1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2022, HiSilicon Technologies Co., Ltd. 4 * Kunpeng hardware accelerator hpre ecc algorithm implementation. 5 */ 6 #include <drvcrypt.h> 7 #include <drvcrypt_acipher.h> 8 #include <initcall.h> 9 #include <malloc.h> 10 #include <rng_support.h> 11 #include <stdlib_ext.h> 12 #include <string.h> 13 #include <string_ext.h> 14 #include <trace.h> 15 16 #include "hpre_main.h" 17 #include "hpre_ecc.h" 18 19 #define ECC_DH_IN_PARAM_NUM 2 20 #define ECC_DH_KEY_PARAM_NUM 4 21 #define ECC_DH_OUT_PARAM_NUM 2 22 #define ECC_DH_IN_SIZE(hsz) ((hsz) * ECC_DH_IN_PARAM_NUM) 23 #define ECC_DH_KEY_SIZE(hsz) ((hsz) * ECC_DH_KEY_PARAM_NUM) 24 #define ECC_DH_OUT_SIZE(hsz) ((hsz) * ECC_DH_OUT_PARAM_NUM) 25 26 #define ECC_SIGN_IN_PARAM_NUM 2 27 #define ECC_SIGN_KEY_PARAM_NUM 7 28 #define SM2_DEC_KEY_PARAM_NUM 4 29 #define SM2_DEC_IN_PARAM_NUM 4 30 #define ECC_SIGN_OUT_PARAM_NUM 2 31 #define ECC_SIGN_IN_SIZE(hsz) ((hsz) * ECC_SIGN_IN_PARAM_NUM) 32 #define ECC_SIGN_KEY_SIZE(hsz) ((hsz) * ECC_SIGN_KEY_PARAM_NUM) 33 #define ECC_SIGN_OUT_SIZE(hsz) ((hsz) * ECC_SIGN_OUT_PARAM_NUM) 34 35 #define ECC_VERIF_IN_PARAM_NUM 3 36 #define ECC_VERIF_KEY_PARAM_NUM 8 37 #define SM2_ENC_KEY_PARAM_NUM 8 38 #define ECC_VERIF_IN_SIZE(hsz) ((hsz) * ECC_VERIF_IN_PARAM_NUM) 39 #define ECC_VERIF_KEY_SIZE(hsz) ((hsz) * ECC_VERIF_KEY_PARAM_NUM) 40 #define SM2_ENC_KEY_SIZE(hsz) ((hsz) * SM2_ENC_KEY_PARAM_NUM) 41 #define SM2_DEC_KEY_SIZE(hsz) ((hsz) * SM2_DEC_KEY_PARAM_NUM) 42 #define ECC_POINT_PARAM_NUM 2 43 #define MAX_SM2_MLEN 512 44 45 #define HPRE_ECC_DH_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 8) 46 #define HPRE_ECC_SIGN_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 47 #define HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(key_bytes) ((key_bytes) * 11) 48 #define HPRE_SM2_ENC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 49 ((key_bytes) * 12 + (sm2_mlen) * 2) 50 #define HPRE_SM2_DEC_TOTAL_BUF_SIZE(key_bytes, sm2_mlen) \ 51 ((key_bytes) * 7 + (sm2_mlen) * 2) 52 53 #define SM2_X2Y2_LEN 64 54 55 struct hpre_ecc_curve { 56 const uint32_t id; 57 const uint32_t key_bits; 58 const uint8_t *p; 59 const uint8_t *a; 60 const uint8_t *b; 61 const uint8_t *x; 62 const uint8_t *y; 63 const uint8_t *n; 64 }; 65 66 /* NID_X9_62_prime192v1 */ 67 static const uint8_t g_prime192v1_p[] = { 68 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 69 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 70 }; 71 72 static const uint8_t g_prime192v1_a[] = { 73 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 74 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 75 }; 76 77 static const uint8_t g_prime192v1_b[] = { 78 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, 79 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 80 }; 81 82 static const uint8_t g_prime192v1_gx[] = { 83 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, 84 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 85 }; 86 87 static const uint8_t g_prime192v1_gy[] = { 88 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, 89 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11 90 }; 91 92 static const uint8_t g_prime192v1_n[] = { 93 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 94 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 95 }; 96 97 /* NID_secp224r1 */ 98 static const uint8_t g_secp224r1_p[] = { 99 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 100 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 101 0x00, 0x00, 0x00, 0x01 102 }; 103 104 static const uint8_t g_secp224r1_a[] = { 105 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 106 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 107 0xFF, 0xFF, 0xFF, 0xFE 108 }; 109 110 static const uint8_t g_secp224r1_b[] = { 111 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, 112 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, 113 0x23, 0x55, 0xFF, 0xB4 114 }; 115 116 static const uint8_t g_secp224r1_gx[] = { 117 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, 118 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, 119 0x11, 0x5C, 0x1D, 0x21 120 }; 121 122 static const uint8_t g_secp224r1_gy[] = { 123 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, 124 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, 125 0x85, 0x00, 0x7e, 0x34 126 }; 127 128 static const uint8_t g_secp224r1_n[] = { 129 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 130 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, 131 0x5C, 0x5C, 0x2A, 0x3D 132 }; 133 134 /* NID_X9_62_prime256v1 */ 135 static const uint8_t g_prime256v1_p[] = { 136 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 139 }; 140 141 static const uint8_t g_prime256v1_a[] = { 142 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 144 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 145 }; 146 147 static const uint8_t g_prime256v1_b[] = { 148 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 149 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 150 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B 151 }; 152 153 static const uint8_t g_prime256v1_gx[] = { 154 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 155 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 156 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 157 }; 158 159 static const uint8_t g_prime256v1_gy[] = { 160 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 161 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 162 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 163 }; 164 165 static const uint8_t g_prime256v1_n[] = { 166 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 167 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 168 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 169 }; 170 171 /* NID_secp384r1 */ 172 static const uint8_t g_secp384r1_p[] = { 173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 174 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 175 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF 177 }; 178 179 static const uint8_t g_secp384r1_a[] = { 180 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 181 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 182 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 183 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC 184 }; 185 186 static const uint8_t g_secp384r1_b[] = { 187 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, 188 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, 189 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 190 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF 191 }; 192 193 static const uint8_t g_secp384r1_gx[] = { 194 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, 195 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, 196 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 197 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 198 }; 199 200 static const uint8_t g_secp384r1_gy[] = { 201 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, 202 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, 203 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 204 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f 205 }; 206 207 static const uint8_t g_secp384r1_n[] = { 208 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 209 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 210 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 211 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 212 }; 213 214 /* NID_secp521r1 */ 215 static const uint8_t g_secp521r1_p[] = { 216 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 217 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 218 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 222 }; 223 224 static const uint8_t g_secp521r1_a[] = { 225 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 226 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 227 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 229 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 230 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC 231 }; 232 233 static const uint8_t g_secp521r1_b[] = { 234 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, 235 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 236 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, 237 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 238 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, 239 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00 240 }; 241 242 static const uint8_t g_secp521r1_gx[] = { 243 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, 244 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 245 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, 246 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 247 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, 248 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66 249 }; 250 251 static const uint8_t g_secp521r1_gy[] = { 252 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 253 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 254 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 255 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 256 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 257 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50 258 }; 259 260 static const uint8_t g_secp521r1_n[] = { 261 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 262 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 263 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 264 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 265 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, 266 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 267 }; 268 269 /* NID_SM2 */ 270 static const uint8_t g_sm2_p[] = { 271 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 273 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 274 }; 275 276 static const uint8_t g_sm2_a[] = { 277 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 278 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc 280 }; 281 282 static const uint8_t g_sm2_b[] = { 283 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, 284 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, 285 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 286 }; 287 288 static const uint8_t g_sm2_gx[] = { 289 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, 290 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, 291 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 292 }; 293 294 static const uint8_t g_sm2_gy[] = { 295 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, 296 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, 297 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 298 }; 299 300 static const uint8_t g_sm2_n[] = { 301 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 302 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, 303 