Alternative ECDSA and ECDH support

Add support for Alternative ECDSA and ECDH, on the higher level,
over CC310. Note that CC generates ECC keys according to FIPS 186,
while mbed TLS generates according to RFC 6979 and RFC 4754,
which causes test vectors for curve p521 to fail

Author: Ron Eldor

features/mbedtls/targets/TARGET_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a

@@ -0,0 +1,153 @@
+/*
+ *  cc_internal.c
+ *
+ *  Internal utility functions and definitions,
+ *  used for converting mbedtls types to CC types, and vice versa
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include "cc_internal.h"
+#include "crys_ecpki_error.h"
+#include "crys_ec_mont_edw_error.h"
+
+CRYS_ECPKI_DomainID_t convert_mbedtls_grp_id_to_crys_domain_id( mbedtls_ecp_group_id grp_id )
+{
+    switch( grp_id )
+    {
+    case MBEDTLS_ECP_DP_SECP192K1:
+        return ( CRYS_ECPKI_DomainID_secp192k1 );
+    case MBEDTLS_ECP_DP_SECP192R1:
+        return ( CRYS_ECPKI_DomainID_secp192r1 );
+    case MBEDTLS_ECP_DP_SECP224K1:
+        return ( CRYS_ECPKI_DomainID_secp224k1 );
+    case MBEDTLS_ECP_DP_SECP224R1:
+        return ( CRYS_ECPKI_DomainID_secp224r1 );
+    case MBEDTLS_ECP_DP_SECP256K1:
+        return ( CRYS_ECPKI_DomainID_secp256k1 );
+    case MBEDTLS_ECP_DP_SECP256R1:
+        return ( CRYS_ECPKI_DomainID_secp256r1 );
+    case MBEDTLS_ECP_DP_SECP384R1:
+        return ( CRYS_ECPKI_DomainID_secp384r1 );
+    case MBEDTLS_ECP_DP_SECP521R1:
+        return ( CRYS_ECPKI_DomainID_secp521r1 );
+    default:
+        return ( CRYS_ECPKI_DomainID_OffMode );
+    }
+
+}
+
+uint32_t convert_mbedtls_to_cc_rand( void* mbedtls_rnd_ctx, uint16_t outSizeBytes, uint8_t* out_ptr )
+{
+    uint16_t i = 0;
+    uint8_t temp = 0;
+    mbedtls_rand_func_container* mbedtls_rand = (mbedtls_rand_func_container*)mbedtls_rnd_ctx;
+
+    if( mbedtls_rand->f_rng( mbedtls_rand->ctx, out_ptr, outSizeBytes ) != 0 )
+        return ( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+
+    /*
+     * CC requires the random data as LE, so reversing the data
+     * (although this is random, but test vectors are in specific Endianess)
+     */
+    while ( i < ( outSizeBytes / 2 ) )
+    {
+        temp = out_ptr[outSizeBytes - 1 - i];
+        out_ptr[outSizeBytes - 1 - i] = out_ptr[i];
+        out_ptr[i] = temp;
+        ++i;
+    }
+    /*
+     * CC increases the random data by one, to put the vector in the proper range (1 to  n),
+     * The RFC tests supply a data buffer within range, and in order to generate the proper ephemeral key,
+     * need to decrease one from this data, before CC increases the data, so the output will be as expected
+     */
+    i = 0;
+    while( out_ptr[i] == 0 )
+    {
+        ++i;
+    }
+    while( i > 0 )
+    {
+        --out_ptr[i];
+        --i;
+    }
+    --out_ptr[0];
+    return ( 0 );
+}
+
+int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err )
+{
+    switch(Crys_err)
+    {
+    case CRYS_OK:
+        return ( 0 );
+
+    case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR:
+    case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR:
+    case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR:
+    case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR:
+    case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR:
+    case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR:
+    case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR:
+    case CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR:
+    case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR:
+    case CRYS_ECMONT_INVALID_INPUT_POINTER_ERROR:
+    case CRYS_ECMONT_INVALID_INPUT_SIZE_ERROR:
+    case CRYS_ECMONT_INVALID_DOMAIN_ID_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR:
+    case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR:
+    case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR:
+    case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR:
+    case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR:
+    case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR:
+    case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR:
+    case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR:
+    case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR:
+    case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR:
+    case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR:
+    case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR:
+        return ( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR:
+        return ( MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
+    case CRYS_ECMONT_IS_NOT_SUPPORTED:
+    case CRYS_ECEDW_IS_NOT_SUPPORTED:
+        return ( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+    case CRYS_ECEDW_RND_GEN_VECTOR_FUNC_ERROR:
+        return ( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+
+    case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR:
+    case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR:
+    case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR:
+        return ( MBEDTLS_ERR_ECP_INVALID_KEY );
+
+    default:
+        return ( MBEDTLS_ERR_ECP_HW_ACCEL_FAILED );
+    }
+
+
+}

