1 /*
2 * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 /*
8 * References:
9 *
10 * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
11 * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
12 * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
13 * RFC 4492 for the related TLS structures and constants
14 *
15 * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
16 *
17 * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
18 * for elliptic curve cryptosystems. In : Cryptographic Hardware and
19 * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
20 * <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
21 *
22 * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
23 * render ECC resistant against Side Channel Attacks. IACR Cryptology
24 * ePrint Archive, 2004, vol. 2004, p. 342.
25 * <http://eprint.iacr.org/2004/342.pdf>
26 */
27
28 #include "mbedtls/build_info.h"
29
30 #if defined(MBEDTLS_ECP_C)
31
32 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
33 defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
34 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
35 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
36 defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
37 defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
38 defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
39 defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
40 defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
41 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
42 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
43 #define ECP_SHORTWEIERSTRASS
44 #endif
45 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
46 #define ECP_MONTGOMERY
47 #endif
48
49 #include "mbedtls/ecp.h"
50 #include "ecp_common.h"
51 #include "mbedtls_common.h"
52 #include "cc_pal_types.h"
53 #include "cc_pal_mem.h"
54 #include "cc_pal_abort.h"
55 #include "cc_common.h"
56 #include "cc_ecpki_error.h"
57 #if defined (ECP_MONTGOMERY)
58 #include "cc_ec_mont_api.h"
59 #endif
60 #if defined (ECP_SHORTWEIERSTRASS)
61 #include "pka_ec_wrst.h"
62 #include "cc_ecpki_kg.h"
63 #endif
64 #include "cc_ecpki_domain.h"
65 #if defined(MBEDTLS_PLATFORM_C)
66 #include "mbedtls/platform.h"
67 #else
68 #include <stdlib.h>
69 #include <stdio.h>
70 #define mbedtls_printf printf
71 #define mbedtls_calloc calloc
72 #define mbedtls_free free
73 #endif
74
ecc_conv_scalar_to_mpi(uint8_t * scalar,size_t scalarSize,mbedtls_mpi * X)75 static int ecc_conv_scalar_to_mpi( uint8_t * scalar, size_t scalarSize, mbedtls_mpi * X)
76 {
77 CCError_t status;
78 int ret;
79 unsigned char * outArr = (unsigned char*)mbedtls_calloc(1, scalarSize);
80 CC_UNUSED_PARAM(status); // Fix mps2 warning
81
82 if (NULL == outArr)
83 {
84 CC_PAL_LOG_ERR("Error - failed to allocate memory\n");
85 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
86 }
87 if (CC_OK != (status = CC_CommonReverseMemcpy(outArr, scalar, scalarSize)))
88 {
89 mbedtls_free(outArr);
90 CC_PAL_LOG_ERR("Error - failed to reverse memcpy, status = %d\n",status);
91 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
92 }
93 ret = mbedtls_mpi_read_binary(X, outArr, scalarSize);
94 if (0 != ret)
95 {
96 mbedtls_free(outArr);
97 CC_PAL_LOG_ERR("Error - failed to read binary to mpi, ret = %d\n",ret);