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 304 }; 305 306 static const struct hpre_ecc_curve g_curve_list[] = { 307 { 308 .id = TEE_ECC_CURVE_NIST_P192, 309 .key_bits = 192, 310 .p = g_prime192v1_p, 311 .a = g_prime192v1_a, 312 .b = g_prime192v1_b, 313 .x = g_prime192v1_gx, 314 .y = g_prime192v1_gy, 315 .n = g_prime192v1_n, 316 }, 317 { 318 .id = TEE_ECC_CURVE_NIST_P224, 319 .key_bits = 224, 320 .p = g_secp224r1_p, 321 .a = g_secp224r1_a, 322 .b = g_secp224r1_b, 323 .x = g_secp224r1_gx, 324 .y = g_secp224r1_gy, 325 .n = g_secp224r1_n, 326 }, 327 { 328 .id = TEE_ECC_CURVE_NIST_P256, 329 .key_bits = 256, 330 .p = g_prime256v1_p, 331 .a = g_prime256v1_a, 332 .b = g_prime256v1_b, 333 .x = g_prime256v1_gx, 334 .y = g_prime256v1_gy, 335 .n = g_prime256v1_n, 336 }, 337 { 338 .id = TEE_ECC_CURVE_NIST_P384, 339 .key_bits = 384, 340 .p = g_secp384r1_p, 341 .a = g_secp384r1_a, 342 .b = g_secp384r1_b, 343 .x = g_secp384r1_gx, 344 .y = g_secp384r1_gy, 345 .n = g_secp384r1_n, 346 }, 347 { 348 .id = TEE_ECC_CURVE_NIST_P521, 349 .key_bits = 521, 350 .p = g_secp521r1_p, 351 .a = g_secp521r1_a, 352 .b = g_secp521r1_b, 353 .x = g_secp521r1_gx, 354 .y = g_secp521r1_gy, 355 .n = g_secp521r1_n, 356 }, 357 { 358 .id = TEE_ECC_CURVE_SM2, 359 .key_bits = 256, 360 .p = g_sm2_p, 361 .a = g_sm2_a, 362 .b = g_sm2_b, 363 .x = g_sm2_gx, 364 .y = g_sm2_gy, 365 .n = g_sm2_n, 366 } 367 }; 368 369 static bool is_all_zero(uint8_t *data, uint32_t size, const char *p_name) 370 { 371 uint32_t i = 0; 372 373 for (i = 0; i < size; i++) { 374 if (data[i]) 375 return false; 376 } 377 378 EMSG("Error: %s all zero", p_name); 379 380 return true; 381 } 382 383 static enum hisi_drv_status hpre_ecc_curve_to_hpre_bin(uint8_t *p, uint8_t *a, 384 uint8_t *b, uint8_t *n, 385 uint8_t *gx, uint8_t *gy, 386 uint32_t curve_bytes, 387 uint32_t key_bytes) 388 { 389 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 390 391 ret = hpre_bin_from_crypto_bin(p, p, key_bytes, curve_bytes); 392 if (ret) { 393 EMSG("Fail to transfer p from crypto_bin to hpre_bin"); 394 return ret; 395 } 396 397 ret = hpre_bin_from_crypto_bin(a, a, key_bytes, curve_bytes); 398 if (ret) { 399 EMSG("Fail to transfer a from crypto_bin to hpre_bin"); 400 return ret; 401 } 402 403 ret = hpre_bin_from_crypto_bin(b, b, key_bytes, curve_bytes); 404 if (ret) { 405 EMSG("Fail to transfer b from crypto_bin to hpre_bin"); 406 return ret; 407 } 408 409 if (n) { 410 ret = hpre_bin_from_crypto_bin(n, n, key_bytes, curve_bytes); 411 if (ret) { 412 EMSG("Fail to transfer n from crypto_bin to hpre_bin"); 413 return ret; 414 } 415 } 416 417 if (gx) { 418 ret = hpre_bin_from_crypto_bin(gx, gx, key_bytes, curve_bytes); 419 if (ret) { 420 EMSG("Fail to transfer gx from crypto_bin to hpre_bin"); 421 return ret; 422 } 423 } 424 425 if (gy) { 426 ret = hpre_bin_from_crypto_bin(gy, gy, key_bytes, curve_bytes); 427 if (ret) 428 EMSG("Fail to transfer gy from crypto_bin to hpre_bin"); 429 } 430 431 return ret; 432 } 433 434 static enum hisi_drv_status hpre_ecc_fill_sqe(void *bd, void *info) 435 { 436 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 437 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 438 439 sqe->w0 = msg->alg_type | SHIFT_U32(0x1, HPRE_DONE_SHIFT); 440 sqe->task_len1 = TASK_LENGTH(msg->key_bytes); 441 sqe->ext1 = msg->sm2_sp << HPRE_SQE_BD_RSV2_SHIFT; 442 443 if (msg->alg_type == HPRE_ALG_SM2_ENC || 444 msg->alg_type == HPRE_ALG_SM2_DEC) 445 sqe->sm2enc_klen = msg->sm2_mlen - 1; 446 447 if (msg->alg_type == HPRE_ALG_SM2_SIGN || 448 msg->alg_type == HPRE_ALG_SM2_ENC) 449 sqe->ext1 |= SHIFT_U32(0x1, HPRE_SQE_SM2_KSEL_SHIFT); 450 451 sqe->key = msg->key_dma; 452 sqe->in = msg->in_dma; 453 if (msg->alg_type != HPRE_ALG_ECDSA_VERF && 454 msg->alg_type != HPRE_ALG_SM2_VERF) 455 sqe->out = msg->out_dma; 456 457 return HISI_QM_DRVCRYPT_NO_ERR; 458 } 459 460 static enum hisi_drv_status ecc_dh_out_to_crypto_bin(struct hpre_ecc_msg *msg) 461 { 462 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 463 uint8_t *rx = msg->out; 464 uint8_t *ry = rx + msg->key_bytes; 465 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 466 467 ret = hpre_bin_to_crypto_bin(rx, rx, msg->key_bytes, 468 ecc_dh->rx_bytes); 469 if (ret) { 470 EMSG("Fail to transfer ecc dh rx from hpre_bin to crypto_bin"); 471 return ret; 472 } 473 474 ret = hpre_bin_to_crypto_bin(ry, ry, msg->key_bytes, 475 ecc_dh->ry_bytes); 476 if (ret) 477 EMSG("Fail to transfer ecc dh ry from hpre_bin to crypto_bin"); 478 479 return ret; 480 } 481 482 static enum hisi_drv_status ecc_sign_out_to_crypto_bin(struct hpre_ecc_msg *msg) 483 { 484 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign; 485 uint8_t *r = msg->out; 486 uint8_t *s = r + msg->key_bytes; 487 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 488 489 ret = hpre_bin_to_crypto_bin(r, r, msg->key_bytes, 490 ecc_sign->r_bytes); 491 if (ret) { 492 EMSG("Fail to transfer ecc sign r from hpre_bin to crypto_bin"); 493 return ret; 494 } 495 496 ret = hpre_bin_to_crypto_bin(s, s, msg->key_bytes, 497 ecc_sign->s_bytes); 498 if (ret) 499 EMSG("Fail to transfer ecc sign s from hpre_bin to crypto_bin"); 500 501 return ret; 502 } 503 504 static enum hisi_drv_status hpre_ecc_verify_get_result(struct hpre_ecc_msg *msg, 505 struct hpre_sqe *sqe) 506 { 507 if (sqe->out & BIT64(1)) { 508 msg->result = ECC_VERIFY_SUCCESS; 509 return HISI_QM_DRVCRYPT_NO_ERR; 510 } 511 512 msg->result = ECC_VERIFY_ERR; 513 return HISI_QM_DRVCRYPT_VERIFY_ERR; 514 } 515 516 static enum hisi_drv_status 517 hpre_ecc_out_to_crypto_bin(struct hpre_ecc_msg *msg, struct hpre_sqe *sqe) 518 { 519 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 520 521 switch (msg->alg_type) { 522 case HPRE_ALG_ECDH_MULTIPLY: 523 ret = ecc_dh_out_to_crypto_bin(msg); 524 break; 525 case HPRE_ALG_ECDSA_SIGN: 526 case HPRE_ALG_SM2_SIGN: 527 ret = ecc_sign_out_to_crypto_bin(msg); 528 break; 529 case HPRE_ALG_ECDSA_VERF: 530 case HPRE_ALG_SM2_VERF: 531 ret = hpre_ecc_verify_get_result(msg, sqe); 532 break; 533 default: 534 EMSG("Invalid alg type."); 535 return HISI_QM_DRVCRYPT_EINVAL; 536 } 537 538 return ret; 539 } 540 541 static enum hisi_drv_status hpre_ecc_parse_sqe(void *bd, void *info) 542 { 543 struct hpre_ecc_msg *msg = (struct hpre_ecc_msg *)info; 544 struct hpre_sqe *sqe = (struct hpre_sqe *)bd; 545 uint16_t err = 0; 546 uint16_t err1 = 0; 547 uint16_t done = 0; 548 549 err = HPRE_TASK_ETYPE(sqe->w0); 550 err1 = HPRE_TASK_ETYPE1(sqe->w0); 551 done = HPRE_TASK_DONE(sqe->w0); 552 if (done != HPRE_HW_TASK_DONE || err || err1) { 553 EMSG("HPRE do ecc fail! done=0x%"PRIX16", etype=0x%"PRIX16 554 ",etype1=0x%"PRIX16, done, err, err1); 555 556 if (done == HPRE_HW_TASK_INIT) 557 return HISI_QM_DRVCRYPT_ENOPROC; 558 559 return HISI_QM_DRVCRYPT_IN_EPARA; 560 } 561 562 if (hpre_ecc_out_to_crypto_bin(msg, sqe)) { 563 EMSG("HPRE qm transfer ecc out fail."); 564 return HISI_QM_DRVCRYPT_EINVAL; 565 } 566 567 return HISI_QM_DRVCRYPT_NO_ERR; 568 } 569 570 static TEE_Result hpre_do_ecc_task(void *msg) 571 { 572 struct hisi_qp *ecc_qp = NULL; 573 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 574 575 ecc_qp = hpre_create_qp(HISI_QM_CHANNEL_TYPE1); 576 if (!ecc_qp) { 577 EMSG("Fail to create ecc qp"); 578 return TEE_ERROR_BUSY; 579 } 580 581 ecc_qp->fill_sqe = hpre_ecc_fill_sqe; 582 ecc_qp->parse_sqe = hpre_ecc_parse_sqe; 583 ret = hisi_qp_send(ecc_qp, msg); 584 if (ret) { 585 EMSG("Fail to send task, ret=%d", ret); 586 hisi_qm_release_qp(ecc_qp); 587 return TEE_ERROR_BAD_STATE; 588 } 589 590 ret = hisi_qp_recv_sync(ecc_qp, msg); 591 if (ret) { 592 EMSG("Recv task error, ret=%d", ret); 593 hisi_qm_release_qp(ecc_qp); 594 return TEE_ERROR_BAD_STATE; 595 } 596 597 hisi_qm_release_qp(ecc_qp); 598 599 return TEE_SUCCESS; 600 } 601 602 static bool key_size_is_supported(size_t key_bits) 603 { 604 return (key_bits == 192 || key_bits == 224 || key_bits == 256 || 605 key_bits == 384 || key_bits == 448 || key_bits == 512 || 606 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(521) || 607 BITS_TO_BYTES(key_bits) == BITS_TO_BYTES(225)); 608 } 609 610 static TEE_Result hpre_ecc_alloc_keypair(struct ecc_keypair *key, 611 uint32_t type __unused, 612 size_t size_bits) 613 { 614 if (!key || !key_size_is_supported(size_bits)) { 615 EMSG("Invalid input params."); 616 return TEE_ERROR_BAD_PARAMETERS; 617 } 618 619 memset(key, 0, sizeof(*key)); 620 621 key->d = crypto_bignum_allocate(size_bits); 622 if (!key->d) 623 goto d_err; 624 625 key->x = crypto_bignum_allocate(size_bits); 626 if (!key->x) 627 goto x_err; 628 629 key->y = crypto_bignum_allocate(size_bits); 630 if (!key->y) 631 goto y_err; 632 633 return TEE_SUCCESS; 634 635 y_err: 636 crypto_bignum_free(&key->x); 637 x_err: 638 crypto_bignum_free(&key->d); 639 d_err: 640 EMSG("Hpre ecc alloc key pair fail."); 641 642 return TEE_ERROR_OUT_OF_MEMORY; 643 } 644 645 static TEE_Result hpre_ecc_alloc_publickey(struct ecc_public_key *key, 646 uint32_t type __unused, 647 size_t size_bits) 648 { 649 if (!key || !key_size_is_supported(size_bits)) { 650 EMSG("Invalid input params."); 651 return TEE_ERROR_BAD_PARAMETERS; 652 } 653 654 memset(key, 0, sizeof(*key)); 655 656 key->x = crypto_bignum_allocate(size_bits); 657 if (!key->x) 658 goto x_err; 659 660 key->y = crypto_bignum_allocate(size_bits); 661 if (!key->y) 662 goto y_err; 663 664 return TEE_SUCCESS; 665 666 y_err: 667 crypto_bignum_free(&key->x); 668 x_err: 669 EMSG("Hpre ecc alloc publickey fail."); 670 671 return TEE_ERROR_OUT_OF_MEMORY; 672 } 673 674 static void hpre_ecc_free_publickey(struct ecc_public_key *key) 675 { 676 if (key) { 677 crypto_bignum_free(&key->x); 678 crypto_bignum_free(&key->y); 679 } 680 } 681 682 static const struct hpre_ecc_curve *get_curve_from_list(uint32_t curve_id) 683 { 684 size_t i = 0; 685 686 for (i = 0; i < ARRAY_SIZE(g_curve_list); i++) { 687 if (g_curve_list[i].id == curve_id) 688 return &g_curve_list[i]; 689 } 690 691 return NULL; 692 } 693 694 static size_t hpre_ecc_get_hw_kbytes(size_t key_bits) 695 { 696 size_t size = 0; 697 698 if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(256)) 699 size = BITS_TO_BYTES(256); 700 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(384)) 701 size = BITS_TO_BYTES(384); 702 else if (BITS_TO_BYTES(key_bits) <= BITS_TO_BYTES(576)) 703 size = BITS_TO_BYTES(576); 704 else 705 EMSG("Fail to get key buffer size."); 706 707 return size; 708 } 709 710 static enum hisi_drv_status hpre_ecc_dh_transfer_key(struct hpre_ecc_msg *msg) 711 { 712 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 713 uint8_t *p = msg->key; 714 uint8_t *a = p + msg->key_bytes; 715 uint8_t *d = a + msg->key_bytes; 716 uint8_t *b = d + msg->key_bytes; 717 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 718 719 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, NULL, NULL, NULL, 720 msg->curve_bytes, msg->key_bytes); 721 if (ret) 722 return ret; 723 724 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, ecc_dh->d_bytes); 725 if (ret) 726 EMSG("Fail to transfer ecc dh d from crypto_bin to hpre_bin"); 727 728 return ret; 729 } 730 731 static enum hisi_drv_status hpre_ecc_dh_transfer_in(struct hpre_ecc_msg *msg) 732 { 733 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 734 uint8_t *x = msg->in; 735 uint8_t *y = x + msg->key_bytes; 736 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 737 738 ret = hpre_bin_from_crypto_bin(x, x, msg->key_bytes, 739 ecc_dh->x_bytes); 740 if (ret) { 741 EMSG("Fail to transfer ecdh gx from crypto_bin to hpre_bin"); 742 return ret; 743 } 744 745 ret = hpre_bin_from_crypto_bin(y, y, msg->key_bytes, 746 ecc_dh->y_bytes); 747 if (ret) 748 EMSG("Fail to transfer ecdh gy from crypto_bin to hpre_bin"); 749 750 return ret; 751 } 752 753 static enum hisi_drv_status 754 hpre_ecc_dh_params_fill(const struct hpre_ecc_curve *curve, 755 struct hpre_ecc_msg *msg, struct bignum *privkey, 756 struct ecc_public_key *pubkey) 757 { 758 struct hpre_ecc_dh *ecc_dh = &msg->param_size.ecc_dh; 759 uint8_t *p = msg->key; 760 uint8_t *a = p + msg->key_bytes; 761 uint8_t *d = a + msg->key_bytes; 762 uint8_t *b = d + msg->key_bytes; 763 uint8_t *x = msg->in; 764 uint8_t *y = x + msg->key_bytes; 765 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 766 767 memcpy(p, curve->p, msg->curve_bytes); 768 memcpy(a, curve->a, msg->curve_bytes); 769 crypto_bignum_bn2bin(privkey, d); 770 ecc_dh->d_bytes = crypto_bignum_num_bytes(privkey); 771 if (is_all_zero(d, ecc_dh->d_bytes, "ecc dh d")) 772 return HISI_QM_DRVCRYPT_EINVAL; 773 774 memcpy(b, curve->b, msg->curve_bytes); 775 776 ecc_dh->x_bytes = msg->curve_bytes; 777 ecc_dh->y_bytes = msg->curve_bytes; 778 if (!pubkey) { 779 /* gen key pair */ 780 memcpy(x, curve->x, ecc_dh->x_bytes); 781 memcpy(y, curve->y, ecc_dh->y_bytes); 782 } else { 783 /* do shared secret */ 784 crypto_bignum_bn2bin(pubkey->x, x); 785 ecc_dh->x_bytes = crypto_bignum_num_bytes(pubkey->x); 786 crypto_bignum_bn2bin(pubkey->y, y); 787 ecc_dh->y_bytes = crypto_bignum_num_bytes(pubkey->y); 788 } 789 790 ret = hpre_ecc_dh_transfer_key(msg); 791 if (ret) 792 return ret; 793 794 return hpre_ecc_dh_transfer_in(msg); 795 } 796 797 static enum hisi_drv_status hpre_ecc_dh_params_alloc(struct hpre_ecc_msg *msg) 798 { 799 uint32_t size = HPRE_ECC_DH_TOTAL_BUF_SIZE(msg->key_bytes); 800 uint8_t *data = NULL; 801 802 data = calloc(1, size); 803 if (!data) { 804 EMSG("Fail to alloc ecc dh total buf"); 805 return HISI_QM_DRVCRYPT_ENOMEM; 806 } 807 808 msg->key = data; 809 msg->key_dma = virt_to_phys(msg->key); 810 811 msg->in = msg->key + ECC_DH_KEY_SIZE(msg->key_bytes); 812 msg->in_dma = msg->key_dma + ECC_DH_KEY_SIZE(msg->key_bytes); 813 msg->out = msg->in + ECC_DH_IN_SIZE(msg->key_bytes); 814 msg->out_dma = msg->in_dma + ECC_DH_IN_SIZE(msg->key_bytes); 815 816 return HISI_QM_DRVCRYPT_NO_ERR; 817 } 818 819 static void hpre_ecc_request_deinit(struct hpre_ecc_msg *msg) 820 { 821 if (msg->key) { 822 free_wipe(msg->key); 823 msg->key = NULL; 824 } 825 } 826 827 static TEE_Result hpre_ecc_request_init(const struct hpre_ecc_curve *curve, 828 struct hpre_ecc_msg *msg, 829 struct bignum *d, 830 struct ecc_public_key *pubkey) 831 { 832 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 833 834 msg->alg_type = HPRE_ALG_ECDH_MULTIPLY; 835 836 if (curve->id == TEE_ECC_CURVE_SM2) 837 msg->sm2_sp = true; 838 839 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 840 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 841 if (!msg->key_bytes) 842 return TEE_ERROR_BAD_PARAMETERS; 843 844 ret = hpre_ecc_dh_params_alloc(msg); 845 if (ret) 846 return TEE_ERROR_OUT_OF_MEMORY; 847 848 ret = hpre_ecc_dh_params_fill(curve, msg, d, pubkey); 849 if (ret) { 850 hpre_ecc_request_deinit(msg); 851 return TEE_ERROR_BAD_STATE; 852 } 853 854 msg->param_size.ecc_dh.rx_bytes = msg->curve_bytes; 855 msg->param_size.ecc_dh.ry_bytes = msg->curve_bytes; 856 857 return TEE_SUCCESS; 858 } 859 860 static TEE_Result gen_random_k(struct bignum *d, size_t key_bits, 861 const uint8_t *n) 862 { 863 size_t size = BITS_TO_BYTES(key_bits); 864 uint8_t *rand_k = NULL; 865 size_t i = 0; 866 size_t j = 0; 867 TEE_Result ret = TEE_SUCCESS; 868 869 if (!d || !n) { 870 EMSG("Input param is NULL."); 871 return TEE_ERROR_BAD_PARAMETERS; 872 } 873 874 rand_k = malloc(size); 875 if (!rand_k) { 876 EMSG("Fail to malloc rand_k buf."); 877 return TEE_ERROR_OUT_OF_MEMORY; 878 } 879 880 for (i = 0; i < size; i++) { 881 if (n[i] > 1) { 882 rand_k[i] = n[i] - 1; 883 break; 884 } 885 rand_k[i] = n[i]; 886 } 887 888 j = i + 1; 889 if (hw_get_random_bytes(rand_k + j, size - j)) { 890 EMSG("Fail to fill rand_k buf."); 891 free(rand_k); 892 return TEE_ERROR_NO_DATA; 893 } 894 895 ret = crypto_bignum_bin2bn(rand_k, size, d); 896 if (ret) 897 EMSG("Rand_k bin2bn fail."); 898 899 free(rand_k); 900 901 return ret; 902 } 903 904 static TEE_Result hpre_ecc_gen_keypair(struct ecc_keypair *key, 905 size_t size_bits) 906 { 907 struct hpre_ecc_msg msg = { }; 908 const struct hpre_ecc_curve *curve = NULL; 909 struct hpre_ecc_dh *ecc_dh = NULL; 910 TEE_Result ret = TEE_SUCCESS; 911 912 if (!key || !key->d || !key->x || !key->y) { 913 EMSG("Invalid ecc_gen_keypair input parameters."); 914 return TEE_ERROR_BAD_PARAMETERS; 915 } 916 917 curve = get_curve_from_list(key->curve); 918 if (!curve) { 919 EMSG("Fail to get valid curve, id %"PRIu32, key->curve); 920 return TEE_ERROR_NOT_SUPPORTED; 921 } 922 923 if (BITS_TO_BYTES(size_bits) != BITS_TO_BYTES(curve->key_bits)) { 