1 /*
2 * Copyright (C) 2017 C-SKY Microsystems Co., Ltd. All rights reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 /******************************************************************************
18 * @file ck_rsa.c
19 * @brief CSI Source File for RSA Driver
20 * @version V1.0
21 * @date 02. June 2017
22 ******************************************************************************/
23 #include <stdio.h>
24 #include <string.h>
25 #include "drv_rsa.h"
26 #include "ck_rsa.h"
27
28 #define ERR_RSA(errno) (CSI_DRV_ERRNO_RSA_BASE | errno)
29 #define RSA_NULL_PARAM_CHK(para) \
30 do { \
31 if (para == NULL) { \
32 return ERR_RSA(EDRV_PARAMETER); \
33 } \
34 } while (0)
35
36
37 typedef struct {
38 uint32_t base;
39 uint32_t irq;
40 rsa_event_cb_t cb;
41 rsa_data_bits_e data_bit;
42 rsa_endian_mode_e endian;
43 rsa_padding_t padding;
44 rsa_status_t status;
45 } ck_rsa_priv_t;
46
47 static ck_rsa_priv_t rsa_handle[CONFIG_RSA_NUM];
48
49 extern uint8_t modulus[];
50 static ck_rsa_reg_t *rsa_reg = NULL;
51 static uint32_t g_acc[RSA_KEY_WORD];
52 /* Driver Capabilities */
53 static const rsa_capabilities_t driver_capabilities = {
54 .bits_192 = 1, /* 192bits modular mode */
55 .bits_256 = 1, /* 256bits modular mode */
56 .bits_512 = 1, /* 512bits modular mode */
57 .bits_1024 = 1, /* 1024bits modular mode */
58 .bits_2048 = 1 /* 2048bits modular mode */
59 };
60
61 //
62 // Functions
63 //
64
65 static uint32_t sw_exptmod_2_2m(const uint32_t *modulus, uint32_t words, uint32_t *tmp_c);
66 static uint32_t get_valid_bits(const uint32_t *addr, uint32_t wordsize);
67
68 static uint32_t g_acc[RSA_KEY_WORD];
69
rsa_clear_int(void)70 static inline void rsa_clear_int(void)
71 {
72 rsa_reg->rsa_isr = 0xffff;
73 rsa_reg->rsa_imr = 0x0000;
74 }
75
rsa_setm_width(uint32_t width)76 static inline void rsa_setm_width(uint32_t width)
77 {
78 rsa_reg->rsa_mwid = width;
79 }
80
rsa_setd_width(uint32_t width)81 static inline void rsa_setd_width(uint32_t width)
82 {
83 rsa_reg->rsa_ckid = width;
84 }
85
rsa_setb_width(uint32_t width)86 static inline void rsa_setb_width(uint32_t width)
87 {
88 rsa_reg->rsa_bwid = width;
89 }
90
rsa_cal_q(void)91 static inline void rsa_cal_q(void)
92 {
93 rsa_reg->rsa_ctrl = RAS_CALCULATE_Q;
94 }
95
rsa_opr_start(void)96 static inline void rsa_opr_start(void)
97 {
98 rsa_reg->rsa_ctrl = RSA_ENABLE_MODULE;
99 }
100
rsa_opr_reset(void)101 static inline void rsa_opr_reset(void)
102 {
103 rsa_reg->rsa_ctrl = RSA_ENDIAN_MODE;
104 rsa_reg->rsa_rst |= RSA_RESET;
105
106 while (rsa_reg->rsa_rst);
107 }
108
rsa_loop_cnt(void)109 static inline uint32_t rsa_loop_cnt(void)
110 {
111 return rsa_reg->rsa_lp_cnt;
112 }
113
rsa_cal_q_done(void)114 static inline uint32_t rsa_cal_q_done(void)
115 {
116 return (rsa_reg->rsa_isr >> RSA_CAL_Q_DONE_OFFSET) & 0x1;
117 }
118
rsa_opr_done(void)119 static inline uint32_t rsa_opr_done(void)
120 {
121 return (rsa_reg->rsa_isr) & 0x1;
122 }
123
rsa_raise_exception(void)124 static inline uint32_t rsa_raise_exception(void)
125 {
126 return (rsa_reg->rsa_isr) & 0x1E;
127 }
128
rsa_loadm(uint32_t * data,uint32_t length)129 static inline uint32_t rsa_loadm(uint32_t *data, uint32_t length)
130 {
131 uint32_t i;
132 uint32_t baseaddr = (uint32_t)&rsa_reg->rsa_rfm;
133
134 for (i = 0; i < length; i++) {
135 *(volatile uint32_t *)baseaddr = data[i];
136 baseaddr = baseaddr + 4;
137 }
138
139 return 0;
140 }
141
rsa_loadd(uint32_t * data,uint32_t length)142 static void rsa_loadd(uint32_t *data, uint32_t length)
143 {
144 uint32_t i;
145 uint32_t baseaddr = (uint32_t)&rsa_reg->rsa_rfd;
146
147 for (i = 0; i < length; i++) {
148 *(volatile uint32_t *)baseaddr = data[i];
149 baseaddr = baseaddr + 4;
150 }
151 }
152
rsa_loadc(uint32_t * data,uint32_t length)153 static void rsa_loadc(uint32_t *data, uint32_t length)
154 {
155 uint32_t i;
156 uint32_t baseaddr = (uint32_t)&rsa_reg->rsa_rfc;
157
158 for (i = 1; i < length + 1; i++) {
159 *(volatile uint32_t *)baseaddr = data[i - 1];
160 baseaddr = baseaddr + 4;
161 }
162 }
163
rsa_loadb(uint32_t * data,uint32_t length)164 static void rsa_loadb(uint32_t *data, uint32_t length)
165 {
166 uint32_t i;
167 uint32_t baseaddr = (uint32_t)&rsa_reg->rsa_rfb;
168
169 for (i = 0; i < length; i++) {
