1 /*******************************************************************************
2 * Copyright 2010-2018 Intel Corporation
3 * All Rights Reserved.
4 *
5 * If this  software was obtained  under the  Intel Simplified  Software License,
6 * the following terms apply:
7 *
8 * The source code,  information  and material  ("Material") contained  herein is
9 * owned by Intel Corporation or its  suppliers or licensors,  and  title to such
10 * Material remains with Intel  Corporation or its  suppliers or  licensors.  The
11 * Material  contains  proprietary  information  of  Intel or  its suppliers  and
12 * licensors.  The Material is protected by  worldwide copyright  laws and treaty
13 * provisions.  No part  of  the  Material   may  be  used,  copied,  reproduced,
14 * modified, published,  uploaded, posted, transmitted,  distributed or disclosed
15 * in any way without Intel's prior express written permission.  No license under
16 * any patent,  copyright or other  intellectual property rights  in the Material
17 * is granted to  or  conferred  upon  you,  either   expressly,  by implication,
18 * inducement,  estoppel  or  otherwise.  Any  license   under such  intellectual
19 * property rights must be express and approved by Intel in writing.
20 *
21 * Unless otherwise agreed by Intel in writing,  you may not remove or alter this
22 * notice or  any  other  notice   embedded  in  Materials  by  Intel  or Intel's
23 * suppliers or licensors in any way.
24 *
25 *
26 * If this  software  was obtained  under the  Apache License,  Version  2.0 (the
27 * "License"), the following terms apply:
28 *
29 * You may  not use this  file except  in compliance  with  the License.  You may
30 * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
31 *
32 *
33 * Unless  required  by   applicable  law  or  agreed  to  in  writing,  software
34 * distributed under the License  is distributed  on an  "AS IS"  BASIS,  WITHOUT
35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36 *
37 * See the   License  for the   specific  language   governing   permissions  and
38 * limitations under the License.
39 *******************************************************************************/
40 
41 /*
42 //
43 //  Purpose:
44 //     Intel(R) Integrated Performance Primitives. Cryptography Primitives.
45 //     Internal EC over GF(p^m) basic Definitions & Function Prototypes
46 //
47 //
48 */
49 
50 #if !defined(_CP_ECGFP_H_)
51 #define _CP_ECGFP_H_
52 
53 #include "pcpgfpstuff.h"
54 #include "pcpgfpxstuff.h"
55 #include "pcpmask_ct.h"
56 
57 #define _LEGACY_ECCP_SUPPORT_
58 
59 /*
60 // EC over GF(p) Point context
61 */
62 typedef struct _cpGFpECPoint {
63    IppCtxId     idCtx;  /* EC Point identifier     */
64    int          flags;  /* flags: affine           */
65    int    elementSize;  /* size of each coordinate */