98 return ret;
99 }
100
101 X->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
102
103 mbedtls_free(outArr);
104
105 return (0);
106 }
107
ecc_conv_mpi_to_scalar(const mbedtls_mpi * X,uint8_t * scalar,size_t * scalarSize)108 static int ecc_conv_mpi_to_scalar( const mbedtls_mpi * X, uint8_t *scalar, size_t *scalarSize)
109 {
110 CCError_t status;
111 int ret;
112 unsigned char * outArr = (unsigned char*)mbedtls_calloc(1, *scalarSize);
113 CC_UNUSED_PARAM(status); // Fix mps2 warning
114
115 if (NULL == outArr)
116 {
117 CC_PAL_LOG_ERR("Error - failed to allocate memory\n");
118 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
119 }
120
121 ret = mbedtls_mpi_write_binary(X, outArr, *scalarSize);
122 if (0 != ret)
123 {
124 mbedtls_free(outArr);
125 CC_PAL_LOG_ERR("Error - failed to write mpi to binary, ret = %d\n",ret);
126 return ret;
127 }
128
129 if (CC_OK != (status = CC_CommonReverseMemcpy(scalar, outArr, *scalarSize)))
130 {
131 mbedtls_free(outArr);
132 CC_PAL_LOG_ERR("Error - failed to reverse memcpy, status = %d\n",status);
133 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
134 }
135 *scalarSize = (X->MBEDTLS_PRIVATE(n) * sizeof(mbedtls_mpi_uint));
136
137 mbedtls_free(outArr);
138
139 return 0;
140 }
141
142 #if defined(ECP_MONTGOMERY)
ecp_mont_mul(mbedtls_ecp_point * R,const mbedtls_mpi * m,const mbedtls_ecp_point * P)143 static int ecp_mont_mul( mbedtls_ecp_point *R,
144 const mbedtls_mpi *m, const mbedtls_ecp_point *P )
145 {
146 int ret;
147 CCError_t rc;
148 CCEcMontTempBuff_t *ecMontTempBuff;
149 uint8_t resPoint[CC_EC_MONT_MOD_SIZE_IN_BYTES];
150 uint8_t scalar[MBEDTLS_ECP_MAX_BYTES];
151 uint8_t px[CC_EC_MONT_MOD_SIZE_IN_BYTES];
152 size_t resPointSize;
153 size_t scalarSize, pxSize;
154
155 scalarSize = MBEDTLS_ECP_MAX_BYTES;
156 pxSize = CC_EC_MONT_MOD_SIZE_IN_BYTES;
157 resPointSize = CC_EC_MONT_MOD_SIZE_IN_BYTES;
158
159 ret = ecc_conv_mpi_to_scalar(m, scalar, &scalarSize);
160 if (ret != 0)
161 {
162 return ret;
163 }
164
165 mbedtls_zeroize_internal(px, CC_EC_MONT_MOD_SIZE_IN_BYTES);
166 ret = ecc_conv_mpi_to_scalar(&P->MBEDTLS_PRIVATE(X), px, &pxSize);
167 if (ret != 0)
168 {
169 return ret;
170 }
171
172 ecMontTempBuff = mbedtls_calloc( 1, sizeof( CCEcMontTempBuff_t ));
173 if (NULL == ecMontTempBuff)
174 {
175 CC_PAL_LOG_ERR("Error - failed to allocate memory\n");
176 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
177 }
178
179 rc = CC_EcMontScalarmult(resPoint, &resPointSize, scalar, scalarSize, px, CC_EC_MONT_MOD_SIZE_IN_BYTES, ecMontTempBuff);
180
181 mbedtls_free(ecMontTempBuff);
182 /*secure programing*/
183 mbedtls_zeroize_internal(scalar,scalarSize);
184
185 if (rc != CC_SUCCESS)
186 {
187 CC_PAL_LOG_ERR("Error - multiplication ended with result: %d\n", rc);
188 return error_mapping_cc_to_mbedtls_ecc(rc);
189 }
190 /* prepare the output point R*/
191 /* Y is not used in the result, and Z is 1*/
192 ret = mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 1 );
193 if (ret != 0)
194 {
195 CC_PAL_LOG_ERR("Error - could not set R.z\n");
196 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
197 }
198 mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(Y));
199 ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &R->MBEDTLS_PRIVATE(X));
200 if (ret != 0)
201 {
