diff --git a/src/hsm/cmd_derive_asym.c b/src/hsm/cmd_derive_asym.c index 700a5f1..25f1af8 100644 --- a/src/hsm/cmd_derive_asym.c +++ b/src/hsm/cmd_derive_asym.c @@ -53,13 +53,13 @@ int cmd_derive_asym() { return SW_WRONG_LENGTH(); } if (apdu.data[0] == ALGO_EC_DERIVE) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); int r; - r = load_private_key_ecdsa(&ctx, fkey); + r = load_private_key_ec(&ctx, fkey); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r == CCID_VERIFICATION_FAILED) { return SW_SECURE_MESSAGE_EXEC_ERROR(); } @@ -70,7 +70,7 @@ int cmd_derive_asym() { mbedtls_mpi_init(&nd); r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1); if (r != 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); mbedtls_mpi_free(&a); mbedtls_mpi_free(&nd); return SW_DATA_INVALID(); @@ -78,22 +78,22 @@ int cmd_derive_asym() { r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a); mbedtls_mpi_free(&a); if (r != 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); mbedtls_mpi_free(&nd); return SW_EXEC_ERROR(); } r = mbedtls_mpi_copy(&ctx.d, &nd); mbedtls_mpi_free(&nd); if (r != 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } r = store_keys(&ctx, HSM_KEY_EC, dest_id); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); } else { return SW_WRONG_DATA(); diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c index af41cb0..d2db187 100644 --- a/src/hsm/cmd_general_authenticate.c +++ b/src/hsm/cmd_general_authenticate.c @@ -43,11 +43,11 @@ int cmd_general_authenticate() { if (!fkey) { return SW_EXEC_ERROR(); } - mbedtls_ecdsa_context ectx; - mbedtls_ecdsa_init(&ectx); - r = load_private_key_ecdsa(&ectx, fkey); + mbedtls_ecp_keypair ectx; + mbedtls_ecp_keypair_init(&ectx); + r = load_private_key_ecdh(&ectx, fkey); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); return SW_EXEC_ERROR(); } mbedtls_ecdh_context ctx; @@ -55,12 +55,12 @@ int cmd_general_authenticate() { mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1; r = mbedtls_ecdh_setup(&ctx, gid); if (r != 0) { - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); mbedtls_ecdh_free(&ctx); return SW_DATA_INVALID(); } r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d); - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); if (r != 0) { mbedtls_ecdh_free(&ctx); return SW_DATA_INVALID(); diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index d9cbf8f..581a718 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -71,18 +71,18 @@ int cmd_key_wrap() { mbedtls_rsa_free(&ctx); } else if (*dprkd == P15_KEYTYPE_ECC) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); - r = load_private_key_ecdsa(&ctx, ef); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); + r = load_private_key_ec(&ctx, ef); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r == CCID_VERIFICATION_FAILED) { return SW_SECURE_MESSAGE_EXEC_ERROR(); } return SW_EXEC_ERROR(); } r = dkek_encode_key(kdom, &ctx, HSM_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len); - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); } else if (*dprkd == P15_KEYTYPE_AES) { uint8_t kdata[64]; //maximum AES key size diff --git a/src/hsm/cmd_signature.c b/src/hsm/cmd_signature.c index 30f0344..16b4c57 100644 --- a/src/hsm/cmd_signature.c +++ b/src/hsm/cmd_signature.c @@ -20,6 +20,7 @@ #include "asn1.h" #include "mbedtls/oid.h" #include "random.h" +#include "mbedtls/eddsa.h" extern mbedtls_ecp_keypair hd_context; extern uint8_t hd_keytype; @@ -233,8 +234,8 @@ int cmd_signature() { mbedtls_rsa_free(&ctx); } else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); md = MBEDTLS_MD_SHA256; if (p2 == ALGO_EC_RAW) { if (apdu.nc == 32) { @@ -268,9 +269,9 @@ int cmd_signature() { else if (p2 == ALGO_EC_SHA512) { md = MBEDTLS_MD_SHA512; } - int r = load_private_key_ecdsa(&ctx, fkey); + int r = load_private_key_ec(&ctx, fkey); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r == CCID_VERIFICATION_FAILED) { return SW_SECURE_MESSAGE_EXEC_ERROR(); } @@ -278,14 +279,20 @@ int cmd_signature() { } size_t olen = 0; uint8_t buf[MBEDTLS_ECDSA_MAX_LEN]; - if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN, - &olen, random_gen, NULL) != 