aboutsummaryrefslogtreecommitdiff
path: root/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/kdf/cc_kdf.c
blob: 901f31baf57fb8b8abd1dc40cf81cdc8228aea93 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
/*
 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

/************* Include Files ****************/

#include "cc_pal_mem.h"
#include "cc_common_math.h"
#include "cc_kdf.h"
#include "cc_kdf_error.h"
#include "cc_fips_defs.h"
#include "cc_general_defs.h"
#ifdef USE_MBEDTLS_CRYPTOCELL
#include "md.h"
#else
#include "cc_hash.h"
#endif
#include "cc_hash_defs.h"

/************************ Defines *******************************/

/************************ Enums *********************************/

/************************ macros ********************************/


/************************    Global Data    ******************************/

/************************ Private Functions ******************************/

/************************************************************************
*   The function performs  Hash update for data with the size not
*   aligned to Hash block.
*
*   Note: remBuffSize_ptr - a pointer to the remaining size of the
*         temp buffer to fill by the data.
*
************************************************************************/

/**
 *   The function performs  Hash update for data with the size not
 *   aligned to Hash block.
 *
 *   Note: remBuffSize_ptr - a pointer to the remaining size of the
 *         temp buffer to fill by the data.
 *
 * @author reuvenl (4/3/2013)
 *
 * @param hashContext_ptr - HASH context pointer
 * @param data_ptr        - input data pointer
 * @param dataSize        - input data size in bytes
 * @param buff_ptr        - buffer for remaining data accumulation
 * @param remBuffSize_ptr - size of data on the buffer
 * @param blockSizeBytes  - size of HASH input block in bytes according to mode.
 *
 * @return CCError_t
 */
static CCError_t KdfHashUnalignUpdate(
#ifdef USE_MBEDTLS_CRYPTOCELL
                             mbedtls_md_context_t *p_hash_ctx,
#else
                             CCHashUserContext_t  *hashContext_ptr,
#endif
                             uint8_t *data_ptr, uint32_t dataSize,
                             uint8_t *buff_ptr, uint32_t *remBuffSize_ptr,
                             uint32_t blockSizeBytes)
{
    CCError_t error = CC_OK;
    uint32_t  tmpSize;
    uint8_t  *tmp_ptr;

    /* set buff_ptr to begin of empty part of temp buffer */
    tmp_ptr = buff_ptr + *remBuffSize_ptr;

    /* if the temp buffer not empty, append it by the data and update Hash on it */
    if (dataSize >= blockSizeBytes - *remBuffSize_ptr) {

        CC_PalMemCopy(tmp_ptr, data_ptr, blockSizeBytes - *remBuffSize_ptr);

        /* update on the data in temp buffer */
#ifdef USE_MBEDTLS_CRYPTOCELL
        error = mbedtls_md_update(p_hash_ctx, buff_ptr, blockSizeBytes);
#else
        error = CC_HashUpdate( hashContext_ptr, buff_ptr, blockSizeBytes);
#endif
        if (error != CC_OK)
            return error;

        /* update pointers and sizes */
        data_ptr += blockSizeBytes - *remBuffSize_ptr;
        dataSize -= blockSizeBytes - *remBuffSize_ptr;
        *remBuffSize_ptr = 0;
        tmp_ptr = buff_ptr;
    } else {
        CC_PalMemCopy(tmp_ptr, data_ptr, dataSize);
        *remBuffSize_ptr += dataSize;
        return error;
    }

    /* Update Hash on remaining input data */
    tmpSize = dataSize % blockSizeBytes;
    if (tmpSize > 0) {
        dataSize -= tmpSize;
        CC_PalMemCopy(tmp_ptr, data_ptr + dataSize, tmpSize);
        *remBuffSize_ptr += tmpSize;
    }

    if (dataSize > 0){
#ifdef USE_MBEDTLS_CRYPTOCELL
        error = mbedtls_md_update(p_hash_ctx, data_ptr, dataSize);
#else
        error = CC_HashUpdate( hashContext_ptr, data_ptr, dataSize);
#endif
    }