202 return ret;
203 }
204 return (0);
205
206 }
207 #endif /* ECP_MONTGOMERY */
208
209 #if defined(ECP_SHORTWEIERSTRASS)
210
ecp_wrst_mul(mbedtls_ecp_group * grp,mbedtls_ecp_point * R,const mbedtls_mpi * m,const mbedtls_ecp_point * P)211 static int ecp_wrst_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
212 const mbedtls_mpi *m, const mbedtls_ecp_point *P )
213 {
214 int ret;
215 CCError_t rc;
216 void *tmpBuf;
217 const CCEcpkiDomain_t *pDomain;
218 CCEcpkiDomainID_t domainId;
219
220 ret = ecp_grp_id_to_domain_id(grp->id, &domainId);
221 if (ret != 0)
222 {
223 CC_PAL_LOG_ERR("Error - group id %d is not supported\n",grp->id);
224 return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
225
226 }
227 pDomain = CC_EcpkiGetEcDomain(domainId);
228 if (NULL == pDomain)
229 {
230 CC_PAL_LOG_ERR("Error - domain id %d is not supported\n",domainId);
231 return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
232 }
233
234 tmpBuf = mbedtls_calloc(1, sizeof(CCEcpkiKgTempData_t));
235 if (NULL == tmpBuf)
236 {
237 CC_PAL_LOG_ERR("Error - failed to allocate memory for temporary buffer\n");
238 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
239 }
240 ret = mbedtls_mpi_grow(&R->MBEDTLS_PRIVATE(X), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
241 if (ret != 0)
242 {
243 CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
244 mbedtls_free(tmpBuf);
245 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
246 }
247
248 ret = mbedtls_mpi_grow(&R->MBEDTLS_PRIVATE(Y), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
249 if (ret != 0)
250 {
251 CC_PAL_LOG_ERR("Error - failed to allocate memory for R.x\n");
252 mbedtls_free(tmpBuf);
253 mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(X));
254 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
255 }
256
257 rc = PkaEcWrstScalarMult(pDomain, m->MBEDTLS_PRIVATE(p), m->MBEDTLS_PRIVATE(n), P->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), P->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), R->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), R->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), tmpBuf);
258 mbedtls_free(tmpBuf);
259 if (rc != CC_SUCCESS)
260 {
261 CC_PAL_LOG_ERR("Error - multiplication ended with result: %d\n", rc);
262 return error_mapping_cc_to_mbedtls_ecc(rc);
263 }
264
265 ret = mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 1 );
266 if (ret != 0)
267 {
268 CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
269 mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(X));
270 mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(Y));
271 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
272 }
273 return (0);
274 }
275 #endif /* ECP_SHORTWEIERSTRASS */
276
277 /*
278 * Multiplication R = m * P
279 */
cc_ecp_mul(mbedtls_ecp_group * grp,mbedtls_ecp_point * R,const mbedtls_mpi * m,const mbedtls_ecp_point * P,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)280 int cc_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
281 const mbedtls_mpi *m, const mbedtls_ecp_point *P,
282 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
283 {
284 int ret;
285
286 CC_UNUSED_PARAM(f_rng);
287 CC_UNUSED_PARAM(p_rng);
288
289 /* Input parameters validation */
290 if (NULL == grp || NULL == R || NULL == m || NULL == P )
