add derive DH ECDH

omasse-linaro · Nov 2, 2023 · aca9b0f · aca9b0f
1 parent 9636c46
commit aca9b0f
Show file tree

Hide file tree

Showing 12 changed files with 446 additions and 373 deletions.
diff --git a/host/xtest/acipher_perf.c b/host/xtest/acipher_perf.c
@@ -421,6 +421,44 @@ static TEEC_Result acipher_perf_verify(unsigned int key_alg, size_t key_size,
 	return TEEC_SUCCESS;
 }
 
+static TEEC_Result acipher_perf_derive(unsigned int key_alg, size_t key_size,
+				       unsigned int alg, unsigned int n, unsigned int l)
+{
+	TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
+	uint32_t ret_origin = 0;
+	TEEC_Result res = TEEC_ERROR_GENERIC;
+	struct timespec t0 = {};
+	struct timespec t1 = {};
+	struct statistics stats = {};
+	double sd = 0;
+
+	op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INPUT, TEEC_NONE,
+					 TEEC_NONE, TEEC_NONE);
+
+	op.params[0].value.a = (uint32_t)alg;
+	op.params[0].value.b = (uint32_t)l;
+
+	while (n-- > 0) {
+		get_current_time(&t0);
+
+		res = TEEC_InvokeCommand(&sess, TA_ACIPHER_PERF_CMD_DERIVE,
+					 &op, &ret_origin);
+		if (res)
+			return res;
+
+		get_current_time(&t1);
+		update_stats(&stats, timespec_diff_ns(&t0, &t1));
+	}
+
+	sd = stddev(&stats);
+	printf("Derive\n");
+	printf("min=%gms max=%gms mean=%gms stddev=%gms (cv %g%%) (%gms/op)\n",
+	       stats.min / 1000000, stats.max / 1000000, stats.m / 1000000,
+	       sd / 1000000, 100 * sd / stats.m, (stats.m / 1000000) / stats.n);
+
+	return TEEC_SUCCESS;
+}
+
 static TEEC_Result __unused acipher_perf_op(unsigned int key_alg, size_t key_size,
 				   unsigned int alg, unsigned int n, unsigned int l)
 {
@@ -473,6 +511,16 @@ static TEEC_Result __unused acipher_perf_op(unsigned int key_alg, size_t key_siz
 		if (ret)
 			return ret;
 		break;
+	case TA_ALG_DH_DERIVE_SHARED_SECRET:
+	case TA_ALG_ECDH_DERIVE_SHARED_SECRET:
+	case TA_ALG_X25519:
+	case TA_ALG_X448:
+	case TA_ALG_SM2_KEP:
+	case TA_ALG_HKDF:
+		ret = acipher_perf_derive(key_alg, key_size, alg, n, l);
+		if (ret)
+			return ret;
+		break;
 	case TA_ALG_INVALID:
 	default:
 		return TEEC_ERROR_BAD_PARAMETERS;
@@ -516,6 +564,13 @@ static void usage(const char *progname, unsigned int keysize,
 	fprintf(stderr, "                  - ECDSA_SHA[1|224|256|384|512]\n");
 	fprintf(stderr, "                  - ED25519\n");
 	fprintf(stderr, "                  - SM2_DSA_SM3\n");
+	fprintf(stderr, "                - Derive key operation\n");
+	fprintf(stderr, "                  - DH\n");
+	fprintf(stderr, "                  - ECDH\n");
+	fprintf(stderr, "                  - X25519\n");
+	fprintf(stderr, "                  - X448\n");
+	fprintf(stderr, "                  - SM2_KEP\n");
+	fprintf(stderr, "                  - HKDF\n");
 	fprintf(stderr, "  -k KEY         Keypair to use\n");
 	fprintf(stderr, "                  - RSA\n");
 	fprintf(stderr, "                  - DSA\n");
@@ -531,8 +586,7 @@ static void usage(const char *progname, unsigned int keysize,
 	fprintf(stderr,	"  -r|--random   Get input data from /dev/urandom (default: all zeros)\n");
 	fprintf(stderr,	"  -v            Be verbose (use twice for greater effect)\n");
 	fprintf(stderr,	"  -w|--warmup SEC  Warm-up time in seconds: execute a busy loop before\n");
-	fprintf(stderr,	"                   the test to mitigate the effects of cpufreq etc. [%u]\n",
-		warmup);
+	fprintf(stderr,	"                   the test to mitigate the effects of cpufreq etc. [%u]\n", warmup);
 }
 
 #define NEXT_ARG(i) \
@@ -650,6 +704,18 @@ int acipher_perf_runner_cmd_parser(int argc, char *argv[])
 				alg = TA_ALG_ED25519;
 			else if (!strcasecmp(argv[i], "SM2_DSA_SM3"))
 				alg = TA_ALG_SM2_DSA_SM3;
+			else if (!strcasecmp(argv[i], "DH"))
+				alg = TA_ALG_DH_DERIVE_SHARED_SECRET;
+			else if (!strcasecmp(argv[i], "ECDH"))
+				alg = TA_ALG_ECDH_DERIVE_SHARED_SECRET;
+			else if (!strcasecmp(argv[i], "X25519"))
+				alg = TA_ALG_X25519;
+			else if (!strcasecmp(argv[i], "X448"))
+				alg = TA_ALG_X448;
+			else if (!strcasecmp(argv[i], "SM2_KEP"))
+				alg = TA_ALG_SM2_KEP;
+			else if (!strcasecmp(argv[i], "HKDF"))
+				alg = TA_ALG_HKDF;
 		} else if (!strcmp(argv[i], "-k")) {
 			NEXT_ARG(i);
 			if (!strcasecmp(argv[i], "RSA"))

diff --git a/ta/acipher_perf/dh.c b/ta/acipher_perf/dh.c
@@ -18,20 +18,20 @@
  * for i in {256..2048..64}; do openssl dhparam -C -5 $i; done
  */
 static const uint8_t keygen_dh256_p[] = {
-	0xB6, 0x73, 0x91, 0xB5, 0xD6, 0xBC, 0x95, 0x73, 0x0D, 0x53, 0x64, 0x13,
-	0xB0, 0x51, 0xC6, 0xB4, 0xEB, 0x9D, 0x74, 0x57, 0x8D, 0x65, 0x3A, 0x4B,
-	0x7A, 0xB2, 0x93, 0x27, 0xA6, 0xC1, 0xBC, 0xAB,
+	0xB6, 0x73, 0x91, 0xB5, 0xD6, 0xBC, 0x95, 0x73, 0x0D, 0x53, 0x64,
+	0x13, 0xB0, 0x51, 0xC6, 0xB4, 0xEB, 0x9D, 0x74, 0x57, 0x8D, 0x65,
+	0x3A, 0x4B, 0x7A, 0xB2, 0x93, 0x27, 0xA6, 0xC1, 0xBC, 0xAB,
 };
 
 static const uint8_t keygen_dh256_g[] = {
 	0x05,
 };
 
 static const uint8_t keygen_dh320_p[] = {
-	0x80, 0x72, 0x50, 0x4F, 0x85, 0xD2, 0x32, 0x70, 0xA3, 0x11, 0xF4, 0x46,
-	0x01, 0x72, 0xD0, 0x72, 0x96, 0xA5, 0x1B, 0xFA, 0x8F, 0x35, 0x49, 0x75,
-	0x04, 0xA5, 0x5A, 0x62, 0xB6, 0x33, 0xD6, 0x3C, 0x46, 0xD1, 0xED, 0xD7,
-	0xB1, 0xD4, 0xBA, 0xF3,
+	0x80, 0x72, 0x50, 0x4F, 0x85, 0xD2, 0x32, 0x70, 0xA3, 0x11,
+	0xF4, 0x46, 0x01, 0x72, 0xD0, 0x72, 0x96, 0xA5, 0x1B, 0xFA,
+	0x8F, 0x35, 0x49, 0x75, 0x04, 0xA5, 0x5A, 0x62, 0xB6, 0x33,
+	0xD6, 0x3C, 0x46, 0xD1, 0xED, 0xD7, 0xB1, 0xD4, 0xBA, 0xF3,
 };
 
 static const uint8_t keygen_dh320_g[] = {
@@ -62,12 +62,12 @@ static const uint8_t keygen_dh448_g[] = {
 };
 