66    BNU_CHUNK_T* pData;  /* coordinatex X, Y, Z     */
67 } cpGFPECPoint;
68 
69 /*
70 // Contetx Access Macros
71 */
72 #define ECP_POINT_ID(ctx)       ((ctx)->idCtx)
73 #define ECP_POINT_FLAGS(ctx)    ((ctx)->flags)
74 #define ECP_POINT_FELEN(ctx)    ((ctx)->elementSize)
75 #define ECP_POINT_DATA(ctx)     ((ctx)->pData)
76 #define ECP_POINT_X(ctx)        ((ctx)->pData)
77 #define ECP_POINT_Y(ctx)        ((ctx)->pData+(ctx)->elementSize)
78 #define ECP_POINT_Z(ctx)        ((ctx)->pData+(ctx)->elementSize*2)
79 #define ECP_POINT_TEST_ID(ctx)  (ECP_POINT_ID((ctx))==idCtxGFPPoint)
80 
81 /* point flags */
82 #define ECP_AFFINE_POINT   (1)
83 #define ECP_FINITE_POINT   (2)
84 
85 #define  IS_ECP_AFFINE_POINT(ctx)      (ECP_POINT_FLAGS((ctx))&ECP_AFFINE_POINT)
86 #define SET_ECP_AFFINE_POINT(ctx)      (ECP_POINT_FLAGS((ctx))|ECP_AFFINE_POINT)
87 #define SET_ECP_PROJECTIVE_POINT(ctx)  (ECP_POINT_FLAGS((ctx))&~ECP_AFFINE_POINT)
88 
89 #define  IS_ECP_FINITE_POINT(ctx)      (ECP_POINT_FLAGS((ctx))&ECP_FINITE_POINT)
90 #define SET_ECP_FINITE_POINT(ctx)      (ECP_POINT_FLAGS((ctx))|ECP_FINITE_POINT)
91 #define SET_ECP_INFINITE_POINT(ctx)    (ECP_POINT_FLAGS((ctx))&~ECP_FINITE_POINT)
92 
93 /*
94 // define using projective coordinates
95 */
96 #define JACOBIAN        (0)
97 #define HOMOGENEOUS     (1)
98 #define ECP_PROJECTIVE_COORD  JACOBIAN
99 //#define ECP_PROJECTIVE_COORD  HOMOGENEOUS
100 
101 #if (ECP_PROJECTIVE_COORD== JACOBIAN)
102    #pragma message ("ECP_PROJECTIVE_COORD = JACOBIAN")
103 #elif (ECP_PROJECTIVE_COORD== HOMOGENEOUS)
104    #pragma message ("ECP_PROJECTIVE_COORD = HOMOGENEOUS")
105 #else
106    #error ECP_PROJECTIVE_COORD should be either JACOBIAN or HOMOGENEOUS type
107 #endif
108 
109 
110 /*
111 // pre-computed Base Point descriptor
112 */
113 typedef void (*selectAP) (BNU_CHUNK_T* pAP, const BNU_CHUNK_T* pAPtbl, int index);
114 
115 typedef struct _cpPrecompAP {
116    int      w;                   /* scalar's window bitsize */
117    selectAP select_affine_point; /* get affine point function */
118    const BNU_CHUNK_T* pTbl;      /* pre-computed table */
119 } cpPrecompAP;
120 
121 
122 /* EC over GF(p) context */
123 typedef struct _cpGFpEC {
124    IppCtxId     idCtx;  /* EC identifier */
125 
126    IppsGFpState*  pGF;  /* arbitrary GF(p^d)*/
127 
128    int          subgroup;  /* set up subgroup */
129    int       elementSize;  /* length of EC point */
130    int      orderBitSize;  /* base_point order bitsize */
131    BNU_CHUNK_T*       pA;  /*   EC parameter A */
132    BNU_CHUNK_T*       pB;  /*                B */
133    BNU_CHUNK_T*       pG;  /*       base_point */
134    BNU_CHUNK_T* cofactor;  /* cofactor = #E/base_point order */
135    int          parmAspc;  /* NIST's, EPIDv2.0 A-parameter specific */
136    int          infinity;  /* 0/1 if B !=0/==0 */
