, 356 }, 357 { 358 .id = TEE_ECC_CURVE_SM2, 359 .key_bits = 256, 360 .p = g_sm2_p, 361 .a = g_sm2_a, 362 .b = g_sm2_b, 363 .x = g_sm2_gx, 364 .y = g_sm2_gy, 365 .n = g_sm2_n, 366 } 367 }; 368 369 static bool is_all_zero(uint8_t *data, uint32_t size, const char *p_name) 370 { 371 uint32_t i = 0; 372 373 for (i = 0; i < size; i++) { 374 if (data[i]) 375 return false; 376 } 377 378 EMSG("Error: %s all zero", p_name); 379 380 return true; 381 } 382 383 static enum hisi_drv_status hpre_ecc_curve_to_hpre_bin(uint8_t *p, uint8_t *a, 384 uint8_t *b, uint8_t *n, 385 uint8_t *gx, uint8_t *gy, 386 uint32_t curve_bytes, 387 uint32_t key_bytes) 388 { 389 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 390 391 ret = hpre_bin_from_crypto_bin(p, p, key_bytes, curve_bytes); 392 if (ret) { 393 EMSG("Fail to transfer p from crypto_bin to hpre_bin"); 394 return ret; 395 } 396 397 ret = hpre_bin_from_crypto_bin(a, a, key_bytes, curve_bytes); 398 if (ret) { 399 EMSG("Fail to transfer a from crypto_bin to hpre_bin"); 400 return ret; 401 } 402 403 ret = hpre_bin_from_crypto_bin(b, b, key_bytes, curve_bytes); 404 if (ret) { 405 EMSG("Fail to transfer b from crypto_bin to hpre_bin"); 406 return ret; 407 } 408 409 if (n) { 410 ret = hpre_bin_from_crypto_bin(n, n, key_bytes, curve_bytes); 411 if (ret) { 412 EMSG("Fail to transfer n from crypto_bin to hpre_bin"); 413 return ret; 414 } 415 } 416 417 if (gx) { 418 ret = hpre_bin_from_crypto_bin(gx, gx, key_bytes, curve_bytes); 419 if (ret) { 420 EMSG("Fail to transfer gx from crypto_bin to hpre_bin"); 421 return ret; 422 } 423 } 424 425 if (gy) { 426 ret = hpre_bin_from_crypto_bin(gy, gy, key_bytes, curve_bytes); 427 if (ret) 428 EMSG("Fail to transfer gy from crypto_bin to hpre_bin"); 429 } 430 431 return ret; 432 } 433 434 static enum hisi_drv_status hpre_ecc_fill_sqe(void *bd, void *info) 435 { 436 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 437 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 438 439 sqe->w0 = msg->alg_type | SHIFT_U32(0x1, HPRE_DONE_SHIFT); 440 sqe->task_len1 = TASK_LENGTH(msg->key_bytes); 441 sqe->ext1 = msg->sm2_sp << HPRE_SQE_BD_RSV2_SHIFT; 442 443 if (msg->alg_type == HPRE_ALG_SM2_ENC || 444 msg->alg_type == HPRE_ALG_SM2_DEC) 445 sqe->sm2enc_klen = msg->sm2_mlen - 1; 446 447 if (msg->alg_type == HPRE_ALG_SM2_SIGN || 448 msg->alg_type == HPRE_ALG_SM2_ENC) 449 sqe->ext1 |= SHIFT_U32(0x1, HPRE_SQE_SM2_KSEL_SHIFT); 450 451 sqe->key = msg->key_dma; 452 sqe->in = msg->in_dma; 453 if (msg->alg_type != HPRE_ALG_ECDSA_VERF && 454 msg->alg_type != HPRE_ALG_SM2_VERF) 455 sqe->out = msg->out_dma; 456 457 return HISI_QM_DRVCRYPT_NO_ERR; 458 } 459 460 static enum hisi_drv_status ecc_dh_out_to_crypto_bin(struct hpre_ecc_msg *msg) 461 { 462 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 463 uint8_t *rx = msg->out; 464 uint8_t *ry = rx + msg->key_bytes; 465 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 466 467 ret = hpre_bin_to_crypto_bin(rx, rx, msg->key_bytes, 468 ecc_dh->rx_bytes); 469 if (ret) { 470 EMSG("Fail to transfer ecc dh rx from hpre_bin to crypto_bin"); 471 return ret; 472 } 473 474 ret = hpre_bin_to_crypto_bin(ry, ry, msg->key_bytes, 475 ecc_dh->ry_bytes); 476 if (ret) 477 EMSG("Fail to transfer ecc dh ry from hpre_bin to crypto_bin"); 478 479 return ret; 480 } 481 482 static enum hisi_drv_status ecc_sign_out_to_crypto_bin(struct hpre_ecc_msg *msg) 483 { 484 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign; 485 uint8_t *r = msg->out; 486 uint8_t *s = r + msg->key_bytes; 487 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 488 489 ret = hpre_bin_to_crypto_bin(r, r, msg->key_bytes, 490 ecc_sign->r_bytes); 491 if (ret) { 492 EMSG("Fail to transfer ecc sign r from hpre_bin to crypto_bin"); 493 return ret; 494 } 495 496 ret = hpre_bin_to_crypto_bin(s, s, msg->key_bytes, 497 ecc_sign->s_bytes); 498 if (ret) 499 EMSG("Fail to transfer ecc sign s from hpre_bin to crypto_bin"); 500 501 return ret; 502 } 503 504 static enum