ID_RSA1024 = 1054,
ID_RSA2048 = 1055,
ID_RSA3072 = 1056,
+ ID_RSA4096 = 1058,
ID_ELGAMAL = 1052,
ID_ECELGAMAL = 1053,
free(crt);
return NULL;
}
-
+
crt->PRNG_seed = NULL;
crt->PRNG_get = NULL;
crt->MD_init = NULL;
crt->MD_update = SDRM_MD5_update;
crt->MD_final = SDRM_MD5_final;
crt->MD_getHASH = SDRM_MD5_hash;
- break;
+ break;
case ID_SHA1:
crt->ctx->sha1ctx = (SDRM_SHA1Context*)CCMalloc(sizeof(SDRM_SHA1Context));
crt->MD_init = SDRM_SHA1_init;
crt->DH_Gen1stPhaseKey = SDRM_GenerateDHPrivate;
crt->DH_GenAuthKey = SDRM_GetDHSharedSecret;
break;
- case ID_ECDH :
+ case ID_ECDH :
crt->ctx->ecdhctx = (SDRM_ECDHContext*)SDRM_CURVE_Init();
crt->EC_setCurve = SDRM_ECC_Set_CTX;
crt->EC_genKeypair = SDRM_ECC_genKeypair;
crt->DS_sign = SDRM_RSA_sign;
crt->DS_verify = SDRM_RSA_verify;
break;
+ case ID_RSA4096:
+ crt->ctx->rsactx = SDRM_RSA_InitCrt(512);
+ crt->RSA_genKeypair = SDRM_RSA_GenerateKey;
+ crt->RSA_genKeypairWithE = SDRM_RSA_GenerateND;
+ crt->RSA_genKeyDWithPQE = SDRM_RSA_GenerateDwithPQE;
+ crt->RSA_genKeypairWithEforCRT = SDRM_RSA_GenerateKeyforCRT;
+ crt->RSA_setKeypair = SDRM_RSA_setNED;
+ crt->RSA_setKeypairForCRT = SDRM_RSA_setNEDPQ;
+ crt->AE_encrypt = SDRM_RSA_encrypt;
+ crt->AE_decrypt = SDRM_RSA_decrypt;
+ crt->AE_decryptByCRT = SDRM_RSA_decryptByCRT;
+ crt->DS_sign = SDRM_RSA_sign;
+ crt->DS_verify = SDRM_RSA_verify;
+ break;
case ID_DSA:
crt->ctx->dsactx = (SDRM_DSAContext*)SDRM_DSA_InitCrt();
crt->DSA_genParam = SDRM_DSA_GenParam;
break;
case ID_MD5:
CCFree(crt->ctx->md5ctx);
- break;
+ break;
case ID_SHA1:
CCFree(crt->ctx->sha1ctx);
break;
case ID_RSA:
case ID_RSA1024:
case ID_RSA2048:
+ case ID_RSA3072:
+ case ID_RSA4096:
CCFree(crt->ctx->rsactx);
break;
case ID_DSA:
{
*RSA_D_Len = RSA_KeyByteLen;
}
-
+
free(pbBuf);
-
+
crt->ctx->rsactx->crt_operation = 0;
return CRYPTO_SUCCESS;
RSA_KeyByteLen = crt->ctx->rsactx->k;
t1 = (RSA_KeyByteLen * 4 - 1) % 32;
-
+
pbBuf = (cc_u8*)malloc(SDRM_RSA_ALLOC_SIZE * 5);
if (pbBuf == NULL)
{
{
*RSA_D_Len = RSA_KeyByteLen;
}
-
+
free(pbBuf);
-
+
crt->ctx->rsactx->crt_operation = 0;
return CRYPTO_SUCCESS;
* @param RSA_Q_Data [in]d value
* @param RSA_Q_Len [in]byte-length of d
* @param RSA_D_P_Data [in]d mod (p-1) value
- * @param RSA_D_P_Len [in]byte-length of d mod (p-1)
+ * @param RSA_D_P_Len [in]byte-length of d mod (p-1)
* @param RSA_D_Q_Data [in]d mod (q-1) value
- * @param RSA_D_Q_Len [in]byte-length of d mod (q-1)
+ * @param RSA_D_Q_Len [in]byte-length of d mod (q-1)
* @param RSA_D_Data [out]d value
* @param RSA_D_Len [out]byte-length of d
*
}
RSA_KeyByteLen = crt->ctx->rsactx->k;
-
+
pbBuf = (cc_u8*)malloc(SDRM_RSA_ALLOC_SIZE * 5);
if (pbBuf == NULL)
{
sp = 30;
}
- SDRM_OS2BN((cc_u8*)RSA_P_Data, RSA_P_Len, p);
+ SDRM_OS2BN((cc_u8*)RSA_P_Data, RSA_P_Len, p);
if (SDRM_BN_MILLER_RABIN(p, sp) != CRYPTO_ISPRIME)
{
free(pbBuf);
return CRYPTO_INVALID_ARGUMENT;
}
- SDRM_OS2BN((cc_u8*)RSA_Q_Data, RSA_Q_Len, q);
+ SDRM_OS2BN((cc_u8*)RSA_Q_Data, RSA_Q_Len, q);
if (SDRM_BN_MILLER_RABIN(q, sp) != CRYPTO_ISPRIME)
{
free(pbBuf);
{
*RSA_D_Len = RSA_KeyByteLen;
}
-
+
free(pbBuf);
-
+
crt->ctx->rsactx->crt_operation = 0;
return CRYPTO_SUCCESS;
}
GEN_RND:
-
+
//Generate p
p->Length = (RSA_KeyByteLen + 7) / 8;
-
+
do {
SDRM_RNG_X931((cc_u8 *)Seed, RSA_KeyByteLen * 4, (cc_u8*)p->pData);
p->pData[0] |= 1L;
//Generate q
q->Length = (RSA_KeyByteLen + 7) / 8;
-
+
do {
SDRM_RNG_X931((cc_u8 *)Seed, RSA_KeyByteLen * 4, (cc_u8*)q->pData);
q->pData[0] |= 1L;
// SDRM_PrintBN("p", p);
// SDRM_PrintBN("q", q);
-
+
//temp1 = (p - 1), temp2 = (q - 1)
SDRM_BN_Sub(temp1, p, BN_One);
{
*RSA_D_Len = RSA_KeyByteLen;
}
-
+
if (RSA_P_Data != NULL)
{
SDRM_I2OSP(crt->ctx->rsactx->p, RSA_KeyByteLen / 2, RSA_P_Data);
}
free(pbBuf);
-
+
crt->ctx->rsactx->crt_operation = 1;
return CRYPTO_SUCCESS;
BN_Src = SDRM_BN_Alloc((cc_u8*)BN_dMsg + SDRM_RSA_ALLOC_SIZE, SDRM_RSA_BN_BUFSIZE);
SDRM_OS2BN(in, inLen, BN_Src);
-
+
//RSA Decryption by modular exponent
#ifndef _OP64_NOTSUPPORTED
retVal = SDRM_BN_ModExp2(BN_dMsg, BN_Src, crt->ctx->rsactx->d, crt->ctx->rsactx->n);
h = SDRM_BN_Alloc((cc_u8*)m2 + SDRM_RSA_ALLOC_SIZE, SDRM_RSA_BN_BUFSIZE);
SDRM_OS2BN(in, inLen, BN_Src);
-
+
//RSA Decryption by CRT
/*
dp = d mod (p - 1)
dq = d mod (q - 1)
qInv = (1/q) mod p where p > q
- =>
+ =>
m1 = c^dp mod p
m2 = c^dq mod q
h = qInv(m1 - m2) mod p if (m1 >= m2) or h = qInv(m1 + p - m2) mod p if (m1 < m2)
free(pbBuf);
return CRYPTO_INVALID_ARGUMENT;
}
-
+