291 {
292 CC_PAL_LOG_ERR("Error - NULL pointer exception\n");
293 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
294
295 }
296 /* Common sanity checks */
297 if( mbedtls_mpi_cmp_int( &P->MBEDTLS_PRIVATE(Z), 1 ) != 0 )
298 {
299 CC_PAL_LOG_ERR("Error - trying to multiply the infinity point\n");
300 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
301 }
302
303 ret = mbedtls_ecp_check_privkey( grp, m );
304 if (ret !=0 )
305 {
306 CC_PAL_LOG_ERR("Error - bad private key\n");
307 return( ret );
308 }
309 ret = mbedtls_ecp_check_pubkey( grp, P );
310 if (ret != 0)
311 {
312 CC_PAL_LOG_ERR("Error - bad public key\n");
313 return( ret );
314 }
315
316 #if defined(ECP_MONTGOMERY)
317 if( ecp_get_type( grp ) == ECP_TYPE_25519 )
318 {
319 return ecp_mont_mul( R, m, P);
320 }
321 #endif
322 #if defined(ECP_SHORTWEIERSTRASS)
323 if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
324 {
325 return ecp_wrst_mul( grp, R, m, P);
326 }
327 #endif
328 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
329 }
330
331 #if defined(ECP_MONTGOMERY)
ecp_mont_gen_keypair_base(const mbedtls_ecp_point * G,mbedtls_mpi * d,mbedtls_ecp_point * Q,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)332 static int ecp_mont_gen_keypair_base(
333 const mbedtls_ecp_point *G, /* can be NULL in order to use the curve generator*/
334 mbedtls_mpi *d, mbedtls_ecp_point *Q,
335 int (*f_rng)(void *, unsigned char *, size_t),
336 void *p_rng )
337 {
338 int ret;
339 CCError_t rc;
340 CCEcMontTempBuff_t *ecMontTempBuff;
341 uint8_t resPoint[CC_EC_MONT_MOD_SIZE_IN_BYTES];
342 uint8_t scalar[MBEDTLS_ECP_MAX_BYTES];
343 uint8_t px[CC_EC_MONT_MOD_SIZE_IN_BYTES];
344 size_t resPointSize;
345 size_t scalarSize, pxSize;
346 CCRndContext_t *pRndContext;
347
348 scalarSize = MBEDTLS_ECP_MAX_BYTES;
349 pxSize = CC_EC_MONT_MOD_SIZE_IN_BYTES;
350 resPointSize = CC_EC_MONT_MOD_SIZE_IN_BYTES;
351
352
353 if (G != NULL) /* Base point was supplied by application*/
354 {
355 mbedtls_zeroize_internal(px, CC_EC_MONT_MOD_SIZE_IN_BYTES);
356 ret = ecc_conv_mpi_to_scalar(&G->MBEDTLS_PRIVATE(X), px, &pxSize);
357 if (ret != 0)
358 {
359 return ret;
360 }
361 }
362
363 ecMontTempBuff = mbedtls_calloc( 1, (sizeof( CCEcMontTempBuff_t ) + sizeof( CCRndContext_t )));
364 if (NULL == ecMontTempBuff)
365 {
366 CC_PAL_LOG_ERR("Error - failed to allocate memory\n");
367 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
368 }
369
370 pRndContext = (CCRndContext_t *)(ecMontTempBuff + 1);
371 pRndContext->rndGenerateVectFunc = (CCRndGenerateVectWorkFunc_t)f_rng;
372 pRndContext->rndState = p_rng;
373
374 if (G != NULL)
375 {
376 rc = CC_EcMontKeyPairBase(resPoint, &resPointSize, scalar, &scalarSize, px, CC_EC_MONT_MOD_SIZE_IN_BYTES, pRndContext, ecMontTempBuff);
377 }
378 else
379 {
380 rc = CC_EcMontKeyPair(resPoint, &resPointSize, scalar, &scalarSize, pRndContext, ecMontTempBuff);
381 }
382
383 mbedtls_free(ecMontTempBuff);
384
385 if (rc != CC_SUCCESS)
386 {
387 CC_PAL_LOG_ERR("Error - keypair generation ended with result: %d\n", rc);
388 return error_mapping_cc_to_mbedtls_ecc(rc);
389 }
390
391 ret = ecc_conv_scalar_to_mpi(scalar, scalarSize, d);
392 /* secure programing */
393 mbedtls_zeroize_internal(scalar, scalarSize);
394 if (ret != 0)
395 {
396 goto END;
397 }
