Merge pull request #250 from llly/tlibcrypto_update

Update tlibcrypto to add new crypto wrapper function

Author: andyzyb

common/inc/internal/ipp_wrapper.h

@@ -34,6 +34,17 @@
 
 #include "ippcp.h"
 
+#ifndef CLEAR_FREE_MEM
+#define CLEAR_FREE_MEM(address, size) {            \
+	if (address != NULL) {                          \
+		if (size > 0) {                             \
+			(void)memset_s(address, size, 0, size); \
+		}                                           \
+		free(address);                              \
+	}				                                \
+}
+#endif
+
 #ifndef SAFE_FREE_MM
 #define SAFE_FREE_MM(ptr) {\
     if(ptr != NULL)     \
@@ -55,7 +66,8 @@ extern "C" {
 #endif
 
 IppStatus newBN(const Ipp32u *data, int size_in_bytes, IppsBigNumState **p_new_BN);
-
+IppStatus newPrimeGen(int nMaxBits, IppsPrimeState ** pPrimeG);
+IppStatus newPRNG(IppsPRNGState **pRandGen);
 IppStatus create_rsa_priv1_key(int n_byte_size, int d_byte_size, const Ipp32u *n, const Ipp32u *d, IppsRSAPrivateKeyState **new_pri_key1);
 
 IppStatus create_rsa_priv2_key(int p_byte_size, const Ipp32u *p, const Ipp32u *q,

common/inc/internal/ssl_wrapper.h

@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef _SSL_WRAPPER_H
+#define _SSL_WRAPPER_H
+
+
+#ifndef BN_CHECK_BREAK
+#define BN_CHECK_BREAK(x)  if((x == NULL) || (BN_is_zero(x))){break;}
+#endif
+
+#ifndef NULL_BREAK
+#define NULL_BREAK(x)   if(!x){break;}
+#endif
+
+
+#endif
+
+

common/inc/sgx_tcrypto.h

@@ -42,6 +42,7 @@
 
 #include "sgx.h"
 #include "sgx_defs.h"
+#include "stdlib.h"
 
 #define SGX_SHA256_HASH_SIZE            32
 #define SGX_ECP256_KEY_SIZE             32
@@ -138,6 +139,41 @@ typedef enum {
 	SGX_RSA_INVALID_SIGNATURE    /* invalid signature */
 } sgx_rsa_result_t;
 
+typedef enum {
+    SGX_RSA_PRIVATE_KEY,               /* RSA private key state     */
+
+    SGX_RSA_PUBLIC_KEY    /* RSA public key state */
+} sgx_rsa_key_type_t;
+
+#define N_SIZE_IN_BYTES    384
+#define E_SIZE_IN_BYTES    4
+#define D_SIZE_IN_BYTES    384
+#define P_SIZE_IN_BYTES    192
+#define Q_SIZE_IN_BYTES    192
+#define DMP1_SIZE_IN_BYTES 192
+#define DMQ1_SIZE_IN_BYTES 192
+#define IQMP_SIZE_IN_BYTES 192
+
+#define N_SIZE_IN_UINT     N_SIZE_IN_BYTES/sizeof(unsigned int)
+#define E_SIZE_IN_UINT     E_SIZE_IN_BYTES/sizeof(unsigned int)
+#define D_SIZE_IN_UINT     D_SIZE_IN_BYTES/sizeof(unsigned int)
+#define P_SIZE_IN_UINT     P_SIZE_IN_BYTES/sizeof(unsigned int)
+#define Q_SIZE_IN_UINT     Q_SIZE_IN_BYTES/sizeof(unsigned int)
+#define DMP1_SIZE_IN_UINT  DMP1_SIZE_IN_BYTES/sizeof(unsigned int)
+#define DMQ1_SIZE_IN_UINT  DMQ1_SIZE_IN_BYTES/sizeof(unsigned int)
+#define IQMP_SIZE_IN_UINT  IQMP_SIZE_IN_BYTES/sizeof(unsigned int)
+
+typedef struct _rsa_params_t {
+	unsigned int n[N_SIZE_IN_UINT];
+	unsigned int e[E_SIZE_IN_UINT];
+	unsigned int d[D_SIZE_IN_UINT];
+	unsigned int p[P_SIZE_IN_UINT];
+	unsigned int q[Q_SIZE_IN_UINT];
+	unsigned int dmp1[DMP1_SIZE_IN_UINT];
+	unsigned int dmq1[DMQ1_SIZE_IN_UINT];
+	unsigned int iqmp[IQMP_SIZE_IN_UINT];
+}rsa_params_t;
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -656,8 +692,127 @@ extern "C" {
         const sgx_rsa3072_signature_t *p_signature,
 		sgx_rsa_result_t *p_result);
 
