Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow NIST curves on all ECDSA algorithms in libtomcrypt and libutee #7249

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Allow NIST curves on all ECDSA algorithms in libtomcrypt and libutee #7249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2dbf53b
ltc: allow NIST curves on all ECDSA algorithms
etienne-lms Jan 20, 2025
a24e005
libutee: allow NIST curves on all ECDSA algorithms
etienne-lms Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions core/lib/libtomcrypt/ecc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,39 +51,44 @@ static TEE_Result ecc_get_curve_info(uint32_t curve, uint32_t algo,
size_bits = 192;
size_bytes = 24;
name = "NISTP192";
if ((algo != 0) && (algo != TEE_ALG_ECDSA_SHA1) &&
if ((algo != 0) &&
(__tee_alg_get_main_alg(algo) != TEE_MAIN_ALGO_ECDSA) &&
(algo != TEE_ALG_ECDH_DERIVE_SHARED_SECRET))
return TEE_ERROR_BAD_PARAMETERS;
break;
case TEE_ECC_CURVE_NIST_P224:
size_bits = 224;
size_bytes = 28;
name = "NISTP224";
if ((algo != 0) && (algo != TEE_ALG_ECDSA_SHA224) &&
if ((algo != 0) &&
(__tee_alg_get_main_alg(algo) != TEE_MAIN_ALGO_ECDSA) &&
(algo != TEE_ALG_ECDH_DERIVE_SHARED_SECRET))
return TEE_ERROR_BAD_PARAMETERS;
break;
case TEE_ECC_CURVE_NIST_P256:
size_bits = 256;
size_bytes = 32;
name = "NISTP256";
if ((algo != 0) && (algo != TEE_ALG_ECDSA_SHA256) &&
if ((algo != 0) &&
(__tee_alg_get_main_alg(algo) != TEE_MAIN_ALGO_ECDSA) &&
(algo != TEE_ALG_ECDH_DERIVE_SHARED_SECRET))
return TEE_ERROR_BAD_PARAMETERS;
break;
case TEE_ECC_CURVE_NIST_P384:
size_bits = 384;
size_bytes = 48;
name = "NISTP384";
if ((algo != 0) && (algo != TEE_ALG_ECDSA_SHA384) &&
if ((algo != 0) &&
(__tee_alg_get_main_alg(algo) != TEE_MAIN_ALGO_ECDSA) &&
(algo != TEE_ALG_ECDH_DERIVE_SHARED_SECRET))
return TEE_ERROR_BAD_PARAMETERS;
break;
case TEE_ECC_CURVE_NIST_P521:
size_bits = 521;
size_bytes = 66;
name = "NISTP521";
if ((algo != 0) && (algo != TEE_ALG_ECDSA_SHA512) &&
if ((algo != 0) &&
(__tee_alg_get_main_alg(algo) != TEE_MAIN_ALGO_ECDSA) &&
(algo != TEE_ALG_ECDH_DERIVE_SHARED_SECRET))
return TEE_ERROR_BAD_PARAMETERS;
break;
Expand Down
88 changes: 53 additions & 35 deletions lib/libutee/tee_api_operations.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,21 +75,18 @@ TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation,
return TEE_ERROR_NOT_SUPPORTED;
break;

case TEE_ALG_ECDSA_SHA1:
case __OPTEE_ALG_ECDSA_P192:
case __OPTEE_ALG_ECDH_P192:
if (maxKeySize != 192)
return TEE_ERROR_NOT_SUPPORTED;
break;

case TEE_ALG_ECDSA_SHA224:
case __OPTEE_ALG_ECDSA_P224:
case __OPTEE_ALG_ECDH_P224:
if (maxKeySize != 224)
return TEE_ERROR_NOT_SUPPORTED;
break;

case TEE_ALG_ECDSA_SHA256:
case __OPTEE_ALG_ECDSA_P256:
case __OPTEE_ALG_ECDH_P256:
case TEE_ALG_SM2_PKE:
Expand All @@ -104,20 +101,23 @@ TEE_Result TEE_AllocateOperation(TEE_OperationHandle *operation,
return TEE_ERROR_NOT_SUPPORTED;
break;

case TEE_ALG_ECDSA_SHA384:
case __OPTEE_ALG_ECDSA_P384:
case __OPTEE_ALG_ECDH_P384:
if (maxKeySize != 384)
return TEE_ERROR_NOT_SUPPORTED;
break;

case TEE_ALG_ECDSA_SHA512:
case __OPTEE_ALG_ECDSA_P521:
case __OPTEE_ALG_ECDH_P521:
if (maxKeySize != 521)
return TEE_ERROR_NOT_SUPPORTED;
break;

