1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2022, HiSilicon Technologies Co., Ltd. 4 * Kunpeng hardware accelerator hpre ecc algorithm implementation. 5 */ 6 #include <drvcrypt.h> 7 #include <drvcrypt_acipher.h> 8 #include <initcall.h> 9 #include <malloc.h> 10 #include <rng_support.h> 11 #include <stdlib_ext.h> 12 #include <string.h> 13 #include <string_ext.h> 14 #include <trace.h> 15 16 #include "hpre_main.h" 17 #include "hpre_ecc.h" 18 19 #define ECC_DH_IN_PARAM_NUM 2 20 #define ECC_DH_KEY_PARAM_NUM 4 21 #define ECC_DH_OUT_PARAM_NUM 2 22 #define ECC_DH_IN_SIZE(hsz) ((hsz) * ECC_DH_IN_PARAM_NUM) 23 #define ECC_DH_KEY_SIZE(hsz) ((hsz) * ECC_DH_KEY_PARAM_NUM) 24 #define ECC_DH_OUT_SIZE(hsz) ((hsz) * ECC_DH_OUT_PARAM_NUM) 25 26 #define ECC_SIGN_IN_PARAM_NUM 2 27 #define ECC_SIGN_KEY_PARAM_NUM 7 28 #define SM2_DEC_KEY_PARAM_NUM 4 29 #define SM2_DEC_IN_PARAM_NUM 4 30 #define ECC_SIGN_OUT_PARAM_NUM 2 31 #define ECC_SIGN_IN_SIZE(hsz) ((hsz) * ECC_SIGN_IN_PARAM_NUM) 32 #define ECC_SIGN_KEY_SIZE(hsz) ((hsz) * ECC_SIGN_KEY_PARAM_NUM) 33 #define ECC_SIGN_OUT_SIZE(hsz) ((hsz) * ECC_SIGN_OUT_PARAM_NUM) 34 35 #define ECC_VERIF_IN_PARAM_NUM 3 36 #define ECC_VERIF_KEY_PARAM_NUM 8 37 #define SM2_ENC_KEY_PARAM_NUM 8 38 #define ECC_VERIF_IN_SIZE(hsz) ((hsz) * ECC_VERIF_IN_PARAM_NUM) 39 #define ECC_VERIF_KEY_SIZE(hsz) ((hsz) * ECC_VERIF_KEY_PARAM_NUM) 40 #define SM2_ENC_KEY_SIZE(hsz) ((hsz) * SM2_ENC_KEY_PARAM_NUM) 41 #define SM2_DEC_KEY_SIZE(hsz) ((hsz) * SM2_DEC_KEY_PARAM_NUM) 42 #define ECC_POINT_PARAM_NUM 2 43 #define MAX_SM2_MLEN 512 44 45 #define HPRE_ECC_DH_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 8) 46 #define HPRE_ECC_SIGN_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 47 #define HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 48 #define HPRE_SM2_ENC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 49 ((key_bytes) * 12 + (sm2_mlen) * 2) 50 #define HPRE_SM2_DEC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 51 ((key_bytes) * 7 + (sm2_mlen) * 2) 52 53 #define SM2_X2Y2_LEN 64 54 55 struct hpre_ecc_curve { 56 const uint32_t id; 57 const uint32_t key_bits; 58 const uint8_t *p; 59 const uint8_t *a; 60 const uint8_t *b; 61 const uint8_t *x; 62 const uint8_t *y; 63 const uint8_t *n; 64 }; 65 66 /* NID_X9_62_prime192v1 */ 67 static const uint8_t g_prime192v1_p[] = { 68 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 69 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 70 }; 71 72 static const uint8_t g_prime192v1_a[] = { 73 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 74 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 75 }; 76 77 static const uint8_t g_prime192v1_b[] = { 78 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, 79 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 80 }; 81 82 static const uint8_t g_prime192v1_gx[] = { 83 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, 84 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 85 }; 86 87 static const uint8_t g_prime192v1_gy[] = { 88 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, 89 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11 90 }; 91 92 static const uint8_t g_prime192v1_n[] = { 93 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 94 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 95 }; 96 97 /* NID_secp224r1 */ 98 static const uint8_t g_secp224r1_p[] = { 99 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 100 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 101 0x00, 0x00, 0x00, 0x01 102 }; 103 104 static const uint8_t g_secp224r1_a[] = { 105 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 106 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 