137    const cpPrecompAP* pBaseTbl;  /* address of pre-computed [n]G tabble */
138    gsModEngine*    pMontR; /* EC order montgomery engine */
139 
140    BNU_CHUNK_T*    pPool;  /* pool of points   */
141    #if defined(_LEGACY_ECCP_SUPPORT_)
142    BNU_CHUNK_T*  pPublic;  /* regular   public key */
143    BNU_CHUNK_T*  pPublicE; /* ephemeral public key */
144    BNU_CHUNK_T*  pPrivat;  /* regular   private key */
145    BNU_CHUNK_T*  pPrivatE; /* ephemeral private key */
146    BNU_CHUNK_T*  pBuffer;  /* pointer to scaratch buffer (for lagacy ECCP only) */
147    #endif
148 } cpGFPEC;
149 
150 #define ECGFP_ALIGNMENT   ((int)(sizeof(void*)))
151 
152 /* Local definitions */
153 #define EC_POOL_SIZE       (10)  /* num of points into the pool */
154 
155 #define EC_MONT_POOL_SIZE   (4)  /* num of temp values for modular arithmetic */
156 
157 #define ECP_ID(pCtx)          ((pCtx)->idCtx)
158 #define ECP_GFP(pCtx)         ((pCtx)->pGF)
159 #define ECP_SUBGROUP(pCtx)    ((pCtx)->subgroup)
160 #define ECP_POINTLEN(pCtx)    ((pCtx)->elementSize)
161 #define ECP_ORDBITSIZE(pCtx)  ((pCtx)->orderBitSize)
162 #define ECP_COFACTOR(pCtx)    ((pCtx)->cofactor)
163 #define ECP_SPECIFIC(pCtx)    ((pCtx)->parmAspc)
164 #define ECP_INFINITY(pCtx)    ((pCtx)->infinity)
165 #define ECP_A(pCtx)           ((pCtx)->pA)
166 #define ECP_B(pCtx)           ((pCtx)->pB)
167 #define ECP_G(pCtx)           ((pCtx)->pG)
168 #define ECP_PREMULBP(pCtx)    ((pCtx)->pBaseTbl)
169 #define ECP_MONT_R(pCtx)      ((pCtx)->pMontR)
170 #define ECP_POOL(pCtx)        ((pCtx)->pPool)
171 #if defined(_LEGACY_ECCP_SUPPORT_)
172    #define ECP_PUBLIC(pCtx)   ((pCtx)->pPublic)
173    #define ECP_PUBLIC_E(pCtx) ((pCtx)->pPublicE)
174    #define ECP_PRIVAT(pCtx)   ((pCtx)->pPrivat)
175    #define ECP_PRIVAT_E(pCtx) ((pCtx)->pPrivatE)
176    #define ECP_SBUFFER(pCtx)  ((pCtx)->pBuffer)
177 #endif
178 
179 #define ECP_TEST_ID(pCtx)     (ECP_ID((pCtx))==idCtxGFPEC)
180 
181 /* EC curve specific (a-parameter) */
182 #define ECP_Acom    (0) /* commont case */
183 #define ECP_Ami3    (1) /* a=-3 NIST's and SM2 curve */
184 #define ECP_Aeq0    (2) /* a=0  EPIDv2.0 curve */
185 
186 #define ECP_ARB     ECP_Acom
187 #define ECP_STD     ECP_Ami3
188 #define ECP_EPID2   ECP_Aeq0
189 
190 /* std ec pre-computed tables */
191 #define gfpec_precom_nistP192r1_fun OWNAPI(gfpec_precom_nistP192r1_fun)
192 #define gfpec_precom_nistP224r1_fun OWNAPI(gfpec_precom_nistP224r1_fun)
193 #define gfpec_precom_nistP256r1_fun OWNAPI(gfpec_precom_nistP256r1_fun)
194 #define gfpec_precom_nistP384r1_fun OWNAPI(gfpec_precom_nistP384r1_fun)
195 #define gfpec_precom_nistP521r1_fun OWNAPI(gfpec_precom_nistP521r1_fun)
196 #define gfpec_precom_sm2_fun        OWNAPI(gfpec_precom_sm2_fun)
197 
198 const cpPrecompAP* gfpec_precom_nistP192r1_fun(void);
199 const cpPrecompAP* gfpec_precom_nistP224r1_fun(void);