924 EMSG("Invalid size_bits %zu.", size_bits); 925 return TEE_ERROR_BAD_PARAMETERS; 926 } 927 928 ret = gen_random_k(key->d, curve->key_bits, curve->n); 929 if (ret) 930 return ret; 931 932 ret = hpre_ecc_request_init(curve, &msg, key->d, NULL); 933 if (ret) { 934 EMSG("Ecc key pair request init fail."); 935 return ret; 936 } 937 938 ret = hpre_do_ecc_task(&msg); 939 if (ret) { 940 EMSG("Fail to do ecc key pair task! ret = 0x%"PRIX16, ret); 941 goto done; 942 } 943 944 ecc_dh = &msg.param_size.ecc_dh; 945 ret = crypto_bignum_bin2bn(msg.out, ecc_dh->rx_bytes, key->x); 946 if (ret) { 947 EMSG("Fail to trans res x to bn."); 948 goto done; 949 } 950 951 ret = crypto_bignum_bin2bn(msg.out + msg.key_bytes, 952 ecc_dh->ry_bytes, key->y); 953 if (ret) 954 EMSG("Fail to trans res y to bn."); 955 done: 956 hpre_ecc_request_deinit(&msg); 957 return ret; 958 } 959 960 static TEE_Result hpre_ecc_do_shared_secret(struct drvcrypt_secret_data *sdata) 961 { 962 struct hpre_ecc_msg msg = { }; 963 const struct hpre_ecc_curve *curve = NULL; 964 struct ecc_public_key *pubkey = NULL; 965 struct ecc_keypair *ecc_key = NULL; 966 struct hpre_ecc_dh *ecc_dh = NULL; 967 TEE_Result ret = TEE_SUCCESS; 968 969 if (!sdata || !sdata->key_priv || !sdata->key_pub) { 970 EMSG("Invalid ecc_do_shared_secret input parameters."); 971 return TEE_ERROR_BAD_PARAMETERS; 972 } 973 974 ecc_key = sdata->key_priv; 975 pubkey = sdata->key_pub; 976 977 curve = get_curve_from_list(ecc_key->curve); 978 if (!curve) { 979 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 980 return TEE_ERROR_NOT_SUPPORTED; 981 } 982 983 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 984 EMSG("Invalid sdata size_sec %zu.", sdata->size_sec); 985 return TEE_ERROR_BAD_PARAMETERS; 986 } 987 988 ret = hpre_ecc_request_init(curve, &msg, ecc_key->d, pubkey); 989 if (ret) { 990 EMSG("Ecc shared secret request init fail."); 991 return ret; 992 } 993 994 ret = hpre_do_ecc_task(&msg); 995 if (ret) { 996 EMSG("Fail to do ecc shared secret task! ret = 0x%"PRIX32, 997 ret); 998 goto done; 999 } 1000 1001 ecc_dh = &msg.param_size.ecc_dh; 1002 /* 1003 * Only take the x coordinate as the output result, according to 1004 * soft computing implementation. 1005 */ 1006 memcpy(sdata->secret.data, msg.out, ecc_dh->rx_bytes); 1007 sdata->secret.length = ecc_dh->rx_bytes; 1008 memzero_explicit(msg.out, ECC_DH_OUT_SIZE(msg.key_bytes)); 1009 1010 done: 1011 hpre_ecc_request_deinit(&msg); 1012 return ret; 1013 } 1014 1015 static enum hisi_drv_status 1016 hpre_ecc_sign_params_fill(const struct hpre_ecc_curve *curve, 1017 struct hpre_ecc_msg *msg, 1018 struct drvcrypt_sign_data *sdata, 1019 struct bignum *rand_k) 1020 { 1021 struct ecc_keypair *ecc_key = sdata->key; 1022 struct hpre_ecc_sign *ecc_sign = &msg->param_size.ecc_sign; 1023 uint8_t *p = msg->key; 1024 uint8_t *a = p + msg->key_bytes; 1025 uint8_t *d = a + msg->key_bytes; 1026 uint8_t *b = d + msg->key_bytes; 1027 uint8_t *n = b + msg->key_bytes; 1028 uint8_t *gx = n + msg->key_bytes; 1029 uint8_t *gy = gx + msg->key_bytes; 1030 uint8_t *e = msg->in; 1031 uint8_t *k = e + msg->key_bytes; 1032 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1033 1034 memcpy(p, curve->p, msg->curve_bytes); 1035 memcpy(a, curve->a, msg->curve_bytes); 1036 crypto_bignum_bn2bin(ecc_key->d, d); 1037 ecc_sign->d_bytes = crypto_bignum_num_bytes(ecc_key->d); 1038 memcpy(b, curve->b, msg->curve_bytes); 1039 memcpy(n, curve->n, msg->curve_bytes); 1040 memcpy(gx, curve->x, msg->curve_bytes); 1041 memcpy(gy, curve->y, msg->curve_bytes); 1042 crypto_bignum_bn2bin(rand_k, k); 1043 ecc_sign->k_bytes = crypto_bignum_num_bytes(rand_k); 1044 1045 ecc_sign->e_bytes = MIN(sdata->message.length, msg->curve_bytes); 1046 memcpy(e, sdata->message.data, ecc_sign->e_bytes); 1047 if (is_all_zero(e, ecc_sign->e_bytes, "ecc sign msg_e")) 1048 return HISI_QM_DRVCRYPT_EINVAL; 1049 1050 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes, 1051 msg->key_bytes); 1052 if (ret) 1053 return ret; 1054 1055 ret = hpre_bin_from_crypto_bin(d, d, msg->key_bytes, 1056 ecc_sign->d_bytes); 1057 if (ret) { 1058 EMSG("Fail to transfer ecdsa sign d"); 1059 return ret; 1060 } 1061 1062 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes, 1063 ecc_sign->e_bytes); 1064 if (ret) { 1065 EMSG("Fail to transfer ecdsa sign e"); 1066 return ret; 1067 } 1068 1069 ret = hpre_bin_from_crypto_bin(k, k, msg->key_bytes, 1070 ecc_sign->k_bytes); 1071 if (ret) 1072 EMSG("Fail to transfer ecdsa sign k"); 1073 1074 return ret; 1075 } 1076 1077 static enum hisi_drv_status hpre_ecc_sign_params_alloc(struct hpre_ecc_msg *msg) 1078 { 1079 uint32_t size = HPRE_ECC_SIGN_TOTAL_BUF_SIZE(msg->key_bytes); 1080 uint8_t *data = NULL; 1081 1082 data = calloc(1, size); 1083 if (!data) { 1084 EMSG("Fail to alloc ecc sign total buf"); 1085 return HISI_QM_DRVCRYPT_ENOMEM; 1086 } 1087 1088 msg->key = data; 1089 msg->key_dma = virt_to_phys(msg->key); 1090 if (!msg->key_dma) { 1091 EMSG("Fail to get key dma addr"); 1092 free(data); 1093 return HISI_QM_DRVCRYPT_EFAULT; 1094 } 1095 1096 msg->in = msg->key + ECC_SIGN_KEY_SIZE(msg->key_bytes); 1097 msg->in_dma = msg->key_dma + ECC_SIGN_KEY_SIZE(msg->key_bytes); 1098 msg->out = msg->in + ECC_SIGN_IN_SIZE(msg->key_bytes); 1099 msg->out_dma = msg->in_dma + ECC_SIGN_IN_SIZE(msg->key_bytes); 1100 1101 return HISI_QM_DRVCRYPT_NO_ERR; 1102 } 1103 1104 static void hpre_ecc_sign_request_deinit(struct hpre_ecc_msg *msg) 