 static const uint8_t keygen_dh512_p[] = {
-	0xCF, 0x09, 0xB8, 0xCD, 0x0B, 0xC5, 0x9D, 0xBD, 0x7A, 0x34, 0x50, 0x55,
-	0xEC, 0xD4, 0xED, 0x92, 0x9D, 0x63, 0x92, 0xF9, 0x1D, 0x42, 0xF3, 0x64,
-	0x04, 0x3D, 0xCC, 0xAA, 0x5F, 0xD1, 0xBB, 0xEA, 0x44, 0x12, 0xFC, 0xF0,
-	0xFB, 0xFF, 0x26, 0x57, 0xE3, 0x6E, 0xA8, 0x3F, 0x45, 0x43, 0x11, 0x81,
-	0xC6, 0x79, 0xF0, 0x0B, 0x11, 0x23, 0x1D, 0x7B, 0x1E, 0x59, 0xA8, 0xB8,
-	0x69, 0x44, 0xA7, 0xE3,
+	0xCF, 0x09, 0xB8, 0xCD, 0x0B, 0xC5, 0x9D, 0xBD, 0x7A, 0x34, 0x50,
+	0x55, 0xEC, 0xD4, 0xED, 0x92, 0x9D, 0x63, 0x92, 0xF9, 0x1D, 0x42,
+	0xF3, 0x64, 0x04, 0x3D, 0xCC, 0xAA, 0x5F, 0xD1, 0xBB, 0xEA, 0x44,
+	0x12, 0xFC, 0xF0, 0xFB, 0xFF, 0x26, 0x57, 0xE3, 0x6E, 0xA8, 0x3F,
+	0x45, 0x43, 0x11, 0x81, 0xC6, 0x79, 0xF0, 0x0B, 0x11, 0x23, 0x1D,
+	0x7B, 0x1E, 0x59, 0xA8, 0xB8, 0x69, 0x44, 0xA7, 0xE3,
 };
 
 static const uint8_t keygen_dh512_g[] = {
@@ -102,14 +102,14 @@ static const uint8_t keygen_dh640_g[] = {
 };
 
 static const uint8_t keygen_dh704_p[] = {
-	0xA6, 0xBF, 0xA1, 0x02, 0x02, 0xA7, 0x7A, 0x6E, 0xFC, 0x48, 0x55, 0x81,
-	0x23, 0x3F, 0x08, 0x8E, 0x83, 0xE9, 0x10, 0x92, 0x96, 0x82, 0x5F, 0xB8,
-	0x88, 0x28, 0x0C, 0x6A, 0x04, 0x41, 0xEF, 0x4C, 0xCC, 0x2F, 0x16, 0xCD,
-	0xA4, 0x2F, 0x24, 0x3B, 0xB6, 0x8A, 0x45, 0x76, 0xB3, 0xFA, 0x23, 0x83,
-	0x53, 0xB2, 0x8F, 0x0C, 0xAE, 0xF9, 0xE8, 0xDB, 0x46, 0x5B, 0xBF, 0x7E,
-	0xC3, 0x6F, 0x4F, 0xE6, 0xE7, 0x51, 0x75, 0x49, 0xB5, 0x4B, 0xBE, 0x48,
-	0x51, 0x64, 0x9F, 0x5D, 0x56, 0xC7, 0x28, 0x9C, 0xC5, 0xBD, 0x0C, 0xD2,
-	0x3A, 0x63, 0x49, 0x57,
+	0xA6, 0xBF, 0xA1, 0x02, 0x02, 0xA7, 0x7A, 0x6E, 0xFC, 0x48, 0x55,
+	0x81, 0x23, 0x3F, 0x08, 0x8E, 0x83, 0xE9, 0x10, 0x92, 0x96, 0x82,
+	0x5F, 0xB8, 0x88, 0x28, 0x0C, 0x6A, 0x04, 0x41, 0xEF, 0x4C, 0xCC,
+	0x2F, 0x16, 0xCD, 0xA4, 0x2F, 0x24, 0x3B, 0xB6, 0x8A, 0x45, 0x76,
+	0xB3, 0xFA, 0x23, 0x83, 0x53, 0xB2, 0x8F, 0x0C, 0xAE, 0xF9, 0xE8,
+	0xDB, 0x46, 0x5B, 0xBF, 0x7E, 0xC3, 0x6F, 0x4F, 0xE6, 0xE7, 0x51,
+	0x75, 0x49, 0xB5, 0x4B, 0xBE, 0x48, 0x51, 0x64, 0x9F, 0x5D, 0x56,
+	0xC7, 0x28, 0x9C, 0xC5, 0xBD, 0x0C, 0xD2, 0x3A, 0x63, 0x49, 0x57,
 };
 
 static const uint8_t keygen_dh704_g[] = {
@@ -437,7 +437,6 @@ static const uint8_t keygen_dh1728_p[] = {
 	0x6A, 0x8F, 0x97, 0xA7, 0x3F, 0x06, 0x2E, 0xB2, 0x97, 0xEC, 0x5A, 0xFB,
 };
 
-
 static const uint8_t keygen_dh1728_g[] = {
 	0x05,
 };
@@ -579,25 +578,48 @@ static const uint8_t keygen_dh2048_g[] = {
 	0x05,
 };
 