170 *(volatile uint32_t *)baseaddr = data[i];
171 baseaddr = baseaddr + 4;
172 }
173 }
174
rsa_read_r(uint32_t data[],uint32_t length)175 static void rsa_read_r(uint32_t data[], uint32_t length)
176 {
177 uint32_t i;
178 uint32_t baseaddr = (uint32_t)&rsa_reg->rsa_rfr;
179
180 for (i = 0; i < length; i++) {
181 data[i] = *(uint32_t *)baseaddr;
182 baseaddr = baseaddr + 4;
183 }
184 }
185
rsa_exptmod_1024(const uint32_t * modulus,const uint32_t * exponent,const uint32_t * base,uint32_t * out)186 static uint32_t rsa_exptmod_1024(const uint32_t *modulus, const uint32_t *exponent,
187 const uint32_t *base, uint32_t *out)
188 {
189 #ifndef RSA_USING_MALLOC
190 #ifndef RSA_USING_ID2KEY
191 uint32_t tmp_c[RSA_KEY_WORD];
192 #endif
193 uint32_t ret = 0;
194
195 if ((NULL == exponent) || (NULL == base) || (NULL == out)) {
196 return 1;
197 }
198
199 #ifndef RSA_USING_ID2KEY
200 ret = sw_exptmod_2_2m(modulus, RSA_KEY_WORD, tmp_c);
201
202 if (ret != 0) {
203 return ret;
204 }
205
206 #endif
207
208 /* reset for safe */
209 rsa_opr_reset();
210 /* clear and disable int */
211 rsa_clear_int();
212 /* set m */
213 rsa_setm_width(RSA_KEY_WORD >> 1);
214 rsa_loadm((uint32_t *)modulus, RSA_KEY_WORD);
215 /* set d */
216 rsa_setd_width(get_valid_bits(exponent, RSA_KEY_WORD) - 1);
217 rsa_loadd((uint32_t *)exponent, RSA_KEY_WORD);
218 /* set b */
219 rsa_setb_width(RSA_KEY_WORD >> 1);
220 rsa_loadb((uint32_t *)base, RSA_KEY_WORD);
221 /* set c */
222 #ifndef RSA_USING_ID2KEY
223 rsa_loadc(tmp_c, RSA_KEY_WORD);
224 #else
225 rsa_loadc(g_acc, RSA_KEY_WORD);
226 #endif
227
228 rsa_cal_q();
229
230 while (!rsa_cal_q_done() && (!rsa_raise_exception()));
231
232 if (!rsa_raise_exception()) {
233 rsa_opr_start();
234
235 while ((!rsa_opr_done()) && (rsa_loop_cnt() < MAX_RSA_LP_CNT) && (!rsa_raise_exception()));
236
237 if ((rsa_loop_cnt() >= MAX_RSA_LP_CNT)
238 || rsa_raise_exception()) {
239 ret = 1;
240 } else {
241 rsa_read_r(out, RSA_KEY_WORD);
242 }
243 } else {
244 ret = 1;
245 }
246
247 rsa_opr_reset();
248
249 return ret;
250 #else
251 uint32_t ret;
252 uint32_t *tmp_c = (uint32_t *)tee_malloc(RSA_KEY_BYTE);
253
254 if (tmp_c == NULL) {
255 return -1;
256 }
257
258 if ((NULL == modulus) || (NULL == exponent) || (NULL == base) || (NULL == out)) {
259 return -1;
260 }
261
262 #if 0
263 ret = sw_exptmod_2_2m(modulus, RSA_KEY_WORD, tmp_c);
264
265 if (ret != 0) {
266 tee_free(tmp_c);
267 return ret;
268 }
269
270 #else
271 memcpy(tmp_c, g_acc, RSA_KEY_BYTE);
272 #endif
273 /* reset for safe */
274 rsa_opr_reset();
275 /* clear and disable int */
276 rsa_clear_int();
277 /* set m */
278 rsa_setm_width(RSA_KEY_WORD >> 1);
279 rsa_loadm((uint32_t *)modulus, RSA_KEY_WORD);
280 /* set d */
281 rsa_setd_width(get_valid_bits(exponent, RSA_KEY_WORD) - 1);
282 rsa_loadd((uint32_t *)exponent, RSA_KEY_WORD);
283 /* set b */
284 rsa_setb_width(RSA_KEY_WORD >> 1);
285 rsa_loadb((uint32_t *)base, RSA_KEY_WORD);
286 /* set c */
287 rsa_loadc(tmp_c, RSA_KEY_WORD);
288
289 rsa_cal_q();
290
291 while (!rsa_cal_q_done() && (!rsa_raise_exception()));
292
293 if (!rsa_raise_exception()) {
294 rsa_opr_start();
295
296 while ((!rsa_opr_done()) && (rsa_loop_cnt() < MAX_RSA_LP_CNT) && (!rsa_raise_exception()));
297
298 if ((rsa_loop_cnt() >= MAX_RSA_LP_CNT)
299 || rsa_raise_exception()) {
300 ret = 1;
301 } else {
302 rsa_read_r(out, RSA_KEY_WORD);
303 }
304 } else {
305 ret = 1;
306 }
307
308 rsa_opr_reset();
309 tee_free(tmp_c);
310
311 return ret;
312 #endif
313 }
314
get_valid_bits(const uint32_t * addr,uint32_t wordsize)315 static uint32_t get_valid_bits(const uint32_t *addr, uint32_t wordsize)
316 {
317 uint32_t i = 0;
318 uint32_t j = 0;
319
320 for (i = wordsize; i > 0; i--) {
321 if (addr[i - 1]) {
322 break;
323 }
324 }
325
326 for (j = RSA_KEY_WORD; j > 0; j--) {
327 if (addr[i - 1] & (0x1 << (j - 1))) {
328 break;
329 }
330 }
331
332 return ((i - 1) << 5) + j;
333 }
334
get_first_nonzero_words(uint32_t * a,uint32_t max_words)335 static uint32_t get_first_nonzero_words(uint32_t *a, uint32_t max_words)
336 {
337 uint32_t i = 0;
338
339 for (i = max_words; i > 0; i--) {
340 if (a[i - 1]) {
341 return i;
342 }
343 }
344
345 return 0;
346 }
347