1105 { 1106 if (msg->key) { 1107 free_wipe(msg->key); 1108 msg->key = NULL; 1109 } 1110 } 1111 1112 static TEE_Result 1113 hpre_ecc_sign_request_init(const struct hpre_ecc_curve *curve, 1114 struct hpre_ecc_msg *msg, 1115 struct drvcrypt_sign_data *sdata, 1116 struct bignum *rand_k) 1117 { 1118 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1119 1120 if (curve->id == TEE_ECC_CURVE_SM2) 1121 msg->alg_type = HPRE_ALG_SM2_SIGN; 1122 else 1123 msg->alg_type = HPRE_ALG_ECDSA_SIGN; 1124 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 1125 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 1126 if (!msg->key_bytes) 1127 return TEE_ERROR_BAD_PARAMETERS; 1128 1129 ret = hpre_ecc_sign_params_alloc(msg); 1130 if (ret) 1131 return TEE_ERROR_OUT_OF_MEMORY; 1132 1133 ret = hpre_ecc_sign_params_fill(curve, msg, sdata, rand_k); 1134 if (ret) { 1135 hpre_ecc_sign_request_deinit(msg); 1136 return TEE_ERROR_BAD_STATE; 1137 } 1138 1139 msg->param_size.ecc_sign.r_bytes = msg->curve_bytes; 1140 msg->param_size.ecc_sign.s_bytes = msg->curve_bytes; 1141 1142 return TEE_SUCCESS; 1143 } 1144 1145 static TEE_Result hpre_ecdsa_param_check(struct drvcrypt_sign_data *sdata, 1146 const struct hpre_ecc_curve *curve) 1147 { 1148 if (sdata->size_sec != BITS_TO_BYTES(curve->key_bits)) { 1149 EMSG("Invalid sdata size_sec %zu", sdata->size_sec); 1150 return TEE_ERROR_BAD_PARAMETERS; 1151 } 1152 1153 return TEE_SUCCESS; 1154 } 1155 1156 static void hpre_ecc_sign_get_data_out(struct hpre_ecc_msg *msg, 1157 struct drvcrypt_sign_data *sdata) 1158 { 1159 struct hpre_ecc_sign *ecc_sign; 1160 1161 ecc_sign = &msg->param_size.ecc_sign; 1162 sdata->signature.length = ecc_sign->r_bytes + ecc_sign->s_bytes; 1163 memcpy(sdata->signature.data, msg->out, ecc_sign->r_bytes); 1164 memcpy(sdata->signature.data + ecc_sign->r_bytes, msg->out + 1165 msg->key_bytes, ecc_sign->s_bytes); 1166 } 1167 1168 static TEE_Result hpre_ecc_sign(struct drvcrypt_sign_data *sdata) 1169 { 1170 struct hpre_ecc_msg msg = { }; 1171 const struct hpre_ecc_curve *curve = NULL; 1172 struct ecc_keypair *ecc_key = NULL; 1173 struct bignum *rand_k = NULL; 1174 TEE_Result ret = TEE_SUCCESS; 1175 1176 if (!sdata || !sdata->key) { 1177 EMSG("Invalid ecc_sign input parameters"); 1178 return TEE_ERROR_BAD_PARAMETERS; 1179 } 1180 1181 ecc_key = sdata->key; 1182 1183 curve = get_curve_from_list(ecc_key->curve); 1184 if (!curve) { 1185 EMSG("Fail to get valid curve, id %"PRIu32, ecc_key->curve); 1186 return TEE_ERROR_NOT_SUPPORTED; 1187 } 1188 1189 ret = hpre_ecdsa_param_check(sdata, curve); 1190 if (ret) 1191 return ret; 1192 1193 rand_k = crypto_bignum_allocate(curve->key_bits); 1194 if (!rand_k) { 1195 EMSG("Fail to alloc private k"); 1196 return TEE_ERROR_OUT_OF_MEMORY; 1197 } 1198 1199 ret = gen_random_k(rand_k, curve->key_bits, curve->n); 1200 if (ret) 1201 goto free_key; 1202 1203 ret = hpre_ecc_sign_request_init(curve, &msg, sdata, rand_k); 1204 if (ret) { 1205 EMSG("Ecc sign request init fail"); 1206 goto free_key; 1207 } 1208 1209 ret = hpre_do_ecc_task(&msg); 1210 if (ret) { 1211 EMSG("Fail to do ecc sign task! ret = 0x%"PRIX16, ret); 1212 goto done; 1213 } 1214 1215 hpre_ecc_sign_get_data_out(&msg, sdata); 1216 1217 done: 1218 hpre_ecc_sign_request_deinit(&msg); 1219 free_key: 1220 crypto_bignum_free(&rand_k); 1221 1222 return ret; 1223 } 1224 1225 static enum hisi_drv_status 1226 hpre_ecc_verify_transfer_key(struct hpre_ecc_msg *msg) 1227 { 1228 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1229 uint8_t *p = msg->key; 1230 uint8_t *a = p + msg->key_bytes; 1231 uint8_t *b = a + msg->key_bytes; 1232 uint8_t *n = b + msg->key_bytes; 1233 uint8_t *gx = n + msg->key_bytes; 1234 uint8_t *gy = gx + msg->key_bytes; 1235 uint8_t *pubx = gy + msg->key_bytes; 1236 uint8_t *puby = pubx + msg->key_bytes; 1237 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1238 1239 ret = hpre_ecc_curve_to_hpre_bin(p, a, b, n, gx, gy, msg->curve_bytes, 1240 msg->key_bytes); 1241 if (ret) 1242 return ret; 1243 1244 ret = hpre_bin_from_crypto_bin(pubx, pubx, msg->key_bytes, 1245 ecc_verify->pubx_bytes); 1246 if (ret) { 1247 EMSG("Fail to transfer ecdsa verify pub_x"); 1248 return ret; 1249 } 1250 1251 ret = hpre_bin_from_crypto_bin(puby, puby, msg->key_bytes, 1252 ecc_verify->puby_bytes); 1253 if (ret) 1254 EMSG("Fail to transfer ecdsa verify pub_y"); 1255 1256 return ret; 1257 } 1258 1259 static enum hisi_drv_status 1260 hpre_ecc_verify_transfer_in(struct hpre_ecc_msg *msg) 1261 { 1262 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1263 uint8_t *e = msg->in; 1264 uint8_t *s = e + msg->key_bytes; 1265 uint8_t *r = s + msg->key_bytes; 1266 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1267 1268 ret = hpre_bin_from_crypto_bin(e, e, msg->key_bytes, 1269 ecc_verify->e_bytes); 1270 if (ret) { 1271 EMSG("Fail to transfer ecdsa verify e"); 1272 return ret; 1273 } 1274 1275 ret = hpre_bin_from_crypto_bin(s, s, msg->key_bytes, 1276 ecc_verify->s_bytes); 1277 if (ret) { 1278 EMSG("Fail to transfer ecdsa verify s"); 1279 return ret; 1280 } 1281 1282 ret = hpre_bin_from_crypto_bin(r, r, msg->key_bytes, 1283 ecc_verify->r_bytes); 1284 if (ret) 1285 EMSG("Fail to transfer ecdsa verify r"); 1286 1287 return ret; 1288 } 1289 1290 static TEE_Result 1291 hpre_ecc_verify_params_fill(const struct hpre_ecc_curve *curve, 1292 struct hpre_ecc_msg *msg, 1293 struct drvcrypt_sign_data *sdata) 1294 { 1295 struct ecc_public_key *ecc_key = sdata->key; 1296 struct