200 const cpPrecompAP* gfpec_precom_nistP256r1_fun(void);
201 const cpPrecompAP* gfpec_precom_nistP384r1_fun(void);
202 const cpPrecompAP* gfpec_precom_nistP521r1_fun(void);
203 const cpPrecompAP* gfpec_precom_sm2_fun(void);
204 
205 /*
206 // get/release n points from/to the pool
207 */
cpEcGFpGetPool(int n,IppsGFpECState * pEC)208 __INLINE BNU_CHUNK_T* cpEcGFpGetPool(int n, IppsGFpECState* pEC)
209 {
210    BNU_CHUNK_T* pPool = ECP_POOL(pEC);
211    ECP_POOL(pEC) += n*GFP_FELEN(GFP_PMA(ECP_GFP(pEC)))*3;
212    return pPool;
213 }
cpEcGFpReleasePool(int n,IppsGFpECState * pEC)214 __INLINE void cpEcGFpReleasePool(int n, IppsGFpECState* pEC)
215 {
216    ECP_POOL(pEC) -= n*GFP_FELEN(GFP_PMA(ECP_GFP(pEC)))*3;
217 }
218 
cpEcGFpInitPoint(IppsGFpECPoint * pPoint,BNU_CHUNK_T * pData,int flags,const IppsGFpECState * pEC)219 __INLINE IppsGFpECPoint* cpEcGFpInitPoint(IppsGFpECPoint* pPoint, BNU_CHUNK_T* pData, int flags, const IppsGFpECState* pEC)
220 {
221    ECP_POINT_ID(pPoint) = idCtxGFPPoint;
222    ECP_POINT_FLAGS(pPoint) = flags;
223    ECP_POINT_FELEN(pPoint) = GFP_FELEN(GFP_PMA(ECP_GFP(pEC)));
224    ECP_POINT_DATA(pPoint) = pData;
225    return pPoint;
226 }
227 
228 /* copy one point into another */
gfec_CopyPoint(IppsGFpECPoint * pPointR,const IppsGFpECPoint * pPointA,int elemLen)229 __INLINE IppsGFpECPoint* gfec_CopyPoint(IppsGFpECPoint* pPointR, const IppsGFpECPoint* pPointA, int elemLen)
230 {
231    cpGFpElementCopy(ECP_POINT_DATA(pPointR), ECP_POINT_DATA(pPointA), 3*elemLen);
232    ECP_POINT_FLAGS(pPointR) = ECP_POINT_FLAGS(pPointA);
233    return pPointR;
234 }
235 
236 
gfec_SetPointAtInfinity(IppsGFpECPoint * pPoint)237 __INLINE IppsGFpECPoint* gfec_SetPointAtInfinity(IppsGFpECPoint* pPoint)
238 {
239    int elemLen = ECP_POINT_FELEN(pPoint);
240    cpGFpElementPadd(ECP_POINT_X(pPoint), elemLen, 0);
241    cpGFpElementPadd(ECP_POINT_Y(pPoint), elemLen, 0);
242    cpGFpElementPadd(ECP_POINT_Z(pPoint), elemLen, 0);
243    ECP_POINT_FLAGS(pPoint) = 0;
244    return pPoint;
245 }
246 
247 /*
248 // test infinity:
249 //    IsProjectivePointAtInfinity
250 */
gfec_IsPointAtInfinity(const IppsGFpECPoint * pPoint)251 __INLINE int gfec_IsPointAtInfinity(const IppsGFpECPoint* pPoint)
252 {
253    return GFP_IS_ZERO( ECP_POINT_Z(pPoint), ECP_POINT_FELEN(pPoint));
254 }
255 
256 
257 
258 /* signed encode */
booth_recode(Ipp8u * sign,Ipp8u * digit,Ipp8u in,int w)259 __INLINE void booth_recode(Ipp8u* sign, Ipp8u* digit, Ipp8u in, int w)
260 {
261    Ipp8u s = (Ipp8u)(~((in >> w) - 1));
262    int d = (1 << (w+1)) - in - 1;
263    d = (d & s) | (in & ~s);
264    d = (d >> 1) + (d & 1);
265    *sign = s & 1;
266    *digit = (Ipp8u)d;
267 }
268 
269 
270 #define gfec_point_add        OWNAPI(gfec_point_add)
271 void    gfec_point_add       (BNU_CHUNK_T* pRdata,
272                         const BNU_CHUNK_T* pPdata,
273                         const BNU_CHUNK_T* pQdata, IppsGFpECState* pEC);
274 #define gfec_affine_point_add OWNAPI(gfec_affine_point_add)
275 void    gfec_affine_point_add(BNU_CHUNK_T* pRdata,
276                         const BNU_CHUNK_T* pPdata,
277                         const BNU_CHUNK_T* pAdata, IppsGFpECState* pEC);
278 #define gfec_point_double     OWNAPI(gfec_point_double)
279 void    gfec_point_double    (BNU_CHUNK_T* pRdata,
280                         const BNU_CHUNK_T* pPdata, IppsGFpECState* pEC);
281 #define gfec_point_mul        OWNAPI(gfec_point_mul)
282 void    gfec_point_mul       (BNU_CHUNK_T* pRdata,
283                         const BNU_CHUNK_T* pPdata, const Ipp8u* pScalar8, int scalarBitSize, IppsGFpECState* pEC, Ipp8u* pScratchBuffer);
284 #define gfec_point_prod       OWNAPI(gfec_point_prod)
285 void    gfec_point_prod      (BNU_CHUNK_T* pointR,
286                         const BNU_CHUNK_T* pointA, const Ipp8u* pScalarA,
287                         const BNU_CHUNK_T* pointB, const Ipp8u* pScalarB, int scalarBitSize, IppsGFpECState* pEC, Ipp8u* pScratchBuffer);
288 #define gfec_base_point_mul   OWNAPI(gfec_base_point_mul)
289 void    gfec_base_point_mul  (BNU_CHUNK_T* pRdata, const Ipp8u* pScalarB, int scalarBitSize, IppsGFpECState* pEC);
290 #define setupTable            OWNAPI(setupTable)
291 void    setupTable           (BNU_CHUNK_T* pTbl,
292                         const BNU_CHUNK_T* pPdata, IppsGFpECState* pEC);
293 
294 
295 /* size of context */
296 #define cpGFpECGetSize OWNAPI(cpGFpECGetSize)
297     int cpGFpECGetSize(int deg, int basicElmBitSize);
298 
299 /* point operations */
300 #define gfec_GetPoint OWNAPI(gfec_GetPoint)
301     int gfec_GetPoint(BNU_CHUNK_T* pX, BNU_CHUNK_T* pY, const IppsGFpECPoint* pPoint, IppsGFpECState* pEC);
302 #define gfec_SetPoint OWNAPI(gfec_SetPoint)
303     int gfec_SetPoint(BNU_CHUNK_T* pP, const BNU_CHUNK_T* pX, const BNU_CHUNK_T* pY, IppsGFpECState* pEC);
304 #define gfec_MakePoint OWNAPI(gfec_MakePoint)
305     int gfec_MakePoint(IppsGFpECPoint* pPoint, const BNU_CHUNK_T* pElm, IppsGFpECState* pEC);
306 #define gfec_ComparePoint OWNAPI(gfec_ComparePoint)
307     int gfec_ComparePoint(const IppsGFpECPoint* pP, const IppsGFpECPoint* pQ, IppsGFpECState* pEC);
308 #define gfec_IsPointOnCurve OWNAPI(gfec_IsPointOnCurve)
309     int gfec_IsPointOnCurve(const IppsGFpECPoint* pP, IppsGFpECState* pEC);
310 
gfec_DblPoint(IppsGFpECPoint * pR,const IppsGFpECPoint * pP,IppsGFpECState * pEC)311 __INLINE IppsGFpECPoint* gfec_DblPoint(IppsGFpECPoint* pR,
312                         const IppsGFpECPoint* pP, IppsGFpECState* pEC)
313 {
314    gfec_point_double(ECP_POINT_X(pR), ECP_POINT_X(pP), pEC);
315    ECP_POINT_FLAGS(pR) = gfec_IsPointAtInfinity(pR)? 0 : ECP_FINITE_POINT;
316    return pR;
317 }
318 
