mirror of
https://github.com/corda/corda.git
synced 2025-01-07 13:38:47 +00:00
9441de4c38
This release is used in conjunction with the linux-sgx-driver Intial release: https://github.com/01org/linux-sgx-driver commit-id: 0e865ce5e6b297a787bcdc12d98bada8174be6d7 Intel-id: 33399 Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
300 lines
12 KiB
C++
300 lines
12 KiB
C++
/*
|
|
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
* * Neither the name of Intel Corporation nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
|
|
#include "sgx_ecc256_common.h"
|
|
|
|
|
|
const uint32_t sgx_nistp256_r[] = {
|
|
0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, 0xFFFFFFFF, 0xFFFFFFFF,
|
|
0x00000000, 0xFFFFFFFF };
|
|
|
|
|
|
/* Computes signature for data based on private key
|
|
* Parameters:
|
|
* Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
|
|
* Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
|
|
* sgx_ec256_private_t *p_private - Pointer to the private key - LITTLE ENDIAN
|
|
* sgx_uint8_t *p_data - Pointer to the data to be signed
|
|
* uint32_t data_size - Size of the data to be signed
|
|
* Output: sgx_ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN */
|
|
sgx_status_t sgx_ecdsa_sign(const uint8_t *p_data,
|
|
uint32_t data_size,
|
|
sgx_ec256_private_t *p_private,
|
|
sgx_ec256_signature_t *p_signature,
|
|
sgx_ecc_state_handle_t ecc_handle)
|
|
{
|
|
if ((ecc_handle == NULL) || (p_private == NULL) || (p_signature == NULL) || (p_data == NULL) || (data_size < 1))
|
|
{
|
|
return SGX_ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
IppStatus ipp_ret = ippStsNoErr;
|
|
IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
|
|
IppsBigNumState* p_ecp_order = NULL;
|
|
IppsBigNumState* p_hash_bn = NULL;
|
|
IppsBigNumState* p_msg_bn = NULL;
|
|
IppsBigNumState* p_eph_priv_bn = NULL;
|
|
IppsECCPPointState* p_eph_pub = NULL;
|
|
IppsBigNumState* p_reg_priv_bn = NULL;
|
|
IppsBigNumState* p_signx_bn = NULL;
|
|
IppsBigNumState* p_signy_bn = NULL;
|
|
Ipp32u *p_sigx = NULL;
|
|
Ipp32u *p_sigy = NULL;
|
|
int ecp_size = 0;
|
|
const int order_size = sizeof(sgx_nistp256_r);
|
|
uint32_t hash[8] = { 0 };
|
|
|
|
do
|
|
{
|
|
|
|
ipp_ret = sgx_ipp_newBN(sgx_nistp256_r, order_size, &p_ecp_order);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
// Prepare the message used to sign.
|
|
ipp_ret = ippsHashMessage(p_data, data_size, (Ipp8u*)hash, IPP_ALG_HASH_SHA256);
|
|
ERROR_BREAK(ipp_ret);
|
|
/* Byte swap in creation of Big Number from SHA256 hash output */
|
|
ipp_ret = sgx_ipp_newBN(NULL, sizeof(hash), &p_hash_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsSetOctString_BN((Ipp8u*)hash, sizeof(hash), p_hash_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_msg_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsMod_BN(p_hash_bn, p_ecp_order, p_msg_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
// Get ephemeral key pair.
|
|
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_eph_priv_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
//init eccp point
|
|
ipp_ret = ippsECCPPointGetSize(256, &ecp_size);
|
|
ERROR_BREAK(ipp_ret);
|
|
p_eph_pub = (IppsECCPPointState*)(malloc(ecp_size));
|
|
if (!p_eph_pub)
|
|
{
|
|
ipp_ret = ippStsNoMemErr;
|
|
break;
|
|
}
|
|
ipp_ret = ippsECCPPointInit(256, p_eph_pub);
|
|
ERROR_BREAK(ipp_ret);
|
|
// Generate ephemeral key pair for signing operation
|
|
// Notice that IPP ensures the private key generated is non-zero
|
|
ipp_ret = ippsECCPGenKeyPair(p_eph_priv_bn, p_eph_pub, p_ecc_state,
|
|
(IppBitSupplier)sgx_ipp_DRNGen, NULL);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsECCPSetKeyPair(p_eph_priv_bn, p_eph_pub, ippFalse, p_ecc_state);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
// Set the regular private key.
|
|
ipp_ret = sgx_ipp_newBN((uint32_t *)p_private->r, sizeof(p_private->r),
|
|
&p_reg_priv_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signx_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_signy_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
// Sign the message.