107 0xFF, 0xFF, 0xFF, 0xFE 108 }; 109 110 static const uint8_t g_secp224r1_b[] = { 111 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, 112 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, 113 0x23, 0x55, 0xFF, 0xB4 114 }; 115 116 static const uint8_t g_secp224r1_gx[] = { 117 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, 118 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, 119 0x11, 0x5C, 0x1D, 0x21 120 }; 121 122 static const uint8_t g_secp224r1_gy[] = { 123 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, 124 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, 125 0x85, 0x00, 0x7e, 0x34 126 }; 127 128 static const uint8_t g_secp224r1_n[] = { 129 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 130 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, 131 0x5C, 0x5C, 0x2A, 0x3D 132 }; 133 134 /* NID_X9_62_prime256v1 */ 135 static const uint8_t g_prime256v1_p[] = { 136 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 139 }; 140 141 static const uint8_t g_prime256v1_a[] = { 142 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 144 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 145 }; 146 147 static const uint8_t g_prime256v1_b[] = { 148 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 149 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 150 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B 151 }; 152 153 static const uint8_t g_prime256v1_gx[] = { 154 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 155 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 156 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 157 }; 158 159 static const uint8_t g_prime256v1_gy[] = { 160 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 161 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 162 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 163 }; 164 165 static const uint8_t g_prime256v1_n[] = { 166 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 167 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 168 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 169 }; 170 171 /* NID_secp384r1 */ 172 static const uint8_t g_secp384r1_p[] = { 173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 174 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 175 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF 177 }; 178 179 static const uint8_t g_secp384r1_a[] = { 180 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 181 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 182 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC 184 }; 185 186 static const uint8_t g_secp384r1_b[] = { 187 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, 188 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, 189 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 190 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF 191 }; 192 193 static const uint8_t g_secp384r1_gx[] = { 194 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, 195 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, 196 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 197 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 198 }; 199 200 static const uint8_t g_secp384r1_gy[] = { 201 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, 202 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, 203 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 204 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f 205 }; 206 207 static const uint8_t g_secp384r1_n[] = { 208 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 209 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 210 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 211 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 212 }; 213 214 /* NID_secp521r1 */ 215 static const uint8_t g_secp521r1_p[] = { 216 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 217 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 218 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 222 }; 223 224 static const uint8_t g_secp521r1_a[] = { 225 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 226 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 227 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 229 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 230 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 231 }; 232 233 static const uint8_t g_secp521r1_b[] = { 234 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, 235 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 236 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, 237 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 238 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, 239 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00 240 }; 241 242 static const uint8_t g_secp521r1_gx[] = { 243 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, 244 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 245 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, 246 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 247 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, 248 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66 249 }; 250 251 static const uint8_t g_secp521r1_gy[] = { 252 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 253 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 254 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 255 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 256 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 257 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50 258 }; 259 260 static const uint8_t g_secp521r1_n[] = { 261 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 262 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 263 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 264 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 265 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, 266 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 267 }; 268 269 /* NID_SM2 */ 270 static const uint8_t g_sm2_p[] = { 271 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 273 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 274 }; 275 276 static const uint8_t g_sm2_a[] = { 277 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 278 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc 280 }; 281 282 static const uint8_t g_sm2_b[] = { 283 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, 284 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, 285 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 286 }; 287 288 static const uint8_t g_sm2_gx[] = { 289 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, 290 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, 291 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 292 }; 293 294 static const uint8_t g_sm2_gy[] = { 295 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, 296 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, 297 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 298 }; 299 300 static const uint8_t g_sm2_n[] = { 301 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 302 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, 303 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 304 }; 305 306 static const struct hpre_ecc_curve g_curve_list[] = { 307 { 308 .id = TEE_ECC_CURVE_NIST_P192, 309 .key_bits = 192, 310 .p = g_prime192v1_p, 311 .a = g_prime192v1_a, 312 .b = g_prime192v1_b, 313 .x = g_prime192v1_gx, 314 .y = g_prime192v1_gy, 315 .n = g_prime192v1_n, 316 }, 317 { 318 .id = TEE_ECC_CURVE_NIST_P224, 319 .key_bits = 224, 320 .p = g_secp224r1_p, 321 .a = g_secp224r1_a, 322 .b = g_secp224r1_b, 323 .x = g_secp224r1_gx, 324 .y = g_secp224r1_gy, 325 .n = g_secp224r1_n, 326 }, 327 { 328 .id = TEE_ECC_CURVE_NIST_P256, 329 .key_bits = 256, 330 .p = g_prime256v1_p, 331 .a = g_prime256v1_a, 332 .b = g_prime256v1_b, 333 .x = g_prime256v1_gx, 334 .y = g_prime256v1_gy, 335 .n = g_prime256v1_n, 336 }, 337 { 338 .id = TEE_ECC_CURVE_NIST_P384, 339 .key_bits = 384, 340 .p = g_secp384r1_p, 341 .a = g_secp384r1_a, 342 .b = g_secp384r1_b, 343 .x = g_secp384r1_gx, 344 .y = g_secp384r1_gy, 345 .n = g_secp384r1_n, 346 }, 347 { 348 .id = TEE_ECC_CURVE_NIST_P521, 349 .key_bits = 521, 350 .p = g_secp521r1_p, 351 .a = g_secp521r1_a, 352 .b = g_secp521r1_b, 353 .x = g_secp521r1_gx, 354 .y = g_secp521r1_gy, 355 .n = g_secp521r1_n, 356 }, 357 { 358 .id = TEE_ECC_CURVE_SM2, 359 .key_bits = 256, 360 .p = g_sm2_p, 361 .a = g_sm2_a, 362 .b = g_sm2_b, 363 .x = g_sm2_gx, 364 .y = g_sm2_gy, 365 .n = g_sm2_n, 366 } 367 }; 368 369 static bool is_all_zero(uint8_t *data, uint32_t size, const char *p_name) 370 { 371 uint32_t i = 0; 372 373 for (i = 0; i < size; i++) { 374 if (data[i]) 375 return false; 376 } 377 378 EMSG("Error: %s all zero", p_name); 379 380 return true; 381 } 382 383 static enum hisi_drv_status hpre_ecc_curve_to_hpre_bin(uint8_t *p, uint8_t *a, 384 uint8_t *b, uint8_t *n, 385 uint8_t *gx, uint8_t *gy, 386 uint32_t curve_bytes, 387 uint32_t key_bytes) 388 { 389 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 390 391 ret = hpre_bin_from_crypto_bin(p, p, key_bytes, curve_bytes); 392 if (ret) { 393 EMSG("Fail to transfer p from crypto_bin to hpre_bin"); 394 return ret; 395 } 396 397 ret = hpre_bin_from_crypto_bin(a, a, key_bytes, curve_bytes); 398 if (ret) { 399 EMSG("Fail to transfer a from crypto_bin to hpre_bin"); 400 return ret; 401 } 402 403 ret = hpre_bin_from_crypto_bin(b, b, key_bytes, curve_bytes); 404 if (ret) { 405 EMSG("Fail to transfer b from crypto_bin to hpre_bin"); 406 return ret; 407 } 408 409 if (n) { 410 ret = hpre_bin_from_crypto_bin(n, n, key_bytes, curve_bytes); 411 if (ret) { 412 EMSG("Fail to transfer n from crypto_bin to hpre_bin"); 413 return ret; 414 } 415 } 416 417 if (gx) { 418 ret = hpre_bin_from_crypto_bin(gx, gx, key_bytes, curve_bytes); 419 if (ret) { 420 EMSG("Fail to transfer gx from crypto_bin to hpre_bin"); 421 return ret; 422 } 423 } 424 425 if (gy) { 426 ret = hpre_bin_from_crypto_bin(gy, gy, key_bytes, curve_bytes); 427 if (ret) 428 EMSG("Fail to transfer gy from crypto_bin to hpre_bin"); 429 } 430 431 return ret; 432 } 433 434 static enum hisi_drv_status hpre_ecc_fill_sqe(void *bd, void *info) 435 { 436 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 437 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 438 439 sqe->w0 = msg->alg_type | SHIFT_U32(0x1, HPRE_DONE_SHIFT); 440 sqe->task_len1 = TASK_LENGTH(msg->key_bytes); 441 sqe->ext1 = msg->sm2_sp << HPRE_SQE_BD_RSV2_SHIFT; 442 443 if (msg->alg_type == HPRE_ALG_SM2_ENC || 444 msg->alg_type == HPRE_ALG_SM2_DEC) 445 sqe->sm2enc_klen = msg->sm2_mlen - 1; 446 447 if (msg->alg_type == HPRE_ALG_SM2_SIGN || 448 msg->alg_type == HPRE_ALG_SM2_ENC) 449 sqe->ext1 |= SHIFT_U32(0x1, HPRE_SQE_SM2_KSEL_SHIFT); 450 451 sqe->key = msg->key_dma; 452 sqe->in = msg->in_dma; 453 if (msg->alg_type != HPRE_ALG_ECDSA_VERF && 454 msg->alg_type != HPRE_ALG_SM2_VERF) 455 sqe->out = msg->out_dma; 