0) { - mbedtls_ecdsa_free(&ctx); + if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) { + r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL); + } + else { + r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN, + &olen, random_gen, NULL); + } + if (r != 0) { + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } memcpy(res_APDU, buf, olen); res_APDU_size = olen; - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); } else if (p2 == ALGO_HD) { size_t olen = 0; diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index c91c4b4..2c6ad77 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -72,7 +72,7 @@ const uint8_t *pointA[] = { "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC", }; -size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, size_t buf_len) { +size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_t buf_len) { uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN]; const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 }; size_t p_size = mbedtls_mpi_size(&ecdsa->grp.P), a_size = mbedtls_mpi_size(&ecdsa->grp.A); @@ -324,10 +324,10 @@ size_t asn1_cvc_aut(void *rsa_ecdsa, if (!fkey) { return 0; } - mbedtls_ecdsa_context ectx; - mbedtls_ecdsa_init(&ectx); - if (load_private_key_ecdsa(&ectx, fkey) != CCID_OK) { - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair ectx; + mbedtls_ecp_keypair_init(&ectx); + if (load_private_key_ec(&ectx, fkey) != CCID_OK) { + mbedtls_ecp_keypair_free(&ectx); return 0; } int ret = 0, key_size = 2 * mbedtls_mpi_size(&ectx.d); @@ -354,7 +354,7 @@ size_t asn1_cvc_aut(void *rsa_ecdsa, mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL); - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); if (ret != 0) { mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index b0751cd..35eb399 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -623,7 +623,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) { return CCID_OK; } -int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { +int load_private_key_ec_purpose(mbedtls_ecp_keypair *ctx, file_t *fkey, bool sign) { if (wait_button_pressed() == true) { // timeout return CCID_VERIFICATION_FAILED; } @@ -635,20 +635,39 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { return CCID_EXEC_ERROR; } mbedtls_ecp_group_id gid = kdata[0]; + if (sign == true) { + if (gid == MBEDTLS_ECP_DP_CURVE25519) { + gid = MBEDTLS_ECP_DP_ED25519; + } + else if (gid == MBEDTLS_ECP_DP_CURVE448) { + gid = MBEDTLS_ECP_DP_ED448; + } + } int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1); if (r != 0) { mbedtls_platform_zeroize(kdata, sizeof(kdata)); - mbedtls_ecdsa_free(ctx); + mbedtls_ecp_keypair_free(ctx); return CCID_EXEC_ERROR; } mbedtls_platform_zeroize(kdata, sizeof(kdata)); - r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL); + if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) { + r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL); + } + else { + r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL); + } if (r != 0) { - mbedtls_ecdsa_free(ctx); + mbedtls_ecp_keypair_free(ctx); return CCID_EXEC_ERROR; } return CCID_OK; } +int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) { + return load_private_key_ec_purpose(ctx, fkey, true); +} +int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) { + return load_private_key_ec_purpose(ctx, fkey, false); +} #define INS_VERIFY 0x20 #define INS_MSE 0x22 diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h index e80de37..5a9fcc6 100644 --- a/src/hsm/sc_hsm.h +++ b/src/hsm/sc_hsm.h @@ -118,7 +118,8 @@ extern int delete_file(file_t *ef); extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len); extern bool key_has_purpose(file_t *ef, uint8_t purpose); extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey); -extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey); +extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey); +extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey); extern bool wait_button_pressed(); extern int store_keys(void *key_ctx, int type, uint8_t key_id); extern int find_and_store_meta_key(uint8_t key_id);