/* * Copyright (C) 2016 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Intel Corporation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "owndefs.h" #include "owncp.h" #include "pcpeccp.h" #include "pcpeccppoint.h" #include "pcpbnresource.h" #include "pcpeccpmethod.h" #include "pcpeccpmethodcom.h" #include "pcppma.h" /*F* // Name: ippsECCPSet // // Purpose: Set EC Domain Parameters. // // Returns: Reason: // ippStsNullPtrErr NULL == pPrime // NULL == pA // NULL == pB // NULL == pGX // NULL == pGY // NULL == pOrder // NULL == pECC // // ippStsContextMatchErr illegal pPrime->idCtx // illegal pA->idCtx // illegal pB->idCtx // illegal pGX->idCtx // illegal pGY->idCtx // illegal pOrder->idCtx // illegal pECC->idCtx // // ippStsRangeErr not enough room for: // pPrime // pA, pB, // pGX,pGY // pOrder // // ippStsRangeErr 0>= cofactor // // ippStsNoErr no errors // // