void *dst, size_t *dst_len, void *tag, size_t *tag_len);
int ossl_crypto_ae_dec_final(crypto_internal_operation *op, void *src, size_t src_len,
void *dst, size_t *dst_len, void *tag, size_t tag_len);
-int ossl_ecdsa_sign(crypto_internal_keydata priv_key, const void *src, size_t src_len,
- void *sig, size_t *sig_len);
+int ossl_ecdsa_sign(uint32_t curve, crypto_internal_keydata priv_key,
+ const void *src, size_t src_len, void *sig, size_t *sig_len);
int ossl_ecdsa_verify(uint32_t curve, crypto_internal_keydata pub_x, crypto_internal_keydata pub_y,
const void *src, size_t src_len, const void *sig, size_t sig_len);
int ossl_ecdh_derive(crypto_internal_keydata prv_key, uint32_t curve,
}
if (info.objectType == TEE_TYPE_ECDSA_KEYPAIR || info.objectType == TEE_TYPE_ECDH_KEYPAIR) {
- ret = ossl_ecdsa_sign(key.ecc_private, digest, digestLen, signature, signatureLen);
+ ret = ossl_ecdsa_sign(key.ecc_curve, key.ecc_private, digest, digestLen, signature, signatureLen);
} else {
if (crypto_internal_init(op, &key, NULL, 0)) {
CRYPTO_PANIC;
return 0;
}
-int ossl_ecdsa_sign(crypto_internal_keydata priv_key,
- const void *src, size_t src_len,
- void *sig, size_t *sig_len)
+int ossl_ecdsa_sign(uint32_t curve, crypto_internal_keydata priv_key,
+ const void *src, size_t src_len, void *sig, size_t *sig_len)
{
EC_KEY* eckey = NULL;
- BIO* bio = NULL;
+ BIGNUM *bn_priv = NULL;
+ int nid = 0;
int ret = 0;
- bio = BIO_new_mem_buf(priv_key.buffer, priv_key.size);
+ if (curve_to_nid(curve, &nid) != 0) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdsa_sign: to_nid() failed");
+ ret = -1;
+ goto clean;
+ }
- if ((eckey = d2i_ECPrivateKey_bio(bio, NULL)) == NULL) {
- LOGE(MODULE_SSF_LIB, "ossl_ecdsa_sign: d2i_ECPrivateKey_bio() failed");
+ eckey = EC_KEY_new_by_curve_name(nid);
+ if(eckey == NULL) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdsa_sign: EC_KEY_new_by_curve_name() failed");
ret = -1;
goto clean;
- }
+ }
+ EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
+
+ bn_priv = BN_bin2bn(priv_key.buffer, priv_key.size, NULL);
+ if(bn_priv == NULL) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdsa_sign: BN_bin2bn() failed");
+ ret = -1;
+ goto clean;
+ }
+ if (!EC_KEY_set_private_key(eckey, bn_priv)) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdsa_sign: EC_KEY_set_private_key() failed");
+ ret = -1;
+ goto clean;
+ }
if (ECDSA_sign(0, (unsigned char *)src, (int) src_len,
(unsigned char *) sig, (unsigned int *)sig_len, eckey) == 0) {
clean:
EC_KEY_free(eckey);
- BIO_free(bio);
+ BN_free(bn_priv);
return ret;
}
int ret = 0;
if (curve_to_nid(curve, &nid) != 0) {
- LOGE(MODULE_SSF_LIB, "ossl_ecdsa_sign: to_nid() failed");
+ LOGE(MODULE_SSF_LIB, "ossl_ecdsa_verify: to_nid() failed");
ret = -2;
goto clean;
}
void *secret, size_t *secret_len)
{ int nid = 0;
EC_KEY *my_key = NULL, *peer_key = NULL;
- BIGNUM *x = NULL, *y = NULL;
+ BIGNUM *bn_priv = NULL, *x = NULL, *y = NULL;
int ret = 0;
- BIO* bio = BIO_new_mem_buf(priv_key.buffer, priv_key.size);
- if ((my_key = d2i_ECPrivateKey_bio(bio, NULL)) == NULL) {
- LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: d2i_ECPrivateKey_bio() failed");
- ret = -1;
+ if (curve_to_nid(curve, &nid) != 0) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: to_nid() failed");
+ ret = -2;
goto clean;
}
- if (curve_to_nid(curve, &nid) != 0) {
- LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: to_nid() failed");
+ my_key = EC_KEY_new_by_curve_name(nid);
+ if(my_key == NULL) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: EC_KEY_new_by_curve_name() failed");
ret = -2;
goto clean;
}
+ bn_priv = BN_bin2bn(priv_key.buffer, priv_key.size, NULL);
