1 /*******************************************************************************
2 * Copyright 2002-2018 Intel Corporation
3 * All Rights Reserved.
4 *
5 * If this  software was obtained  under the  Intel Simplified  Software License,
6 * the following terms apply:
7 *
8 * The source code,  information  and material  ("Material") contained  herein is
9 * owned by Intel Corporation or its  suppliers or licensors,  and  title to such
10 * Material remains with Intel  Corporation or its  suppliers or  licensors.  The
11 * Material  contains  proprietary  information  of  Intel or  its suppliers  and
12 * licensors.  The Material is protected by  worldwide copyright  laws and treaty
13 * provisions.  No part  of  the  Material   may  be  used,  copied,  reproduced,
14 * modified, published,  uploaded, posted, transmitted,  distributed or disclosed
15 * in any way without Intel's prior express written permission.  No license under
16 * any patent,  copyright or other  intellectual property rights  in the Material
17 * is granted to  or  conferred  upon  you,  either   expressly,  by implication,
18 * inducement,  estoppel  or  otherwise.  Any  license   under such  intellectual
19 * property rights must be express and approved by Intel in writing.
20 *
21 * Unless otherwise agreed by Intel in writing,  you may not remove or alter this
22 * notice or  any  other  notice   embedded  in  Materials  by  Intel  or Intel's
23 * suppliers or licensors in any way.
24 *
25 *
26 * If this  software  was obtained  under the  Apache License,  Version  2.0 (the
27 * "License"), the following terms apply:
28 *
29 * You may  not use this  file except  in compliance  with  the License.  You may
30 * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
31 *
32 *
33 * Unless  required  by   applicable  law  or  agreed  to  in  writing,  software
34 * distributed under the License  is distributed  on an  "AS IS"  BASIS,  WITHOUT
35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36 *
37 * See the   License  for the   specific  language   governing   permissions  and
38 * limitations under the License.
39 *******************************************************************************/
40 
41 /*
42 //               Intel(R) Integrated Performance Primitives
43 //                   Cryptographic Primitives (ippcp)
44 //
45 //
46 */
47 
48 #if !defined(_CP_MONTGOMETRY_H)
49 #define _CP_MONTGOMETRY_H
50 
51 #include "pcpbn.h"
52 #include "gsmodstuff.h"
53 
54 //tbcd: temporary excluded: #include <assert.h>
55 
56 #define MONT_DEFAULT_POOL_LENGTH (6)
57 
58 /*
59 // Montgomery spec structure
60 */
61 struct _cpMontgomery
62 {
63    IppCtxId       idCtx;      /* Montgomery spec identifier             */
64    cpSize         maxLen;     /* Maximum length of modulus being stored */
65    gsModEngine*   pEngine;    /* Modular arith engine structure         */
66 };
67 
68 /* accessory macros */
69 #define MNT_ID(eng)       ((eng)->idCtx)
70 #define MNT_ROOM(eng)     ((eng)->maxLen)
71 #define MNT_ENGINE(eng)   ((eng)->pEngine)
72 
73 #define MNT_VALID_ID(eng) (MNT_ID((eng))==idCtxMontgomery)
74 
75 /* default methos */
76 #define EXPONENT_METHOD    (ippBinaryMethod)
77 
78 /* alignment */
79 #define MONT_ALIGNMENT  ((int)(sizeof(void*)))
80 
81 
82 /*
83 // Pacp/unpack Montgomery context
84 */
85 #define cpPackMontCtx OWNAPI(cpPackMontCtx)
86 void    cpPackMontCtx(const IppsMontState* pCtx, Ipp8u* pBuffer);