case TEE_ALG_ECDSA_SHA1:
case TEE_ALG_ECDSA_SHA224:
case TEE_ALG_ECDSA_SHA256:
case TEE_ALG_ECDSA_SHA384:
case TEE_ALG_ECDSA_SHA512:
case TEE_ALG_ECDH_DERIVE_SHARED_SECRET:
if (maxKeySize > 521)
return TEE_ERROR_NOT_SUPPORTED;
Expand Down Expand Up @@ -2660,36 +2660,53 @@ TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element)
goto check_element_none;
}
if (IS_ENABLED(CFG_CRYPTO_ECC)) {
if ((alg == __OPTEE_ALG_ECDH_P192 ||
alg == __OPTEE_ALG_ECDSA_P192 ||
alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
alg == TEE_ALG_ECDSA_SHA1) &&
element == TEE_ECC_CURVE_NIST_P192)
return TEE_SUCCESS;
if ((alg == __OPTEE_ALG_ECDH_P224 ||
alg == __OPTEE_ALG_ECDSA_P224 ||
alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
alg == TEE_ALG_ECDSA_SHA224) &&
element == TEE_ECC_CURVE_NIST_P224)
return TEE_SUCCESS;
if ((alg == __OPTEE_ALG_ECDH_P256 ||
alg == __OPTEE_ALG_ECDSA_P256 ||
alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
alg == TEE_ALG_ECDSA_SHA256) &&
element == TEE_ECC_CURVE_NIST_P256)
return TEE_SUCCESS;
if ((alg == __OPTEE_ALG_ECDH_P384 ||
alg == __OPTEE_ALG_ECDSA_P384 ||
alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
alg == TEE_ALG_ECDSA_SHA384) &&
element == TEE_ECC_CURVE_NIST_P384)
return TEE_SUCCESS;
if ((alg == __OPTEE_ALG_ECDH_P521 ||
alg == __OPTEE_ALG_ECDSA_P521 ||
alg == TEE_ALG_ECDH_DERIVE_SHARED_SECRET ||
alg == TEE_ALG_ECDSA_SHA512) &&
element == TEE_ECC_CURVE_NIST_P521)
return TEE_SUCCESS;
switch (alg) {
case __OPTEE_ALG_ECDSA_P192:
case __OPTEE_ALG_ECDH_P192:
if (element == TEE_ECC_CURVE_NIST_P192)
return TEE_SUCCESS;
break;
case __OPTEE_ALG_ECDSA_P224:
case __OPTEE_ALG_ECDH_P224:
if (element == TEE_ECC_CURVE_NIST_P224)
return TEE_SUCCESS;
break;
case __OPTEE_ALG_ECDSA_P256:
case __OPTEE_ALG_ECDH_P256:
if (element == TEE_ECC_CURVE_NIST_P256)
return TEE_SUCCESS;
break;
case __OPTEE_ALG_ECDSA_P384:
case __OPTEE_ALG_ECDH_P384:
if (element == TEE_ECC_CURVE_NIST_P384)
return TEE_SUCCESS;
break;
case __OPTEE_ALG_ECDSA_P521:
case __OPTEE_ALG_ECDH_P521:
if (element == TEE_ECC_CURVE_NIST_P521)
return TEE_SUCCESS;
break;
case TEE_ALG_ECDSA_SHA1:
case TEE_ALG_ECDSA_SHA224:
case TEE_ALG_ECDSA_SHA256:
case TEE_ALG_ECDSA_SHA384:
case TEE_ALG_ECDSA_SHA512:
case TEE_ALG_ECDH_DERIVE_SHARED_SECRET:
switch (element) {
case TEE_ECC_CURVE_NIST_P192:
case TEE_ECC_CURVE_NIST_P224:
case TEE_ECC_CURVE_NIST_P256:
case TEE_ECC_CURVE_NIST_P384:
case TEE_ECC_CURVE_NIST_P521:
return TEE_SUCCESS;
default:
break;
}
break;
default:
break;
}
return TEE_ERROR_NOT_SUPPORTED;
}
if (IS_ENABLED(CFG_CRYPTO_SM2_DSA)) {
if (alg == TEE_ALG_SM2_DSA_SM3 && element == TEE_ECC_CURVE_SM2)
Expand All @@ -2713,6 +2730,7 @@ TEE_Result TEE_IsAlgorithmSupported(uint32_t alg, uint32_t element)
}

return TEE_ERROR_NOT_SUPPORTED;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extra line not needed

check_element_none:
if (element == TEE_CRYPTO_ELEMENT_NONE)
return TEE_SUCCESS;
Expand Down