1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (C) 2023 ProvenRun S.A.S
4 */
5
6 #include <crypto/crypto_impl.h>
7 #include <drvcrypt.h>
8 #include <drvcrypt_acipher.h>
9 #include <ecc.h>
10 #include <ecc_pki.h>
11 #include <mm/core_memprot.h>
12 #include <string.h>
13 #include <tee/cache.h>
14 #include <tee/tee_cryp_utl.h>
15 #include <util.h>
16
17 static const uint8_t pubkey_qx_p256[] = {
18 0xb7, 0xe0, 0x8a, 0xfd, 0xfe, 0x94, 0xba, 0xd3,
19 0xf1, 0xdc, 0x8c, 0x73, 0x47, 0x98, 0xba, 0x1c,
20 0x62, 0xb3, 0xa0, 0xad, 0x1e, 0x9e, 0xa2, 0xa3,
21 0x82, 0x01, 0xcd, 0x08, 0x89, 0xbc, 0x7a, 0x19
22 };
23
24 static const uint8_t pubkey_qy_p256[] = {
25 0x36, 0x03, 0xf7, 0x47, 0x95, 0x9d, 0xbf, 0x7a,
26 0x4b, 0xb2, 0x26, 0xe4, 0x19, 0x28, 0x72, 0x90,
27 0x63, 0xad, 0xc7, 0xae, 0x43, 0x52, 0x9e, 0x61,
28 0xb5, 0x63, 0xbb, 0xc6, 0x06, 0xcc, 0x5e, 0x09,
29 };
30
31 static const uint8_t pubkey_qx_p384[] = {
32 0x3b, 0xf7, 0x01, 0xbc, 0x9e, 0x9d, 0x36, 0xb4,
33 0xd5, 0xf1, 0x45, 0x53, 0x43, 0xf0, 0x91, 0x26,
34 0xf2, 0x56, 0x43, 0x90, 0xf2, 0xb4, 0x87, 0x36,
35 0x50, 0x71, 0x24, 0x3c, 0x61, 0xe6, 0x47, 0x1f,
36 0xb9, 0xd2, 0xab, 0x74, 0x65, 0x7b, 0x82, 0xf9,
37 0x08, 0x64, 0x89, 0xd9, 0xef, 0x0f, 0x5c, 0xb5,
38 };
39
40 static const uint8_t pubkey_qy_p384[] = {
41 0xd1, 0xa3, 0x58, 0xea, 0xfb, 0xf9, 0x52, 0xe6,
42 0x8d, 0x53, 0x38, 0x55, 0xcc, 0xbd, 0xaa, 0x6f,
43 0xf7, 0x5b, 0x13, 0x7a, 0x51, 0x01, 0x44, 0x31,
44 0x99, 0x32, 0x55, 0x83, 0x55, 0x2a, 0x62, 0x95,
45 0xff, 0xe5, 0x38, 0x2d, 0x00, 0xcf, 0xcd, 0xa3,
46 0x03, 0x44, 0xa9, 0xb5, 0xb6, 0x8d, 0xb8, 0x55,
47 };
48
49 static const uint8_t pubkey_qx_p521[] = {
50 0x00, 0x98, 0xe9, 0x1e, 0xef, 0x9a, 0x68, 0x45,
51 0x28, 0x22, 0x30, 0x9c, 0x52, 0xfa, 0xb4, 0x53,
52 0xf5, 0xf1, 0x17, 0xc1, 0xda, 0x8e, 0xd7, 0x96,
53 0xb2, 0x55, 0xe9, 0xab, 0x8f, 0x64, 0x10, 0xcc,
54 0xa1, 0x6e, 0x59, 0xdf, 0x40, 0x3a, 0x6b, 0xdc,
55 0x6c, 0xa4, 0x67, 0xa3, 0x70, 0x56, 0xb1, 0xe5,
56 0x4b, 0x30, 0x05, 0xd8, 0xac, 0x03, 0x0d, 0xec,
57 0xfe, 0xb6, 0x8d, 0xf1, 0x8b, 0x17, 0x18, 0x85,
58 0xd5, 0xc4,
59 };
60
61 static const uint8_t pubkey_qy_p521[] = {
62 0x01, 0x64, 0x35, 0x0c, 0x32, 0x1a, 0xec, 0xfc,
63 0x1c, 0xca, 0x1b, 0xa4, 0x36, 0x4c, 0x9b, 0x15,
64 0x65, 0x61, 0x50, 0xb4, 0xb7, 0x8d, 0x6a, 0x48,
65 0xd7, 0xd2, 0x8e, 0x7f, 0x31, 0x98, 0x5e, 0xf1,
66 0x7b, 0xe8, 0x55, 0x43, 0x76, 0xb7, 0x29, 0x00,
67 0x71, 0x2c, 0x4b, 0x83, 0xad, 0x66, 0x83, 0x27,