    return error;
}


/**
 * The function returns CC_HASH defined parameters according to given
 * KDF Hash mode
 *
 */
static CCError_t  KdfGetHashParameters(
                                CCKdfHashOpMode_t kdfhashMode,
                                CCHashOperationMode_t *pHashMode,
                                uint32_t *pHashBlockSize,
                                uint32_t *pHashDigestSize)
{
        switch (kdfhashMode) {
        case CC_KDF_HASH_SHA1_mode:
                *pHashMode = CC_HASH_SHA1_mode;
                *pHashDigestSize = CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES;
                *pHashBlockSize = CC_HASH_BLOCK_SIZE_IN_BYTES;
                break;
        case CC_KDF_HASH_SHA224_mode:
                *pHashMode = CC_HASH_SHA224_mode;
                *pHashDigestSize = CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES;
                *pHashBlockSize = CC_HASH_BLOCK_SIZE_IN_BYTES;
                break;
        case CC_KDF_HASH_SHA256_mode:
                *pHashMode = CC_HASH_SHA256_mode;
                *pHashDigestSize = CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES;
                *pHashBlockSize = CC_HASH_BLOCK_SIZE_IN_BYTES;
                break;

        case CC_KDF_HASH_SHA384_mode:
                *pHashMode = CC_HASH_SHA384_mode;
                *pHashDigestSize = CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES;
                *pHashBlockSize = CC_HASH_SHA512_BLOCK_SIZE_IN_BYTES;
                break;
        case CC_KDF_HASH_SHA512_mode:
                *pHashMode = CC_HASH_SHA512_mode;
                *pHashDigestSize = CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES;
                *pHashBlockSize = CC_HASH_SHA512_BLOCK_SIZE_IN_BYTES;
                break;

        default:
                return CC_KDF_INVALID_ARGUMENT_HASH_MODE_ERROR;
        }

        return CC_OK;
}


/************************ Public Functions ******************************/

/************************ Public Functions ******************************/


/****************************************************************/


/****************************************************************/
/*!
 @brief CC_KdfKeyDerivFunc performs key derivation according to one of the modes defined in standards:
        ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2.

The present implementation of the function allows the following operation modes:
<ul><li> CC_KDF_ASN1_DerivMode - mode based on  ASN.1 DER encoding; </li>
<li> CC_KDF_ConcatDerivMode - mode based on concatenation;</li>
<li> CC_KDF_X963_DerivMode = CC_KDF_ConcatDerivMode;</li>
<li> CC_KDF_ISO18033_KDF1_DerivMode, CC_KDF_ISO18033_KDF2_DerivMode - specific modes according to
ISO/IEC 18033-2 standard.</li></ul>

The purpose of this function is to derive a keying data from the shared secret value and some
other optional shared information, included in OtherInfo (SharedInfo).

\note All buffers arguments are represented in Big-Endian format.

@return CC_OK on success.
@return A non-zero value on failure as defined cc_kdf_error.h.
*/
CCError_t  CC_KdfKeyDerivFunc(
                    uint8_t              *pZzSecret,            /*!< [in]  A pointer to shared secret value octet string. */
                    size_t                zzSecretSize,         /*!< [in]  The size of the shared secret value in bytes.
                                                                           The maximal size is defined as: ::CC_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE. */
                    CCKdfOtherInfo_t     *pOtherInfo,           /*!< [in]  A pointer to the structure, containing pointers to the data, shared by
                                       two entities of agreement, depending on KDF mode:
                                                                           1. On KDF ASN1 mode OtherInfo includes ASN1 DER encoding of AlgorithmID (mandatory),
                                                                             and some optional data entries as described in part 7.7.1 of the X9.42 standard;
                                                                           2. On both ISO18033-2 KDF1, KDF2 modes this parameter is ignored and may be set to NULL;
                                                                           3. On other modes it is optional and may be set to NULL. */
                    CCKdfHashOpMode_t     kdfHashMode,          /*!< [in]  The KDF identifier of hash function to be used. The hash function output
                                       must be at least 160 bits. */
                    CCKdfDerivFuncMode_t  derivMode,            /*!< [in]  The enum value, specifies one of above described derivation modes. */
                    uint8_t              *pKeyingData,          /*!< [out] A pointer to the buffer for derived keying data. */
                    size_t                keyingDataSize        /*!< [in]  The size in bytes of the keying data to be derived.
                                                                           The maximal size is defined as :: CC_KDF_MAX_SIZE_OF_KEYING_DATA. */
)

{

    /* FUNCTION DECLARATIONS */

    /* The return error identifier */
    CCError_t error = CC_OK;
    /* HASH function context structure buffer and parameters  */
    CCHashOperationMode_t hashMode;
    uint32_t  hashOutputSize;

    /*The result buffer for the Hash*/
    CCHashResultBuf_t   hashResultBuff;
    /* Total count of full HASH blockss for deriving the keying data */
    uint32_t  countOfHashBlocks;

    /* Loop counters */
    uint32_t  i, j;
    /*counter of Hash blocks (to be hashed with ZZ and OtherInfo) */
    uint32_t counter;
    /* Current output buffer position */
    uint32_t currentOutputBuffPos = 0;

    uint8_t   *pTemp;
    uint32_t  remBuffSize, hashBlockSize;
    uint32_t  kdfHashTempBuff[CC_HASH_SHA512_BLOCK_SIZE_IN_WORDS];
    CCKdfOtherInfoEntries_t fromKdfMode;