hisi_drv_status hpre_ecc_verify_get_result(struct hpre_ecc_msg *msg, 505 struct hpre_sqe *sqe) 506 { 507 if (sqe->out & BIT64(1)) { 508 msg->result = ECC_VERIFY_SUCCESS; 509 return HISI_QM_DRVCRYPT_NO_ERR; 510 } 511 512 msg->result = ECC_VERIFY_ERR; 513 return HISI_QM_DRVCRYPT_VERIFY_ERR; 514 } 515 516 static enum hisi_drv_status 517 hpre_ecc_out_to_crypto_bin(struct hpre_ecc_msg *msg, struct hpre_sqe *sqe) 518 { 519 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 520 521 switch (msg->alg_type) { 522 case HPRE_ALG_ECDH_MULTIPLY: 523 ret = ecc_dh_out_to_crypto_bin(msg); 524 break; 525 case HPRE_ALG_ECDSA_SIGN: 526 case HPRE_ALG_SM2_SIGN: 527 ret = ecc_sign_out_to_crypto_bin(msg); 528 break; 529 case HPRE_ALG_ECDSA_VERF: 530 case HPRE_ALG_SM2_VERF: 531 ret = hpre_ecc_verify_get_result(msg, sqe); 532 break; 533 default: 534 EMSG("Invalid alg type."); 535 return HISI_QM_DRVCRYPT_EINVAL; 536 } 537 538 return ret; 539 } 540 541 static enum hisi_drv_status hpre_ecc_parse_sqe(void *bd, void *info) 542 { 543 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 544 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 545 uint16_t err = 0; 546 uint16_t err1 = 0; 547 uint16_t done = 0; 548 549 err = HPRE_TASK_ETYPE(sqe->w0); 550 err1 = HPRE_TASK_ETYPE1(sqe->w0); 551 done = HPRE_TASK_DONE(sqe->w0); 552 if (done != HPRE_HW_TASK_DONE || err || err1) { 553 EMSG("HPRE do ecc fail! done=0x%"PRIX16", etype=0x%"PRIX16 554 ",etype1=0x%"PRIX16, done, err, err1); 555 556 if (done == HPRE_HW_TASK_INIT) { 557 msg->result = HISI_QM_DRVCRYPT_ENOPROC; 558 return HISI_QM_DRVCRYPT_ENOPROC; 559 } 560 561 msg->result = HISI_QM_DRVCRYPT_IN_EPARA; 562 return HISI_QM_DRVCRYPT_IN_EPARA; 563 } 564 565 if (hpre_ecc_out_to_crypto_bin(msg, sqe)) { 566 EMSG("HPRE qm transfer ecc out fail."); 567 msg->result = HISI_QM_DRVCRYPT_EINVAL; 568 return HISI_QM_DRVCRYPT_EINVAL; 569 } 570 571 return HISI_QM_DRVCRYPT_NO_ERR; 572 } 573 574 static TEE_Result hpre_do_ecc_task(void *msg) 575 { 576 struct hisi_qp *ecc_qp = NULL; 577 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 578 579 ecc_qp = hpre_create_qp(HISI_QM_CHANNEL_TYPE1); 580 if (!ecc_qp) { 581 EMSG("Fail to create ecc qp"); 582 return TEE_ERROR_BUSY; 583 } 584 585 ecc_qp->fill_sqe = hpre_ecc_fill_sqe; 586 ecc_qp->parse_sqe = hpre_ecc_parse_sqe; 587 ret = hisi_qp_send(ecc_qp, msg); 588 if (ret) { 589 EMSG("Fail to send task, ret=%d", ret); 590 hisi_qm_release_qp(ecc_qp); 591 return TEE_ERROR_BAD_STATE; 592 } 593 594 ret = hisi_qp_recv_sync(ecc_qp, msg); 595 if (ret) { 596 EMSG("Recv task error, ret=%d", ret); 597 hisi_qm_release_qp(ecc_qp); 598 return TEE_ERROR_BAD_STATE; 599 } 600 601 hisi_qm_release_qp(ecc_qp); 602 603 return TEE_SUCCESS; 604 } 605 606 static bool key_size_is_supported(size_t key_bits) 607 { 608 return (key_bits == 192 || key_bits == 224 || key_bits == 256 || 609 key_bits == 384 || key_bits == 448 || key_bits == 512 || 610 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(521) || 611 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(225)); 612 } 613 614 static TEE_Result hpre_ecc_alloc_keypair(struct ecc_keypair *key, 615 uint32_t type __unused, 616 size_t size_bits) 617 { 618 if (!key || !key_size_is_supported(size_bits)) { 619 EMSG("Invalid input params."); 620 return TEE_ERROR_BAD_PARAMETERS; 621 } 622 623 memset(key, 0, sizeof(*key)); 624 625 key->d = crypto_bignum_allocate(size_bits); 626 if (!key->d) 627 goto d_err; 628 629 key->x = crypto_bignum_allocate(size_bits); 630 if (!key->x) 631 goto x_err; 632 633 key->y = crypto_bignum_allocate(size_bits); 634 if (!key->y) 635 goto y_err; 636 637 return TEE_SUCCESS; 638 639 y_err: 640 crypto_bignum_free(&key->x); 641 x_err: 642 crypto_bignum_free(&key->d); 643 d_err: 644 EMSG("Hpre ecc alloc key pair fail."); 645 646 return TEE_ERROR_OUT_OF_MEMORY; 647 } 648 649 static TEE_Result hpre_ecc_alloc_publickey(struct ecc_public_key *key, 650 uint32_t type __unused, 651 size_t size_bits) 652 { 653 if (!key || !key_size_is_supported(size_bits)) { 654 EMSG("Invalid input params."); 655 return TEE_ERROR_BAD_PARAMETERS; 656 } 657 658 memset(key, 0, sizeof(*key)); 659 660 key->x = crypto_bignum_allocate(size_bits); 661 if (!key->x) 662 goto x_err; 663 664 key->y = crypto_bignum_allocate(size_bits); 665 if (!key->y) 666 goto y_err; 667 668 return TEE_SUCCESS; 669 670 y_err: 671 crypto_bignum_free(&key->x); 672 x_err: 673 EMSG("Hpre ecc alloc publickey fail."); 674 675 return TEE_ERROR_OUT_OF_MEMORY; 676 } 677 678 static void hpre_ecc_free_publickey(struct ecc_public_key *key) 679 { 680 if (key) { 681 crypto_bignum_free(&key->x); 682 crypto_bignum_free(&key->y); 683 } 684 } 685 686 static const struct hpre_ecc_curve *get_curve_from_list(uint32_t curve_id) 687 { 688 size_t i = 0; 689 690 for (i = 0; i < ARRAY_SIZE(g_curve_list); i++) { 691 if (g_curve_list[i].id == curve_id) 692 return &g_curve_list[i]; 693 } 694 695 return NULL; 696 } 697 698 static size_t hpre_ecc_get_hw_kbytes(size_t key_bits) 699 { 700 size_t size = 0; 701 702 if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(256)) 703 size = BITS_TO_BYTES(256); 704 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(384)) 705 size = BITS_TO_BYTES(384); 706 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(576)) 707 size = BITS_TO_BYTES(576); 708 else 709 EMSG("Fail to get key buffer size."); 710 711 return size; 712 } 713 714 static enum hisi_drv_status hpre_ecc_dh_transfer_key(struct hpre_ecc_msg *msg) 715 { 716 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 717 uint8_t *p = msg->key; 718 uint8_t *a = p + msg->key_bytes; 719 uint8_t *d = a + msg->key_bytes; 720 uint8_t *b = d + msg->key_bytes; 721 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 722 723 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, NULL, NULL, NULL, 724 msg->curve_bytes, msg->key_bytes); 725 if (ret) 726 return ret; 727 728 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, ecc_dh->d_bytes); 729 if (ret) 730 EMSG("Fail to transfer ecc dh d from crypto_bin to hpre_bin"); 731 732 return ret; 733 } 734 735 static enum hisi_drv_status hpre_ecc_dh_transfer_in(struct hpre_ecc_msg *msg) 736 { 737 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 738 uint8_t *x = msg->in; 739 uint8_t *y = x + msg->key_bytes; 740 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 741 742 ret = hpre_bin_from_crypto_bin(x, x, msg->key_bytes, 743 ecc_dh->x_bytes); 744 if (ret) { 745 EMSG("Fail to transfer ecdh gx from crypto_bin to hpre_bin"); 746 return ret; 747 } 748 749 ret = hpre_bin_from_crypto_bin(y, y, msg->key_bytes, 750 ecc_dh->y_bytes); 751 if (ret) 752 EMSG("Fail to transfer ecdh gy from crypto_bin to hpre_bin"); 753 754 return ret; 755 } 756 757 static enum hisi_drv_status 758 hpre_ecc_dh_params_fill(const struct hpre_ecc_curve *curve, 759 struct hpre_ecc_msg *msg, struct bignum *privkey, 760 struct ecc_public_key *pubkey) 761 { 762 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 763 uint8_t *p = msg->key; 764 uint8_t *a = p + msg->key_bytes; 765 uint8_t *d = a + msg->key_bytes; 766 uint8_t *b = d + msg->key_bytes; 767 uint8_t *x = msg->in; 768 uint8_t *y = x + msg->key_bytes; 769 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 770 771 memcpy(p, curve->p, msg->curve_bytes); 772 memcpy(a, curve->a, msg->curve_bytes); 773 crypto_bignum_bn2bin(privkey, d); 774 ecc_dh->d_bytes = crypto_bignum_num_bytes(privkey); 775 if (is_all_zero(d, ecc_dh->d_bytes, "ecc dh d")) 776 return HISI_QM_DRVCRYPT_EINVAL; 777 778 memcpy(b, curve->b, msg->curve_bytes); 779 780 ecc_dh->x_bytes = msg->curve_bytes; 781 ecc_dh->y_bytes = msg->curve_bytes; 782 if (!pubkey) { 783 /* gen key pair */ 784 memcpy(x, curve->x, ecc_dh->x_bytes); 785 memcpy(y, curve->y, ecc_dh->y_bytes); 786 } else { 787 /* do shared secret */ 788 crypto_bignum_bn2bin(pubkey->x, x); 789 ecc_dh->x_bytes = crypto_bignum_num_bytes(pubkey->x); 790 crypto_bignum_bn2bin(pubkey->y, y); 791 ecc_dh->y_bytes = crypto_bignum_num_bytes(pubkey->y); 