diff options
Diffstat (limited to 'thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c')
-rw-r--r-- | thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c | 267 |
1 files changed, 267 insertions, 0 deletions
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c new file mode 100644 index 0000000..5b99a83 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c @@ -0,0 +1,267 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include <string.h> +#include "app_util.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_mem.h" +#include "nrf_crypto_shared.h" +#include "cc310_bl_backend_ecdsa.h" +#include "cc310_bl_backend_shared.h" +#include "cc310_backend_mutex.h" +#include "crys_ecpki_error.h" + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +static ret_code_t crys_error_to_ret_code(CRYSError_t crys_error) +{ + switch (crys_error) + { + case CRYS_OK: + return NRF_SUCCESS; + + case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR: + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + + default: + break; + } + + return NRF_ERROR_CRYPTO_INTERNAL; +} + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp224r1_t, r) == 0, + "Offset of r in nrf_cc310_bl_ecc_signature_secp224r1_t is unexpected"); +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp224r1_t, s) == + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE, + "Offset of s in nrf_cc310_bl_ecc_signature_secp224r1_t is unexpected"); + + +ret_code_t nrf_crypto_backend_secp224r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + ret_code_t result; + CRYSError_t crys_error; + bool mutex_locked; + + nrf_crypto_backend_secp224r1_verify_context_t * p_ctx = + (nrf_crypto_backend_secp224r1_verify_context_t *)p_context; + + nrf_crypto_backend_secp224r1_public_key_t * p_pub = + (nrf_crypto_backend_secp224r1_public_key_t *)p_public_key; + + p_ctx->user_context.init_val = NRF_CC310_BL_ECDSA_CONTEXT_INITIALIZED; + +#if defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 1) + + size_t hash_size = MIN(data_size, NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + uint8_t * p_hash_and_sig_le = + NRF_CRYPTO_ALLOC(hash_size + 2 * NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + + if (p_hash_and_sig_le == NULL) + { + return NRF_ERROR_CRYPTO_ALLOC_FAILED; + } + + nrf_crypto_internal_swap_endian(p_hash_and_sig_le, p_data, hash_size); + + nrf_crypto_internal_double_swap_endian(&p_hash_and_sig_le[hash_size], + p_signature, + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp224r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp224r1_t const *)&p_hash_and_sig_le[hash_size], + p_hash_and_sig_le, + hash_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + + NRF_CRYPTO_FREE(p_hash_and_sig_le); + +#elif defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 0) + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp224r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp224r1_t const *)p_signature, + p_data, + data_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + +#else + + #error NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED define not found in sdk_config.h Inalid sdk_config.h! + +#endif + + result = crys_error_to_ret_code(crys_error); + + return result; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + + +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp256r1_t, r) == 0, + "Offset of r in nrf_cc310_bl_ecc_signature_secp256r1_t is unexpected"); + +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp256r1_t, s) == + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + "Offset of s in nrf_cc310_bl_ecc_signature_secp256r1_t is unexpected"); + + +ret_code_t nrf_crypto_backend_secp256r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + ret_code_t result; + CRYSError_t crys_error; + bool mutex_locked; + + + nrf_crypto_backend_secp256r1_verify_context_t * p_ctx = + (nrf_crypto_backend_secp256r1_verify_context_t *)p_context; + + nrf_crypto_backend_secp256r1_public_key_t * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t *)p_public_key; + + p_ctx->user_context.init_val = NRF_CC310_BL_ECDSA_CONTEXT_INITIALIZED; + +#if defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 1) + + uint8_t hash_le[NRF_CRYPTO_HASH_SIZE_SHA256]; + uint8_t signature_le[NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE * 2]; + size_t hash_size = MIN(data_size, NRF_CRYPTO_HASH_SIZE_SHA256); + + nrf_crypto_internal_swap_endian(hash_le, p_data, hash_size); + + nrf_crypto_internal_double_swap_endian(signature_le, + p_signature, + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp256r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp256r1_t const *)signature_le, + hash_le, + hash_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + +#elif defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 0) + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp256r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp256r1_t const *)p_signature, + p_data, + data_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + +#else + + #error NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED define not found in sdk_config.h. Invalid sdk_config.file! + +#endif + + result = crys_error_to_ret_code(crys_error); + + return result; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) |