word_array_left_shift(uint32_t * a,uint32_t words,uint32_t shift_bits,uint32_t * r)348 static uint32_t word_array_left_shift(uint32_t *a, uint32_t words,
349 uint32_t shift_bits, uint32_t *r)
350 {
351 uint32_t i = 0;
352 uint32_t w = shift_bits >> 5;
353 uint32_t b = shift_bits - (w << 5);
354
355 for (i = 0; i < w; i++) {
356 r[i] = 0;
357 }
358
359 uint32_t tmp = 0;
360
361 for (i = 0; i < words; i++) {
362 r[w + i] = (tmp | ((a[i] << b) & (~((0x1 << b) - 1))));
363 tmp = ((a[i] >> (RSA_KEY_WORD - b)) & ((0x1 << b) - 1));
364 }
365
366 r[w + i] = tmp;
367
368 return 0;
369 }
370
371 /* r = a - b */
_word_array_sub(uint32_t * a,uint32_t a_words,uint32_t * b,uint32_t b_words,uint32_t * r)372 static uint32_t _word_array_sub(uint32_t *a, uint32_t a_words,
373 uint32_t *b, uint32_t b_words,
374 uint32_t *r)
375 {
376 uint32_t i;
377 uint64_t tmp = 0;
378 uint32_t borrow = 0;
379
380 for (i = 0; i < b_words; i++) {
381 tmp = UINT32_TO_UINT64(a[i]) - UINT32_TO_UINT64(b[i]) - UINT32_TO_UINT64(borrow);
382 r[i] = UINT64L_TO_UINT32(tmp);
383 borrow = ((UINT64H_TO_UINT32(tmp) == 0) ? (0) : (0xffffffff - UINT64H_TO_UINT32(tmp) + 1));
384 }
385
386 for (i = b_words; i < a_words; i++) {
387 tmp = UINT32_TO_UINT64(a[i]) - UINT32_TO_UINT64(borrow);
388 r[i] = UINT64L_TO_UINT32(tmp);
389 borrow = ((UINT64H_TO_UINT32(tmp) == 0) ? (0) : (0xffffffff - UINT64H_TO_UINT32(tmp) + 1));
390 }
391
392 if (borrow) {
393 return -1;
394 }
395
396 return 0;
397 }
398
word_array_mod(uint32_t * a,uint32_t a_words,uint32_t * b,uint32_t b_words,uint32_t * r)399 static uint32_t word_array_mod(uint32_t *a, uint32_t a_words,
400 uint32_t *b, uint32_t b_words,
401 uint32_t *r)
402 {
403 #ifndef RSA_USING_MALLOC
404 uint32_t ret;
405 bignum_t tmpa;
406 bignum_t tmpb;
407
408 memset(&tmpa, 0, sizeof(tmpa));
409 memset(&tmpb, 0, sizeof(tmpa));
410
411 uint32_t b_valid_bits = get_valid_bits(b, b_words);
412
413 memcpy(tmpa.pdata, a, (a_words << 2));
414
415 do {
416 uint32_t tmpa_words = get_first_nonzero_words(tmpa.pdata, a_words);
417 uint32_t tmpa_valid_bits = get_valid_bits(tmpa.pdata, tmpa_words);
418
419 if (tmpa_valid_bits > b_valid_bits + 1) {
420 memset(tmpb.pdata, 0, (a_words << 2));
421 word_array_left_shift(b, b_words, tmpa_valid_bits - b_valid_bits - 1,
422 tmpb.pdata);
423 uint32_t tmpb_words = get_first_nonzero_words(tmpb.pdata, a_words);
424 ret = _word_array_sub(tmpa.pdata, tmpa_words, tmpb.pdata, tmpb_words, tmpa.pdata);
425 } else if (tmpa_words == b_words) {
426 memcpy(r, tmpa.pdata, (tmpa_words << 2));
427 ret = _word_array_sub(r, tmpa_words, b, b_words, tmpa.pdata);
428 } else {
429 ret = _word_array_sub(tmpa.pdata, tmpa_words, b, b_words, tmpa.pdata);
430 }
431 } while (ret == 0);
432
433 return 0;
434
435 #else
436 uint32_t ret;
437 bignum_t *tmpa = tee_malloc(sizeof(bignum_t));
438 bignum_t *tmpb = tee_malloc(sizeof(bignum_t));
439
440 if ((tmpa == NULL) || (tmpb == NULL)) {
441 return -1;
442 }
443
444 uint32_t b_valid_bits = get_valid_bits(b, b_words);
445
446 memcpy(tmpa->pdata, a, (a_words << 2));
447
448 do {
449 uint32_t tmpa_words = get_first_nonzero_words(tmpa->pdata, a_words);
450 uint32_t tmpa_valid_bits = get_valid_bits(tmpa->pdata, tmpa_words);
451
452 if (tmpa_valid_bits > b_valid_bits + 1) {
453 memset(tmpb->pdata, 0, (a_words << 2));
454 word_array_left_shift(b, b_words, tmpa_valid_bits - b_valid_bits - 1,
455 tmpb->pdata);
456 uint32_t tmpb_words = get_first_nonzero_words(tmpb->pdata, a_words);
457 ret = _word_array_sub(tmpa->pdata, tmpa_words, tmpb->pdata, tmpb_words, tmpa->pdata);
458 } else if (tmpa_words == b_words) {
459 memcpy(r, tmpa->pdata, (tmpa_words << 2));
460 ret = _word_array_sub(r, tmpa_words, b, b_words, tmpa->pdata);
461 } else {
462 ret = _word_array_sub(tmpa->pdata, tmpa_words, b, b_words, tmpa->pdata);
463 }
464 } while (ret == 0);
465
466 tee_free(tmpa);
467 tee_free(tmpb);
468 return 0;
469
470 #endif
471 }
472
sw_exptmod_2_2m(const uint32_t * modulus,uint32_t words,uint32_t * tmp_c)473 static uint32_t sw_exptmod_2_2m(const uint32_t *modulus, uint32_t words, uint32_t *tmp_c)
474 {
475 #ifndef RSA_USING_MALLOC
476 bignum_t tmp;
477
478 memset(&tmp, 0, sizeof(bignum_t));
479
480 uint32_t m_valid_bits = (words << 5);
481
482 uint32_t data1 = 0x1;