456 457 return HISI_QM_DRVCRYPT_NO_ERR; 458 } 459 460 static enum hisi_drv_status ecc_dh_out_to_crypto_bin(struct hpre_ecc_msg *msg) 461 { 462 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 463 uint8_t *rx = msg->out; 464 uint8_t *ry = rx + msg->key_bytes; 465 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 466 467 ret = hpre_bin_to_crypto_bin(rx, rx, msg->key_bytes, 468 ecc_dh->rx_bytes); 469 if (ret) { 470 EMSG("Fail to transfer ecc dh rx from hpre_bin to crypto_bin"); 471 return ret; 472 } 473 474 ret = hpre_bin_to_crypto_bin(ry, ry, msg->key_bytes, 475 ecc_dh->ry_bytes); 476 if (ret) 477 EMSG("Fail to transfer ecc dh ry from hpre_bin to crypto_bin"); 478 479 return ret; 480 } 481 482 static enum hisi_drv_status hpre_ecc_out_to_crypto_bin(struct hpre_ecc_msg *msg) 483 { 484 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 485 486 switch (msg->alg_type) { 487 case HPRE_ALG_ECDH_MULTIPLY: 488 ret = ecc_dh_out_to_crypto_bin(msg); 489 break; 490 default: 491 EMSG("Invalid alg type."); 492 return HISI_QM_DRVCRYPT_EINVAL; 493 } 494 495 return ret; 496 } 497 498 static enum hisi_drv_status hpre_ecc_parse_sqe(void *bd, void *info) 499 { 500 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 501 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 502 uint16_t err = 0; 503 uint16_t err1 = 0; 504 uint16_t done = 0; 505 506 err = HPRE_TASK_ETYPE(sqe->w0); 507 err1 = HPRE_TASK_ETYPE1(sqe->w0); 508 done = HPRE_TASK_DONE(sqe->w0); 509 if (done != HPRE_HW_TASK_DONE || err || err1) { 510 EMSG("HPRE do ecc fail! done=0x%"PRIX16", etype=0x%"PRIX16 511 ",etype1=0x%"PRIX16, done, err, err1); 512 513 if (done == HPRE_HW_TASK_INIT) { 514 msg->result = HISI_QM_DRVCRYPT_ENOPROC; 515 return HISI_QM_DRVCRYPT_ENOPROC; 516 } 517 518 msg->result = HISI_QM_DRVCRYPT_IN_EPARA; 519 return HISI_QM_DRVCRYPT_IN_EPARA; 520 } 521 522 if (hpre_ecc_out_to_crypto_bin(msg)) { 523 EMSG("HPRE qm transfer ecc out fail."); 524 msg->result = HISI_QM_DRVCRYPT_EINVAL; 525 return HISI_QM_DRVCRYPT_EINVAL; 526 } 527 528 return HISI_QM_DRVCRYPT_NO_ERR; 529 } 530 531 static TEE_Result hpre_do_ecc_task(void *msg) 532 { 533 struct hisi_qp *ecc_qp = NULL; 534 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 535 536 ecc_qp = hpre_create_qp(HISI_QM_CHANNEL_TYPE1); 537 if (!ecc_qp) { 538 EMSG("Fail to create ecc qp"); 539 return TEE_ERROR_BUSY; 540 } 541 542 ecc_qp->fill_sqe = hpre_ecc_fill_sqe; 543 ecc_qp->parse_sqe = hpre_ecc_parse_sqe; 544 ret = hisi_qp_send(ecc_qp, msg); 545 if (ret) { 546 EMSG("Fail to send task, ret=%d", ret); 547 hisi_qm_release_qp(ecc_qp); 548 return TEE_ERROR_BAD_STATE; 549 } 550 551 ret = hisi_qp_recv_sync(ecc_qp, msg); 552 if (ret) { 553 EMSG("Recv task error, ret=%d", ret); 554 hisi_qm_release_qp(ecc_qp); 555 return TEE_ERROR_BAD_STATE; 556 } 557 558 hisi_qm_release_qp(ecc_qp); 559 560 return TEE_SUCCESS; 561 } 562 563 static bool key_size_is_supported(size_t key_bits) 564 { 565 return (key_bits == 192 || key_bits == 224 || key_bits == 256 || 566 key_bits == 384 || key_bits == 448 || key_bits == 512 || 567 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(521) || 568 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(225)); 569 } 570 571 static TEE_Result hpre_ecc_alloc_keypair(struct ecc_keypair *key, 572 uint32_t type __unused, 573 size_t size_bits) 574 { 575 if (!key || !key_size_is_supported(size_bits)) { 576 EMSG("Invalid input params."); 577 return TEE_ERROR_BAD_PARAMETERS; 578 } 579 580 memset(key, 0, sizeof(*key)); 581 582 key->d = crypto_bignum_allocate(size_bits); 583 if (!key->d) 584 goto d_err; 585 586 key->x = crypto_bignum_allocate(size_bits); 587 if (!key->x) 588 goto