792 } 793 794 ret = hpre_ecc_dh_transfer_key(msg); 795 if (ret) 796 return ret; 797 798 return hpre_ecc_dh_transfer_in(msg); 799 } 800 801 static enum hisi_drv_status hpre_ecc_dh_params_alloc(struct hpre_ecc_msg *msg) 802 { 803 uint32_t size = HPRE_ECC_DH_TOTAL_BUF_SIZE(msg->key_bytes); 804 uint8_t *data = NULL; 805 806 data = calloc(1, size); 807 if (!data) { 808 EMSG("Fail to alloc ecc dh total buf"); 809 return HISI_QM_DRVCRYPT_ENOMEM; 810 } 811 812 msg->key = data; 813 msg->key_dma = virt_to_phys(msg->key); 814 815 msg->in = msg->key + ECC_DH_KEY_SIZE(msg->key_bytes); 816 msg->in_dma = msg->key_dma + ECC_DH_KEY_SIZE(msg->key_bytes); 817 msg->out = msg->in + ECC_DH_IN_SIZE(msg->key_bytes); 818 msg->out_dma = msg->in_dma + ECC_DH_IN_SIZE(msg->key_bytes); 819 820 return HISI_QM_DRVCRYPT_NO_ERR; 821 } 822 823 static void hpre_ecc_request_deinit(struct hpre_ecc_msg *msg) 824 { 825 if (msg->key) { 826 memzero_explicit(msg->key, ECC_DH_KEY_SIZE(msg->key_bytes)); 827 free(msg->key); 828 msg->key = NULL; 829 } 830 } 831 832 static TEE_Result hpre_ecc_request_init(const struct hpre_ecc_curve *curve, 833 struct hpre_ecc_msg *msg, 834 struct bignum *d, 835 struct ecc_public_key *pubkey) 836 { 837 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 838 839 msg->alg_type = HPRE_ALG_ECDH_MULTIPLY; 840 841 if (curve->id == TEE_ECC_CURVE_SM2) 842 msg->sm2_sp = true; 843 844 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 845 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 846 if (!msg->key_bytes) 847 return TEE_ERROR_BAD_PARAMETERS; 848 849 ret = hpre_ecc_dh_params_alloc(msg); 850 if (ret) 851 return TEE_ERROR_OUT_OF_MEMORY; 852 853 ret = hpre_ecc_dh_params_fill(curve, msg, d, pubkey); 854 if (ret) { 855 hpre_ecc_request_deinit(msg); 856 return TEE_ERROR_BAD_STATE; 857 } 858 859 msg->param_size.ecc_dh.rx_bytes = msg->curve_bytes; 860 msg->param_size.ecc_dh.ry_bytes = msg->curve_bytes; 861 862 return TEE_SUCCESS; 863 } 864 865 static TEE_Result gen_random_k(struct bignum *d, size_t key_bits, 866 const uint8_t *n) 867 { 868 size_t size = BITS_TO_BYTES(key_bits); 869 uint8_t *rand_k = NULL; 870 size_t i = 0; 871 size_t j = 0; 872 TEE_Result ret = TEE_SUCCESS; 873 874 if (!d || !n) { 875 EMSG("Input param is NULL."); 876 return TEE_ERROR_BAD_PARAMETERS; 877 } 878 879 rand_k = malloc(size); 880 if (!rand_k) { 881 EMSG("Fail to malloc rand_k buf."); 882 return TEE_ERROR_OUT_OF_MEMORY; 883 } 884 885 for (i = 0; i < size; i++) { 886 if (n[i] > 1) { 887 rand_k[i] = n[i] - 1; 888 break; 889 } 890 rand_k[i] = n[i]; 891 } 892 893 j = i + 1; 894 if (hw_get_random_bytes(rand_k + j, size - j)) { 895 EMSG("Fail to fill rand_k buf."); 896 free(rand_k); 897 return TEE_ERROR_NO_DATA; 898 } 899 900 ret = crypto_bignum_bin2bn(rand_k, size, d); 901 if (ret) 902 EMSG("Rand_k bin2bn fail."); 903 904 free(rand_k); 905 906 return ret; 907 } 908 909 static TEE_Result hpre_ecc_gen_keypair(struct ecc_keypair *key, 910 size_t size_bits) 911 { 912 struct hpre_ecc_msg msg = { }; 913 const struct hpre_ecc_curve *curve = NULL; 914 struct hpre_ecc_dh *ecc_dh = NULL; 915 TEE_Result ret = TEE_SUCCESS; 916 917 if (!key || !key->d || !key->x || !key->y) { 918 EMSG("Invalid ecc_gen_keypair input parameters."); 919 return TEE_ERROR_BAD_PARAMETERS; 920 } 921 922 curve = get_curve_from_list(key->curve); 923 if (!curve) { 924 EMSG("Fail to get valid curve, id %"PRIu32, key->curve); 925 return TEE_ERROR_NOT_SUPPORTED; 926 } 927 928 if (BITS_TO_BYTES(size_bits) != BITS_TO_BYTES(curve->key_bits)) { 929 EMSG("Invalid size_bits %zu.", size_bits); 930 return TEE_ERROR_BAD_PARAMETERS; 931 } 932 933 ret = gen_random_k(key->d, curve->key_bits, curve->n); 934 if (ret) 935 return ret; 936 937 ret = hpre_ecc_request_init(curve, &msg, key->d, NULL); 938 if (ret) { 939 EMSG("Ecc key pair request init fail."); 940 return ret; 941 } 942 943 ret = hpre_do_ecc_task(&msg); 944 if (ret) { 945 EMSG("Fail to do ecc key pair task! ret = 0x%"PRIX16, ret); 