483 word_array_left_shift(&data1, 1, (m_valid_bits << 1), tmp.pdata);
484 tmp.words = get_first_nonzero_words(tmp.pdata, words * 2 + 1);
485
486 uint32_t ret = word_array_mod(tmp.pdata, tmp.words,
487 (uint32_t *)modulus, words, tmp_c);
488
489 if (ret != 0) {
490 return ret;
491 }
492
493 return 0;
494 #else
495
496 bignum_t *tmp = tee_malloc(sizeof(bignum_t));
497
498 if (tmp == NULL) {
499 return -1;
500 }
501
502 uint32_t m_valid_bits = (words << 5);
503
504 uint32_t data1 = 0x1;
505 word_array_left_shift(&data1, 1, (m_valid_bits << 1), tmp->pdata);
506 tmp->words = get_first_nonzero_words(tmp->pdata, words * 2 + 1);
507
508 uint32_t ret = word_array_mod(tmp->pdata, tmp->words,
509 (uint32_t *)modulus, words, tmp_c);
510
511 if (ret != 0) {
512 tee_free(tmp);
513 return ret;
514 }
515
516 tee_free(tmp);
517 return 0;
518 #endif
519 }
520
convert_byte_array(uint8_t * in,uint8_t * out,uint32_t len)521 static void convert_byte_array(uint8_t *in, uint8_t *out, uint32_t len)
522 {
523 uint32_t idx, round = len >> 1;
524
525 for (idx = 0; idx < round; idx++) {
526 uint8_t tmp = *(in + idx);
527 *(out + idx) = *(in + len - 1 - idx);
528 *(out + len - 1 - idx) = tmp;
529 }
530
531 if (len & 0x1) {
532 *(out + round) = *(in + round);
533 }
534 }
535
convert_buf_to_bndata(const uint8_t * src,uint32_t src_bytes,uint32_t * dst,uint32_t dst_words)536 static void convert_buf_to_bndata(const uint8_t *src, uint32_t src_bytes,
537 uint32_t *dst, uint32_t dst_words)
538 {
539 memset(dst, 0, dst_words << 2);
540 convert_byte_array((uint8_t *)src, (uint8_t *)dst, src_bytes);
541 }
542
convert_bndata_to_buf(const uint32_t * src,uint32_t src_words,uint8_t * dst,uint32_t dst_bytes)543 static void convert_bndata_to_buf(const uint32_t *src, uint32_t src_words,
544 uint8_t *dst, uint32_t dst_bytes)
545 {
546 memset(dst, 0, dst_bytes);
547 convert_byte_array((uint8_t *)src, (uint8_t *)dst, dst_bytes);
548 }
549
550 static const uint8_t der_sha1_t[] = {
551 0x30, 0x21,
552 0x30, 0x09,
553 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
554 0x05, 0x00,
555 0x04, 0x14
556 };
557
558 static const uint8_t der_md5_t[] = {
559 0x30, 0x20, /* type Sequence, length 0x20 (32) */
560 0x30, 0x0c, /* type Sequence, length 0x09 */
561 0x06, 0x08, /* type OID, length 0x05 */
562 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
563 0x05, 0x00, /* NULL */
564 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
565 };
566
RSA_padding_add_PKCS1_sha1_emsa_1024(const uint8_t * dgst,uint8_t * out,uint32_t * outlen,uint32_t type)567 static uint32_t RSA_padding_add_PKCS1_sha1_emsa_1024(const uint8_t *dgst,
568 uint8_t *out,
569 uint32_t *outlen,
570 uint32_t type)
571
572 {
573 uint8_t *der;
574 uint32_t der_len;
575 uint32_t hashlen;
576
577 if (type == MD5_PADDING) {
578 der = (uint8_t *)der_md5_t;
579 der_len = sizeof(der_md5_t);
580 hashlen = MD5_HASH_SZ;
581 } else if (type == SHA1_PADDING) {
582 der = (uint8_t *)der_sha1_t;
583 der_len = sizeof(der_sha1_t);
584 hashlen = SHA1_HASH_SZ;
585 } else {
586 der = (uint8_t *)der_md5_t;
587 der_len = sizeof(der_md5_t);
588 hashlen = MD5_HASH_SZ;
589 }
590
591 uint32_t modulus_len = 1024 >> 3;
592
593 if (*outlen < modulus_len) {
594 *outlen = modulus_len;
595 return -1;
596 }
597
598
599 uint8_t *p = (uint8_t *)out;
600
601 *(p++) = 0x00;
602 *(p++) = 0x01;
603
604 /* pad out with 0xff data */
605 uint32_t pslen = modulus_len - 3 - der_len - hashlen;
606
607 uint32_t i;
608 for (i = 0; i < pslen; i++) {
609 p[i] = 0xff; /* PS */
610 }
611
612 p += pslen;
613 *(p++) = 0x0;
614
615 for (i = 0; i < der_len; i++) {
616 p[i] = der[i];
617 }
618
619 p += der_len;
620
621 for (i = 0; i < hashlen; i++) {
622 p[i] = dgst[i];
623 }
624
625 *outlen = modulus_len;
626 return 0;
627 }
628
RSA_padding_check_PKCS1_type_emsa(const uint8_t * dgst,const uint8_t * in,const uint32_t inlen,uint8_t * is_valid,uint32_t type)629 static uint32_t RSA_padding_check_PKCS1_type_emsa(const uint8_t *dgst,
630 const uint8_t *in,
631 const uint32_t inlen,
632 uint8_t *is_valid,
633 uint32_t type)
634 {
635 uint8_t *der;
636 uint32_t der_len;
637 uint32_t hashlen;
638
639 if (type == MD5_PADDING) {
640 der = (uint8_t *)der_md5_t;
641 der_len = sizeof(der_md5_t);
642 hashlen = MD5_HASH_SZ;