x_err; 589 590 key->y = crypto_bignum_allocate(size_bits); 591 if (!key->y) 592 goto y_err; 593 594 return TEE_SUCCESS; 595 596 y_err: 597 crypto_bignum_free(&key->x); 598 x_err: 599 crypto_bignum_free(&key->d); 600 d_err: 601 EMSG("Hpre ecc alloc key pair fail."); 602 603 return TEE_ERROR_OUT_OF_MEMORY; 604 } 605 606 static TEE_Result hpre_ecc_alloc_publickey(struct ecc_public_key *key, 607 uint32_t type __unused, 608 size_t size_bits) 609 { 610 if (!key || !key_size_is_supported(size_bits)) { 611 EMSG("Invalid input params."); 612 return TEE_ERROR_BAD_PARAMETERS; 613 } 614 615 memset(key, 0, sizeof(*key)); 616 617 key->x = crypto_bignum_allocate(size_bits); 618 if (!key->x) 619 goto x_err; 620 621 key->y = crypto_bignum_allocate(size_bits); 622 if (!key->y) 623 goto y_err; 624 625 return TEE_SUCCESS; 626 627 y_err: 628 crypto_bignum_free(&key->x); 629 x_err: 630 EMSG("Hpre ecc alloc publickey fail."); 631 632 return TEE_ERROR_OUT_OF_MEMORY; 633 } 634 635 static void hpre_ecc_free_publickey(struct ecc_public_key *key) 636 { 637 if (key) { 638 crypto_bignum_free(&key->x); 639 crypto_bignum_free(&key->y); 640 } 641 } 642 643 static const struct hpre_ecc_curve *get_curve_from_list(uint32_t curve_id) 644 { 645 size_t i = 0; 646 647 for (i = 0; i < ARRAY_SIZE(g_curve_list); i++) { 648 if (g_curve_list[i].id == curve_id) 649 return &g_curve_list[i]; 650 } 651 652 return NULL; 653 } 654 655 static size_t hpre_ecc_get_hw_kbytes(size_t key_bits) 656 { 657 size_t size = 0; 658 659 if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(256)) 660 size = BITS_TO_BYTES(256); 661 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(384)) 662 size = BITS_TO_BYTES(384); 663 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(576)) 664 size = BITS_TO_BYTES(576); 665 else 666 EMSG("Fail to get key buffer size."); 667 668 return size; 669 } 670 671 static enum hisi_drv_status hpre_ecc_dh_transfer_key(struct hpre_ecc_msg *msg) 672 { 673 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 674 uint8_t *p = msg->key; 675 uint8_t *a = p + msg->key_bytes; 676 uint8_t *d = a + msg->key_bytes; 677 uint8_t *b = d + msg->key_bytes; 678 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 679 680 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, NULL, NULL, NULL, 681 msg->curve_bytes, msg->key_bytes); 682 if (ret) 683 return ret; 684 685 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, ecc_dh->d_bytes); 686 if (ret) 687 EMSG("Fail to transfer ecc dh d from crypto_bin to hpre_bin"); 688 689 return ret; 690 } 691 692 static enum hisi_drv_status hpre_ecc_dh_transfer_in(struct hpre_ecc_msg *msg) 693 { 694 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 695 uint8_t *x = msg->in; 696 uint8_t *y = x + msg->key_bytes; 697 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 698 699 ret = hpre_bin_from_crypto_bin(x, x, msg->key_bytes, 700 ecc_dh->x_bytes); 701 if (ret) { 702 EMSG("Fail to transfer ecdh gx from crypto_bin to hpre_bin"); 703 return ret; 704 } 705 706 ret = hpre_bin_from_crypto_bin(y, y, msg->key_bytes, 707 ecc_dh->y_bytes); 708 if (ret) 709 EMSG("Fail to transfer ecdh gy from crypto_bin to hpre_bin"); 710 711 return ret; 712 } 713 714 static enum hisi_drv_status 715 hpre_ecc_dh_params_fill(const struct hpre_ecc_curve *curve, 716 struct hpre_ecc_msg *msg, struct bignum *privkey, 717 struct ecc_public_key *pubkey) 718 { 719 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 720 uint8_t *p = msg->key; 721 uint8_t *a = p + msg->key_bytes; 722 uint8_t *d = a + msg->key_bytes; 723 uint8_t *b = d + msg->key_bytes; 724 uint8_t *x = msg->in; 725 uint8_t *y = x + msg->key_bytes; 726 