features/mbedtls/targets/TARGET_CRYPTOCELL310/cc_internal.c

@@ -0,0 +1,131 @@
+/*
+ *  cc_internal.h
+ *
+ *  Internal utility functions and definitions,
+ *  used for converting mbedtls types to CC types, and vice versa
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#ifndef __CC_INTERNAL_H__
+#define __CC_INTERNAL_H__
+#include "crys_ecpki_types.h"
+#include "crys_ec_mont_api.h"
+#include "mbedtls/ecp.h"
+#include <stddef.h>
+#include <stdint.h>
+
+#define CURVE_25519_KEY_SIZE    32
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MAX_KEY_SIZE_IN_BYTES ( ( CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS ) * SASI_32BIT_WORD_SIZE)
+
+/* ECC utility functions and structures*/
+typedef struct cc_ecc_ws_keygen_params{
+    CRYS_ECPKI_UserPublKey_t pubKey;
+    CRYS_ECPKI_UserPrivKey_t privKey;
+    CRYS_ECPKI_KG_TempData_t kgTempData;
+} cc_ecc_ws_keygen_params_t;
+
+typedef struct cc_ecc_ws_comp_shared_params{
+    CRYS_ECPKI_UserPublKey_t pubKey;
+    CRYS_ECPKI_UserPrivKey_t privKey;
+    CRYS_ECDH_TempData_t     ecdhTempData;
+} cc_ecc_ws_comp_shared_params_t;
+
+typedef struct cc_ecc_ws_verify_params{
+    CRYS_ECPKI_UserPublKey_t pubKey;
+    CRYS_ECDSA_VerifyUserContext_t verifyContext;
+} cc_ecc_ws_verify_params_t;
+
+typedef struct cc_ecc_ws_sign_params{
+    CRYS_ECPKI_UserPrivKey_t privKey;
+    CRYS_ECDSA_SignUserContext_t signContext;
+} cc_ecc_ws_sign_params_t;
+
+typedef struct cc_ecc_25519_keygen_params{
+    uint8_t pubKey[CURVE_25519_KEY_SIZE];
+    uint8_t privKey[CURVE_25519_KEY_SIZE];
+    CRYS_ECMONT_TempBuff_t kgTempData;
+} cc_ecc_25519_keygen_params_t;
+
+typedef cc_ecc_25519_keygen_params_t cc_ecc_25519_comp_shared_params_t;
+
+/**
+ * \brief      This function converts mbedtls type mbedtls_ecp_group_id
+ *             to Cryptocell type CRYS_ECPKI_DomainID_t
+ *
+ * \param grp_id           The mbedtls mbedtls_ecp_group_id to convert
+ *
+ * \return     \c The corresponding CRYS_ECPKI_DomainID_t.
+ *                CRYS_ECPKI_DomainID_OffMode if not recognized.
+ */
+CRYS_ECPKI_DomainID_t convert_mbedtls_grp_id_to_crys_domain_id( mbedtls_ecp_group_id grp_id );
+
+/* f_rng conversion from mbedtls type to cc type*/
+typedef struct
+{
+    int  (*f_rng)( void* ctx, unsigned char* output, size_t outSizeBytes );
+    void* ctx;
+
+}mbedtls_rand_func_container;
+
+/**
+ * \brief      This function converts mbedtls f_rng type to
+ *             Cryptocell f_rng type(SaSiRndGenerateVectWorkFunc_t)
+ *
+ *             Note: The Mbed TLS type f_rng signature is:
+ *             int  (*f_rng)( void* ctx, unsigned char* output, size_t outSizeBytes );
+ *             while CC f_rng signature is:
+ *             uint32_t (*SaSiRndGenerateVectWorkFunc_t)(
+ *                        void  *rndState_ptr,
+ *                        uint16_t outSizeBytes,
+ *                        uint8_t          *out_ptr)
+ *
+ *             so the Mbed TLS f_rng can't  be sent as is to the CC API.
+ *
+ *             In addition, this function manipulates the different random data,
+ *             to adjust between the way Cryptocell reads the random data. This is done for
+ *             different standard tests to pass.
+ *
+ *
+ * \param grp_id           The mbedtls mbedtls_ecp_group_id to convert
+ *
+ * \return     \c The corresponding CRYS_ECPKI_DomainID_t.
+ *                CRYS_ECPKI_DomainID_OffMode if not recognized.
+ */
+
+uint32_t convert_mbedtls_to_cc_rand( void* mbedtls_rand, uint16_t outSizeBytes, uint8_t* out_ptr );
+
+/**
+ * \brief      This function convertsCryptocell error
+ *             Mbed TLS related error.
+ *
+ *
+ * \return     \c The corresponding Mbed TLS error,
+ *                MBEDTLS_ERR_ECP_HW_ACCEL_FAILED as default, if none found
+ */
+int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CC_INTERNAL_H__ */