|
|
ipp_ret = ippsECCPSignDSA(p_msg_bn, p_reg_priv_bn, p_signx_bn, p_signy_bn,
|
|
p_ecc_state);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
IppsBigNumSGN sign;
|
|
int length;
|
|
ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigx, p_signx_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
memset(p_signature->x, 0, sizeof(p_signature->x));
|
|
ipp_ret = check_copy_size(sizeof(p_signature->x), ROUND_TO(length, 8) / 8);
|
|
ERROR_BREAK(ipp_ret);
|
|
memcpy(p_signature->x, p_sigx, ROUND_TO(length, 8) / 8);
|
|
memset_s(p_sigx, sizeof(p_signature->x), 0, ROUND_TO(length, 8) / 8);
|
|
ipp_ret = ippsRef_BN(&sign, &length,(Ipp32u**) &p_sigy, p_signy_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
memset(p_signature->y, 0, sizeof(p_signature->y));
|
|
ipp_ret = check_copy_size(sizeof(p_signature->y), ROUND_TO(length, 8) / 8);
|
|
ERROR_BREAK(ipp_ret);
|
|
memcpy(p_signature->y, p_sigy, ROUND_TO(length, 8) / 8);
|
|
memset_s(p_sigy, sizeof(p_signature->y), 0, ROUND_TO(length, 8) / 8);
|
|
} while (0);
|
|
|
|
// Clear buffer before free.
|
|
if (p_eph_pub)
|
|
memset_s(p_eph_pub, ecp_size, 0, ecp_size);
|
|
SAFE_FREE(p_eph_pub);
|
|
sgx_ipp_secure_free_BN(p_ecp_order, order_size);
|
|
sgx_ipp_secure_free_BN(p_hash_bn, sizeof(hash));
|
|
sgx_ipp_secure_free_BN(p_msg_bn, order_size);
|
|
sgx_ipp_secure_free_BN(p_eph_priv_bn, order_size);
|
|
sgx_ipp_secure_free_BN(p_reg_priv_bn, sizeof(p_private->r));
|
|
sgx_ipp_secure_free_BN(p_signx_bn, order_size);
|
|
sgx_ipp_secure_free_BN(p_signy_bn, order_size);
|
|
|
|
switch (ipp_ret)
|
|
{
|
|
case ippStsNoErr: return SGX_SUCCESS;
|
|
case ippStsNoMemErr:
|
|
case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
|
|
case ippStsNullPtrErr:
|
|
case ippStsLengthErr:
|
|
case ippStsOutOfRangeErr:
|
|
case ippStsSizeErr:
|
|
case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
|
|
default: return SGX_ERROR_UNEXPECTED;
|
|
}
|
|
}
|
|
|
|
/* Verifies the signature for the given data based on the public key
|
|
*
|
|
* Parameters:
|
|
* Return: sgx_status_t - SGX_SUCCESS or failure as defined sgx_error.h
|
|
* Inputs: sgx_ecc_state_handle_t ecc_handle - Handle to ECC crypto system
|
|
* sgx_ec256_public_t *p_public - Pointer to the public key - LITTLE ENDIAN
|
|
* uint8_t *p_data - Pointer to the data to be signed
|
|
* uint32_t data_size - Size of the data to be signed
|
|
* sgx_ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN
|
|
* Output: uint8_t *p_result - Pointer to the result of verification check */
|
|
sgx_status_t sgx_ecdsa_verify(const uint8_t *p_data,
|
|
uint32_t data_size,
|
|
const sgx_ec256_public_t *p_public,
|
|
sgx_ec256_signature_t *p_signature,
|
|
uint8_t *p_result,
|
|
sgx_ecc_state_handle_t ecc_handle)
|
|
{
|
|
if ((ecc_handle == NULL) || (p_public == NULL) || (p_signature == NULL) ||
|
|
(p_data == NULL) || (data_size < 1) || (p_result == NULL))
|
|
{
|
|
return SGX_ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
IppStatus ipp_ret = ippStsNoErr;
|
|
IppsECCPState* p_ecc_state = (IppsECCPState*)ecc_handle;
|
|
IppECResult result = ippECInvalidSignature;
|
|
*p_result = SGX_EC_INVALID_SIGNATURE;
|
|
|
|
IppsBigNumState* p_ecp_order = NULL;
|
|
IppsBigNumState* p_hash_bn = NULL;
|
|
IppsBigNumState* p_msg_bn = NULL;
|
|
IppsECCPPointState* p_reg_pub = NULL;
|
|
IppsBigNumState* p_reg_pubx_bn = NULL;
|
|
IppsBigNumState* p_reg_puby_bn = NULL;
|
|
IppsBigNumState* p_signx_bn = NULL;
|
|
IppsBigNumState* p_signy_bn = NULL;
|
|
const int order_size = sizeof(sgx_nistp256_r);
|
|
uint32_t hash[8] = { 0 };
|
|
int ecp_size = 0;
|
|
|
|
do
|
|
{
|
|
ipp_ret = sgx_ipp_newBN(sgx_nistp256_r, order_size, &p_ecp_order);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
// Prepare the message used to sign.