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 727 728 memcpy(p, curve->p, msg->curve_bytes); 729 memcpy(a, curve->a, msg->curve_bytes); 730 crypto_bignum_bn2bin(privkey, d); 731 ecc_dh->d_bytes = crypto_bignum_num_bytes(privkey); 732 if (is_all_zero(d, ecc_dh->d_bytes, "ecc dh d")) 733 return HISI_QM_DRVCRYPT_EINVAL; 734 735 memcpy(b, curve->b, msg->curve_bytes); 736 737 ecc_dh->x_bytes = msg->curve_bytes; 738 ecc_dh->y_bytes = msg->curve_bytes; 739 if (!pubkey) { 740 /* gen key pair */ 741 memcpy(x, curve->x, ecc_dh->x_bytes); 742 memcpy(y, curve->y, ecc_dh->y_bytes); 743 } else { 744 /* do shared secret */ 745 crypto_bignum_bn2bin(pubkey->x, x); 746 ecc_dh->x_bytes = crypto_bignum_num_bytes(pubkey->x); 747 crypto_bignum_bn2bin(pubkey->y, y); 748 ecc_dh->y_bytes = crypto_bignum_num_bytes(pubkey->y); 749 } 750 751 ret = hpre_ecc_dh_transfer_key(msg); 752 if (ret) 753 return ret; 754 755 return hpre_ecc_dh_transfer_in(msg); 756 } 757 758 static enum hisi_drv_status hpre_ecc_dh_params_alloc(struct hpre_ecc_msg *msg) 759 { 760 uint32_t size = HPRE_ECC_DH_TOTAL_BUF_SIZE(msg->key_bytes); 761 uint8_t *data = NULL; 762 763 data = calloc(1, size); 764 if (!data) { 765 EMSG("Fail to alloc ecc dh total buf"); 766 return HISI_QM_DRVCRYPT_ENOMEM; 767 } 768 769 msg->key = data; 770 msg->key_dma = virt_to_phys(msg->key); 771 772 msg->in = msg->key + ECC_DH_KEY_SIZE(msg->key_bytes); 773 msg->in_dma = msg->key_dma + ECC_DH_KEY_SIZE(msg->key_bytes); 774 msg->out = msg->in + ECC_DH_IN_SIZE(msg->key_bytes); 775 msg->out_dma = msg->in_dma + ECC_DH_IN_SIZE(msg->key_bytes); 776 777 return HISI_QM_DRVCRYPT_NO_ERR; 778 } 779 780 static void hpre_ecc_request_deinit(struct hpre_ecc_msg *msg) 781 { 782 if (msg->key) { 783 memzero_explicit(msg->key, ECC_DH_KEY_SIZE(msg->key_bytes)); 784 free(msg->key); 785 msg->key = NULL; 786 } 787 } 788 789 static TEE_Result hpre_ecc_request_init(const struct hpre_ecc_curve *curve, 790 struct hpre_ecc_msg *msg, 791 struct bignum *d, 792 struct ecc_public_key *pubkey) 793 { 794 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 795 796 msg->alg_type = HPRE_ALG_ECDH_MULTIPLY; 797 798 if (curve->id == TEE_ECC_CURVE_SM2) 799 msg->sm2_sp = true; 800 801 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 802 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 803 if (!msg->key_bytes) 804 return TEE_ERROR_BAD_PARAMETERS; 805 806 ret = hpre_ecc_dh_params_alloc(msg); 807 if (ret) 808 return TEE_ERROR_OUT_OF_MEMORY; 809 810 ret = hpre_ecc_dh_params_fill(curve, msg, d, pubkey); 811 if (ret) { 812 hpre_ecc_request_deinit(msg); 813 return TEE_ERROR_BAD_STATE; 814 } 815 816 msg->param_size.ecc_dh.rx_bytes = msg->curve_bytes; 817 msg->param_size.ecc_dh.ry_bytes = msg->curve_bytes; 818 819 return TEE_SUCCESS; 820 } 821 822 static TEE_Result gen_random_k(struct bignum *d, size_t key_bits, 823 const uint8_t *n) 824 { 825 size_t size = BITS_TO_BYTES(key_bits); 826 uint8_t *rand_k = NULL; 827 size_t i = 0; 828 size_t j = 0; 829 TEE_Result ret = TEE_SUCCESS; 830 831 if (!d || !n) { 832 EMSG("Input param is NULL."); 833 return TEE_ERROR_BAD_PARAMETERS; 834 } 835 836 rand_k = malloc(size); 837 if (!rand_k) { 838 EMSG("Fail to malloc rand_k buf."); 839 return TEE_ERROR_OUT_OF_MEMORY; 840 } 841 842 for (i = 0; i < size; i++) { 843 if (n[i] > 1) { 844 rand_k[i] = n[i] - 1; 845 break; 846 } 847 rand_k[i] = n[i]; 848 } 849 850 j = i + 1; 851 if (hw_get_random_bytes(rand_k + j, size - j)) { 852 EMSG("Fail to fill rand_k buf."); 853 free(rand_k); 854 return TEE_ERROR_NO_DATA; 855 } 856 857 ret = crypto_bignum_bin2bn(rand_k, size, d); 858 if (ret) 859 EMSG("Rand_k bin2bn fail."); 860 861 free(rand_k); 862 863 return