From 07a62da2d939c09b594f6b3783f895d014f69548 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Fri, 14 May 2021 11:05:11 +0200
Subject: [PATCH] mbedtls: add secp128r1, cf
 996ed197fbfb9af8af6b8437adbe177e8d5a14db

---
 common/mbedtls/check_config.h |  3 ++-
 common/mbedtls/config.h       |  1 +
 common/mbedtls/ecdsa.c        |  4 ++--
 common/mbedtls/ecdsa.h        |  2 ++
 common/mbedtls/ecp.c          |  3 +++
 common/mbedtls/ecp.h          |  1 +
 common/mbedtls/ecp_curves.c   | 45 ++++++++++++++++++++++++++++++++++-
 7 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/common/mbedtls/check_config.h b/common/mbedtls/check_config.h
index 25df298c5..7df541986 100644
--- a/common/mbedtls/check_config.h
+++ b/common/mbedtls/check_config.h
@@ -101,7 +101,8 @@
 
 #if defined(MBEDTLS_ECDSA_C) &&            \
     ( !defined(MBEDTLS_ECP_C) ||           \
-      !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
+      !( defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED) || \
+         defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
          defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
          defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
          defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
diff --git a/common/mbedtls/config.h b/common/mbedtls/config.h
index 8edc39d9e..ee7a685c9 100644
--- a/common/mbedtls/config.h
+++ b/common/mbedtls/config.h
@@ -767,6 +767,7 @@
  * Comment macros to disable the curve and functions for it
  */
 /* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
+#define MBEDTLS_ECP_DP_SECP128R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
diff --git a/common/mbedtls/ecdsa.c b/common/mbedtls/ecdsa.c
index 7b76a9727..cabfd4021 100644
--- a/common/mbedtls/ecdsa.c
+++ b/common/mbedtls/ecdsa.c
@@ -700,8 +700,8 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
 /*
  * Convert a signature (given by context) to ASN.1
  */
-static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
-                                   unsigned char *sig, size_t *slen) {
+int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
+                            unsigned char *sig, size_t *slen) {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
     unsigned char *p = buf + sizeof(buf);
diff --git a/common/mbedtls/ecdsa.h b/common/mbedtls/ecdsa.h
index e2d268b5a..ba4133645 100644
--- a/common/mbedtls/ecdsa.h
+++ b/common/mbedtls/ecdsa.h
@@ -64,6 +64,8 @@
 /** The maximal size of an ECDSA signature in Bytes. */
 #define MBEDTLS_ECDSA_MAX_LEN  MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
 
+int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t *slen);
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/common/mbedtls/ecp.c b/common/mbedtls/ecp.c
index d73ba3785..1d0040e8f 100644
--- a/common/mbedtls/ecp.c
+++ b/common/mbedtls/ecp.c
@@ -520,6 +520,9 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = {
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
     { MBEDTLS_ECP_DP_SECP192K1,    18,     192,    "secp192k1"         },
 #endif
+#if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP128R1, 0xFE00,     128,    "secp128r1"         },
+#endif
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
     { MBEDTLS_ECP_DP_CURVE25519,   29,     256,    "x25519"            },
 #endif
diff --git a/common/mbedtls/ecp.h b/common/mbedtls/ecp.h
index a1a73476b..9ea47ea82 100644
--- a/common/mbedtls/ecp.h
+++ b/common/mbedtls/ecp.h
@@ -121,6 +121,7 @@ typedef enum {
     MBEDTLS_ECP_DP_SECP224K1,      /*!< Domain parameters for 224-bit "Koblitz" curve. */
     MBEDTLS_ECP_DP_SECP256K1,      /*!< Domain parameters for 256-bit "Koblitz" curve. */
     MBEDTLS_ECP_DP_CURVE448,       /*!< Domain parameters for Curve448. */
+    MBEDTLS_ECP_DP_SECP128R1,      /*!< Domain parameters for the 128-bit curve used for NXP originality check. */
 } mbedtls_ecp_group_id;
 
 /**
diff --git a/common/mbedtls/ecp_curves.c b/common/mbedtls/ecp_curves.c
index 3dbfa65bf..5b481565b 100644
--- a/common/mbedtls/ecp_curves.c
+++ b/common/mbedtls/ecp_curves.c
@@ -84,6 +84,42 @@
  * to be directly usable in MPIs
  */
 
+/*
+ * Domain parameters for secp128r1
+ */
+#if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED)
+static const mbedtls_mpi_uint secp128r1_p[] = {
+    // 2^128 - 2^97 - 1 // TODO
+    BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF),
+};
+static const mbedtls_mpi_uint secp128r1_a[] = {
+    // FFFFFFFDFFFFFFFF FFFFFFFFFFFFFFFC
+    BYTES_TO_T_UINT_8(0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF),
+};
+static const mbedtls_mpi_uint secp128r1_b[] = {
+    // E87579C11079F43D D824993C2CEE5ED3
+    BYTES_TO_T_UINT_8(0xD3, 0x5E, 0xEE, 0x2C, 0x3C, 0x99, 0x24, 0xD8),
+    BYTES_TO_T_UINT_8(0x3D, 0xF4, 0x79, 0x10, 0xC1, 0x79, 0x75, 0xE8),
+};
+static const mbedtls_mpi_uint secp128r1_gx[] = {
+    // 161FF7528B899B2D 0C28607CA52C5B86
+    BYTES_TO_T_UINT_8(0x86, 0x5B, 0x2C, 0xA5, 0x7C, 0x60, 0x28, 0x0C),
+    BYTES_TO_T_UINT_8(0x2D, 0x9B, 0x89, 0x8B, 0x52, 0xF7, 0x1F, 0x16),
+};
+static const mbedtls_mpi_uint secp128r1_gy[] = {
+    // CF5AC8395BAFEB13 C02DA292DDED7A83
+    BYTES_TO_T_UINT_8(0x83, 0x7A, 0xED, 0xDD, 0x92, 0xA2, 0x2D, 0xC0),
+    BYTES_TO_T_UINT_8(0x13, 0xEB, 0xAF, 0x5B, 0x39, 0xC8, 0x5A, 0xCF),
+};
+static const mbedtls_mpi_uint secp128r1_n[] = {
+    // FFFFFFFE00000000 75A30D1B9038A115
+    BYTES_TO_T_UINT_8(0x15, 0xA1, 0x38, 0x90, 0x1B, 0x0D, 0xA3, 0x75),
+    BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF),
+};
+#endif /* MBEDTLS_ECP_DP_SECP128R1_ENABLED */
+
 /*
  * Domain parameters for secp192r1
  */
@@ -551,7 +587,8 @@ static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
 };
 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||   \
+#if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||   \
     defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
     defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
     defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) ||   \
@@ -767,6 +804,12 @@ int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) {
     grp->id = id;
 
     switch (id) {
+#if defined(MBEDTLS_ECP_DP_SECP128R1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP128R1:
+            grp->modp = NULL;
+            return (LOAD_GROUP_A(secp128r1));
+#endif /* MBEDTLS_ECP_DP_SECP128R1_ENABLED */
+
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP192R1:
             NIST_MODP(p192);