946 goto done; 947 } 948 949 ecc_dh = &msg.param_size.ecc_dh; 950 ret = crypto_bignum_bin2bn(msg.out, ecc_dh->rx_bytes, key->x); 951 if (ret) { 952 EMSG("Fail to trans res x to bn."); 953 goto done; 954 } 955 956 ret = crypto_bignum_bin2bn(msg.out + msg.key_bytes, 957 ecc_dh->ry_bytes, key->y); 958 if (ret) 959 EMSG("Fail to trans res y to bn."); 960 done: 961 hpre_ecc_request_deinit(&msg); 962 return ret; 963 } 964 965 static TEE_Result hpre_ecc_do_shared_secret(struct drvcrypt_secret_data *sdata) 966 { 967 struct hpre_ecc_msg msg = { }; 968 const struct hpre_ecc_curve *curve = NULL; 969 struct ecc_public_key *pubkey = NULL; 970 struct ecc_keypair *ecc_key = NULL; 971 struct hpre_ecc_dh *ecc_dh = NULL; 972 TEE_Result ret = TEE_SUCCESS; 973 974 if (!sdata || !sdata->key_priv || !sdata->key_pub) { 975 EMSG("Invalid ecc_do_shared_secret input parameters."); 976 return TEE_ERROR_BAD_PARAMETERS; 977 } 978 979 ecc_key = sdata->key_priv; 980 pubkey = sdata->key_pub; 981 982 curve = get_curve_from_list(ecc_key->curve); 983 if (!curve) { 984 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 985 return TEE_ERROR_NOT_SUPPORTED; 986 } 987 988 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 989 EMSG("Invalid sdata size_sec %zu.", sdata->size_sec); 990 return TEE_ERROR_BAD_PARAMETERS; 991 } 992 993 ret = hpre_ecc_request_init(curve, &msg, ecc_key->d, pubkey); 994 if (ret) { 995 EMSG("Ecc shared secret request init fail."); 996 return ret; 997 } 998 999 ret = hpre_do_ecc_task(&msg); 1000 if (ret) { 1001 EMSG("Fail to do ecc shared secret task! ret = 0x%"PRIX32, 1002 ret); 1003 goto done; 1004 } 1005 1006 ecc_dh = &msg.param_size.ecc_dh; 1007 /* 1008 * Only take the x coordinate as the output result, according to 1009 * soft computing implementation. 1010 */ 1011 memcpy(sdata->secret.data, msg.out, ecc_dh->rx_bytes); 1012 sdata->secret.length = ecc_dh->rx_bytes; 1013 memzero_explicit(msg.out, ECC_DH_OUT_SIZE(msg.key_bytes)); 1014 1015 done: 1016 hpre_ecc_request_deinit(&msg); 1017 return ret; 1018 } 1019 1020 static enum hisi_drv_status 1021 hpre_ecc_sign_params_fill(const struct hpre_ecc_curve *curve, 1022 struct hpre_ecc_msg *msg, 1023 struct drvcrypt_sign_data *sdata, 1024 struct bignum *rand_k) 1025 { 1026 struct ecc_keypair *ecc_key = sdata->key; 1027 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign; 1028 uint8_t *p = msg->key; 1029 uint8_t *a = p + msg->key_bytes; 1030 uint8_t *d = a + msg->key_bytes; 1031 uint8_t *b = d + msg->key_bytes; 1032 uint8_t *n = b + msg->key_bytes; 1033 uint8_t *gx = n + msg->key_bytes; 1034 uint8_t *gy = gx + msg->key_bytes; 1035 uint8_t *e = msg->in; 1036 uint8_t *k = e + msg->key_bytes; 1037 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1038 1039 memcpy(p, curve->p, msg->curve_bytes); 1040 memcpy(a, curve->a, msg->curve_bytes); 1041 crypto_bignum_bn2bin(ecc_key->d, d); 1042 ecc_sign->d_bytes = crypto_bignum_num_bytes(ecc_key->d); 1043 memcpy(b, curve->b, msg->curve_bytes); 1044 memcpy(n, curve->n, msg->curve_bytes); 1045 memcpy(gx, curve->x, msg->curve_bytes); 1046 memcpy(gy, curve->y, msg->curve_bytes); 1047 crypto_bignum_bn2bin(rand_k, k); 1048 ecc_sign->k_bytes = crypto_bignum_num_bytes(rand_k); 1049 1050 ecc_sign->e_bytes = MIN(sdata->message.length, msg->curve_bytes); 1051 memcpy(e, sdata->message.data, ecc_sign->e_bytes); 1052 if (is_all_zero(e, ecc_sign->e_bytes, "ecc sign msg_e")) 1053 return HISI_QM_DRVCRYPT_EINVAL; 1054 1055 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes, 1056 msg->key_bytes); 1057 if (ret) 1058 return ret; 1059 1060 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, 1061 ecc_sign->d_bytes); 1062 if (ret) { 1063 EMSG("Fail to transfer ecdsa sign d"); 1064 return ret; 1065 } 1066 1067 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes, 1068 ecc_sign->e_bytes); 1069 if (ret) { 1070 EMSG("Fail to transfer ecdsa sign e"); 1071 return ret; 1072 } 1073 1074 ret = hpre_bin_from_crypto_bin(k, k, msg->key_bytes, 1075 