feat(crypto): Implement ECDSA component

common/ta_errors.c

@@ -204,6 +204,19 @@ const char* ta_error_to_string(status_t err) {
       return "Error occurred when reading message from CAN BUS socket";
     case SC_ENDPOINT_CAN_CLOSE_ERROR:
       return "Error occurred when closing CAN BUS socket";
+
+    // Crypto
+    case SC_CRYPTO_RAND_INIT:
+      return "Failed to generate random number generator";
+    case SC_CRYPTO_GEN_KEY:
+      return "Failed to generate ECDH public key";
+    case SC_CRYPTO_COMPUTE_SECRET:
+      return "Failed to compute ECDH shared secret";
+    case SC_CRYPTO_HASH:
+      return "Failed to hash";
+    case SC_CRYPTO_ECDSA_SIGN:
+      return "Failed to sign with ECDSA";
+
     default:
       return "Unknown error.";
   }

common/ta_errors.h

@@ -57,6 +57,7 @@ extern "C" {
 #define SC_MODULE_STORAGE (0x0A << SC_MODULE_SHIFT)
 #define SC_MODULE_CORE (0x0B << SC_MODULE_SHIFT)
 #define SC_MODULE_ENDPOINT (0x0C << SC_MODULE_SHIFT)
+#define SC_MODULE_CRYPTO (0x0D << SC_MODULE_SHIFT)
 /** @} */
 
 /** @name serverity code */
@@ -269,6 +270,18 @@ typedef enum {
   SC_ENDPOINT_CAN_CLOSE_ERROR = 0x0F | SC_MODULE_ENDPOINT | SC_SEVERITY_FATAL,
   /**< Failed to close CAN BUS socket */
 
+  // Crypto module
+  SC_CRYPTO_RAND_INIT = 0x01 | SC_MODULE_CRYPTO | SC_SEVERITY_FATAL,
+  /**< Failed to generate random number generator */
+  SC_CRYPTO_GEN_KEY = 0x02 | SC_MODULE_CRYPTO | SC_SEVERITY_FATAL,
+  /**< Failed to generate ECDH public key, or ECDSA key pair */
+  SC_CRYPTO_COMPUTE_SECRET = 0x03 | SC_MODULE_CRYPTO | SC_SEVERITY_FATAL,
+  /**< Failed to compute ECDH shared secret */
+  SC_CRYPTO_HASH = 0x04 | SC_MODULE_CRYPTO | SC_SEVERITY_FATAL,
+  /**< Failed to hash */
+  SC_CRYPTO_ECDSA_SIGN = 0x05 | SC_MODULE_CRYPTO | SC_SEVERITY_FATAL,
+  /**< Failed to sign with ECDSA */
+
 } status_t;
 
 typedef enum {

crypto/BUILD

@@ -0,0 +1,34 @@
+cc_library(
+    name = "ecdh",
+    srcs = ["ecdh.c"],
+    hdrs = ["ecdh.h"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":randomness",
+        "//common",
+        "@mbedtls",
+    ],
+)
+
+cc_library(
+    name = "ecdsa",
+    srcs = ["ecdsa.c"],
+    hdrs = ["ecdsa.h"],
+    visibility = ["//visibility:public"],
+    deps = [
+        ":randomness",
+        "//common",
+        "@mbedtls",
+    ],
+)
+
+cc_library(
+    name = "randomness",
+    srcs = ["randomness.c"],
+    hdrs = ["randomness.h"],
+    visibility = ["//visibility:public"],
+    deps = [
+        "//common",
+        "@mbedtls",
+    ],
+)