68 0x23, 0x15, 0x26, 0xe3, 0x13, 0xf5, 0xf0, 0x92,
69 0x99, 0x9a, 0x46, 0x32, 0xfd, 0x50, 0xd9, 0x46,
70 0xbc, 0x2e,
71 };
72
73 /* Signature */
74 static const uint8_t sign_r_p256[] = {
75 0x2b, 0x42, 0xf5, 0x76, 0xd0, 0x7f, 0x41, 0x65,
76 0xff, 0x65, 0xd1, 0xf3, 0xb1, 0x50, 0x0f, 0x81,
77 0xe4, 0x4c, 0x31, 0x6f, 0x1f, 0x0b, 0x3e, 0xf5,
78 0x73, 0x25, 0xb6, 0x9a, 0xca, 0x46, 0x10, 0x4f,
79 };
80
81 static const uint8_t sign_s_p256[] = {
82 0xdc, 0x42, 0xc2, 0x12, 0x2d, 0x63, 0x92, 0xcd,
83 0x3e, 0x3a, 0x99, 0x3a, 0x89, 0x50, 0x2a, 0x81,
84 0x98, 0xc1, 0x88, 0x6f, 0xe6, 0x9d, 0x26, 0x2c,
85 0x4b, 0x32, 0x9b, 0xdb, 0x6b, 0x63, 0xfa, 0xf1,
86 };
87
88 static const uint8_t sign_r_p384[] = {
89 0x30, 0xea, 0x51, 0x4f, 0xc0, 0xd3, 0x8d, 0x82,
90 0x08, 0x75, 0x6f, 0x06, 0x81, 0x13, 0xc7, 0xca,
91 0xda, 0x9f, 0x66, 0xa3, 0xb4, 0x0e, 0xa3, 0xb3,
92 0x13, 0xd0, 0x40, 0xd9, 0xb5, 0x7d, 0xd4, 0x1a,
93 0x33, 0x27, 0x95, 0xd0, 0x2c, 0xc7, 0xd5, 0x07,
94 0xfc, 0xef, 0x9f, 0xaf, 0x01, 0xa2, 0x70, 0x88,
95 };
96
97 static const uint8_t sign_s_p384[] = {
98 0xcc, 0x80, 0x8e, 0x50, 0x4b, 0xe4, 0x14, 0xf4,
99 0x6c, 0x90, 0x27, 0xbc, 0xbf, 0x78, 0xad, 0xf0,
100 0x67, 0xa4, 0x39, 0x22, 0xd6, 0xfc, 0xaa, 0x66,
101 0xc4, 0x47, 0x68, 0x75, 0xfb, 0xb7, 0xb9, 0x4e,
102 0xfd, 0x1f, 0x7d, 0x5d, 0xbe, 0x62, 0x0b, 0xfb,
103 0x82, 0x1c, 0x46, 0xd5, 0x49, 0x68, 0x3a, 0xd8,
104 };
105
106 static const uint8_t sign_r_p521[] = {
107 0x01, 0x40, 0xc8, 0xed, 0xca, 0x57, 0x10, 0x8c,
108 0xe3, 0xf7, 0xe7, 0xa2, 0x40, 0xdd, 0xd3, 0xad,
109 0x74, 0xd8, 0x1e, 0x2d, 0xe6, 0x24, 0x51, 0xfc,
110 0x1d, 0x55, 0x8f, 0xdc, 0x79, 0x26, 0x9a, 0xda,
111 0xcd, 0x1c, 0x25, 0x26, 0xee, 0xee, 0xf3, 0x2f,
112 0x8c, 0x04, 0x32, 0xa9, 0xd5, 0x6e, 0x2b, 0x4a,
113 0x8a, 0x73, 0x28, 0x91, 0xc3, 0x7c, 0x9b, 0x96,
114 0x64, 0x1a, 0x92, 0x54, 0xcc, 0xfe, 0x5d, 0xc3,
115 0xe2, 0xba,
116 };
117
118 static const uint8_t sign_s_p521[] = {
119 0x00, 0xb2, 0x51, 0x88, 0x49, 0x2d, 0x58, 0xe8,
120 0x08, 0xed, 0xeb, 0xd7, 0xbf, 0x44, 0x0e, 0xd2,
121 0x0d, 0xb7, 0x71, 0xca, 0x7c, 0x61, 0x85, 0x95,
122 0xd5, 0x39, 0x8e, 0x1b, 0x1c, 0x00, 0x98, 0xe3,
123 0x00, 0xd8, 0xc8, 0x03, 0xec, 0x69, 0xec, 0x5f,
124 0x46, 0xc8, 0x4f, 0xc6, 0x19, 0x67, 0xa3, 0x02,
125 0xd3, 0x66, 0xc6, 0x27, 0xfc, 0xfa, 0x56, 0xf8,
126 0x7f, 0x24, 0x1e, 0xf9, 0x21, 0xb6, 0xe6, 0x27,
127 0xad, 0xbf,
128 };
129
130 static const uint8_t d_p256[] = {