ecc_sign->k_bytes); 1076 if (ret) 1077 EMSG("Fail to transfer ecdsa sign k"); 1078 1079 return ret; 1080 } 1081 1082 static enum hisi_drv_status hpre_ecc_sign_params_alloc(struct hpre_ecc_msg *msg) 1083 { 1084 uint32_t size = HPRE_ECC_SIGN_TOTAL_BUF_SIZE(msg->key_bytes); 1085 uint8_t *data = NULL; 1086 1087 data = calloc(1, size); 1088 if (!data) { 1089 EMSG("Fail to alloc ecc sign total buf"); 1090 return HISI_QM_DRVCRYPT_ENOMEM; 1091 } 1092 1093 msg->key = data; 1094 msg->key_dma = virt_to_phys(msg->key); 1095 if (!msg->key_dma) { 1096 EMSG("Fail to get key dma addr"); 1097 free(data); 1098 return HISI_QM_DRVCRYPT_EFAULT; 1099 } 1100 1101 msg->in = msg->key + ECC_SIGN_KEY_SIZE(msg->key_bytes); 1102 msg->in_dma = msg->key_dma + ECC_SIGN_KEY_SIZE(msg->key_bytes); 1103 msg->out = msg->in + ECC_SIGN_IN_SIZE(msg->key_bytes); 1104 msg->out_dma = msg->in_dma + ECC_SIGN_IN_SIZE(msg->key_bytes); 1105 1106 return HISI_QM_DRVCRYPT_NO_ERR; 1107 } 1108 1109 static void hpre_ecc_sign_request_deinit(struct hpre_ecc_msg *msg) 1110 { 1111 if (msg->key) { 1112 free_wipe(msg->key); 1113 msg->key = NULL; 1114 } 1115 } 1116 1117 static TEE_Result 1118 hpre_ecc_sign_request_init(const struct hpre_ecc_curve *curve, 1119 struct hpre_ecc_msg *msg, 1120 struct drvcrypt_sign_data *sdata, 1121 struct bignum *rand_k) 1122 { 1123 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1124 1125 if (curve->id == TEE_ECC_CURVE_SM2) 1126 msg->alg_type = HPRE_ALG_SM2_SIGN; 1127 else 1128 msg->alg_type = HPRE_ALG_ECDSA_SIGN; 1129 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 1130 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 1131 if (!msg->key_bytes) 1132 return TEE_ERROR_BAD_PARAMETERS; 1133 1134 ret = hpre_ecc_sign_params_alloc(msg); 1135 if (ret) 1136 return TEE_ERROR_OUT_OF_MEMORY; 1137 1138 ret = hpre_ecc_sign_params_fill(curve, msg, sdata, rand_k); 1139 if (ret) { 1140 hpre_ecc_sign_request_deinit(msg); 1141 return TEE_ERROR_BAD_STATE; 1142 } 1143 1144 msg->param_size.ecc_sign.r_bytes = msg->curve_bytes; 1145 msg->param_size.ecc_sign.s_bytes = msg->curve_bytes; 1146 1147 return TEE_SUCCESS; 1148 } 1149 1150 static TEE_Result hpre_ecdsa_param_check(struct drvcrypt_sign_data *sdata, 1151 const struct hpre_ecc_curve *curve) 1152 { 1153 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 1154 EMSG("Invalid sdata size_sec %zu", sdata->size_sec); 1155 return TEE_ERROR_BAD_PARAMETERS; 1156 } 1157 1158 return TEE_SUCCESS; 1159 } 1160 1161 static void hpre_ecc_sign_get_data_out(struct hpre_ecc_msg *msg, 1162 struct drvcrypt_sign_data *sdata) 1163 { 1164 struct hpre_ecc_sign *ecc_sign; 1165 1166 ecc_sign = &msg->param_size.ecc_sign; 1167 sdata->signature.length = ecc_sign->r_bytes + ecc_sign->s_bytes; 1168 memcpy(sdata->signature.data, msg->out, ecc_sign->r_bytes); 1169 memcpy(sdata->signature.data + ecc_sign->r_bytes, msg->out + 1170 msg->key_bytes, ecc_sign->s_bytes); 1171 } 1172 1173 static TEE_Result hpre_ecc_sign(struct drvcrypt_sign_data *sdata) 1174 { 1175 struct hpre_ecc_msg msg = { }; 1176 const struct hpre_ecc_curve *curve = NULL; 1177 struct ecc_keypair *ecc_key = NULL; 1178 struct bignum *rand_k = NULL; 1179 TEE_Result ret = TEE_SUCCESS; 1180 1181 if (!sdata || !sdata->key) { 1182 EMSG("Invalid ecc_sign input parameters"); 1183 return TEE_ERROR_BAD_PARAMETERS; 1184 } 1185 1186 ecc_key = sdata->key; 1187 1188 curve = get_curve_from_list(ecc_key->curve); 1189 if (!curve) { 1190 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 1191 return TEE_ERROR_NOT_SUPPORTED; 1192 } 1193 1194 ret = hpre_ecdsa_param_check(sdata, curve); 1195 if (ret) 1196 return ret; 1197 1198 rand_k = crypto_bignum_allocate(curve->key_bits); 1199 if (!rand_k) { 1200 EMSG("Fail to alloc private k"); 1201 return TEE_ERROR_OUT_OF_MEMORY; 1202 } 1203 1204 ret = gen_random_k(rand_k, curve->key_bits, curve->n); 1205 if (ret) 1206 goto free_key; 1207 1208 ret = hpre_ecc_sign_request_init(curve, &msg, sdata, rand_k); 1209 if (ret) { 1210 EMSG("Ecc sign request