crypto/ecdh.c

@@ -0,0 +1,60 @@
+#include "ecdh.h"
+
+#define logger_id crypto_logger_id
+
+status_t ecdh_gen_public_key(mbedtls_ecdh_context *ctx, mbedtls_ctr_drbg_context *ctr_drbg, unsigned char *pkey) {
+  int ret = 1;
+  status_t sc = SC_OK;
+
+  ret = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_CURVE25519);
+  if (ret != 0) {
+    ta_log_error("mbedtls_ecp_group_load returned %d\n", ret);
+    sc = SC_CRYPTO_GEN_KEY;
+    goto exit;
+  }
+
+  ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q, mbedtls_ctr_drbg_random, ctr_drbg);
+  if (ret != 0) {
+    ta_log_error("mbedtls_ecdh_gen_public returned %d\n", ret);
+    sc = SC_CRYPTO_GEN_KEY;
+    goto exit;
+  }
+
+  ret = mbedtls_mpi_write_binary(&ctx->Q.X, pkey, SHARE_DATA_LEN);
+  if (ret != 0) {
+    ta_log_error("mbedtls_mpi_write_binary returned %d\n", ret);
+    sc = SC_CRYPTO_GEN_KEY;
+  }
+
+exit:
+  return sc;
+}
+
+status_t ecdh_compute_shared_secret(mbedtls_ecdh_context *ctx, mbedtls_ctr_drbg_context *ctr_drbg,
+                                    unsigned char *input_shared_data) {
+  int ret = 1;
+  status_t sc = SC_OK;
+
+  ret = mbedtls_mpi_lset(&ctx->Qp.Z, 1);
+  if (ret != 0) {
+    ta_log_error("mbedtls_mpi_lset returned %d\n", ret);
+    sc = SC_CRYPTO_COMPUTE_SECRET;
+    goto exit;
+  }
+
+  ret = mbedtls_mpi_read_binary(&ctx->Qp.X, input_shared_data, SHARE_DATA_LEN);
+  if (ret != 0) {
+    ta_log_error("mbedtls_mpi_read_binary returned %d\n", ret);
+    sc = SC_CRYPTO_COMPUTE_SECRET;
+    goto exit;
+  }
+
+  ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp, &ctx->d, mbedtls_ctr_drbg_random, ctr_drbg);
+  if (ret != 0) {
+    ta_log_error("mbedtls_ecdh_compute_shared returned %d\n", ret);
+    sc = SC_CRYPTO_COMPUTE_SECRET;
+  }
+
+exit:
+  return sc;
+}

crypto/ecdh.h

@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2020 BiiLabs Co., Ltd. and Contributors
+ * All Rights Reserved.
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the MIT license. A copy of the license can be found in the file
+ * "LICENSE" at the root of this distribution.
+ */
+
+#ifndef ECDH_ECDH_H
+#define ECDH_ECDH_H
+
+#include "common/logger.h"
+#include "common/ta_errors.h"
+#include "mbedtls/config.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/platform.h"
+#include "randomness.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SHARE_DATA_LEN 32
+
+/**
+ * @brief Initialize ECDH context and generate ECDH keypair
+ *
+ * @param[in] ctx ECDH context
+ * @param[in] ctr_drbg Counter-mode block-cipher-based Deterministic Random Bit Generator object
+ * @param[out] pkey Output public key which would be sent to counterpart
+ *
+ * @return
+ * - SC_OK on success
+ * - non-zero on error
+ */
+status_t ecdh_gen_public_key(mbedtls_ecdh_context *ctx, mbedtls_ctr_drbg_context *ctr_drbg, unsigned char *pkey);
+
+/**
+ * @brief Compute the shared secret by Diffie–Hellman key exchange protocol
+ *
+ * @param[in] ctx ECDH context
+ * @param[in] ctr_drbg Counter-mode block-cipher-based Deterministic Random Bit Generator object
+ * @param[in] input_shared_data The public key sent by counterpart
+ *
+ * @return
+ * - SC_OK on success
+ * - non-zero on error
+ */
+status_t ecdh_compute_shared_secret(mbedtls_ecdh_context *ctx, mbedtls_ctr_drbg_context *ctr_drbg,
+                                    unsigned char *input_shared_data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // ECDH_ECDH_H

crypto/ecdsa.c

@@ -0,0 +1,48 @@
+#include "ecdsa.h"
+
+#define logger_id crypto_logger_id
+
+static void dump_buf(char *title, unsigned char *buf, const int len) {
+  char dump[len + 1];
+  for (int i = 0; i < len; i++) {
+    dump[i * 2] = "0123456789ABCDEF"[buf[i] / 16];
+    dump[i * 2 + 1] = "0123456789ABCDEF"[buf[i] % 16];
+  }
+  ta_log_debug("%s%s\n", title, dump);
+}
+
+status_t ecdsa_gen_key_pair(mbedtls_ecdsa_context *ctx_sign, mbedtls_ctr_drbg_context *ctr_drbg) {
+  int ret = 1;
+  status_t sc = SC_OK;
+
+  if ((ret = mbedtls_ecdsa_genkey(ctx_sign, MBEDTLS_ECP_DP_SECP192R1, mbedtls_ctr_drbg_random, ctr_drbg)) != 0) {
+    ta_log_error("mbedtls_ecdsa_genkey returned %d\n", ret);
+    sc = SC_CRYPTO_GEN_KEY;
+  }
+
+  return sc;
+}
+
+status_t compute_sha256(unsigned char *msg, const int msg_len, unsigned char *hash) {
+  int ret = 1;
+  status_t sc = SC_OK;
+  if ((ret = mbedtls_sha256_ret(msg, msg_len, hash, 0)) != 0) {
+    ta_log_error("mbedtls_sha256_ret returned %d\n", ret);
+    sc = SC_CRYPTO_HASH;
+  }
+
+  return sc;
+}
+
+status_t ecdsa_sign_msg(mbedtls_ecdsa_context *ctx_sign, mbedtls_ctr_drbg_context *ctr_drbg, unsigned char *hash,
+                        const uint16_t hash_len, unsigned char *sig, size_t *sig_len) {
+  int ret = 1;
+  status_t sc = SC_OK;
+  if ((ret = mbedtls_ecdsa_write_signature(ctx_sign, MBEDTLS_MD_SHA256, hash, hash_len, sig, sig_len,
+                                           mbedtls_ctr_drbg_random, ctr_drbg)) != 0) {
+    ta_log_error("mbedtls_ecdsa_write_signature returned %d\n", ret);
+    sc = SC_CRYPTO_ECDSA_SIGN;
+  }
+
+  return sc;
+}