131 0xc4, 0x77, 0xf9, 0xf6, 0x5c, 0x22, 0xcc, 0xe2,
132 0x06, 0x57, 0xfa, 0xa5, 0xb2, 0xd1, 0xd8, 0x12,
133 0x23, 0x36, 0xf8, 0x51, 0xa5, 0x08, 0xa1, 0xed,
134 0x04, 0xe4, 0x79, 0xc3, 0x49, 0x85, 0xbf, 0x96,
135 };
136
137 static const uint8_t d_p384[] = {
138 0xf9, 0x2c, 0x02, 0xed, 0x62, 0x9e, 0x4b, 0x48,
139 0xc0, 0x58, 0x4b, 0x1c, 0x6c, 0xe3, 0xa3, 0xe3,
140 0xb4, 0xfa, 0xae, 0x4a, 0xfc, 0x6a, 0xcb, 0x04,
141 0x55, 0xe7, 0x3d, 0xfc, 0x39, 0x2e, 0x6a, 0x0a,
142 0xe3, 0x93, 0xa8, 0x56, 0x5e, 0x6b, 0x97, 0x14,
143 0xd1, 0x22, 0x4b, 0x57, 0xd8, 0x3f, 0x8a, 0x08,
144 };
145
146 static const uint8_t d_p521[] = {
147 0x01, 0x00, 0x08, 0x5f, 0x47, 0xb8, 0xe1, 0xb8,
148 0xb1, 0x1b, 0x7e, 0xb3, 0x30, 0x28, 0xc0, 0xb2,
149 0x88, 0x8e, 0x30, 0x4b, 0xfc, 0x98, 0x50, 0x19,
150 0x55, 0xb4, 0x5b, 0xba, 0x14, 0x78, 0xdc, 0x18,
151 0x4e, 0xee, 0xdf, 0x09, 0xb8, 0x6a, 0x5f, 0x7c,
152 0x21, 0x99, 0x44, 0x06, 0x07, 0x27, 0x87, 0x20,
153 0x5e, 0x69, 0xa6, 0x37, 0x09, 0xfe, 0x35, 0xaa,
154 0x93, 0xba, 0x33, 0x35, 0x14, 0xb2, 0x4f, 0x96,
155 0x17, 0x22,
156 };
157
158 static const uint8_t k_p256[] = {
159 0x7a, 0x1a, 0x7e, 0x52, 0x79, 0x7f, 0xc8, 0xca,
160 0xaa, 0x43, 0x5d, 0x2a, 0x4d, 0xac, 0xe3, 0x91,
161 0x58, 0x50, 0x4b, 0xf2, 0x04, 0xfb, 0xe1, 0x9f,
162 0x14, 0xdb, 0xb4, 0x27, 0xfa, 0xee, 0x50, 0xae,
163 };
164
165 static const uint8_t k_p384[] = {
166 0x2e, 0x44, 0xef, 0x1f, 0x8c, 0x0b, 0xea, 0x83,
167 0x94, 0xe3, 0xdd, 0xa8, 0x1e, 0xc6, 0xa7, 0x84,
168 0x2a, 0x45, 0x9b, 0x53, 0x47, 0x01, 0x74, 0x9e,
169 0x2e, 0xd9, 0x5f, 0x05, 0x4f, 0x01, 0x37, 0x68,
170 0x08, 0x78, 0xe0, 0x74, 0x9f, 0xc4, 0x3f, 0x85,
171 0xed, 0xca, 0xe0, 0x6c, 0xc2, 0xf4, 0x3f, 0xef,
172 };
173
174 static const uint8_t k_p521[] = {
175 0x00, 0x00, 0xc9, 0x1e, 0x23, 0x49, 0xef, 0x6c,
176 0xa2, 0x2d, 0x2d, 0xe3, 0x9d, 0xd5, 0x18, 0x19,
177 0xb6, 0xaa, 0xd9, 0x22, 0xd3, 0xae, 0xcd, 0xea,
178 0xb4, 0x52, 0xba, 0x17, 0x2f, 0x7d, 0x63, 0xe3,
179 0x70, 0xce, 0xcd, 0x70, 0x57, 0x5f, 0x59, 0x7c,
180 0x09, 0xa1, 0x74, 0xba, 0x76, 0xbe, 0xd0, 0x5a,
181 0x48, 0xe5, 0x62, 0xbe, 0x06, 0x25, 0x33, 0x6d,
182 0x16, 0xb8, 0x70, 0x31, 0x47, 0xa6, 0xa2, 0x31,
183 0xd6, 0xbf,
184 };
185
186 static const uint8_t h_p256[] = {
187 0xa4, 0x1a, 0x41, 0xa1, 0x2a, 0x79, 0x95, 0x48,
188 0x21, 0x1c, 0x41, 0x0c, 0x65, 0xd8, 0x13, 0x3a,
189 0xfd, 0xe3, 0x4d, 0x28, 0xbd, 0xd5, 0x42, 0xe4,
190 0xb6, 0x80, 0xcf, 0x28, 0x99, 0xc8, 0xa8, 0xc4,