#ifdef USE_MBEDTLS_CRYPTOCELL
    const mbedtls_md_info_t *md_info=NULL;
    mbedtls_md_context_t hash_ctx;
#else
    CCHashUserContext_t  hashContext;
#endif

    CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR();

    if (pZzSecret == NULL || pKeyingData == NULL) {
        return CC_KDF_INVALID_ARGUMENT_POINTER_ERROR;
    }

    if (derivMode >= CC_KDF_DerivFunc_NumOfModes) {
        return CC_KDF_INVALID_KEY_DERIVATION_MODE_ERROR;
    }

    if (derivMode == CC_KDF_ASN1_DerivMode &&
        (pOtherInfo == NULL || pOtherInfo->dataPointers[CC_KDF_ALGORITHM_ID] == 0)) {
        return CC_KDF_INVALID_ARGUMENT_POINTER_ERROR;
    }

    /*On KDF1 and KDF2 derivation modes set OtherInfo_ptr = NULL */
    if (derivMode == CC_KDF_ISO18033_KDF1_DerivMode ||
        derivMode == CC_KDF_ISO18033_KDF2_DerivMode) {
        pOtherInfo = NULL;
    }

    /* Check sizes of the input data to be hashed according to KDF        *
    *  limitations                            */
    if (zzSecretSize == 0 || zzSecretSize > CC_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE) {
        return CC_KDF_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR;
    }

    /* Check the size of keying data output. Note: because max size is
       limited in our implementation by CC_KDF_MAX_SIZE_OF_KEYING_DATA
       bytes */
    if (keyingDataSize == 0 || keyingDataSize > CC_KDF_MAX_SIZE_OF_KEYING_DATA) {
        return  CC_KDF_INVALID_KEYING_DATA_SIZE_ERROR;
    }


        /* Get HASH parameters according to current operation modes */
        /*----------------------------------------------------------*/
        error = KdfGetHashParameters(
                        kdfHashMode,
                        &hashMode,
                        &hashBlockSize,
                        &hashOutputSize);
        if (error != CC_OK)
                goto End;


        /* Count of HASH blocks and temp buffer pointer and size */
    countOfHashBlocks = ( keyingDataSize + hashOutputSize - 1 )/ hashOutputSize;
    pTemp = (uint8_t*)&kdfHashTempBuff[0];

#ifdef USE_MBEDTLS_CRYPTOCELL
    md_info = mbedtls_md_info_from_string( HashAlgMode2mbedtlsString[hashMode] );
    if (NULL == md_info)
    {
        error = CC_KDF_INVALID_ARGUMENT_POINTER_ERROR;
        goto End;
    }
    mbedtls_md_init(&hash_ctx);
    error = mbedtls_md_setup(&hash_ctx, md_info, 0);    // 0 = HASH, not HMAC
    if (error != 0)
    {
        goto End;
    }
#endif

    /* **********  Keying data derivation loop ************ */

    for (i = 0; i < countOfHashBlocks; i++) {
        remBuffSize = 0;

        /*.... HASH Init function .....*/
#ifdef USE_MBEDTLS_CRYPTOCELL
        error = mbedtls_md_starts(&hash_ctx);
#else
        error = CC_HashInit(&hashContext, hashMode);
#endif
        if (error != CC_OK)
            goto End;

        /*....... Hashing input data by calling HASH_Update function .......*/
        /*------------------------------------------------------------------*/

        /*.... Hashing of the shared secret value ....*/
#ifdef USE_MBEDTLS_CRYPTOCELL
        error = KdfHashUnalignUpdate(&hash_ctx,
                                           pZzSecret,zzSecretSize,
                                           pTemp, &remBuffSize, hashBlockSize);
#else
        error = KdfHashUnalignUpdate(&hashContext,
                                           pZzSecret,zzSecretSize,
                                           pTemp, &remBuffSize, hashBlockSize);
#endif
        if (error != CC_OK)
            goto End;