+    /** Create RSA key pair with <n_byte_size> key size and <e_byte_size> public exponent.
+    *
+    * Parameters:
+    *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: p_e [In/Out] Pointer to the public exponent e.
+    *           n_byte_size [In] Size in bytes of the key modulus.
+    *           e_byte_size	[In] Size in bytes of the key public exponent.
+    *   Output: p_*			[Out] Pointer to the matching key parameter/factor buffer.
+    */
+    sgx_status_t sgx_create_rsa_key_pair(int n_byte_size, int e_byte_size, unsigned char *p_n, unsigned char *p_d, unsigned char *p_e,
+        unsigned char *p_p, unsigned char *p_q, unsigned char *p_dmp1,
+        unsigned char *p_dmq1, unsigned char *p_iqmp);
+
+    /** Decrypt ciphertext [pin_data] using RSA private key, with OAEP SHA-256
+    *
+    * Parameters:
+    *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: rsa_key	- Pointer to the EVP_PKEY struct containting RSA private key.
+    *           pin_data - Pointer to the input ciphertext buffer.
+    *           pin_len - Ciphertext buffer size.
+    *   Output: pout_data - Pointer to the output buffer.
+    *           pout_len - Pointer to amount of data written.
+    *
+    */
+    sgx_status_t sgx_rsa_priv_decrypt_sha256(void* rsa_key, unsigned char* pout_data, size_t* pout_len, const unsigned char* pin_data, const size_t pin_len);
+
+    /** Encrypt input data [pin_data] using RSA public key, with OAEP SHA-256
+    *
+    * Parameters:
+    *   Return: sgx_status_t  - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: rsa_key - Pointer to the EVP_PKEY struct containting RSA public key.
+    *           pin_data - Pointer to the input data buffer.
+    *           pin_len - Input buffer size.
+    *   Output: pout_data - Pointer to the output buffer.
+    *           pout_len - Pointer to amount of data (ciphertext) written.
+    *
+    */
+    sgx_status_t sgx_rsa_pub_encrypt_sha256(void* rsa_key, unsigned char* pout_data, size_t* pout_len, const unsigned char* pin_data, const size_t pin_len);
+
+    /** Create RSA private key using input buffer factors in little endian.
+    *
+    * Parameters:
+    *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: prime_size - Pointer to the modulus size.
+    *           exp_size - Pointer to the public exponent e size.
+    *           g_rsa_key_e	- Pointer to the public exponent e buffer.
+    *           g_rsa_key_p	- Pointer to the prime number p.
+    *           g_rsa_key_q	- Pointer to the prime number q.
+    *           g_rsa_key_dmp1 - Pointer to dmp1 [d mod (p-1)].
+    *           g_rsa_key_dmq1 - Pointer to dmq1 [d mod (q-1)].
+    *           g_rsa_key_iqmp - Pointer to iqmp [q^-1 mod p].
+    *   Output: new_pri_key2 - Pointer to the generated private key.
+    *
+    */
+    sgx_status_t sgx_create_rsa_priv2_key(int prime_size, int exp_size, const unsigned char *g_rsa_key_e, const unsigned char *g_rsa_key_p, const unsigned char *g_rsa_key_q,
+        const unsigned char *g_rsa_key_dmp1, const unsigned char *g_rsa_key_dmq1, const unsigned char *g_rsa_key_iqmp,
+        void **new_pri_key2);
+
+    /** Create RSA private key using input buffer factors in little endian.
+    *
+    * Parameters:
+    *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: n_byte_size	- Pointer to the modulus size.
+    *           e_byte_size	- Pointer to the public exponent e size.
+    *           d_byte_size	- Pointer to the private exponent d size.
+    *           le_e - Pointer to the public exponent e buffer.
+    *           le_n - Pointer to the modulus n.
+    *           le_d - Pointer to the private exponent d.
+    *   Output: new_pri_key1 - Pointer to the generated private key.
+    *
+    */
+    sgx_status_t sgx_create_rsa_priv1_key(int n_byte_size, int e_byte_size, int d_byte_size, const unsigned char *le_n, const unsigned char *le_e,
+        const unsigned char *le_d, void **new_pri_key1);
+
+    /** Create RSA public key using input buffer factors in little endian.
+    *
+    * Parameters:
+    *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: prime_size		- Pointer to the modulus size.
+    *           exp_size		- Pointer to the public exponent e size.
+    *           le_n			- Pointer to the modulus n buffer.
+    *           le_e - Pointer to the public exponent e buffer.
+    *   Output: new_pub_key1 - Pointer to the generated public key.
+    *
+    */
+    sgx_status_t sgx_create_rsa_pub1_key(int prime_size, int exp_size, const unsigned char *le_n, const unsigned char *le_e, void **new_pub_key1);
+
+    /** Clear and free RSA key which was generated by one of the Tcrypto "sgx_create_rsa_*" APIs.
+    *
+    * Parameters:
+    *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: p_rsa_key		- Pointer to the RSA key.
+    *           (Note: All input parameters below are relevant only when using IPP based tcrypto library)
+    *           key_type		- key state type, relevant only when using IPP based tcrypto library.
+    *                             Possible options {SGX_RSA_PRIVATE_KEY, SGX_RSA_PUBLIC_KEY}
+    *           mod_size		- RSA key modulus size.
+    *           exp_size		- RSA key public exponent size.
+    *   Output:
+    *
+    */
+    sgx_status_t sgx_free_rsa_key(void *p_rsa_key, sgx_rsa_key_type_t key_type, int mod_size, int exp_size);
+
+    /** Create an ECDSA private key based on input random seed.
+    *
+    * Parameters:
+    *   Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h
+    *   Inputs: hash_drg - Input seed
+    *           hash_drg_len - Seed len
+    *           sgx_nistp256_r_m1 -
+    *           sgx_nistp256_r_m1_len - nistp256 len
+    *   Output: out_key - ECDSA private key
+    *           out_key_len - ECDSA private key length
+    *
+    */
+    sgx_status_t sgx_calculate_ecdsa_priv_key(const unsigned char* hash_drg, int hash_drg_len,
+        const unsigned char* sgx_nistp256_r_m1, int sgx_nistp256_r_m1_len,
+        unsigned char* out_key, int out_key_len);
+
 #ifdef __cplusplus
 }
 #endif
 