191 };
192
193 static const uint8_t h_p384[] = {
194 0x5a, 0xea, 0x18, 0x7d, 0x1c, 0x4f, 0x6e, 0x1b,
195 0x35, 0x05, 0x7d, 0x20, 0x12, 0x6d, 0x83, 0x6c,
196 0x6a, 0xdb, 0xbc, 0x70, 0x49, 0xee, 0x02, 0x99,
197 0xc9, 0x52, 0x9f, 0x5e, 0x0b, 0x3f, 0x8b, 0x5a,
198 0x74, 0x11, 0x14, 0x9d, 0x6c, 0x30, 0xd6, 0xcb,
199 0x2b, 0x8a, 0xf7, 0x0e, 0x0a, 0x78, 0x1e, 0x89,
200 };
201
202 static const uint8_t h_p521[] = {
203 0x00, 0x00, 0xef, 0x88, 0xfb, 0x5a, 0xc0, 0x1f,
204 0x35, 0xf5, 0xcb, 0x8a, 0x1b, 0x00, 0x8e, 0x80,
205 0x11, 0x46, 0xc1, 0x39, 0x83, 0xcf, 0x8c, 0x2c,
206 0xcf, 0x1d, 0x88, 0xaf, 0xa8, 0xe9, 0xfe, 0xde,
207 0x12, 0x1c, 0x11, 0xfe, 0x82, 0x9d, 0x41, 0xb4,
208 0x02, 0xb3, 0x2a, 0xdf, 0xde, 0x20, 0x67, 0x9c,
209 0x3f, 0x4d, 0x91, 0x01, 0xa3, 0xc4, 0x07, 0x3a,
210 0x2e, 0x49, 0x03, 0x9f, 0x5d, 0x38, 0x06, 0x1c,
211 0xdb, 0xcc,
212 };
213
versal_ecc_sign_kat(uint32_t curve)214 static TEE_Result versal_ecc_sign_kat(uint32_t curve)
215 {
216 TEE_Result ret = TEE_SUCCESS;
217 size_t bytes = 0;
218 size_t bits = 0;
219 struct ecc_keypair key = { };
220 struct ecc_keypair ephemeral = { };
221 uint32_t algo = 0;
222 const uint8_t *d = NULL;
223 const uint8_t *k = NULL;
224 const uint8_t *sign_r = NULL;
225 const uint8_t *sign_s = NULL;
226 const uint8_t *hash = NULL;
227 uint8_t sig[(TEE_SHA512_HASH_SIZE + 2) * 2] = { };
228 size_t sig_len = 0;
229
230 switch (curve) {
231 case TEE_ECC_CURVE_NIST_P256:
232 algo = TEE_ALG_ECDSA_SHA256;
233 d = d_p256;
234 k = k_p256;
235 sign_r = sign_r_p256;
236 sign_s = sign_s_p256;
237 hash = h_p256;
238 break;
239 case TEE_ECC_CURVE_NIST_P384:
240 algo = TEE_ALG_ECDSA_SHA384;
241 d = d_p384;
242 k = k_p384;
243 sign_r = sign_r_p384;
244 sign_s = sign_s_p384;
245 hash = h_p384;
246 break;
247 case TEE_ECC_CURVE_NIST_P521:
248 algo = TEE_ALG_ECDSA_SHA512;
249 d = d_p521;
250 k = k_p521;
251 sign_r = sign_r_p521;
252 sign_s = sign_s_p521;
253 hash = h_p521;
254 break;
255 default:
256 return TEE_ERROR_NOT_SUPPORTED;
257 }
258
259 ret = pki_ecc_get_key_size(curve, &bytes, &bits);
260 if (ret)
261 return ret;
262
263 /* Prepare private key */
264 ret = crypto_asym_alloc_ecc_keypair(&key, TEE_TYPE_ECDSA_KEYPAIR, bits);
265 if (ret)
266 return ret;
267 key.curve = curve;
268
269 ret = crypto_bignum_bin2bn(d, bytes, key.d);
270 if (ret)
271 goto end;
272
273 /* Prepare ephemeral key */
274 ret = crypto_asym_alloc_ecc_keypair(&ephemeral, TEE_TYPE_ECDSA_KEYPAIR,
