nxp: ksdk: add support for Koblitz curves

The Kinetis port implementation currently only supports SECP random curves. This commit expands it to also support the accepted SECP koblitz curves, based on user settings. The implementation also makes it easy to add Brainpool curves. Signed-off-by: Fabio Utzig <utzig@apache.org>
2021-10-13 18:02:51 -03:00 · 2021-10-13 18:02:51 -03:00 · ed243b3327
parent 4c70ac73f1
commit ed243b3327
1 changed files with 171 additions and 59 deletions
--- a/wolfcrypt/src/port/nxp/ksdk_port.c
+++ b/wolfcrypt/src/port/nxp/ksdk_port.c
@ -778,121 +778,233 @@ static int ltc_get_from_mp_int(uint8_t *dst, mp_int *a, int sz)
 #define ECC384
 #endif
 /* P-256 */
 #ifdef ECC256
 static const uint8_t ltc_ecc256_modulus[32] = {
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_ecc256_r2modn[32] = { /* R^2 mod N */
    0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFB, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0x04, 0x00, 0x00, 0x00};
 static const uint8_t ltc_ecc256_aCurveParam[32] = {
    0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_ecc256_bCurveParam[32] = {
    0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B, 0xF6, 0xB0, 0x53,
    0xCC, 0xB0, 0x06, 0x1D, 0x65, 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD,
    0xEB, 0xB3, 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A};
 #endif
 #ifdef ECC192
-static const uint8_t ltc_ecc192_modulus[24] = {
+#ifndef NO_ECC_SECP
 static const uint8_t ltc_secp192r1_modulus[24] = {
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-static const uint8_t ltc_ecc192_r2modn[24] = {
+static const uint8_t ltc_secp192r1_r2modn[24] = {
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-static const uint8_t ltc_ecc192_aCurveParam[24] = {
+static const uint8_t ltc_secp192r1_aCurveParam[24] = {
    0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-static const uint8_t ltc_ecc192_bCurveParam[24] = {
+static const uint8_t ltc_secp192r1_bCurveParam[24] = {
    0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE, 0x49, 0x30, 0x24, 0x72,
    0xAB, 0xE9, 0xA7, 0x0F, 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64};
 #endif
 #ifdef HAVE_ECC_KOBLITZ
 static const uint8_t ltc_secp192k1_modulus[24] = {
    0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_secp192k1_r2modn[24] = {
    0xD1, 0x4F, 0x3C, 0x01, 0x92, 0x23, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp192k1_aCurveParam[24] = {
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp192k1_bCurveParam[24] = {
    0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 #endif
 #endif /* ECC192 */
 #ifdef ECC224
-static const uint8_t ltc_ecc224_modulus[28] = {
+#ifndef NO_ECC_SECP
 static const uint8_t ltc_secp224r1_modulus[28] = {
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-static const uint8_t ltc_ecc224_r2modn[28] = {
+static const uint8_t ltc_secp224r1_r2modn[28] = {
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00};
-static const uint8_t ltc_ecc224_aCurveParam[28] = {
+static const uint8_t ltc_secp224r1_aCurveParam[28] = {
    0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-static const uint8_t ltc_ecc224_bCurveParam[28] = {
+static const uint8_t ltc_secp224r1_bCurveParam[28] = {
    0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27, 0xBA, 0xD8,
    0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50, 0x56, 0x32, 0x41, 0xF5,
    0xAB, 0xB3, 0x04, 0x0C, 0x85, 0x0A, 0x05, 0xB4};
 #endif
 #ifdef HAVE_ECC_KOBLITZ
 static const uint8_t ltc_secp224k1_modulus[28] = {
    0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_secp224k1_r2modn[28] = {