hpre_ecc_verify *ecc_verify = &msg->param_size.ecc_verify; 1297 uint8_t *p = msg->key; 1298 uint8_t *a = p + msg->key_bytes; 1299 uint8_t *b = a + msg->key_bytes; 1300 uint8_t *n = b + msg->key_bytes; 1301 uint8_t *gx = n + msg->key_bytes; 1302 uint8_t *gy = gx + msg->key_bytes; 1303 uint8_t *pubx = gy + msg->key_bytes; 1304 uint8_t *puby = pubx + msg->key_bytes; 1305 uint8_t *e = msg->in; 1306 uint8_t *s = e + msg->key_bytes; 1307 uint8_t *r = s + msg->key_bytes; 1308 enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERR; 1309 1310 memcpy(p, curve->p, msg->curve_bytes); 1311 memcpy(a, curve->a, msg->curve_bytes); 1312 memcpy(b, curve->b, msg->curve_bytes); 1313 memcpy(n, curve->n, msg->curve_bytes); 1314 memcpy(gx, curve->x, msg->curve_bytes); 1315 memcpy(gy, curve->y, msg->curve_bytes); 1316 crypto_bignum_bn2bin(ecc_key->x, pubx); 1317 ecc_verify->pubx_bytes = crypto_bignum_num_bytes(ecc_key->x); 1318 crypto_bignum_bn2bin(ecc_key->y, puby); 1319 ecc_verify->puby_bytes = crypto_bignum_num_bytes(ecc_key->y); 1320 1321 ecc_verify->e_bytes = MIN(sdata->message.length, msg->curve_bytes); 1322 memcpy(e, sdata->message.data, ecc_verify->e_bytes); 1323 if (is_all_zero(e, ecc_verify->e_bytes, "ecc verify msg_e")) 1324 return TEE_ERROR_BAD_PARAMETERS; 1325 1326 /* user should make param r and s be full width */ 1327 ecc_verify->r_bytes = sdata->signature.length >> 1; 1328 memcpy(r, sdata->signature.data, ecc_verify->r_bytes); 1329 ecc_verify->s_bytes = ecc_verify->r_bytes; 1330 memcpy(s, sdata->signature.data + ecc_verify->r_bytes, 1331 ecc_verify->s_bytes); 1332 1333 ret = hpre_ecc_verify_transfer_key(msg); 1334 if (ret) 1335 return TEE_ERROR_BAD_STATE; 1336 1337 ret = hpre_ecc_verify_transfer_in(msg); 1338 if (ret) 1339 return TEE_ERROR_BAD_STATE; 1340 1341 return TEE_SUCCESS; 1342 } 1343 1344 static enum hisi_drv_status 1345 hpre_ecc_verify_params_alloc(struct hpre_ecc_msg *msg) 1346 { 1347 uint32_t size = HPRE_ECC_VERIFY_TOTAL_BUF_SIZE(msg->key_bytes); 1348 uint8_t *data = NULL; 1349 1350 data = calloc(1, size); 1351 if (!data) { 1352 EMSG("Fail to alloc ecc verify total buf"); 1353 return HISI_QM_DRVCRYPT_ENOMEM; 1354 } 1355 1356 msg->key = data; 1357 msg->key_dma = virt_to_phys(msg->key); 1358 if (!msg->key_dma) { 1359 EMSG("Fail to get key dma addr"); 1360 free(data); 1361 return HISI_QM_DRVCRYPT_EFAULT; 1362 } 1363 1364 msg->in = msg->key + ECC_VERIF_KEY_SIZE(msg->key_bytes); 1365 msg->in_dma = msg->key_dma + ECC_VERIF_KEY_SIZE(msg->key_bytes); 1366 msg->out = msg->in + ECC_VERIF_IN_SIZE(msg->key_bytes); 1367 msg->out_dma = msg->in_dma + ECC_VERIF_IN_SIZE(msg->key_bytes); 1368 1369 return HISI_QM_DRVCRYPT_NO_ERR; 1370 } 1371 1372 static void hpre_ecc_verify_request_deinit(struct hpre_ecc_msg *msg) 1373 { 1374 if (msg->key) { 1375 free_wipe(msg->key); 1376 msg->key = NULL; 1377 } 1378 } 1379 1380 static TEE_Result 1381 hpre_ecc_verify_request_init(const struct hpre_ecc_curve *curve, 1382 struct hpre_ecc_msg *msg, 1383 struct drvcrypt_sign_data *sdata) 1384 { 1385 int32_t ret = 0; 1386 1387 if (curve->id == TEE_ECC_CURVE_SM2) 1388 msg->alg_type = HPRE_ALG_SM2_VERF; 1389 else 1390 msg->alg_type = HPRE_ALG_ECDSA_VERF; 1391 msg->curve_bytes = BITS_TO_BYTES(curve->key_bits); 1392 msg->key_bytes = hpre_ecc_get_hw_kbytes(curve->key_bits); 1393 if (!msg->key_bytes) 1394 return TEE_ERROR_BAD_PARAMETERS; 1395 1396 ret = hpre_ecc_verify_params_alloc(msg); 1397 if (ret) 1398 return TEE_ERROR_OUT_OF_MEMORY; 1399 1400 ret = hpre_ecc_verify_params_fill(curve, msg, sdata); 1401 if (ret) { 1402 hpre_ecc_verify_request_deinit(msg); 1403 return TEE_ERROR_BAD_STATE; 1404 } 1405 1406 return TEE_SUCCESS; 1407 } 1408 1409 static TEE_Result hpre_ecc_verify(struct drvcrypt_sign_data *sdata) 1410 { 1411 struct hpre_ecc_msg msg = { }; 1412 const struct hpre_ecc_curve *curve = NULL; 1413 struct ecc_public_key *pub_key = NULL; 1414 TEE_Result ret = TEE_SUCCESS; 1415 1416 if (!sdata || !sdata->key) { 1417 EMSG("Invalid ecc_verify input parameters"); 1418 return TEE_ERROR_BAD_PARAMETERS; 1419 } 1420 1421 pub_key = sdata->key; 1422 1423 curve = get_curve_from_list(pub_key->curve); 1424 if (!curve) { 1425 EMSG("Fail to get valid curve, id %"PRIu32, pub_key->curve); 1426 return TEE_ERROR_NOT_SUPPORTED; 1427 } 1428 1429 ret = hpre_ecdsa_param_check(sdata, curve); 1430 if (ret) 1431 return ret; 1432 1433 ret = hpre_ecc_verify_request_init(curve, &msg, sdata); 1434 if (ret) { 1435 EMSG("Ecc verify request init fail"); 1436 return ret; 1437 } 1438 1439 ret = hpre_do_ecc_task(&msg); 1440 if (ret) { 1441 EMSG("Fail to do ecc verify task! ret = 0x%"PRIX16, ret); 1442 goto done; 1443 } 1444 1445 if (msg.result == ECC_VERIFY_ERR) { 1446 EMSG("Hpre ecc verify fail"); 1447 ret = TEE_ERROR_SIGNATURE_INVALID; 1448 } 1449 1450 done: 1451 hpre_ecc_verify_request_deinit(&msg); 1452 return ret; 1453 } 1454 1455 static struct drvcrypt_ecc driver_ecc = { 1456 .alloc_keypair = hpre_ecc_alloc_keypair, 1457 .alloc_publickey = hpre_ecc_alloc_publickey, 1458 .free_publickey = hpre_ecc_free_publickey, 1459 .gen_keypair = hpre_ecc_gen_keypair, 1460 .shared_secret = hpre_ecc_do_shared_secret, 1461 .sign = hpre_ecc_sign, 1462 .verify = hpre_ecc_verify, 1463 }; 1464 1465 static TEE_Result hpre_ecc_init(void) 1466 { 1467 TEE_Result ret = drvcrypt_register_ecc(&driver_ecc); 1468 1469 if (ret != TEE_SUCCESS) 1470 EMSG("Hpre ecc register to crypto fail"); 1471 1472 return ret; 1473 } 1474 1475 driver_init(hpre_ecc_init); 1476