275 bits);
276 if (ret)
277 goto end;
278
279 ret = crypto_bignum_bin2bn(k, bytes, ephemeral.d);
280 if (ret)
281 goto endk;
282
283 /* Call PKI hW */
284 ret = versal_ecc_sign_ephemeral(algo, bytes, &key, &ephemeral, hash,
285 bytes, sig, &sig_len);
286 if (!ret) {
287 /* Check generated signature */
288 if (memcmp(sig, sign_r, bytes) ||
289 memcmp(sig + bytes, sign_s, bytes))
290 ret = TEE_ERROR_SIGNATURE_INVALID;
291 }
292
293 endk:
294 crypto_bignum_free(&ephemeral.x);
295 crypto_bignum_free(&ephemeral.y);
296 crypto_bignum_free(&ephemeral.d);
297 end:
298 crypto_bignum_free(&key.x);
299 crypto_bignum_free(&key.y);
300 crypto_bignum_free(&key.d);
301
302 return ret;
303 }
304
versal_ecc_verify_kat(uint32_t curve)305 static TEE_Result versal_ecc_verify_kat(uint32_t curve)
306 {
307 TEE_Result ret = TEE_SUCCESS;
308 size_t bytes = 0;
309 size_t bits = 0;
310 struct ecc_public_key pkey = { };
311 uint32_t algo = 0;
312 const uint8_t *qx = NULL;
313 const uint8_t *qy = NULL;
314 const uint8_t *sign_r = NULL;
315 const uint8_t *sign_s = NULL;
316 const uint8_t *hash = NULL;
317 uint8_t sig[(TEE_SHA512_HASH_SIZE + 2) * 2] = { };
318
319 switch (curve) {
320 case TEE_ECC_CURVE_NIST_P256:
321 algo = TEE_ALG_ECDSA_SHA256;
322 qx = pubkey_qx_p256;
323 qy = pubkey_qy_p256;
324 sign_r = sign_r_p256;
325 sign_s = sign_s_p256;
326 hash = h_p256;
327 break;
328 case TEE_ECC_CURVE_NIST_P384:
329 algo = TEE_ALG_ECDSA_SHA384;
330 qx = pubkey_qx_p384;
331 qy = pubkey_qy_p384;
332 sign_r = sign_r_p384;
333 sign_s = sign_s_p384;
334 hash = h_p384;
335 break;
336 case TEE_ECC_CURVE_NIST_P521:
337 algo = TEE_ALG_ECDSA_SHA512;
338 qx = pubkey_qx_p521;
339 qy = pubkey_qy_p521;
340 sign_r = sign_r_p521;
341 sign_s = sign_s_p521;
342 hash = h_p521;
343 break;
344 default:
345 return TEE_ERROR_NOT_SUPPORTED;
346 }
347
348 ret = pki_ecc_get_key_size(curve, &bytes, &bits);
349 if (ret)
350 return ret;
351
352 /* Prepare public key */
353 ret = crypto_asym_alloc_ecc_public_key(&pkey, TEE_TYPE_ECDSA_PUBLIC_KEY,
354 bits);
355 if (ret)
356 return ret;
357 pkey.curve = curve;
358
359 ret = crypto_bignum_bin2bn(qx, bytes, pkey.x);
360 if (ret)
361 goto end;
362 ret = crypto_bignum_bin2bn(qy, bytes, pkey.y);
363 if (ret)
364 goto end;
365
366 /* Prepare signature to verify */
367 memcpy((uint8_t *)sig, sign_r, bytes);
368 memcpy((uint8_t *)sig + bytes, sign_s, bytes);