87 #define cpUnpackMontCtx OWNAPI(cpUnpackMontCtx)
88 void    cpUnpackMontCtx(const Ipp8u* pBuffer, IppsMontState* pCtx);
89 
90 
91 /*
92 // Montgomery reduction, multiplication and squaring
93 */
cpMontRed_BNU(BNU_CHUNK_T * pR,BNU_CHUNK_T * pProduct,gsModEngine * pModEngine)94 __INLINE void cpMontRed_BNU(BNU_CHUNK_T* pR,
95                             BNU_CHUNK_T* pProduct,
96                             gsModEngine* pModEngine)
97 {
98    MOD_METHOD( pModEngine )->red(pR, pProduct, pModEngine);
99 }
100 
cpMontMul_BNU(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pA,const BNU_CHUNK_T * pB,gsModEngine * pModEngine)101 __INLINE void cpMontMul_BNU(BNU_CHUNK_T* pR,
102                      const BNU_CHUNK_T* pA,
103                      const BNU_CHUNK_T* pB,
104                            gsModEngine* pModEngine)
105 {
106    MOD_METHOD( pModEngine )->mul(pR, pA, pB, pModEngine);
107 }
108 
cpMontMul_BNU_EX(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pA,cpSize nsA,const BNU_CHUNK_T * pB,cpSize nsB,gsModEngine * pModEngine)109 __INLINE cpSize cpMontMul_BNU_EX(BNU_CHUNK_T* pR,
110                            const BNU_CHUNK_T* pA, cpSize nsA,
111                            const BNU_CHUNK_T* pB, cpSize nsB,
112                                  gsModEngine* pModEngine)
113 {
114    const int usedPoolLen = 1;
115    cpSize nsM = MOD_LEN( pModEngine );
116    BNU_CHUNK_T* pDataR  = pR;
117    BNU_CHUNK_T* pDataA  = gsModPoolAlloc(pModEngine, usedPoolLen);
118    //tbcd: temporary excluded: assert(NULL!=pDataA);
119 
120    ZEXPAND_COPY_BNU(pDataA, nsM, pA, nsA);
121    ZEXPAND_COPY_BNU(pDataR, nsM, pB, nsB);
122 
123    MOD_METHOD( pModEngine )->mul(pDataR, pDataA, pDataR, pModEngine);
124 
125    gsModPoolFree(pModEngine, usedPoolLen);
126    return nsM;
127 }
128 
cpMontSqr_BNU(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pA,gsModEngine * pModEngine)129 __INLINE void cpMontSqr_BNU(BNU_CHUNK_T* pR,
130                       const BNU_CHUNK_T* pA,
131                             gsModEngine* pModEngine)
132 {
133    MOD_METHOD( pModEngine )->sqr(pR, pA, pModEngine);
134 }
135 
cpMontSqr_BNU_EX(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pA,cpSize nsA,gsModEngine * pModEngine)136 __INLINE void cpMontSqr_BNU_EX(BNU_CHUNK_T* pR,
137                          const BNU_CHUNK_T* pA, cpSize nsA,
138                                gsModEngine* pModEngine)
139 {
140    cpSize nsM = MOD_LEN( pModEngine );
141    ZEXPAND_COPY_BNU(pR, nsM, pA, nsA);
142 
143    MOD_METHOD( pModEngine )->sqr(pR, pR, pModEngine);
144 }
145 
146 /*
147 // Montgomery encoding/decoding
148 */
cpMontEnc_BNU(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pXreg,gsModEngine * pModEngine)149 __INLINE cpSize cpMontEnc_BNU(BNU_CHUNK_T* pR,
150                         const BNU_CHUNK_T* pXreg,
151                               gsModEngine* pModEngine)
152 {
153    cpSize nsM = MOD_LEN(pModEngine);
154 
155    MOD_METHOD( pModEngine )->encode(pR, pXreg, pModEngine);
156 
157    FIX_BNU(pR, nsM);
158    return nsM;
159 }
160 
cpMontEnc_BNU_EX(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pXreg,cpSize nsX,gsModEngine * pModEngine)161 __INLINE cpSize cpMontEnc_BNU_EX(BNU_CHUNK_T* pR,
162                            const BNU_CHUNK_T* pXreg, cpSize nsX,
163                                  gsModEngine* pModEngine)
164 {
165    cpSize nsM = MOD_LEN(pModEngine);
166 