398 /* prepare the output point Q*/
399 /* Y is not used in the result, and Z is 1*/
400 ret = mbedtls_mpi_lset( &Q->MBEDTLS_PRIVATE(Z), 1 );
401 if (ret != 0)
402 {
403 CC_PAL_LOG_ERR("Error - could not set Q.z\n");
404 goto END;
405 }
406 mbedtls_mpi_free(&Q->MBEDTLS_PRIVATE(Y));
407 ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &Q->MBEDTLS_PRIVATE(X));
408 if (ret != 0)
409 {
410 goto END;
411 }
412
413 /* see [Curve25519] page 5 */
414 ret = mbedtls_mpi_set_bit(d, 0, 0);
415 if (ret != 0)
416 {
417 goto END;
418 }
419 ret = mbedtls_mpi_set_bit(d, 1, 0);
420 if (ret != 0)
421 {
422 goto END;
423 }
424 ret = mbedtls_mpi_set_bit(d, 2, 0);
425 if (ret != 0)
426 {
427 goto END;
428 }
429 ret = mbedtls_mpi_set_bit(d, 255, 0);
430 if (ret != 0)
431 {
432 goto END;
433 }
434 ret = mbedtls_mpi_set_bit(d, 254, 1);
435 if (ret != 0)
436 {
437 goto END;
438 }
439
440 return (0);
441
442 END:
443 mbedtls_ecp_point_free(Q);
444 mbedtls_mpi_free(d);
445 return ret;
446
447 }
448 #endif /* ECP_MONTGOMERY */
449 #if defined(ECP_SHORTWEIERSTRASS)
450
ecp_wrst_gen_keypair_base(mbedtls_ecp_group * grp,const mbedtls_ecp_point * G,mbedtls_mpi * d,mbedtls_ecp_point * Q,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)451 static int ecp_wrst_gen_keypair_base( mbedtls_ecp_group *grp,
452 const mbedtls_ecp_point *G, /* can be NULL in order to use the curve generator*/
453 mbedtls_mpi *d, mbedtls_ecp_point *Q,
454 int (*f_rng)(void *, unsigned char *, size_t),
455 void *p_rng )
456 {
457 int ret;
458 CCError_t rc;
459 const CCEcpkiDomain_t *pDomain;
460 CCEcpkiDomainID_t domainId;
461 CCRndContext_t *pRndContext;
462 CCEcpkiUserPrivKey_t *pUserPrivKey;
463 CCEcpkiUserPublKey_t *pUserPublKey;
464 CCEcpkiPrivKey_t *pPrivKey;
465 CCEcpkiPublKey_t *pPublicKey;
466
467 CCEcpkiKgTempData_t *pTempBuff = NULL;
468
469 ret = ecp_grp_id_to_domain_id(grp->id, &domainId);
470 if (ret != 0)
471 {
472 CC_PAL_LOG_ERR("Error - group id %d is not supported\n",grp->id);
473 return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
474
475 }
476 pDomain = CC_EcpkiGetEcDomain(domainId);
477 if (NULL == pDomain)
478 {
479 CC_PAL_LOG_ERR("Error - domain id %d is not supported\n",domainId);
480 return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
481 }
482
483 pTempBuff = mbedtls_calloc(1, (sizeof( CCEcpkiKgTempData_t ) + sizeof( CCRndContext_t ) + sizeof( CCEcpkiUserPrivKey_t ) + sizeof( CCEcpkiUserPublKey_t )));
484 if (NULL == pTempBuff)
485 {
486 CC_PAL_LOG_ERR("Error - failed to allocate memory for temporary buffer\n");
487 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
488 }
489 pRndContext = (CCRndContext_t *)(pTempBuff + 1);
490 pUserPrivKey = (CCEcpkiUserPrivKey_t *)(pRndContext + 1);
491 pUserPublKey = (CCEcpkiUserPublKey_t *)(pUserPrivKey + 1);
492
493 pRndContext->rndGenerateVectFunc = (CCRndGenerateVectWorkFunc_t)f_rng;
494 pRndContext->rndState = p_rng;
495
496 ret = mbedtls_mpi_grow(&Q->MBEDTLS_PRIVATE(X), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
497 if (ret != 0)
498 {
499 CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
500 goto END;
501 }
502 Q->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
503
504 ret = mbedtls_mpi_grow(&Q->MBEDTLS_PRIVATE(Y), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