// 7. m = m2 + hq
if(SDRM_BN_Mul(h, h, crt->ctx->rsactx->q))
{
free(pbBuf);
return CRYPTO_INVALID_ARGUMENT;
}
-
+
if(SDRM_BN_Add(BN_dMsg, m2, h))
{
free(pbBuf);
retVal = SDRM_BN_ModExp(BN_Sign, BN_pMsg, crt->ctx->rsactx->d, crt->ctx->rsactx->n);
#endif //_OP64_NOTSUPPORTED
- if (retVal != CRYPTO_SUCCESS)
+ if (retVal != CRYPTO_SUCCESS)
{
free(pbBuf);
return retVal;
SDRM_OS2BN(signature, signLen, BN_Sign);
// SDRM_PrintBN("Generated Sign : ", BN_Sign);
-
+
//RSA Verification by modular exponent
#ifndef _OP64_NOTSUPPORTED
retVal = SDRM_BN_ModExp2(BN_dMsg, BN_Sign, crt->ctx->rsactx->e, crt->ctx->rsactx->n);
SDRM_BN_Copy(BN_b, BN_D);
SDRM_BN_Mul(BN_tmp, BN_g, BN_v);
SDRM_BN_Copy(BN_v, BN_tmp);
-
+
break;
}
}
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
- * limitations under the License.
+ * limitations under the License.
*/
-/**
- * @file uci_type.h
- * @brief UCI codec.
- * @author guoxing.xu
- * @version 1.0
+/**
+ * @file uci_type.h
+ * @brief UCI codec.
+ * @author guoxing.xu
+ * @version 1.0
* @date 2013.7
**/
#ifndef _UCI_TYPE_H
#define UCI_MEM_ALLOR_ERROR -3001 /**< malloc is failed */
#define UCI_INVALID_ARGUMENT -3003 /**< argument is not correct */
#define UCI_MSG_TOO_LONG -3004 /**< length of input message is too long */
-#define UCI_INVALID_HANDLE -3005 /**< hand is not valid */
+#define UCI_INVALID_HANDLE -3005 /**< hand is not valid */
#define UCI_VALID_SIGN UCI_SUCCESS /**< valid sign */
#define UCI_INVALID_SIGN -3011 /**< invalid sign */
ID_UCI_RSA1024 = 1054,
ID_UCI_RSA2048 = 1055,
ID_UCI_RSA3072 = 1056,
+ ID_UCI_RSA4096 = 1058,
ID_UCI_ELGAMAL = 1052,
ID_UCI_ECELGAMAL = 1053,
} rsa_kparam_flag_e;
/**
- *@brief rsa key param structure
+ *@brief rsa key param structure
*
*/
typedef struct rsa_param {
case ID_UCI_RSA:
case ID_UCI_RSA1024:
case ID_UCI_RSA2048:
+ case ID_UCI_RSA3072:
+ case ID_UCI_RSA4096:
memcpy(destctx->imp, srcctx->imp, sizeof(SDRM_RSAContext));
break;
case ID_UCI_DSA:
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
- * limitations under the License.
+ * limitations under the License.
*/
-/**
- * @file uci_cryptocore.cpp
- * @brief UCI codec.
- * @author guoxing.xu
- * @version 1.0
+/**
+ * @file uci_cryptocore.cpp
+ * @brief UCI codec.