167    ZEXPAND_COPY_BNU(pR, nsM, pXreg, nsX);
168 
169    MOD_METHOD( pModEngine )->encode(pR, pR, pModEngine);
170 
171    FIX_BNU(pR, nsM);
172 
173    return nsM;
174 }
175 
cpMontDec_BNU(BNU_CHUNK_T * pR,const BNU_CHUNK_T * pXmont,cpSize nsX,gsModEngine * pModEngine)176 __INLINE cpSize cpMontDec_BNU(BNU_CHUNK_T* pR,
177                         const BNU_CHUNK_T* pXmont, cpSize nsX,
178                               gsModEngine* pModEngine)
179 {
180    cpSize nsM = MOD_LEN( pModEngine );
181 
182    ZEXPAND_COPY_BNU(pR, nsM, pXmont, nsX);
183 
184    MOD_METHOD( pModEngine )->decode(pR, pR, pModEngine);
185 
186    FIX_BNU(pR, nsM);
187    return nsM;
188 }
189 
cpMontMul_BN(IppsBigNumState * pRbn,const IppsBigNumState * pXbn,const IppsBigNumState * pYbn,gsModEngine * pModEngine)190 __INLINE void cpMontMul_BN(IppsBigNumState* pRbn,
191                      const IppsBigNumState* pXbn,
192                      const IppsBigNumState* pYbn,
193                            gsModEngine*     pModEngine)
194 {
195    cpSize nsM = cpMontMul_BNU_EX(BN_NUMBER(pRbn),
196                                  BN_NUMBER(pXbn), BN_SIZE(pXbn),
197                                  BN_NUMBER(pYbn), BN_SIZE(pYbn),
198                                  pModEngine);
199 
200    FIX_BNU(BN_NUMBER(pRbn), nsM);
201    BN_SIZE(pRbn) = nsM;
202    BN_SIGN(pRbn) = ippBigNumPOS;
203 }
204 
cpMontEnc_BN(IppsBigNumState * pRbn,const IppsBigNumState * pXbn,gsModEngine * pModEngine)205 __INLINE void cpMontEnc_BN(IppsBigNumState* pRbn,
206                      const IppsBigNumState* pXbn,
207                            gsModEngine*     pModEngine)
208 {
209    cpSize nsM = cpMontEnc_BNU_EX(BN_NUMBER(pRbn),
210                                  BN_NUMBER(pXbn), BN_SIZE(pXbn),
211                                  pModEngine);
212 
213    BN_SIZE(pRbn) = nsM;
214    BN_SIGN(pRbn) = ippBigNumPOS;
215 }
216 
cpMontDec_BN(IppsBigNumState * pRbn,const IppsBigNumState * pXbn,gsModEngine * pModEngine)217 __INLINE void cpMontDec_BN(IppsBigNumState* pRbn,
218                      const IppsBigNumState* pXbn,
219                            gsModEngine*     pModEngine)
220 {
221    cpSize nsM = MOD_LEN(pModEngine);
222    cpMontDec_BNU(BN_NUMBER(pRbn), BN_NUMBER(pXbn), BN_SIZE(pXbn), pModEngine);
223 
224    BN_SIZE(pRbn) = nsM;
225    BN_SIGN(pRbn) = ippBigNumPOS;
226 }
227 
228 /*
229 // Montgomery exponentiation (binary) "fast" and "safe" versions
230 */
231 #define cpMontExpBin_BNU_sscm OWNAPI(cpMontExpBin_BNU_sscm)
232 cpSize  cpMontExpBin_BNU_sscm(BNU_CHUNK_T* pY,
233                        const BNU_CHUNK_T* pX, cpSize nsX,
234                        const BNU_CHUNK_T* pE, cpSize nsE,
235                              gsModEngine* pModEngine);
236 
237 #define cpMontExpBin_BNU OWNAPI(cpMontExpBin_BNU)
238 cpSize  cpMontExpBin_BNU(BNU_CHUNK_T* pY,
239                    const BNU_CHUNK_T* pX, cpSize nsX,
240                    const BNU_CHUNK_T* pE, cpSize nsE,
241                          gsModEngine* pModEngine);
242 
cpMontExpBin_BN_sscm(IppsBigNumState * pYbn,const IppsBigNumState * pXbn,const IppsBigNumState * pEbn,gsModEngine * pMont)243 __INLINE void cpMontExpBin_BN_sscm(IppsBigNumState* pYbn,
244                              const IppsBigNumState* pXbn,
245                              const IppsBigNumState* pEbn,
246                                    gsModEngine*     pMont)
247 {
248    BNU_CHUNK_T* pX = BN_NUMBER(pXbn);