ret; 864 } 865 866 static TEE_Result hpre_ecc_gen_keypair(struct ecc_keypair *key, 867 size_t size_bits) 868 { 869 struct hpre_ecc_msg msg = { }; 870 const struct hpre_ecc_curve *curve = NULL; 871 struct hpre_ecc_dh *ecc_dh = NULL; 872 TEE_Result ret = TEE_SUCCESS; 873 874 if (!key || !key->d || !key->x || !key->y) { 875 EMSG("Invalid ecc_gen_keypair input parameters."); 876 return TEE_ERROR_BAD_PARAMETERS; 877 } 878 879 curve = get_curve_from_list(key->curve); 880 if (!curve) { 881 EMSG("Fail to get valid curve, id %"PRIu32, key->curve); 882 return TEE_ERROR_NOT_SUPPORTED; 883 } 884 885 if (BITS_TO_BYTES(size_bits) != BITS_TO_BYTES(curve->key_bits)) { 886 EMSG("Invalid size_bits %zu.", size_bits); 887 return TEE_ERROR_BAD_PARAMETERS; 888 } 889 890 ret = gen_random_k(key->d, curve->key_bits, curve->n); 891 if (ret) 892 return ret; 893 894 ret = hpre_ecc_request_init(curve, &msg, key->d, NULL); 895 if (ret) { 896 EMSG("Ecc key pair request init fail."); 897 return ret; 898 } 899 900 ret = hpre_do_ecc_task(&msg); 901 if (ret) { 902 EMSG("Fail to do ecc key pair task! ret = 0x%"PRIX16, ret); 903 goto done; 904 } 905 906 ecc_dh = &msg.param_size.ecc_dh; 907 ret = crypto_bignum_bin2bn(msg.out, ecc_dh->rx_bytes, key->x); 908 if (ret) { 909 EMSG("Fail to trans res x to bn."); 910 goto done; 911 } 912 913 ret = crypto_bignum_bin2bn(msg.out + msg.key_bytes, 914 ecc_dh->ry_bytes, key->y); 915 if (ret) 916 EMSG("Fail to trans res y to bn."); 917 done: 918 hpre_ecc_request_deinit(&msg); 919 return ret; 920 } 921 922 static TEE_Result hpre_ecc_do_shared_secret(struct drvcrypt_secret_data *sdata) 923 { 924 struct hpre_ecc_msg msg = { }; 925 const struct hpre_ecc_curve *curve = NULL; 926 struct ecc_public_key *pubkey = NULL; 927 struct ecc_keypair *ecc_key = NULL; 928 struct hpre_ecc_dh *ecc_dh = NULL; 929 TEE_Result ret = TEE_SUCCESS; 930 931 if (!sdata || !sdata->key_priv || !sdata->key_pub) { 932 EMSG("Invalid ecc_do_shared_secret input parameters."); 933 return TEE_ERROR_BAD_PARAMETERS; 934 } 935 936 ecc_key = sdata->key_priv; 937 pubkey = sdata->key_pub; 938 939 curve = get_curve_from_list(ecc_key->curve); 940 if (!curve) { 941 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 942 return TEE_ERROR_NOT_SUPPORTED; 943 } 944 945 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 946 EMSG("Invalid sdata size_sec %zu.", sdata->size_sec); 947 return TEE_ERROR_BAD_PARAMETERS; 948 } 949 950 ret = hpre_ecc_request_init(curve, &msg, ecc_key->d, pubkey); 951 if (ret) { 952 EMSG("Ecc shared secret request init fail."); 953 return ret; 954 } 955 956 ret = hpre_do_ecc_task(&msg); 957 if (ret) { 958 EMSG("Fail to do ecc shared secret task! ret = 0x%"PRIX32, 959 ret); 960 goto done; 961 } 962 963 ecc_dh = &msg.param_size.ecc_dh; 964 /* 965 * Only take the x coordinate as the output result, according to 966 * soft computing implementation. 967 */ 968 memcpy(sdata->secret.data, msg.out, ecc_dh->rx_bytes); 969 sdata->secret.length = ecc_dh->rx_bytes; 970 memzero_explicit(msg.out, ECC_DH_OUT_SIZE(msg.key_bytes)); 971 972 done: 973 hpre_ecc_request_deinit(&msg); 974 return ret; 975 } 976 977 static struct drvcrypt_ecc driver_ecc = { 978 .alloc_keypair = hpre_ecc_alloc_keypair, 979 .alloc_publickey = hpre_ecc_alloc_publickey, 980 .free_publickey = hpre_ecc_free_publickey, 981 .gen_keypair = hpre_ecc_gen_keypair, 982 .shared_secret = hpre_ecc_do_shared_secret, 983 }; 984 985 static TEE_Result hpre_ecc_init(void) 986 { 987 TEE_Result ret = drvcrypt_register_ecc(&driver_ecc); 988 989 if (ret != TEE_SUCCESS) 990 EMSG("Hpre ecc register to crypto fail"); 991 992 return ret; 993 } 994 995 driver_init(hpre_ecc_init); 996