+ * @author guoxing.xu
+ * @version 1.0
* @date 2013.9.9
**/
//cts encrypt
if (pctx->flag == ID_UCI_ENC_CTS) {
-#if 0
+#if 0
lastblocksize = input_len % SDRM_AES_BLOCK_SIZ;
if(lastblocksize == 0)
{
case ID_UCI_RSA1024:
case ID_UCI_RSA2048:
case ID_UCI_RSA3072:
+ case ID_UCI_RSA4096:
pad = SDRM_LOW_HALF(uciparm->urp.padding);
if (pad != ID_UCI_RSAES_PKCS15 && pad != ID_UCI_RSAES_OAEP
&& pad != ID_UCI_NO_PADDING && pad != ID_UCI_RSASSA_PKCS15
break;
case ID_UCI_ECDSA:
case ID_UCI_ECDH:
- //set curver parameter
+ //set curver parameter
ret = ((CryptoCoreContainer *)pctx->imp)->EC_setCurve(
(CryptoCoreContainer *)pctx->imp, uciparm->uep.dimension,
uciparm->uep.ecc_p_data, uciparm->uep.ecc_p_len,
case ID_UCI_RSA1024:
case ID_UCI_RSA2048:
case ID_UCI_RSA3072:
+ case ID_UCI_RSA4096:
pad = SDRM_LOW_HALF(uciparm->urp.padding);
if (pad != ID_UCI_RSAES_PKCS15 && pad != ID_UCI_RSAES_OAEP
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384:
case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512:
- if (operation->info.keySize== 1024) {
- alg=ID_RSA1024;
- }
- else if (operation->info.keySize== 2048) {
- alg=ID_RSA2048;
- }
- else if (operation->info.keySize== 3072) {
- alg=ID_RSA3072;
- }
- else {
- goto error;
- }
+ if (operation->info.keySize== 512) {
+ alg=ID_RSA512;
+ }
+ else if (operation->info.keySize== 1024) {
+ alg=ID_RSA1024;
+ }
+ else if (operation->info.keySize== 2048) {
+ alg=ID_RSA2048;
+ }
+ else if (operation->info.keySize== 3072) {
+ alg=ID_RSA3072;
+ }
+ else if (operation->info.keySize== 4096) {
+ alg=ID_RSA4096;
+ }
+ else {
+ goto error;
+ }
break;
/* TEE_OPERATION_ASYMMETRIC_SIGNATURE */
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
- if (operation->info.keySize== 1024) {
- alg=ID_RSA1024;
- }
- else if (operation->info.keySize== 2048) {
- alg=ID_RSA2048;
- }
- else if (operation->info.keySize== 3072) {
- alg=ID_RSA3072;
- }
- else {
- goto error;
- }
+ if (operation->info.keySize== 512) {
+ alg=ID_RSA512;
+ }
+ else if (operation->info.keySize== 1024) {
+ alg=ID_RSA1024;
+ }
+ else if (operation->info.keySize== 2048) {
+ alg=ID_RSA2048;
+ }
+ else if (operation->info.keySize== 3072) {
+ alg=ID_RSA3072;
+ }
+ else if (operation->info.keySize== 4096) {
+ alg=ID_RSA4096;
+ }
+ else {
+ goto error;
+ }
break;
case TEE_ALG_DSA_SHA1:
break;
case TEE_ALG_GENERATE_RSA_KEY:
- if (operation->info.keySize== 1024) {
- alg=ID_RSA1024;
- }
- else if (operation->info.keySize== 2048) {
- alg=ID_RSA2048;
- }
- else if (operation->info.keySize== 3072) {
- alg=ID_RSA3072;
- }
- else {
- goto error;
- }
+ if (operation->info.keySize== 512) {
+ alg=ID_RSA512;
+ }
+ else if (operation->info.keySize== 1024) {
+ alg=ID_RSA1024;
+ }
+ else if (operation->info.keySize== 2048) {
+ alg=ID_RSA2048;
+ }
+ else if (operation->info.keySize== 3072) {
+ alg=ID_RSA3072;
+ }
+ else if (operation->info.keySize== 4096) {
+ alg=ID_RSA4096;
+ }
+ else {
+ goto error;
+ }
break;
default:
(void)paramCount;
crypto_internal_operation *op = (crypto_internal_operation*) operation;