249    cpSize nsX = BN_SIZE(pXbn);
250    BNU_CHUNK_T* pE = BN_NUMBER(pEbn);
251    cpSize nsE = BN_SIZE(pEbn);
252    BNU_CHUNK_T* pY = BN_NUMBER(pYbn);
253    cpSize nsY = cpMontExpBin_BNU_sscm(pY, pX,nsX, pE,nsE, pMont);
254    FIX_BNU(pY, nsY);
255    BN_SIZE(pYbn) = nsY;
256    BN_SIGN(pYbn) = ippBigNumPOS;
257 }
258 
cpMontExpBin_BN(IppsBigNumState * pYbn,const IppsBigNumState * pXbn,const IppsBigNumState * pEbn,gsModEngine * pModEngine)259 __INLINE void cpMontExpBin_BN(IppsBigNumState* pYbn,
260                         const IppsBigNumState* pXbn,
261                         const IppsBigNumState* pEbn,
262                               gsModEngine* pModEngine)
263 {
264    BNU_CHUNK_T* pX = BN_NUMBER(pXbn);
265    cpSize nsX = BN_SIZE(pXbn);
266    BNU_CHUNK_T* pE = BN_NUMBER(pEbn);
267    cpSize nsE = BN_SIZE(pEbn);
268    BNU_CHUNK_T* pY = BN_NUMBER(pYbn);
269    cpSize nsY = cpMontExpBin_BNU(pY, pX,nsX, pE,nsE, pModEngine);
270    FIX_BNU(pY, nsY);
271    BN_SIZE(pYbn) = nsY;
272    BN_SIGN(pYbn) = ippBigNumPOS;
273 }
274 
275 
276 /*
277 // Montgomery exponentiation (fixed window)
278 */
279 #define cpMontExp_WinSize OWNAPI(cpMontExp_WinSize)
280 cpSize  cpMontExp_WinSize(int bitsize);
281 
282 #if defined(_USE_WINDOW_EXP_)
283 #define cpMontExpWin_BN_sscm OWNAPI(cpMontExpWin_BN_sscm)
284 void    cpMontExpWin_BN_sscm(IppsBigNumState* pY,
285                       const IppsBigNumState* pX, const IppsBigNumState* pE,
286                             gsModEngine*     pMont,
287                             BNU_CHUNK_T* pPrecompResource);
288 
289 #define cpMontExpWin_BN OWNAPI(cpMontExpWin_BN)
290 void    cpMontExpWin_BN(IppsBigNumState* pY,
291                   const IppsBigNumState* pX, const IppsBigNumState* pE,
292                         gsModEngine*     pMont,
293                         BNU_CHUNK_T* pPrecompResource);
294 #endif
295 
296 /*
297 // Montgomery multi-exponentiation
298 */
299 /* precompute table for multi-exponentiation */
300 #define cpMontMultiExpInitArray OWNAPI(cpMontMultiExpInitArray)
301 void    cpMontMultiExpInitArray(BNU_CHUNK_T* pPrecomTbl,
302                          const BNU_CHUNK_T** ppX, cpSize xItemBitSize, cpSize numItems,
303                                gsModEngine* pMont);
304 
305 /* multi-exponentiation */
306 #define cpFastMontMultiExp OWNAPI(cpFastMontMultiExp)
307 void    cpFastMontMultiExp(BNU_CHUNK_T* pY,
308                      const BNU_CHUNK_T* pPrecomTbl,
309                      const Ipp8u** ppE, cpSize eItemBitSize, cpSize numItems,
310                            gsModEngine* pMont);
311 /*
312 // Montgomery inversion
313 */
314 #define      cpMontInv_BNU OWNAPI(cpMontInv_BNU)
315 BNU_CHUNK_T* cpMontInv_BNU(BNU_CHUNK_T* pR, const BNU_CHUNK_T* pA, IppsMontState* pMont);
316 #define      cpRegInv_BNU OWNAPI(cpRegInv_BNU)
317 BNU_CHUNK_T* cpRegInv_BNU(BNU_CHUNK_T* pR, const BNU_CHUNK_T* pA, IppsMontState* pMont);
318 
319 
320 /*
321 // Montgomery internal GetSize/Init functions
322 */
323 #define   cpMontGetSize OWNAPI(cpMontGetSize)
324 IppStatus cpMontGetSize(cpSize maxLen32, int poolLength, cpSize* pCtxSize);
325 
326 #define   cpMontInit OWNAPI(cpMontInit)
327 IppStatus cpMontInit(int maxLen32, int poolLength, IppsMontState* pMont);
328 
329 #define   cpMontSet OWNAPI(cpMontSet)
330 IppStatus cpMontSet(const Ipp32u* pModulus, cpSize len32, IppsMontState* pMont);
331 
332 #endif /* _CP_MONTGOMETRY_H */
333