crypto/ecdsa.h

@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2020 BiiLabs Co., Ltd. and Contributors
+ * All Rights Reserved.
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the MIT license. A copy of the license can be found in the file
+ * "LICENSE" at the root of this distribution.
+ */
+
+#include "mbedtls/config.h"
+#include "mbedtls/platform.h"
+
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/sha256.h"
+
+#include <string.h>
+
+#include "common/logger.h"
+#include "common/ta_errors.h"
+#include "randomness.h"
+
+#define SHA256_LEN 32
+
+/**
+ * @brief Generate ECDSA key pair
+ *
+ * @param[in] ctx_sign ECDSA context for signing
+ * @param[in] ctr_drbg Counter-mode block-cipher-based Deterministic Random Bit Generator object
+ *
+ * @return
+ * - SC_OK on success
+ * - non-zero on error
+ */
+status_t ecdsa_gen_key_pair(mbedtls_ecdsa_context *ctx_sign, mbedtls_ctr_drbg_context *ctr_drbg);
+
+/**
+ * @brief Compute SHA256
+ *
+ * @param[in] msg Message is going to be hashed
+ * @param[in] msg_len The length of message
+ * @param[out] hash The output hash result
+ *
+ * @return
+ * - SC_OK on success
+ * - non-zero on error
+ */
+status_t compute_sha256(unsigned char *msg, const int msg_len, unsigned char *hash);
+
+/**
+ * @brief Sign messega with ECDSA
+ *
+ * @param[in] ctx_sign ECDSA context for signing
+ * @param[in] ctr_drbg Counter-mode block-cipher-based Deterministic Random Bit Generator object
+ * @param[in] input The input string
+ * @param[in] input_len The length of input string
+ * @param[out] sig Output signed message
+ * @param[out] sig_len The length of signed message
+ *
+ * @return
+ * - SC_OK on success
+ * - non-zero on error
+ */
+status_t ecdsa_sign_msg(mbedtls_ecdsa_context *ctx_sign, mbedtls_ctr_drbg_context *ctr_drbg, unsigned char *input,
+                        const uint16_t input_len, unsigned char *sig, size_t *sig_len);

crypto/randomness.c

@@ -0,0 +1,33 @@
+#include "randomness.h"
+
+#define CRYPTO_LOGGER "crypto"
+#define logger_id crypto_logger_id
+
+void crypto_logger_init() { logger_id = logger_helper_enable(CRYPTO_LOGGER, LOGGER_DEBUG, true); }
+
+int crypto_logger_release() {
+  logger_helper_release(logger_id);
+  return 0;
+}
+
+status_t rand_num_gen_init(mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg, char *rand_seed,
+                           uint16_t seed_len) {
+  int ret = 1;
+  status_t sc = SC_OK;
+
+  mbedtls_ctr_drbg_init(ctr_drbg);
+  mbedtls_entropy_init(entropy);
+
+  if ((ret = mbedtls_ctr_drbg_seed(ctr_drbg, mbedtls_entropy_func, entropy, (const unsigned char *)rand_seed,
+                                   seed_len)) != 0) {
+    ta_log_error("mbedtls_ctr_drbg_seed returned %d\n", ret);
+    sc = SC_CRYPTO_RAND_INIT;
+  }
+
+  return sc;
+}
+
+void rand_num_gen_release(mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg) {
+  mbedtls_ctr_drbg_free(ctr_drbg);
+  mbedtls_entropy_free(entropy);
+}