643 } else if (type == SHA1_PADDING) {
644 der = (uint8_t *)der_sha1_t;
645 der_len = sizeof(der_sha1_t);
646 hashlen = SHA1_HASH_SZ;
647 } else {
648 der = (uint8_t *)der_md5_t;
649 der_len = sizeof(der_md5_t);
650 hashlen = MD5_HASH_SZ;
651 }
652
653 uint32_t modulus_len = RSA_KEY_LEN >> 3;
654
655 if (inlen != modulus_len) {
656 return -1;
657 }
658
659 *is_valid = 0;
660
661 uint32_t pslen = modulus_len - 3 - der_len - hashlen;
662 const uint8_t *p = in;
663 p++;
664
665 uint32_t ret;
666 if (*(p) != 0x01) {
667 ret = -1;
668 goto _verify_fail;
669 }
670
671 p++;
672
673 /* scan PS */
674 uint32_t i;
675 for (i = 0; i < pslen; i++) {
676 if (*(p + i) != 0xff) {
677 ret = -1;
678 goto _verify_fail;
679 }
680 }
681
682 p += pslen;
683
684 if ((*p) != 0x00) {
685 ret = -1;
686 goto _verify_fail;
687 }
688
689 p++;
690
691 /* scan t */
692 for (i = 0; i < der_len; i++) {
693 if (*(p + i) != der[i]) {
694 ret = -1;
695 goto _verify_fail;
696 }
697 }
698
699 p += der_len;
700
701 for (i = 0; i < hashlen; i++) {
702 if (*(p + i) != dgst[i]) {
703 ret = -1;
704 goto _verify_fail;
705 }
706 }
707
708 *is_valid = 1;
709 ret = 0;
710
711 _verify_fail:
712
713 return ret;
714 }
715
RSA_ES_padding_add_PKCS1_emsa_1024(const uint8_t * dgst,uint32_t dgstlen,uint8_t * out,uint32_t * outlen,uint32_t padding)716 static uint32_t RSA_ES_padding_add_PKCS1_emsa_1024(const uint8_t *dgst,
717 uint32_t dgstlen,
718 uint8_t *out,
719 uint32_t *outlen,
720 uint32_t padding)
721
722 {
723 uint32_t modulus_len = RSA_KEY_LEN >> 3;
724
725 if (*outlen < modulus_len) {
726 *outlen = modulus_len;
727 return 1;
728 }
729
730 uint8_t *p = (uint8_t *)out;
731
732 *(p++) = 0x00;
733 *(p++) = 0x02;
734
735 /* pad out with 0xff data */
736 uint32_t pslen = modulus_len - 3 - dgstlen;
737
738 uint32_t i;
739 for (i = 0; i < pslen; i++) {
740 p[i] = 0xff; /* PS */
741 }
742
743 p += pslen;
744 *(p++) = 0x0;
745
746 for (i = 0; i < dgstlen; i++) {
747 p[i] = dgst[i];
748 }
749
750 *outlen = modulus_len;
751
752 return 0;
753 }
754
RSA_ES_padding_check_PKCS1_type_emsa(uint8_t * out,uint32_t * out_size,uint8_t * src,uint32_t src_size,uint32_t padding)755 static uint32_t RSA_ES_padding_check_PKCS1_type_emsa(uint8_t *out, uint32_t *out_size,
756 uint8_t *src, uint32_t src_size, uint32_t padding)
757 {
758
759 uint32_t modulus_len = RSA_KEY_LEN >> 3;
760
761 if (src_size < modulus_len) {
762 return 1;
763 }
764
765 uint8_t *p = (uint8_t *)src;
766 uint8_t *p_src = p;
767 *(p++) = 0x00;
768
769 if (padding == PKCS1_PADDING) {
770 if (*(p++) != 0x02) {
771 return 1;
772 }
773 } else {
774 if (*(p++) != 0x01) {
775 return 1;
776 }
777 }
778
779 uint32_t pslen = src_size - 2;
780
781 while (pslen--) {
782 if (*(p++) == 0x0) {
783 break;
784 }
785 }
786
787 if (padding == PKCS1_PADDING) {
788 *out_size = pslen;
789 } else {
790 *out_size = modulus_len;
791 }
792
793 uint32_t i;
794 for (i = 0; i < *out_size; i++) {
795
796 if (padding == PKCS1_PADDING) {
797 out[i] = p[i];
798 } else {
799 out[i] = p_src[i];
800 }
801 }
802
803 return 0;
804 }
805
rsa_encrypt(uint8_t * n,uint8_t * e,uint8_t * src,uint32_t src_size,uint8_t * out,uint32_t * out_size,uint32_t padding)806 int rsa_encrypt(uint8_t *n, uint8_t *e,
807 uint8_t *src, uint32_t src_size,
808 uint8_t *out, uint32_t *out_size,
809 uint32_t padding)
810 {
811 uint32_t ret;
812 uint32_t tmp_n[RSA_KEY_WORD];
813 uint32_t tmp_e[RSA_KEY_WORD];
814 uint32_t tmp_src_padded[RSA_KEY_WORD];
815 uint32_t tmp_out[RSA_KEY_WORD];
816
817 uint32_t keywords = RSA_KEY_WORD;
818 uint32_t keybytes = RSA_KEY_BYTE;
819
820 convert_buf_to_bndata(n, keybytes, tmp_n, keywords);
821 convert_buf_to_bndata(e, keybytes, tmp_e, keywords);
822
823 uint32_t tmp_src_padded_len = keybytes;
824
825 if (padding == PKCS1_PADDING) {
826 ret = RSA_ES_padding_add_PKCS1_emsa_1024((const uint8_t *)src, src_size,
827 (uint8_t *)tmp_src_padded,
828 &tmp_src_padded_len, padding);
829
830 if (ret != 0) {
831 return ret;
832 }
833
834 convert_byte_array((uint8_t *)tmp_src_padded, (uint8_t *)tmp_src_padded, tmp_src_padded_len);
835 } else {
836 convert_byte_array((uint8_t *)src, (uint8_t *)tmp_src_padded, tmp_src_padded_len);
837 }
838
839 ret = rsa_exptmod_1024(tmp_n, tmp_e, tmp_src_padded, tmp_out);
