1 /*******************************************************************************
2 * Copyright 2010-2018 Intel Corporation
3 * All Rights Reserved.
4 *
5 * If this  software was obtained  under the  Intel Simplified  Software License,
6 * the following terms apply:
7 *
8 * The source code,  information  and material  ("Material") contained  herein is
9 * owned by Intel Corporation or its  suppliers or licensors,  and  title to such
10 * Material remains with Intel  Corporation or its  suppliers or  licensors.  The
11 * Material  contains  proprietary  information  of  Intel or  its suppliers  and
12 * licensors.  The Material is protected by  worldwide copyright  laws and treaty
13 * provisions.  No part  of  the  Material   may  be  used,  copied,  reproduced,
14 * modified, published,  uploaded, posted, transmitted,  distributed or disclosed
15 * in any way without Intel's prior express written permission.  No license under
16 * any patent,  copyright or other  intellectual property rights  in the Material
17 * is granted to  or  conferred  upon  you,  either   expressly,  by implication,
18 * inducement,  estoppel  or  otherwise.  Any  license   under such  intellectual
19 * property rights must be express and approved by Intel in writing.
20 *
21 * Unless otherwise agreed by Intel in writing,  you may not remove or alter this
22 * notice or  any  other  notice   embedded  in  Materials  by  Intel  or Intel's
23 * suppliers or licensors in any way.
24 *
25 *
26 * If this  software  was obtained  under the  Apache License,  Version  2.0 (the
27 * "License"), the following terms apply:
28 *
29 * You may  not use this  file except  in compliance  with  the License.  You may
30 * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
31 *
32 *
33 * Unless  required  by   applicable  law  or  agreed  to  in  writing,  software
34 * distributed under the License  is distributed  on an  "AS IS"  BASIS,  WITHOUT
35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36 *
37 * See the   License  for the   specific  language   governing   permissions  and
38 * limitations under the License.
39 *******************************************************************************/
40 
41 /*
42 //
43 //  Purpose:
44 //     Intel(R) Integrated Performance Primitives. Cryptography Primitives.
45 //     Internal EC over GF(p^m) basic Definitions & Function Prototypes
46 //
47 //     Context:
48 //        gfec_point_prod()
49 //
50 */
51 
52 #include "owndefs.h"
53 #include "owncp.h"
54 #include "pcpgfpecstuff.h"
55 #include "gsscramble.h"
56 #include "pcpmask_ct.h"
57 
58 
gfec_point_prod(BNU_CHUNK_T * pointR,const BNU_CHUNK_T * pointA,const Ipp8u * scalarA,const BNU_CHUNK_T * pointB,const Ipp8u * scalarB,int scalarBitSize,IppsGFpECState * pEC,Ipp8u * pScratchBuffer)59 void gfec_point_prod(BNU_CHUNK_T* pointR,
60                const BNU_CHUNK_T* pointA, const Ipp8u* scalarA,
61                const BNU_CHUNK_T* pointB, const Ipp8u* scalarB,
62                      int scalarBitSize,
63                      IppsGFpECState* pEC, Ipp8u* pScratchBuffer)
64 {
65    int pointLen = ECP_POINTLEN(pEC);
66 
67    /* optimal size of window */
68    const int window_size = 5;
69    /* number of table entries */
70    const int tableLen = 1<<(window_size-1);
71 
72    /* aligned pre-computed tables */
73    BNU_CHUNK_T* pTableA = (BNU_CHUNK_T*)IPP_ALIGNED_PTR(pScratchBuffer, CACHE_LINE_SIZE);
74    BNU_CHUNK_T* pTableB = pTableA+pointLen*tableLen;
75 
76    setupTable(pTableA, pointA, pEC);
77    setupTable(pTableB, pointB, pEC);
78 
79    {
80       IppsGFpState* pGF = ECP_GFP(pEC);
81       gsModEngine* pGFE = GFP_PMA(pGF);