+ if(bn_priv == NULL) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: BN_bin2bn() failed");
+ ret = -1;
+ goto clean;
+ }
+ if (!EC_KEY_set_private_key(my_key, bn_priv)) {
+ LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: EC_KEY_set_private_key() failed");
+ ret = -1;
+ goto clean;
+ }
+
peer_key = EC_KEY_new_by_curve_name(nid);
if(peer_key == NULL) {
LOGE(MODULE_SSF_LIB, "ossl_ecdh_derive: EC_KEY_new_by_curve_name() failed");
clean:
EC_KEY_free(my_key);
EC_KEY_free(peer_key);
- BIO_free(bio);
+ BN_free(bn_priv);
BN_free(x);
BN_free(y);
return ret;
}
}
-int to_buffer(BIO *bio, uint8_t **buffer, size_t *size) {
- uint8_t tmp[1024*4];
- uint8_t* tmp_buffer;
- size_t read = 0;
-
- BIO_seek(bio, 0);
- read = BIO_read(bio, tmp, sizeof(tmp));
- if (read >= sizeof(tmp)) { // Too Big Data
- return -1;
- }
- tmp_buffer = (uint8_t*) malloc(read);
- if(tmp_buffer == NULL) {
- return -1;
- }
- memcpy(tmp_buffer, tmp, read);
-
- *buffer = tmp_buffer;
- *size = read;
- return 0;
-}
-
/////////////////////////////////////////////////////////////////////////////////////////////
// Internal transient Object Operations
/////////////////////////////////////////////////////////////////////////////////////////////
case TEE_TYPE_ECDH_KEYPAIR: {
size_t key_size = (keySize + 7) / 8;
int nid = 0;
+ uint32_t curve = 0;
uint8_t *privKey = NULL, *pubX = NULL, *pubY = NULL;
size_t privSize = 0, pubXSize = 0, pubYSize = 0;
for (i = 0; i < paramCount; i++) {
if (params[i].attributeID == TEE_ATTR_ECC_CURVE) {
- if (curve_to_nid(params[i].content.value.a, &nid) != 0)
+ curve = params[i].content.value.a;
+ if (curve_to_nid(curve, &nid) != 0)
return TEE_ERROR_BAD_PARAMETERS;
check |= 0x01;
}
TEE_Panic(0);
}
- BIO *bio_pri = BIO_new(BIO_s_mem());
- i2d_ECPrivateKey_bio(bio_pri, ec_key);
-
- if(to_buffer(bio_pri, &privKey, &privSize) != 0) {
- TZ_ERROR("failed to convert private key to binary. line = %d,%s\n", __LINE__, __func__);
+ const BIGNUM *priv_value = EC_KEY_get0_private_key(ec_key);
+ privKey = (uint8_t *) malloc(BN_num_bytes(priv_value));
+ if(privKey == NULL) {
+ TZ_ERROR("malloc() operation error line = %d,%s\n", __LINE__, __func__);
TEE_Panic(0);
}
+ privSize = BN_bn2bin(priv_value, privKey);
const EC_POINT *pubkey_pnt = EC_KEY_get0_public_key(ec_key);
BIGNUM *x = BN_new();
TZ_ERROR("failed in EC_POINT_get_affine_coordinates_GFp(). line = %d,%s\n", __LINE__, __func__);
TEE_Panic(0);
}
- pubX = (uint8_t *) malloc(key_size);
- pubY = (uint8_t *) malloc(key_size);
+ pubX = (uint8_t *) malloc(BN_num_bytes(x));
+ pubY = (uint8_t *) malloc(BN_num_bytes(y));
pubXSize = BN_bn2bin(x, pubX);
pubYSize = BN_bn2bin(y, pubY);
- if (key_size < pubXSize || key_size < pubYSize) {
- TZ_ERROR("Too small key size. line = %d,%s. key_size=%d, pubXSize=%d, pubYSize=%d\n",
- __LINE__, __func__, key_size, pubXSize, pubYSize);
+
+ if (key_size < privSize || key_size < pubXSize || key_size < pubYSize) {
+ TZ_ERROR("Too small key size. line = %d,%s. key_size=%d, privSize=%d, pubXSize=%d, pubYSize=%d\n",
+ __LINE__, __func__, key_size, privSize, pubXSize, pubYSize);
TEE_Panic(0);
}
- TEE_InitValueAttribute(&attrs[0], params[0].attributeID, params[0].content.value.a, params[0].content.value.b);
+ TEE_InitValueAttribute(&attrs[0], TEE_ATTR_ECC_CURVE, curve, 0);
TEE_InitRefAttribute(&attrs[1], TEE_ATTR_ECC_PRIVATE_VALUE, privKey, privSize);
TEE_InitRefAttribute(&attrs[2], TEE_ATTR_ECC_PUBLIC_VALUE_X, pubX, pubXSize);
TEE_InitRefAttribute(&attrs[3], TEE_ATTR_ECC_PUBLIC_VALUE_Y, pubY, pubYSize);
EC_GROUP_free(ec_group);
EC_KEY_free(ec_key);
- BIO_free(bio_pri);
BN_free(x);
BN_free(y);
free(privKey);
projects / platform / core / security / tef-simulator.git / commitdiff