840
841 if (ret != 0) {
842 return ret;
843 }
844
845 convert_bndata_to_buf(tmp_out, keywords, out, keybytes);
846 *out_size = keybytes;
847
848 return ret;
849 }
850
rsa_decrypt(uint8_t * n,uint8_t * d,uint8_t * src,uint32_t src_size,uint8_t * out,uint32_t * out_size,uint32_t padding)851 int rsa_decrypt(uint8_t *n, uint8_t *d,
852 uint8_t *src, uint32_t src_size,
853 uint8_t *out, uint32_t *out_size,
854 uint32_t padding)
855 {
856 uint32_t ret;
857 uint32_t tmp_n[RSA_KEY_WORD];
858 uint32_t tmp_d[RSA_KEY_WORD];
859 uint32_t tmp_dst_padded[RSA_KEY_WORD];
860 uint32_t tmp_sig[RSA_KEY_WORD];
861
862 uint32_t keywords = RSA_KEY_WORD;
863 uint32_t keybytes = RSA_KEY_BYTE;
864
865 convert_buf_to_bndata(n, keybytes, tmp_n, keywords);
866 convert_buf_to_bndata(d, keybytes, tmp_d, keywords);
867 convert_buf_to_bndata(src, src_size, tmp_sig, keywords);
868
869 ret = rsa_exptmod_1024(tmp_n, tmp_d, tmp_sig, tmp_dst_padded);
870 \
871
872 if (ret != 0) {
873 return ret;
874 }
875
876 convert_byte_array((uint8_t *)tmp_dst_padded,
877 (uint8_t *)tmp_dst_padded, keybytes);
878
879 ret = RSA_ES_padding_check_PKCS1_type_emsa(out, out_size,
880 (uint8_t *)tmp_dst_padded,
881 keybytes, padding);
882
883 return ret;
884 }
885
rsa_sign(uint8_t * n,uint8_t * d,uint8_t * src,uint32_t src_size,uint8_t * signature,uint32_t * sig_size,uint32_t type)886 int rsa_sign(uint8_t *n, uint8_t *d,
887 uint8_t *src, uint32_t src_size,
888 uint8_t *signature, uint32_t *sig_size, uint32_t type)
889 {
890 uint32_t ret;
891 uint32_t tmp_n[RSA_KEY_WORD];
892 uint32_t tmp_d[RSA_KEY_WORD];
893 uint32_t tmp_src_padded[RSA_KEY_WORD];
894 uint32_t tmp_sig[RSA_KEY_WORD];
895
896 uint32_t keywords = RSA_KEY_WORD;
897 uint32_t keybytes = RSA_KEY_BYTE;
898
899 convert_buf_to_bndata(n, keybytes, tmp_n, keywords);
900 convert_buf_to_bndata(d, keybytes, tmp_d, keywords);
901
902 uint32_t tmp_src_padded_len = keybytes;
903 ret = RSA_padding_add_PKCS1_sha1_emsa_1024((const uint8_t *)src,
904 (uint8_t *)tmp_src_padded,
905 &tmp_src_padded_len, type);
906
907 if (ret != 0) {
908 return ret;
909 }
910
911 convert_byte_array((uint8_t *)tmp_src_padded, (uint8_t *)tmp_src_padded, keybytes);
912
913 ret = rsa_exptmod_1024(tmp_n, tmp_d, tmp_src_padded, tmp_sig);
914
915 if (ret != 0) {
916 return ret;
917 }
918
919 convert_bndata_to_buf(tmp_sig, keywords, signature, keybytes);
920 *sig_size = RSA_KEY_BYTE;
921
922 return 0;
923 }
924
rsa_verify(uint8_t * n,uint8_t * e,uint8_t * src,uint32_t src_size,uint8_t * signature,uint32_t sig_size,uint8_t * result,uint32_t type)925 int rsa_verify(uint8_t *n, uint8_t *e,
926 uint8_t *src, uint32_t src_size,
927 uint8_t *signature, uint32_t sig_size,
928 uint8_t *result, uint32_t type)
929 {
930 uint32_t ret;
931 uint32_t tmp_n[RSA_KEY_WORD];
932 uint32_t tmp_e[RSA_KEY_WORD];
933 uint32_t tmp_dst_padded[RSA_KEY_WORD];
934 uint32_t tmp_sig[RSA_KEY_WORD];
935
936 *result = 0;
937
938 uint32_t keywords = RSA_KEY_WORD;
939 uint32_t keybytes = RSA_KEY_BYTE;
940
941 convert_buf_to_bndata(n, keybytes, tmp_n, keywords);
942 convert_buf_to_bndata(e, keybytes, tmp_e, keywords);
943 convert_buf_to_bndata(signature, sig_size, tmp_sig, keywords);
944
945 ret = rsa_exptmod_1024(tmp_n, tmp_e, tmp_sig, tmp_dst_padded);
946
947 if (ret != 0) {
948 return ret;
949 }
950
951 convert_byte_array((uint8_t *)tmp_dst_padded,
952 (uint8_t *)tmp_dst_padded, keybytes);
953 ret = RSA_padding_check_PKCS1_type_emsa(src,
954 (const uint8_t *)tmp_dst_padded,
955 keybytes,
956 result,
957 type);
958
959 return ret;
960 }
961
rsa_sw_exptmod_2_2m(uint8_t * modulus)962 int rsa_sw_exptmod_2_2m(uint8_t *modulus)
963 {
964 uint32_t tmp_n[RSA_KEY_WORD];
965
966 uint32_t keywords = RSA_KEY_WORD;
967 uint32_t keybytes = RSA_KEY_BYTE;
968
969 convert_buf_to_bndata(modulus, keybytes, tmp_n, keywords);
970
971 sw_exptmod_2_2m(tmp_n, RSA_KEY_WORD, g_acc);
972
973 return 0;
974 }
975
target_get_rsa_count(void)976 int32_t __attribute__((weak)) target_get_rsa_count(void)
977 {
978 return 0;
979 }
980
target_get_rsa(int32_t idx,uint32_t * base,uint32_t * irq)981 int32_t __attribute__((weak)) target_get_rsa(int32_t idx, uint32_t *base, uint32_t *irq)
982 {
983 return NULL;
984 }
985
986 /**
987 \brief get rsa handle count.