505 if (ret != 0)
506 {
507 CC_PAL_LOG_ERR("Error - failed to allocate memory for R.x\n");
508 goto END;
509 }
510 Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
511
512 ret = mbedtls_mpi_grow(d, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
513 if (ret != 0)
514 {
515 CC_PAL_LOG_ERR("Error - failed to allocate memory for R.d\n");
516 goto END;
517 }
518
519 d->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
520
521 if (G != NULL) /* Base point was supplied by the application*/
522 {
523 rc = CC_EcpkiKeyPairGenerateBase(pRndContext, pDomain, G->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), G->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), pUserPrivKey, pUserPublKey, pTempBuff, NULL);
524 }
525 else
526 {
527 rc = CC_EcpkiKeyPairGenerate(pRndContext, pDomain, pUserPrivKey, pUserPublKey, pTempBuff, NULL);
528 }
529 if (rc != CC_SUCCESS)
530 {
531 CC_PAL_LOG_ERR("Error - Key generation ended with result: %d\n", rc);
532 ret = error_mapping_cc_to_mbedtls_ecc(rc);
533 goto END;
534 }
535
536 pPrivKey = (CCEcpkiPrivKey_t *)pUserPrivKey->PrivKeyDbBuff;
537 pPublicKey = (CCEcpkiPublKey_t *)pUserPublKey->PublKeyDbBuff;
538 CC_PalMemCopy(d->MBEDTLS_PRIVATE(p), pPrivKey->PrivKey, CALC_FULL_BYTES(pDomain->modSizeInBits));
539 CC_PalMemCopy(Q->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), pPublicKey->x, CALC_FULL_BYTES(pDomain->modSizeInBits));
540 CC_PalMemCopy(Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), pPublicKey->y, CALC_FULL_BYTES(pDomain->modSizeInBits));
541
542 ret = mbedtls_mpi_lset( &Q->MBEDTLS_PRIVATE(Z), 1 );
543 if (ret != 0)
544 {
545 CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
546 goto END;
547 }
548 ret = (0);
549 goto SUCCESS;
550
551 END:
552
553 mbedtls_ecp_point_free(Q);
554 mbedtls_mpi_free(d);
555 SUCCESS:
556 mbedtls_zeroize_internal(pTempBuff, (sizeof( CCEcpkiKgTempData_t ) + sizeof( CCRndContext_t ) + sizeof( CCEcpkiUserPrivKey_t ) + sizeof( CCEcpkiUserPublKey_t )));
557 mbedtls_free(pTempBuff);
558 return ret;
559 }
560 #endif /* ECP_SHORTWEIERSTRASS */
561 /*
562 * Generate a keypair with configurable base point
563 */
cc_ecp_gen_keypair_base(mbedtls_ecp_group * grp,const mbedtls_ecp_point * G,mbedtls_mpi * d,mbedtls_ecp_point * Q,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)564 int cc_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
565 const mbedtls_ecp_point *G,
566 mbedtls_mpi *d, mbedtls_ecp_point *Q,
567 int (*f_rng)(void *, unsigned char *, size_t),
568 void *p_rng )
569 {
570
571 /* Input parameters validation */
572 if (NULL == grp || NULL == Q || NULL == d || NULL == G || f_rng == NULL || p_rng == NULL)
573 {
574 CC_PAL_LOG_ERR("Error - NULL pointer exception\n");
575 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
576
577 }
578 #if defined(ECP_MONTGOMERY)
579 if( ecp_get_type( grp ) == ECP_TYPE_25519 )
580 {
581 return ecp_mont_gen_keypair_base(G, d, Q, f_rng, p_rng);
582 }
583 #endif /* ECP_MONTGOMERY */
584
585 #if defined(ECP_SHORTWEIERSTRASS)
586 if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
587 {
588 return ecp_wrst_gen_keypair_base(grp, G, d, Q, f_rng, p_rng);
589 }
590 #endif /* ECP_SHORTWEIERSTRASS */
591 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
592 }
593 #endif /*(MBEDTLS_ECP_C)*/
594