init fail"); 1211 goto free_key; 1212 } 1213 1214 ret = hpre_do_ecc_task(&msg); 1215 if (ret) { 1216 EMSG("Fail to do ecc sign task! ret = 0x%"PRIX16, ret); 1217 goto done; 1218 } 1219 1220 hpre_ecc_sign_get_data_out(&msg, sdata); 1221 1222 done: 1223 hpre_ecc_sign_request_deinit(&msg); 1224 free_key: 1225 crypto_bignum_free(&rand_k); 1226 1227 return ret; 1228 } 1229 1230 static enum hisi_drv_status 1231 hpre_ecc_verify_transfer_key(struct hpre_ecc_msg *msg) 1232 { 1233 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1234 uint8_t *p = msg->key; 1235 uint8_t *a = p + msg->key_bytes; 1236 uint8_t *b = a + msg->key_bytes; 1237 uint8_t *n = b + msg->key_bytes; 1238 uint8_t *gx = n + msg->key_bytes; 1239 uint8_t *gy = gx + msg->key_bytes; 1240 uint8_t *pubx = gy + msg->key_bytes; 1241 uint8_t *puby = pubx + msg->key_bytes; 1242 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1243 1244 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes, 1245 msg->key_bytes); 1246 if (ret) 1247 return ret; 1248 1249 ret = hpre_bin_from_crypto_bin(pubx, pubx, msg->key_bytes, 1250 ecc_verify->pubx_bytes); 1251 if (ret) { 1252 EMSG("Fail to transfer ecdsa verify pub_x"); 1253 return ret; 1254 } 1255 1256 ret = hpre_bin_from_crypto_bin(puby, puby, msg->key_bytes, 1257 ecc_verify->puby_bytes); 1258 if (ret) 1259 EMSG("Fail to transfer ecdsa verify pub_y"); 1260 1261 return ret; 1262 } 1263 1264 static enum hisi_drv_status 1265 hpre_ecc_verify_transfer_in(struct hpre_ecc_msg *msg) 1266 { 1267 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1268 uint8_t *e = msg->in; 1269 uint8_t *s = e + msg->key_bytes; 1270 uint8_t *r = s + msg->key_bytes; 1271 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1272 1273 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes, 1274 ecc_verify->e_bytes); 1275 if (ret) { 1276 EMSG("Fail to transfer ecdsa verify e"); 1277 return ret; 1278 } 1279 1280 ret = hpre_bin_from_crypto_bin(s, s, msg->key_bytes, 1281 ecc_verify->s_bytes); 1282 if (ret) { 1283 EMSG("Fail to transfer ecdsa verify s"); 1284 return ret; 1285 } 1286 1287 ret = hpre_bin_from_crypto_bin(r, r, msg->key_bytes, 1288 ecc_verify->r_bytes); 1289 if (ret) 1290 EMSG("Fail to transfer ecdsa verify r"); 1291 1292 return ret; 1293 } 1294 1295 static TEE_Result 1296 hpre_ecc_verify_params_fill(const struct hpre_ecc_curve *curve, 1297 struct hpre_ecc_msg *msg, 1298 struct drvcrypt_sign_data *sdata) 1299 { 1300 struct ecc_public_key *ecc_key = sdata->key; 1301 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1302 uint8_t *p = msg->key; 1303 uint8_t *a = p + msg->key_bytes; 1304 uint8_t *b = a + msg->key_bytes; 1305 uint8_t *n = b + msg->key_bytes; 1306 uint8_t *gx = n + msg->key_bytes; 1307 uint8_t *gy = gx + msg->key_bytes; 1308 uint8_t *pubx = gy + msg->key_bytes; 1309 uint8_t *puby = pubx + msg->key_bytes; 1310 uint8_t *e = msg->in; 1311 uint8_t *s = e + msg->key_bytes; 1312 uint8_t *r = s + msg->key_bytes; 1313 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1314 1315 memcpy(p, curve->p, msg->curve_bytes); 1316 memcpy(a, curve->a, msg->curve_bytes); 1317 memcpy(b, curve->b, msg->curve_bytes); 1318 memcpy(n, curve->n, msg->curve_bytes); 1319 memcpy(gx, curve->x, msg->curve_bytes); 1320 memcpy(gy, curve->y, msg->curve_bytes); 1321 crypto_bignum_bn2bin(ecc_key->x, pubx); 1322 ecc_verify->pubx_bytes = crypto_bignum_num_bytes(ecc_key->x); 1323 crypto_bignum_bn2bin(ecc_key->y, puby); 1324 ecc_verify->puby_bytes = crypto_bignum_num_bytes(ecc_key->y); 1325 1326 ecc_verify->e_bytes = MIN(sdata->message.length, msg->curve_bytes); 1327 memcpy(e, sdata->message.data, ecc_verify->e_bytes); 1328 if (is_all_zero(e, ecc_verify->e_bytes, "ecc verify msg_e")) 1329 return TEE_ERROR_BAD_PARAMETERS; 1330 1331 /* user should make param r and s be full width */ 1332 ecc_verify->r_bytes = sdata->signature.length >> 1; 1333 memcpy(r, sdata->signature.data, ecc_verify->r_bytes); 1334 ecc_verify->s_bytes = ecc_verify->r_bytes; 1335 