        /*.... Hashing of the AlgorithmID (on ASN1 Derivation Mode only) ....*/
        if (derivMode == CC_KDF_ASN1_DerivMode) {
#ifdef USE_MBEDTLS_CRYPTOCELL
                error = KdfHashUnalignUpdate(&hash_ctx,
                                                       pOtherInfo->dataPointers[CC_KDF_ALGORITHM_ID],
                                                       pOtherInfo->dataSizes[CC_KDF_ALGORITHM_ID],
                                                       pTemp, &remBuffSize, hashBlockSize);
#else
            error = KdfHashUnalignUpdate(&hashContext,
                                                   pOtherInfo->dataPointers[CC_KDF_ALGORITHM_ID],
                                                   pOtherInfo->dataSizes[CC_KDF_ALGORITHM_ID],
                                                   pTemp, &remBuffSize, hashBlockSize);
#endif
            if (error != CC_OK)
                goto End;

            fromKdfMode = CC_KDF_PARTY_U_INFO;
        } else {
            fromKdfMode = CC_KDF_ALGORITHM_ID;
        }

        /* Set the blocks counter in big endianness mode */
        if (derivMode == CC_KDF_ISO18033_KDF1_DerivMode)
            counter = i;
        else
            counter = i+1;

#ifndef BIG__ENDIAN
        counter = CC_COMMON_REVERSE32(counter);
#endif

        /*.... Hashing of the blocks counter ....*/
#ifdef USE_MBEDTLS_CRYPTOCELL
        error = KdfHashUnalignUpdate(&hash_ctx,
                                           (uint8_t *)&counter,
                                           sizeof(uint32_t),
                                           pTemp, &remBuffSize,
                                           hashBlockSize);
#else
        error = KdfHashUnalignUpdate(&hashContext,
                                           (uint8_t *)&counter,
                                           sizeof(uint32_t),
                                           pTemp, &remBuffSize,
                                           hashBlockSize);
#endif
        if (error != CC_OK)
            goto End;

        /* ..... Hashing of remaining data of the OtherInfo ..... */
        if (pOtherInfo != NULL) {

            /* OtherInfo data concatenating and hashing loop */
            for (j = fromKdfMode; j < CC_KDF_MAX_COUNT_OF_ENTRIES; j++) {
                                /* if entry exists then hash it */
                if (pOtherInfo->dataPointers[j] != NULL && pOtherInfo->dataSizes[j] != 0) {
#ifdef USE_MBEDTLS_CRYPTOCELL
                        error = KdfHashUnalignUpdate(
                                                            &hash_ctx,
                                                            pOtherInfo->dataPointers[j]/*pointer to entry data*/,
                                                            pOtherInfo->dataSizes[j]/*size of entry data*/,
                                                            pTemp, &remBuffSize, hashBlockSize);
#else
                    error = KdfHashUnalignUpdate(
                                                        &hashContext,
                                                        pOtherInfo->dataPointers[j]/*pointer to entry data*/,
                                                        pOtherInfo->dataSizes[j]/*size of entry data*/,
                                                        pTemp, &remBuffSize, hashBlockSize);
#endif
                    if (error != CC_OK)
                        goto End;
                }
            }
        }

        /* last Hash update on remaining data in the temp buffer */
        if (remBuffSize > 0) {
#ifdef USE_MBEDTLS_CRYPTOCELL
            error = mbedtls_md_update(&hash_ctx, pTemp, remBuffSize);
#else
            error = CC_HashUpdate(&hashContext, pTemp, remBuffSize);
#endif
            if (error != CC_OK)
                goto End;
        }

        /* ..........  HASH Finish operation ............. */
#ifdef USE_MBEDTLS_CRYPTOCELL
        error = mbedtls_md_finish(&hash_ctx, (unsigned char *)hashResultBuff);
#else
        error = CC_HashFinish(&hashContext, hashResultBuff);
#endif
        if (error != CC_OK)
            goto End;

        /* Correction of output data size for last block ( if it is not full ) */
        if (i == (countOfHashBlocks - 1)){
                hashOutputSize = keyingDataSize - i * hashOutputSize;

        }
        /* Copying HASH data into output buffer */
        CC_PalMemCopy(&pKeyingData[currentOutputBuffPos],(uint8_t *)hashResultBuff, hashOutputSize);

        /* Increment the output buffer position */
        currentOutputBuffPos += hashOutputSize;
    }

End:
#ifdef USE_MBEDTLS_CRYPTOCELL
        if(md_info!=NULL){
                mbedtls_md_free(&hash_ctx);
        }
#endif
        /* clean temp buffers */
        CC_PalMemSetZero(&hashResultBuff, sizeof(CCHashResultBuf_t));
        CC_PalMemSetZero(&kdfHashTempBuff, sizeof(kdfHashTempBuff));
#ifdef USE_MBEDTLS_CRYPTOCELL
        CC_PalMemSetZero(&hash_ctx, sizeof(hash_ctx));
#else
        CC_PalMemSetZero(&hashContext, sizeof(hashContext));
#endif

    return error;

}/* END OF CC_KdfKeyDerivFunc */