988 \return rsa handle count
989 */
csi_rsa_get_instance_count(void)990 int32_t csi_rsa_get_instance_count(void)
991 {
992 return target_get_rsa_count();
993 }
994
995 /**
996 \brief Initialize RSA Interface. 1. Initializes the resources needed for the RSA interface 2.registers event callback function
997 \param[in] idx must not exceed return value of csi_rsa_get_instance_count()
998 \param[in] cb_event Pointer to \ref rsa_event_cb_t
999 \return pointer to rsa handle
1000 */
csi_rsa_initialize(int32_t idx,rsa_event_cb_t cb_event)1001 rsa_handle_t csi_rsa_initialize(int32_t idx, rsa_event_cb_t cb_event)
1002 {
1003 if (idx < 0 || idx >= CONFIG_RSA_NUM) {
1004 return NULL;
1005 }
1006
1007 /* obtain the rsa information */
1008 uint32_t base = 0u;
1009 uint32_t irq;
1010 int32_t real_idx = target_get_rsa(idx, &base, &irq);
1011
1012 if (real_idx != idx) {
1013 return NULL;
1014 }
1015
1016 ck_rsa_priv_t *rsa_priv = &rsa_handle[idx];
1017
1018 rsa_priv->base = base;
1019 rsa_priv->irq = irq;
1020
1021 /* initialize the rsa context */
1022 rsa_priv->cb = cb_event;
1023 rsa_priv->data_bit = RSA_DATA_BITS_1024;
1024 rsa_priv->endian = RSA_ENDIAN_MODE_LITTLE;
1025 rsa_priv->padding.padding_type = RSA_PADDING_MODE_PKCS1;
1026 rsa_priv->padding.hash_type = RSA_HASH_TYPE_SHA1;
1027 rsa_priv->status.busy = 0;
1028
1029 return (rsa_handle_t)rsa_priv;
1030 }
1031
1032 /**
1033 \brief De-initialize RSA Interface. stops operation and releases the software resources used by the interface
1034 \param[in] handle rsa handle to operate.
1035 \return error code
1036 */
csi_rsa_uninitialize(rsa_handle_t handle)1037 int32_t csi_rsa_uninitialize(rsa_handle_t handle)
1038 {
1039 RSA_NULL_PARAM_CHK(handle);
1040
1041 ck_rsa_priv_t *rsa_priv = handle;
1042 rsa_priv->cb = NULL;
1043
1044 return 0;
1045 }
1046
1047 /**
1048 \brief Get driver capabilities.
1049 \param[in] handle rsa handle to operate.
1050 \return \ref rsa_capabilities_t
1051 */
csi_rsa_get_capabilities(rsa_handle_t handle)1052 rsa_capabilities_t csi_rsa_get_capabilities(rsa_handle_t handle)
1053 {
1054 return driver_capabilities;
1055 }
1056
1057 /**
1058 \brief config rsa mode.
1059 \param[in] handle rsa handle to operate.
1060 \param[in] data_bits \ref rsa_data_bits_e
1061 \param[in] endian \ref rsa_endian_mode_e
1062 \return error code
1063 */
csi_rsa_config(rsa_handle_t handle,rsa_data_bits_e data_bits,rsa_endian_mode_e endian)1064 int32_t csi_rsa_config(rsa_handle_t handle,
1065 rsa_data_bits_e data_bits,
1066 rsa_endian_mode_e endian
1067 )
1068 {
1069 RSA_NULL_PARAM_CHK(handle);
1070
1071 ck_rsa_priv_t *rsa_priv = handle;
1072 rsa_reg = (ck_rsa_reg_t *)(rsa_priv->base);
1073
1074 /* config the data bits */
1075 switch (data_bits) {
1076 case RSA_DATA_BITS_192:
1077 case RSA_DATA_BITS_256:
1078 case RSA_DATA_BITS_512:
1079 case RSA_DATA_BITS_2048:
1080 return ERR_RSA(EDRV_UNSUPPORTED);
1081
1082 case RSA_DATA_BITS_1024:
1083 rsa_priv->data_bit = data_bits;
1084 break;
1085
1086 default:
1087 return ERR_RSA(EDRV_PARAMETER);
1088 }
1089
1090 /* config the endian mode */
1091 if (endian == RSA_ENDIAN_MODE_LITTLE) {
1092 rsa_priv->endian = endian;
1093 } else if (endian == RSA_ENDIAN_MODE_BIG) {
1094 return ERR_RSA(EDRV_UNSUPPORTED);
1095 } else {
1096 return ERR_RSA(EDRV_PARAMETER);
1097 }
1098
1099 return 0;
1100 }
1101
1102 /**
1103 \brief encrypt
1104 \param[in] handle rsa handle to operate.
1105 \param[in] n Pointer to the public modulus
1106 \param[in] e Pointer to the public exponent
1107 \param[in] src Pointer to the source data.
1108 \param[in] src_size the source data len
1109 \param[out] out Pointer to the result buffer
1110 \param[out] out_size the result size
1111 \param[in] padding \ref rsa_padding_t
1112 \return error code
1113 */
csi_rsa_encrypt(rsa_handle_t handle,void * n,void * e,void * src,int32_t src_size,void * out,uint32_t * out_size,rsa_padding_t padding)1114 int32_t csi_rsa_encrypt(rsa_handle_t handle, void *n, void *e, void *src, int32_t src_size, void *out, uint32_t *out_size, rsa_padding_t padding)
1115 {
1116 RSA_NULL_PARAM_CHK(handle);
1117 RSA_NULL_PARAM_CHK(n);
1118 RSA_NULL_PARAM_CHK(e);
1119 RSA_NULL_PARAM_CHK(src);
1120 RSA_NULL_PARAM_CHK(out);
1121 RSA_NULL_PARAM_CHK(out_size);
1122 if (src_size <= 0 || (padding.padding_type != RSA_PADDING_MODE_PKCS1 && padding.padding_type != RSA_PADDING_MODE_NO)) {
1123 return ERR_RSA(EDRV_PARAMETER);
1124 }
1125
1126 ck_rsa_priv_t *rsa_priv = handle;
1127 rsa_priv->status.busy = 1U;
1128 rsa_encrypt((uint8_t *)n, (uint8_t *)e, (uint8_t *)src, (uint32_t)src_size, (uint8_t *)out, (uint32_t *)out_size, (uint32_t)(padding.padding_type));
1129 rsa_priv->status.busy = 0U;
1130
1131 if (rsa_priv->cb) {
1132 rsa_priv->cb(RSA_EVENT_ENCRYPT_COMPLETE);
1133 }
1134
1135 return 0;
1136 }
1137
1138 /**
1139 \brief decrypt
1140 \param[in] handle rsa handle to operate.
1141 \param[in] n Pointer to the public modulus
1142 \param[in] d Pointer to the privte exponent
1143 \param[in] src Pointer to the source data.