crypto_internal_keystruct key;
- unsigned char module_buf[384] = {0x0, };
- unsigned char pub_buf[384] = {0x0, };
+ unsigned char module_buf[512] = {0x0, };
+ unsigned char pub_buf[512] = {0x0, };
memset(&key, 0x00, sizeof(crypto_internal_keystruct));
key.rsa_modulus.size = sizeof(module_buf);
crypto_internal_operation * op = (crypto_internal_operation*) operation;
crypto_internal_keystruct key;
- unsigned char module_buf[384] = {0x0, };
- unsigned char pub_buf[384] = {0x0, };
- unsigned char priv_buf[384] = {0x0, };
+ unsigned char module_buf[512] = {0x0, };
+ unsigned char pub_buf[512] = {0x0, };
+ unsigned char priv_buf[512] = {0x0, };
memset(&key, 0x00, sizeof(crypto_internal_keystruct));
key.rsa_modulus.size = sizeof(module_buf);
break;
case TEE_TYPE_RSA_PUBLIC_KEY:
case TEE_TYPE_RSA_KEYPAIR:
- if (maxObjectSize < 256 || maxObjectSize > 3072)
+ if (maxObjectSize < 256 || maxObjectSize > 4096 || maxObjectSize % 64)
return TEE_ERROR_NOT_SUPPORTED;
//tr->attr.buf_len = sizeof(rsa_context);
break;
return TEE_ERROR_OUT_OF_MEMORY;
}
// copy attributes
-// TEE_CopyObjectAttributes((TEE_ObjectHandle) & po->attr,
-// (TEE_ObjectHandle) attr);
-
TEE_CopyObjectAttributes((TEE_ObjectHandle)&po->attr.info,
- (TEE_ObjectHandle)attr);
+ (TEE_ObjectHandle)attr);
// get required buffer length
po->po_file.attr_size = calc_attr_size(&po->attr);
// digits 8, 9, A, or B for y. e.g. f47ac10b-58cc-4372-a567-0e02b2c3d479.
char* tmp = uuid;
-
+
snprintf(tmp, 9, "%08x", TA_UUID.timeLow);
tmp[8] = '-';
tmp += 9;
TEE_Panic(0);
}
break;
- case TEE_TYPE_RSA_PUBLIC_KEY:
- case TEE_TYPE_RSA_KEYPAIR: {
- // Krishna: Incorrect to check this condition
- /*if ((tr->info.objectType == TEE_TYPE_RSA_KEYPAIR)
- && (tr->attr.attr_number != 3) && (tr->attr.attr_number != 8)) {
- TZ_ERROR("tr->attr.attr_number = %d\n", tr->attr.attr_number);
+ case TEE_TYPE_RSA_PUBLIC_KEY: {
+ if ((tr->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY)
+ && (tr->attr.attr_number != 2)) {
TZ_ERROR("operation error line = %d,%s\n", __LINE__, __func__);
TEE_Panic(0);
- }*/
- if ((tr->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY)
- && (tr->attr.attr_number != 2)) {
+ }
+ break;
+ }
+ case TEE_TYPE_RSA_KEYPAIR: {
+ if ((tr->info.objectType == TEE_TYPE_RSA_KEYPAIR)
+ && (tr->attr.attr_number != 3)) {
TZ_ERROR("operation error line = %d,%s\n", __LINE__, __func__);
TEE_Panic(0);
}
alg = ID_UCI_RSA2048;
} else if (3072 == keySize) {
alg = ID_UCI_RSA3072;
+ } else if (4096 == keySize) {
+ alg = ID_UCI_RSA4096;
}
UCI_HANDLE uh = uci_context_alloc(alg, UCI_SW);
uci_ae_gen_keypair(uh, &uci_key, &up);
TEE_InitRefAttribute(&attrs[1], TEE_ATTR_RSA_PUBLIC_EXPONENT,
uci_key.ucik_rsa_e, keySize);
TEE_InitRefAttribute(&attrs[2], TEE_ATTR_RSA_PRIVATE_EXPONENT,
- uci_key.ucik_rsa_d, keySize);
+ uci_key.ucik_rsa_d, keySize);
TEE_PopulateTransientObject(object, attrs, 3);
OsaFree(uci_key.ucik_rsa_n);
projects / platform / core / security / tef-simulator.git / commitdiff