+static const uint8_t derive_key_dh_public_value[] = {
+	0xbb, 0xe9, 0x18, 0xdd, 0x4b, 0x2b, 0x94, 0x1b, 0x10, 0x0e, 0x88, 0x35,
+	0x28, 0x68, 0xfc, 0x62, 0x04, 0x38, 0xa6, 0xdb, 0x32, 0xa6, 0x9e, 0xee,
+	0x6c, 0x6f, 0x45, 0x1c, 0xa3, 0xa6, 0xd5, 0x37, 0x77, 0x75, 0x5b, 0xc1,
+	0x37, 0x0a, 0xce, 0xfe, 0x2b, 0x8f, 0x13, 0xa9, 0x14, 0x2c, 0x5b, 0x44,
+	0x15, 0x78, 0x86, 0x30, 0xd6, 0x95, 0xb1, 0x92, 0x20, 0x63, 0xa3, 0xcf,
+	0x9d, 0xef, 0x65, 0x61, 0x27, 0x4d, 0x24, 0x01, 0xe7, 0xa1, 0x45, 0xf2,
+	0xd8, 0xb9, 0x3a, 0x45, 0x17, 0xf4, 0x19, 0xd0, 0x5e, 0xf8, 0xcb, 0x35,
+	0x59, 0x37, 0x9d, 0x04, 0x20, 0xa3, 0xbf, 0x02, 0xad, 0xfe, 0xa8, 0x60,
+	0xb2, 0xc3, 0xee, 0x85, 0x58, 0x90, 0xf3, 0xb5, 0x57, 0x2b, 0xb4, 0xef,
+	0xd7, 0x8f, 0x37, 0x68, 0x78, 0x7c, 0x71, 0x52, 0x9d, 0x5e, 0x0a, 0x61,
+	0x4f, 0x09, 0x89, 0x92, 0x39, 0xf7, 0x4b, 0x01
+};
+
+static const uint8_t derive_key_dh_private_value[] = {
+	0x53, 0x8d, 0x3d, 0x64, 0x27, 0x4a, 0x40, 0x05, 0x9b, 0x9c, 0x26, 0xe9,
+	0x13, 0xe6, 0x91, 0x53, 0x23, 0x7b, 0x55, 0x83
+};
+
+#define DH_DERIVE_ATTR() \
+	attrs[0].attributeID = TEE_ATTR_DH_PUBLIC_VALUE; \
+	attrs[0].content.ref.buffer = (void *)derive_key_dh_public_value; \
+	attrs[0].content.ref.length = ARRAY_SIZE(derive_key_dh_public_value);
+
 #define DH_ATTR(size) \
 	attrs[0].attributeID = TEE_ATTR_DH_PRIME; \
 	attrs[0].content.ref.buffer = (void *)keygen_dh##size##_p; \
 	attrs[0].content.ref.length = ARRAY_SIZE(keygen_dh##size##_p); \
 	attrs[1].attributeID = TEE_ATTR_DH_BASE; \
 	attrs[1].content.ref.buffer = (void *)keygen_dh##size##_g; \
-	attrs[1].content.ref.length = ARRAY_SIZE(keygen_dh##size##_g); \
-
+	attrs[1].content.ref.length = ARRAY_SIZE(keygen_dh##size##_g);
 
 TEE_Result dh_prepare_key(size_t key_size_bits, TEE_ObjectHandle *key,
-			   TEE_Attribute *attrs, unsigned int *nb_attrs)
+			  TEE_Attribute *attrs, unsigned int *nb_attrs)
 {
 	TEE_Result res = TEE_ERROR_GENERIC;
 
 	assert(key);
 	assert(attrs);
 	assert(nb_attrs);
 
-	switch(key_size_bits) {
+	switch (key_size_bits) {
 	case 256:
 		DH_ATTR(256);
 		break;
@@ -701,3 +723,29 @@ TEE_Result dh_prepare_key(size_t key_size_bits, TEE_ObjectHandle *key,
 	return TEE_SUCCESS;
 }
 
+TEE_Result dh_prepare_derive(uint32_t ta_alg, size_t key_size_bits,
+			     TEE_OperationHandle *derive_op,
+			     TEE_ObjectHandle *derived_key,
+			     TEE_Attribute *attrs, unsigned int *nb_attrs)
+{
+	TEE_Result res = TEE_ERROR_GENERIC;
+
+	res = TEE_AllocateOperation(derive_op, TEE_ALG_DH_DERIVE_SHARED_SECRET,
+				    TEE_MODE_DERIVE, key_size_bits);
+	if (res) {
+		EMSG("Fail to allocate derive operation");
+		return res;
+	}
+
+	DH_DERIVE_ATTR();
+	*nb_attrs = 1;
+
+	res = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET,
+					  key_size_bits, derived_key);
+	if (res) {
+		EMSG("Fail to allocate derived key");
+		return res;
+	}
+
+	return TEE_SUCCESS;
+}