 #endif
+

sdk/tlibcrypto/Makefile

@@ -37,7 +37,7 @@ CPPFLAGS := -I$(COMMON_DIR)/inc/internal \
 
 CXXFLAGS += $(ENCLAVE_CXXFLAGS) -Werror -fno-exceptions -fno-rtti
 
-OBJ = init_tcrypto_lib.o sgx_aes_ctr.o sgx_aes_gcm.o sgx_cmac128.o sgx_ecc256.o sgx_ecc256_ecdsa.o sgx_sha256.o sgx_sha256_msg.o sgx_ecc256_internal.o sgx_rsa3072.o
+OBJ = init_tcrypto_lib.o sgx_aes_ctr.o sgx_rsa_encryption.o sgx_aes_gcm.o sgx_cmac128.o sgx_ecc256.o sgx_ecc256_ecdsa.o sgx_sha256.o sgx_sha256_msg.o sgx_ecc256_internal.o sgx_rsa3072.o
 SHARED_OBJ = tcrypto_version.o
 
 ifneq ($(USE_OPT_LIBS), 1)
@@ -50,14 +50,14 @@ else
 endif #($(ARCH), x86_64)
 
 ifdef DEBUG
+    SGX_COMMON_CFLAGS += -O0
     OPENSSL_LIBRARY_PATH := $(OPENSSL_PACKAGE)/lib64/debug
 else
     OPENSSL_LIBRARY_PATH := $(OPENSSL_PACKAGE)/lib64/release
 endif
 
-SGXSSL_Library_Name := sgx_tsgxssl
 OpenSSL_Crypto_Library_Name := sgx_tsgxssl_crypto
-
+SGXSSL_Library_Name := sgx_tsgxssl
 PREPARE_SGXSSL := $(LINUX_EXTERNAL_DIR)/sgxssl/prepare_sgxssl.sh
 PREPRARE_SGX_SSL:
 	chmod 755 $(PREPARE_SGXSSL)
@@ -72,7 +72,7 @@ LIB_NAME := libsgx_tcrypto_sgxssl.a
 else
 
 CPPFLAGS += -I$(SGX_IPP_INC)
-OBJ += sgx_ecc256_common.o
+OBJ += sgx_ecc256_common.o sgx_rsa_internal.o
 SRCDIR := ipp
 
 LIB_NAME := libsgx_tcrypto_ipp.a