369
370 /* Call PKI hW */
371 ret = versal_ecc_verify(algo, &pkey, hash, bytes, sig, 2 * bytes);
372
373 end:
374 crypto_bignum_free(&pkey.x);
375 crypto_bignum_free(&pkey.y);
376 return ret;
377 }
378
versal_ecc_kat_test(void)379 TEE_Result versal_ecc_kat_test(void)
380 {
381 TEE_Result ret = TEE_SUCCESS;
382
383 ret = versal_ecc_sign_kat(TEE_ECC_CURVE_NIST_P256);
384 if (ret)
385 return ret;
386
387 ret = versal_ecc_verify_kat(TEE_ECC_CURVE_NIST_P256);
388 if (ret)
389 return ret;
390
391 ret = versal_ecc_sign_kat(TEE_ECC_CURVE_NIST_P384);
392 if (ret)
393 return ret;
394
395 ret = versal_ecc_verify_kat(TEE_ECC_CURVE_NIST_P384);
396 if (ret)
397 return ret;
398
399 ret = versal_ecc_sign_kat(TEE_ECC_CURVE_NIST_P521);
400 if (ret)
401 return ret;
402
403 ret = versal_ecc_verify_kat(TEE_ECC_CURVE_NIST_P521);
404 if (ret)
405 return ret;
406
407 return ret;
408 }
409
410 #ifdef CFG_VERSAL_PKI_PWCT
versal_ecc_keypair_pwct(struct ecc_keypair * s)411 TEE_Result versal_ecc_keypair_pwct(struct ecc_keypair *s)
412 {
413 TEE_Result ret = TEE_SUCCESS;
414 struct ecc_public_key pkey = { };
415 uint32_t algo = 0;
416 size_t bytes = 0;
417 size_t bits = 0;
418 size_t len = 0;
419
420 uint8_t msg[TEE_SHA512_HASH_SIZE + 2] = { };
421 uint8_t sig[(TEE_SHA512_HASH_SIZE + 2) * 2] = { };
422
423 switch (s->curve) {
424 case TEE_ECC_CURVE_NIST_P256:
425 algo = TEE_ALG_ECDSA_SHA256;
426 break;
427 case TEE_ECC_CURVE_NIST_P384:
428 algo = TEE_ALG_ECDSA_SHA384;
429 break;
430 case TEE_ECC_CURVE_NIST_P521:
431 algo = TEE_ALG_ECDSA_SHA512;
432 break;
433 default:
434 return TEE_ERROR_NOT_SUPPORTED;
435 }
436
437 ret = pki_ecc_get_key_size(s->curve, &bytes, &bits);
438 if (ret)
439 return ret;
440
441 len = bytes * 2;
442
443 ret = versal_ecc_sign(algo, s, msg, bytes, sig, &len);
444 if (ret) {
445 DMSG("Error signing message 0x%" PRIx32, ret);
446 return ret;
447 }
448
449 ret = crypto_acipher_alloc_ecc_public_key(&pkey,
450 TEE_TYPE_ECDSA_PUBLIC_KEY,
451 bits);
452 if (ret) {
453 DMSG("Error allocating ECDSA public key 0x%" PRIx32, ret);
454 return ret;
455 }
456
457 crypto_bignum_free(&pkey.x);
458 crypto_bignum_free(&pkey.y);
459 pkey.x = s->x;
460 pkey.y = s->y;
461 pkey.curve = s->curve;
462
463 ret = versal_ecc_verify(algo, &pkey, msg, bytes, sig, bytes * 2);
464 if (ret)
465 DMSG("Error verifying signature 0x%" PRIx32, ret);
466
467 return ret;
468 }
469 #endif
470