gfec_AddPoint(IppsGFpECPoint * pR,const IppsGFpECPoint * pP,const IppsGFpECPoint * pQ,IppsGFpECState * pEC)319 __INLINE IppsGFpECPoint* gfec_AddPoint(IppsGFpECPoint* pR,
320                         const IppsGFpECPoint* pP, const IppsGFpECPoint* pQ,
321                         IppsGFpECState* pEC)
322 {
323    gfec_point_add(ECP_POINT_X(pR), ECP_POINT_X(pP), ECP_POINT_X(pQ), pEC);
324    ECP_POINT_FLAGS(pR) = gfec_IsPointAtInfinity(pR)? 0 : ECP_FINITE_POINT;
325    return pR;
326 }
327 
328 
329 #define         gfec_NegPoint OWNAPI(gfec_NegPoint)
330 IppsGFpECPoint* gfec_NegPoint(IppsGFpECPoint* pR,
331                         const IppsGFpECPoint* pP, IppsGFpECState* pEC);
332 #define         gfec_MulPoint OWNAPI(gfec_MulPoint)
333 IppsGFpECPoint* gfec_MulPoint(IppsGFpECPoint* pR,
334                         const IppsGFpECPoint* pP, const BNU_CHUNK_T* pScalar, int scalarLen,
335                               IppsGFpECState* pEC, Ipp8u* pScratchBuffer);
336 #define         gfec_MulBasePoint OWNAPI(gfec_MulBasePoint)
337 IppsGFpECPoint* gfec_MulBasePoint(IppsGFpECPoint* pR,
338                         const BNU_CHUNK_T* pScalar, int scalarLen,
339                               IppsGFpECState* pEC, Ipp8u* pScratchBuffer);
340 //#define         gfec_PointProduct OWNAPI(gfec_PointProduct)
341 //IppsGFpECPoint* gfec_PointProduct(IppsGFpECPoint* pR,
342 //                        const IppsGFpECPoint* pP, const BNU_CHUNK_T* pScalarP, int scalarPlen,
343 //                        const IppsGFpECPoint* pQ, const BNU_CHUNK_T* pScalarQ, int scalarQlen,
344 //                        IppsGFpECState* pEC, Ipp8u* pScratchBuffer);
345 #define         gfec_BasePointProduct OWNAPI(gfec_BasePointProduct)
346 IppsGFpECPoint* gfec_BasePointProduct(IppsGFpECPoint* pR,
347                         const BNU_CHUNK_T* pScalarG, int scalarGlen,
348                         const IppsGFpECPoint* pP, const BNU_CHUNK_T* pScalarP, int scalarPlen,
349                         IppsGFpECState* pEC, Ipp8u* pScratchBuffer);
350 
351 #define p192r1_select_ap_w7 OWNAPI(p192r1_select_ap_w7)
352    void p192r1_select_ap_w7(BNU_CHUNK_T* pAffinePoint, const BNU_CHUNK_T* pTable, int index);
353 #define p224r1_select_ap_w7 OWNAPI(p224r1_select_ap_w7)
354    void p224r1_select_ap_w7(BNU_CHUNK_T* pAffinePoint, const BNU_CHUNK_T* pTable, int index);
355 #define p256r1_select_ap_w7 OWNAPI(p256r1_select_ap_w7)
356    void p256r1_select_ap_w7(BNU_CHUNK_T* pAffinePoint, const BNU_CHUNK_T* pTable, int index);
357 #define p384r1_select_ap_w5 OWNAPI(p384r1_select_ap_w5)
358    void p384r1_select_ap_w5(BNU_CHUNK_T* pAffinePoint, const BNU_CHUNK_T* pTable, int index);
359 #define p521r1_select_ap_w5 OWNAPI(p521r1_select_ap_w5)
360    void p521r1_select_ap_w5(BNU_CHUNK_T* pAffinePoint, const BNU_CHUNK_T* pTable, int index);
361 
362 #endif /* _CP_ECGFP_H_ */
363