features/mbedtls/targets/TARGET_CRYPTOCELL310/cc_internal.h

@@ -0,0 +1,73 @@
+/*
+ *  cc_rand.h
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+#ifndef __CC_RAND_H__
+#define __CC_RAND_H__
+#include <stddef.h>
+#include <stdint.h>
+
+typedef struct
+{
+    int  (*f_rng)(void* ctx, unsigned char* output, size_t outSizeBytes);
+    void* ctx;
+
+}mbedtls_rand_func_container;
+
+
+uint32_t mbedtls_to_cc_rand_func( void *mbedtls_rnd_ctx, uint16_t outSizeBytes, uint8_t *out_ptr )
+{
+    uint16_t i = 0;
+    uint8_t temp = 0;
+    mbedtls_rand_func_container* mbedtls_rand = (mbedtls_rand_func_container*)mbedtls_rnd_ctx;
+    uint32_t ret = mbedtls_rand->f_rng( mbedtls_rand->ctx, out_ptr, outSizeBytes );
+    if( ret != 0 )
+        return ret;
+
+    /*
+     * CC requires the random data as LE, so reversing the data
+     * (although this is random, but test vectors are in specific Endianess)
+     */
+    while ( i < ( outSizeBytes / 2 ) )
+    {
+        temp = out_ptr[outSizeBytes - 1 - i];
+        out_ptr[outSizeBytes - 1 - i] = out_ptr[i];
+        out_ptr[i] = temp;
+        ++i;
+    }
+    /*
+     * CC increases the random data by one, to put the vector in the proper range (1 to  n),
+     * The RFC tests supply a data buffer within range, and in order to generate the proper ephemeral key,
+     * need to decrease one from this data, before CC increases the data, so the output will be as expected
+     */
+    i = 0;
+    while( out_ptr[i] == 0 )
+    {
+        ++i;
+    }
+    while( i > 0 )
+    {
+        --out_ptr[i];
+        --i;
+    }
+    --out_ptr[0];
+    return ret;
+}
+
+
+#endif/* __CC_RAND_H__ */