1144 \param[in] src_size the source data len
1145 \param[out] out Pointer to the result buffer
1146 \param[out] out_size the result size
1147 \param[in] padding \ref rsa_padding_t
1148 \return error code
1149 */
csi_rsa_decrypt(rsa_handle_t handle,void * n,void * d,void * src,uint32_t src_size,void * out,uint32_t * out_size,rsa_padding_t padding)1150 int32_t csi_rsa_decrypt(rsa_handle_t handle, void *n, void *d, void *src, uint32_t src_size, void *out, uint32_t *out_size, rsa_padding_t padding)
1151 {
1152 RSA_NULL_PARAM_CHK(handle);
1153 RSA_NULL_PARAM_CHK(n);
1154 RSA_NULL_PARAM_CHK(d);
1155 RSA_NULL_PARAM_CHK(src);
1156 RSA_NULL_PARAM_CHK(out);
1157 RSA_NULL_PARAM_CHK(out_size);
1158 if (src_size <= 0 || (padding.padding_type != RSA_PADDING_MODE_PKCS1 && padding.padding_type != RSA_PADDING_MODE_NO)) {
1159 return ERR_RSA(EDRV_PARAMETER);
1160 }
1161
1162 ck_rsa_priv_t *rsa_priv = handle;
1163 rsa_priv->status.busy = 1U;
1164 rsa_decrypt((uint8_t *)n, (uint8_t *)d, (uint8_t *)src, (uint32_t)src_size, (uint8_t *)out, (uint32_t *)out_size, (uint32_t)(padding.padding_type));
1165 rsa_priv->status.busy = 0U;
1166
1167 if (rsa_priv->cb) {
1168 rsa_priv->cb(RSA_EVENT_DECRYPT_COMPLETE);
1169 }
1170
1171 return 0;
1172 }
1173
1174 /**
1175 \brief rsa sign
1176 \param[in] handle rsa handle to operate.
1177 \param[in] n Pointer to the public modulus
1178 \param[in] d Pointer to the privte exponent
1179 \param[in] src Pointer to the source data.
1180 \param[in] src_size the source data len
1181 \param[out] signature Pointer to the signature
1182 \param[out] sig_size the signature size
1183 \param[in] padding \ref rsa_padding_t
1184 \return error code
1185 */
csi_rsa_sign(rsa_handle_t handle,void * n,void * d,void * src,uint32_t src_size,void * signature,void * sig_size,rsa_padding_t padding)1186 int32_t csi_rsa_sign(rsa_handle_t handle, void *n, void *d, void *src, uint32_t src_size, void *signature, void *sig_size, rsa_padding_t padding)
1187 {
1188 RSA_NULL_PARAM_CHK(handle);
1189 RSA_NULL_PARAM_CHK(n);
1190 RSA_NULL_PARAM_CHK(d);
1191 RSA_NULL_PARAM_CHK(src);
1192 RSA_NULL_PARAM_CHK(signature);
1193 RSA_NULL_PARAM_CHK(sig_size);
1194 if (src_size <= 0 || (padding.hash_type != RSA_HASH_TYPE_MD5 && padding.hash_type != RSA_HASH_TYPE_SHA1)) {
1195 return ERR_RSA(EDRV_PARAMETER);
1196 }
1197
1198 ck_rsa_priv_t *rsa_priv = handle;
1199 rsa_priv->status.busy = 1U;
1200 rsa_sign((uint8_t *)n, (uint8_t *)d, (uint8_t *)src, (uint32_t)src_size, (uint8_t *)signature, (uint32_t *)sig_size, (uint32_t)(padding.hash_type));
1201 rsa_priv->status.busy = 0U;
1202
1203 if (rsa_priv->cb) {
1204 rsa_priv->cb(RSA_EVENT_SIGN_COMPLETE);
1205 }
1206
1207 return 0;
1208 }
1209
1210 /**
1211 \brief rsa verify
1212 \param[in] handle rsa handle to operate.
1213 \param[in] n Pointer to the public modulus
1214 \param[in] e Pointer to the public exponent
1215 \param[in] src Pointer to the source data.
1216 \param[in] src_size the source data len
1217 \param[in] signature Pointer to the signature
1218 \param[in] sig_size the signature size
1219 \param[out] result Pointer to the result
1220 \param[in] padding \ref rsa_padding_t
1221 \return error code
1222 */
csi_rsa_verify(rsa_handle_t handle,void * n,void * e,void * src,uint32_t src_size,void * signature,uint32_t sig_size,void * result,rsa_padding_t padding)1223 int32_t csi_rsa_verify(rsa_handle_t handle, void *n, void *e, void *src, uint32_t src_size, void *signature, uint32_t sig_size, void *result, rsa_padding_t padding)
1224 {
1225 RSA_NULL_PARAM_CHK(handle);
1226 RSA_NULL_PARAM_CHK(n);
1227 RSA_NULL_PARAM_CHK(e);
1228 RSA_NULL_PARAM_CHK(src);
1229 RSA_NULL_PARAM_CHK(signature);
1230 RSA_NULL_PARAM_CHK(result);
1231 if (src_size <= 0 || sig_size <= 0 || (padding.hash_type != RSA_HASH_TYPE_MD5 && padding.hash_type != RSA_HASH_TYPE_SHA1)) {
1232 return ERR_RSA(EDRV_PARAMETER);
1233 }
1234
1235 ck_rsa_priv_t *rsa_priv = handle;
1236 rsa_priv->status.busy = 1U;
1237 rsa_verify((uint8_t *)n, (uint8_t *)e, (uint8_t *)src, (uint32_t)src_size, (uint8_t *)signature, sig_size, (uint8_t *)result, (uint32_t)(padding.hash_type));
1238 rsa_priv->status.busy = 0U;
1239
1240 if (rsa_priv->cb) {
1241 rsa_priv->cb(RSA_EVENT_VERIFY_COMPLETE);
1242 }
1243
1244 return 0;
1245 }
1246
1247 /**
1248 \brief Get RSA status.
1249 \param[in] handle rsa handle to operate.
1250 \return RSA status \ref rsa_status_t
1251 */
csi_rsa_get_status(rsa_handle_t handle)1252 rsa_status_t csi_rsa_get_status(rsa_handle_t handle)
1253 {
1254 ck_rsa_priv_t *rsa_priv = handle;
1255 return rsa_priv->status;
1256 }
1257