memcpy(s, sdata->signature.data + ecc_verify->r_bytes, 1336 ecc_verify->s_bytes); 1337 1338 ret = hpre_ecc_verify_transfer_key(msg); 1339 if (ret) 1340 return TEE_ERROR_BAD_STATE; 1341 1342 ret = hpre_ecc_verify_transfer_in(msg); 1343 if (ret) 1344 return TEE_ERROR_BAD_STATE; 1345 1346 return TEE_SUCCESS; 1347 } 1348 1349 static enum hisi_drv_status 1350 hpre_ecc_verify_params_alloc(struct hpre_ecc_msg *msg) 1351 { 1352 uint32_t size = HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(msg->key_bytes); 1353 uint8_t *data = NULL; 1354 1355 data = calloc(1, size); 1356 if (!data) { 1357 EMSG("Fail to alloc ecc verify total buf"); 1358 return HISI_QM_DRVCRYPT_ENOMEM; 1359 } 1360 1361 msg->key = data; 1362 msg->key_dma = virt_to_phys(msg->key); 1363 if (!msg->key_dma) { 1364 EMSG("Fail to get key dma addr"); 1365 free(data); 1366 return HISI_QM_DRVCRYPT_EFAULT; 1367 } 1368 1369 msg->in = msg->key + ECC_VERIF_KEY_SIZE(msg->key_bytes); 1370 msg->in_dma = msg->key_dma + ECC_VERIF_KEY_SIZE(msg->key_bytes); 1371 msg->out = msg->in + ECC_VERIF_IN_SIZE(msg->key_bytes); 1372 msg->out_dma = msg->in_dma + ECC_VERIF_IN_SIZE(msg->key_bytes); 1373 1374 return HISI_QM_DRVCRYPT_NO_ERR; 1375 } 1376 1377 static void hpre_ecc_verify_request_deinit(struct hpre_ecc_msg *msg) 1378 { 1379 if (msg->key) { 1380 free_wipe(msg->key); 1381 msg->key = NULL; 1382 } 1383 } 1384 1385 static TEE_Result 1386 hpre_ecc_verify_request_init(const struct hpre_ecc_curve *curve, 1387 struct hpre_ecc_msg *msg, 1388 struct drvcrypt_sign_data *sdata) 1389 { 1390 int32_t ret = 0; 1391 1392 if (curve->id == TEE_ECC_CURVE_SM2) 1393 msg->alg_type = HPRE_ALG_SM2_VERF; 1394 else 1395 msg->alg_type = HPRE_ALG_ECDSA_VERF; 1396 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 1397 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 1398 if (!msg->key_bytes) 1399 return TEE_ERROR_BAD_PARAMETERS; 1400 1401 ret = hpre_ecc_verify_params_alloc(msg); 1402 if (ret) 1403 return TEE_ERROR_OUT_OF_MEMORY; 1404 1405 ret = hpre_ecc_verify_params_fill(curve, msg, sdata); 1406 if (ret) { 1407 hpre_ecc_verify_request_deinit(msg); 1408 return TEE_ERROR_BAD_STATE; 1409 } 1410 1411 return TEE_SUCCESS; 1412 } 1413 1414 static TEE_Result hpre_ecc_verify(struct drvcrypt_sign_data *sdata) 1415 { 1416 struct hpre_ecc_msg msg = { }; 1417 const struct hpre_ecc_curve *curve = NULL; 1418 struct ecc_public_key *pub_key = NULL; 1419 TEE_Result ret = TEE_SUCCESS; 1420 1421 if (!sdata || !sdata->key) { 1422 EMSG("Invalid ecc_verify input parameters"); 1423 return TEE_ERROR_BAD_PARAMETERS; 1424 } 1425 1426 pub_key = sdata->key; 1427 1428 curve = get_curve_from_list(pub_key->curve); 1429 if (!curve) { 1430 EMSG("Fail to get valid curve, id %"PRIu32, pub_key->curve); 1431 return TEE_ERROR_NOT_SUPPORTED; 1432 } 1433 1434 ret = hpre_ecdsa_param_check(sdata, curve); 1435 if (ret) 1436 return ret; 1437 1438 ret = hpre_ecc_verify_request_init(curve, &msg, sdata); 1439 if (ret) { 1440 EMSG("Ecc verify request init fail"); 1441 return ret; 1442 } 1443 1444 ret = hpre_do_ecc_task(&msg); 1445 if (ret) { 1446 EMSG("Fail to do ecc verify task! ret = 0x%"PRIX16, ret); 1447 goto done; 1448 } 1449 1450 if (msg.result == ECC_VERIFY_ERR) { 1451 EMSG("Hpre ecc verify fail"); 1452 ret = TEE_ERROR_SIGNATURE_INVALID; 1453 } 1454 1455 done: 1456 hpre_ecc_verify_request_deinit(&msg); 1457 return ret; 1458 } 1459 1460 static struct drvcrypt_ecc driver_ecc = { 1461 .alloc_keypair = hpre_ecc_alloc_keypair, 1462 .alloc_publickey = hpre_ecc_alloc_publickey, 1463 .free_publickey = hpre_ecc_free_publickey, 1464 .gen_keypair = hpre_ecc_gen_keypair, 1465 .shared_secret = hpre_ecc_do_shared_secret, 1466 .sign = hpre_ecc_sign, 1467 .verify = hpre_ecc_verify, 1468 }; 1469 1470 static TEE_Result hpre_ecc_init(void) 1471 { 1472 TEE_Result ret = drvcrypt_register_ecc(&driver_ecc); 1473 1474 if (ret != TEE_SUCCESS) 1475 EMSG("Hpre ecc register to crypto fail"); 1476 1477 return ret; 1478 } 1479 1480 driver_init(hpre_ecc_init); 1481