    0x69, 0x30, 0xC2, 0x02, 0x26, 0x35, 0x00, 0x00, 0x01, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp224k1_aCurveParam[28] = {
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp224k1_bCurveParam[28] = {
    0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 #endif
 #endif /* ECC224 */
 #ifdef ECC256
 #ifndef NO_ECC_SECP
 static const uint8_t ltc_secp256r1_modulus[32] = {
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_secp256r1_r2modn[32] = { /* R^2 mod N */
    0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFB, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0x04, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp256r1_aCurveParam[32] = {
    0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_secp256r1_bCurveParam[32] = {
    0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B, 0xF6, 0xB0, 0x53,
    0xCC, 0xB0, 0x06, 0x1D, 0x65, 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD,
    0xEB, 0xB3, 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A};
 #endif
 #ifdef HAVE_ECC_KOBLITZ
 static const uint8_t ltc_secp256k1_modulus[32] = {
    0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 static const uint8_t ltc_secp256k1_r2modn[32] = { /* R^2 mod N */
    0xA1, 0x90, 0x0E, 0x00, 0xA2, 0x07, 0x00, 0x00, 0x01, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp256k1_aCurveParam[32] = {
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 static const uint8_t ltc_secp256k1_bCurveParam[32] = {
    0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 #endif
 #endif /* ECC256 */
 #ifdef ECC384
-static const uint8_t ltc_ecc384_modulus[48] = {
+#ifndef NO_ECC_SECP
 static const uint8_t ltc_secp384r1_modulus[48] = {
    0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-static const uint8_t ltc_ecc384_r2modn[48] = {
+static const uint8_t ltc_secp384r1_r2modn[48] = {
    0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
    0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
    0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-static const uint8_t ltc_ecc384_aCurveParam[48] = {
+static const uint8_t ltc_secp384r1_aCurveParam[48] = {
    0xfc, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-static const uint8_t ltc_ecc384_bCurveParam[48] = {
+static const uint8_t ltc_secp384r1_bCurveParam[48] = {
    0xef, 0x2a, 0xec, 0xd3, 0xed, 0xc8, 0x85, 0x2a, 0x9d, 0xd1, 0x2e, 0x8a,
    0x8d, 0x39, 0x56, 0xc6, 0x5a, 0x87, 0x13, 0x50, 0x8f, 0x08, 0x14, 0x03,
    0x12, 0x41, 0x81, 0xfe, 0x6e, 0x9c, 0x1d, 0x18, 0x19, 0x2d, 0xf8, 0xe3,
    0x6b, 0x05, 0x8e, 0x98, 0xe4, 0xe7, 0x3e, 0xe2, 0xa7, 0x2f, 0x31, 0xb3};
 #endif
 #endif /* ECC384 */
 static int ltc_get_ecc_specs(const uint8_t **modulus, const uint8_t **r2modn,
-    const uint8_t **aCurveParam, const uint8_t **bCurveParam, int size)
+    const uint8_t **aCurveParam, const uint8_t **bCurveParam, const uint8_t *prime,
    int size)
 {
-    switch(size) {
+    switch (size) {
 #ifdef ECC256
    case 32:
-        *modulus = ltc_ecc256_modulus;
+#ifndef NO_ECC_SECP
-        *r2modn = ltc_ecc256_r2modn;
+        if (XMEMCMP(prime, ltc_secp256r1_modulus, size) == 0) {
-        *aCurveParam = ltc_ecc256_aCurveParam;
+            *modulus = ltc_secp256r1_modulus;
-        *bCurveParam = ltc_ecc256_bCurveParam;
+            *r2modn = ltc_secp256r1_r2modn;
            *aCurveParam = ltc_secp256r1_aCurveParam;
            *bCurveParam = ltc_secp256r1_bCurveParam;
            return 0;
        }
 #endif
 #ifdef HAVE_ECC_KOBLITZ
        if (XMEMCMP(prime, ltc_secp256k1_modulus, size) == 0) {
            *modulus = ltc_secp256k1_modulus;
            *r2modn = ltc_secp256k1_r2modn;
            *aCurveParam = ltc_secp256k1_aCurveParam;
            *bCurveParam = ltc_secp256k1_bCurveParam;
            return 0;
        }
 #endif
        break;
 #endif /* ECC256 */
 #ifdef ECC224
    case 28:
-        *modulus = ltc_ecc224_modulus;
+#ifndef NO_ECC_SECP
-        *r2modn = ltc_ecc224_r2modn;
+        if (XMEMCMP(prime, ltc_secp224r1_modulus, size) == 0) {
-        *aCurveParam = ltc_ecc224_aCurveParam;
+            *modulus = ltc_secp224r1_modulus;
-        *bCurveParam = ltc_ecc224_bCurveParam;
+            *r2modn = ltc_secp224r1_r2modn;
-        break;
+            *aCurveParam = ltc_secp224r1_aCurveParam;
            *bCurveParam = ltc_secp224r1_bCurveParam;
            return 0;
        }
 #endif
 #ifdef HAVE_ECC_KOBLITZ
        if (XMEMCMP(prime, ltc_secp224k1_modulus, size) == 0) {
            *modulus = ltc_secp224k1_modulus;
            *r2modn = ltc_secp224k1_r2modn;
            *aCurveParam = ltc_secp224k1_aCurveParam;
            *bCurveParam = ltc_secp224k1_bCurveParam;
            return 0;
        }
 #endif
        break;
 #endif /* ECC224 */
 #ifdef ECC192
    case 24:
-        *modulus = ltc_ecc192_modulus;
+#ifndef NO_ECC_SECP
-        *r2modn = ltc_ecc192_r2modn;
+        if (XMEMCMP(prime, ltc_secp192r1_modulus, size) == 0) {
-        *aCurveParam = ltc_ecc192_aCurveParam;
+            *modulus = ltc_secp192r1_modulus;
-        *bCurveParam = ltc_ecc192_bCurveParam;
+            *r2modn = ltc_secp192r1_r2modn;
-        break;
+            *aCurveParam = ltc_secp192r1_aCurveParam;
-#endif
+            *bCurveParam = ltc_secp192r1_bCurveParam;
 #ifdef HAVE_ECC384
    case 48:
        *modulus = ltc_ecc384_modulus;
        *r2modn = ltc_ecc384_r2modn;
        *aCurveParam = ltc_ecc384_aCurveParam;
        *bCurveParam = ltc_ecc384_bCurveParam;
        break;
 #endif
    default:
        return -1;
    }
            return 0;
        }
 #endif
 #ifdef HAVE_ECC_KOBLITZ
        if (XMEMCMP(prime, ltc_secp192k1_modulus, size) == 0) {
            *modulus = ltc_secp192k1_modulus;
            *r2modn = ltc_secp192k1_r2modn;
            *aCurveParam = ltc_secp192k1_aCurveParam;
            *bCurveParam = ltc_secp192k1_bCurveParam;
            return 0;
        }
 #endif
        break;
 #endif /* ECC192 */
 #ifdef ECC384
    case 48:
 #ifndef NO_ECC_SECP
        if (XMEMCMP(prime, ltc_secp384r1_modulus, size) == 0) {
            *modulus = ltc_secp384r1_modulus;
            *r2modn = ltc_secp384r1_r2modn;
            *aCurveParam = ltc_secp384r1_aCurveParam;
            *bCurveParam = ltc_secp384r1_bCurveParam;
            return 0;
        }
 #endif
        break;
 #endif /* ECC384 */
    default:
        break;
    }
    return -1;
 }
 /**
@ -952,7 +1064,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
    /* find LTC friendly parameters for the selected curve */
    if (ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam,
-                                                                   size) != 0) {
+                          (const uint8_t *)modulus->dp, size) != 0) {
        return ECC_BAD_ARG_E;
    }
@ -1024,7 +1136,7 @@ int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m)
    /* find LTC friendly parameters for the selected curve */
    if (ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam,
-                                                                   size) != 0) {
+                          (const uint8_t *)m->dp, size) != 0) {
        res = ECC_BAD_ARG_E;
    }
    else {