|
|
ipp_ret = ippsHashMessage(p_data, data_size, (Ipp8u*)hash, IPP_ALG_HASH_SHA256);
|
|
ERROR_BREAK(ipp_ret);
|
|
/* Byte swap in creation of Big Number from SHA256 hash output */
|
|
ipp_ret = sgx_ipp_newBN(NULL, sizeof(hash), &p_hash_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsSetOctString_BN((Ipp8u*)hash, sizeof(hash), p_hash_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
ipp_ret = sgx_ipp_newBN(NULL, order_size, &p_msg_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsMod_BN(p_hash_bn, p_ecp_order, p_msg_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
//Init eccp point
|
|
ipp_ret = ippsECCPPointGetSize(256, &ecp_size);
|
|
ERROR_BREAK(ipp_ret);
|
|
p_reg_pub = (IppsECCPPointState*)(malloc(ecp_size));
|
|
if (!p_reg_pub)
|
|
{
|
|
ipp_ret = ippStsNoMemErr;
|
|
break;
|
|
}
|
|
ipp_ret = ippsECCPPointInit(256, p_reg_pub);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = sgx_ipp_newBN((const uint32_t *)p_public->gx, sizeof(p_public->gx),
|
|
&p_reg_pubx_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = sgx_ipp_newBN((const uint32_t *)p_public->gy, sizeof(p_public->gy),
|
|
&p_reg_puby_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsECCPSetPoint(p_reg_pubx_bn, p_reg_puby_bn, p_reg_pub,
|
|
p_ecc_state);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = ippsECCPSetKeyPair(NULL, p_reg_pub, ippTrue, p_ecc_state);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
ipp_ret = sgx_ipp_newBN(p_signature->x, order_size, &p_signx_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
ipp_ret = sgx_ipp_newBN(p_signature->y, order_size, &p_signy_bn);
|
|
ERROR_BREAK(ipp_ret);
|
|
|
|
// Verify the message.
|
|
ipp_ret = ippsECCPVerifyDSA(p_msg_bn, p_signx_bn, p_signy_bn, &result,
|
|
p_ecc_state);
|
|
ERROR_BREAK(ipp_ret);
|
|
} while (0);
|
|
|
|
// Clear buffer before free.
|
|
if (p_reg_pub)
|
|
memset_s(p_reg_pub, ecp_size, 0, ecp_size);
|
|
SAFE_FREE(p_reg_pub);
|
|
sgx_ipp_secure_free_BN(p_ecp_order, order_size);
|
|
sgx_ipp_secure_free_BN(p_hash_bn, sizeof(hash));
|
|
sgx_ipp_secure_free_BN(p_msg_bn, order_size);
|
|
sgx_ipp_secure_free_BN(p_reg_pubx_bn, sizeof(p_public->gx));
|
|
sgx_ipp_secure_free_BN(p_reg_puby_bn, sizeof(p_public->gy));
|
|
sgx_ipp_secure_free_BN(p_signx_bn, order_size);
|
|
sgx_ipp_secure_free_BN(p_signy_bn, order_size);
|
|
|
|
switch (result) {
|
|
case ippECValid: *p_result = SGX_EC_VALID; break; /* validation pass successfully */
|
|
case ippECInvalidSignature: *p_result = SGX_EC_INVALID_SIGNATURE; break; /* invalid signature */
|
|
default: *p_result = SGX_EC_INVALID_SIGNATURE; break;
|
|
}
|
|
|
|
switch (ipp_ret)
|
|
{
|
|
case ippStsNoErr: return SGX_SUCCESS;
|
|
case ippStsNoMemErr:
|
|
case ippStsMemAllocErr: return SGX_ERROR_OUT_OF_MEMORY;
|
|
case ippStsNullPtrErr:
|
|
case ippStsLengthErr:
|
|
case ippStsOutOfRangeErr:
|
|
case ippStsSizeErr:
|
|
case ippStsBadArgErr: return SGX_ERROR_INVALID_PARAMETER;
|
|
default: return SGX_ERROR_UNEXPECTED;
|
|
}
|
|
}
|