82       int elemLen = GFP_FELEN(pGFE);
83 
84       mod_neg negF = GFP_METHOD(pGFE)->neg;
85 
86       BNU_CHUNK_T* pHy = cpGFpGetPool(1, pGFE);
87 
88       BNU_CHUNK_T* pTdata = cpEcGFpGetPool(1, pEC); /* points from the pool */
89       BNU_CHUNK_T* pHdata = cpEcGFpGetPool(1, pEC);
90 
91       int wvalue;
92       Ipp8u digit, sign;
93       int mask = (1<<(window_size+1)) -1;
94       int bit = scalarBitSize-(scalarBitSize%window_size);
95 
96       /* first window */
97       if(bit) {
98          wvalue = *((Ipp16u*)&scalarA[(bit-1)/8]);
99          wvalue = (wvalue>> ((bit-1)%8)) & mask;
100       }
101       else
102          wvalue = 0;
103       booth_recode(&sign, &digit, (Ipp8u)wvalue, window_size);
104       gsScrambleGet_sscm(pTdata, pointLen, pTableA, digit-1, 5-1);
105 
106       if(bit) {
107          wvalue = *((Ipp16u*)&scalarB[(bit-1)/8]);
108          wvalue = (wvalue>> ((bit-1)%8)) & mask;
109       }
110       else
111          wvalue = 0;
112       booth_recode(&sign, &digit, (Ipp8u)wvalue, window_size);
113       gsScrambleGet_sscm(pHdata, pointLen, pTableB, digit-1, 5-1);
114 
115       gfec_point_add(pTdata, pTdata, pHdata, pEC);
116 
117       for(bit-=window_size; bit>=window_size; bit-=window_size) {
118          gfec_point_double(pTdata, pTdata, pEC);
119          gfec_point_double(pTdata, pTdata, pEC);
120          gfec_point_double(pTdata, pTdata, pEC);
121          gfec_point_double(pTdata, pTdata, pEC);
122          gfec_point_double(pTdata, pTdata, pEC);
123 
124          wvalue = *((Ipp16u*)&scalarA[(bit-1)/8]);
125          wvalue = (wvalue>> ((bit-1)%8)) & mask;
126          booth_recode(&sign, &digit, (Ipp8u)wvalue, window_size);
127          gsScrambleGet_sscm(pHdata, pointLen, pTableA, digit-1, 5-1);
128 
129          negF(pHy, pHdata+elemLen, pGFE);
130          cpMaskedReplace_ct(pHdata+elemLen, pHy, elemLen, ~cpIsZero_ct(sign));
131          gfec_point_add(pTdata, pTdata, pHdata, pEC);
132 
133          wvalue = *((Ipp16u*)&scalarB[(bit-1)/8]);
134          wvalue = (wvalue>> ((bit-1)%8)) & mask;
135          booth_recode(&sign, &digit, (Ipp8u)wvalue, window_size);
136          gsScrambleGet_sscm(pHdata, pointLen, pTableB, digit-1, 5-1);
137 
138          negF(pHy, pHdata+elemLen, pGFE);
139          cpMaskedReplace_ct(pHdata+elemLen, pHy, elemLen, ~cpIsZero_ct(sign));
140          gfec_point_add(pTdata, pTdata, pHdata, pEC);
141       }
142       /* last window */
143       gfec_point_double(pTdata, pTdata, pEC);
144       gfec_point_double(pTdata, pTdata, pEC);
145       gfec_point_double(pTdata, pTdata, pEC);
146       gfec_point_double(pTdata, pTdata, pEC);
147       gfec_point_double(pTdata, pTdata, pEC);
148 
149       wvalue = *((Ipp16u*)&scalarA[0]);
150       wvalue = (wvalue << 1) & mask;
151       booth_recode(&sign, &digit, (Ipp8u)wvalue, window_size);
152       gsScrambleGet_sscm(pHdata, pointLen, pTableA, digit-1, 5-1);
153 
154       negF(pHy, pHdata+elemLen, pGFE);
155       cpMaskedReplace_ct(pHdata+elemLen, pHy, elemLen, ~cpIsZero_ct(sign));
156       gfec_point_add(pTdata, pTdata, pHdata, pEC);
157 
158       wvalue = *((Ipp16u*)&scalarB[0]);
159       wvalue = (wvalue << 1) & mask;
160       booth_recode(&sign, &digit, (Ipp8u)wvalue, window_size);
161       gsScrambleGet_sscm(pHdata, pointLen, pTableB, digit-1, 5-1);
162 
163       negF(pHy, pHdata+elemLen, pGFE);
164       cpMaskedReplace_ct(pHdata+elemLen, pHy, elemLen, ~cpIsZero_ct(sign));
165       gfec_point_add(pTdata, pTdata, pHdata, pEC);
166 
167       cpGFpElementCopy(pointR, pTdata, pointLen);
168 
169       cpEcGFpReleasePool(2, pEC);
170       cpGFpReleasePool(1, pGFE);
171    }
172 }
173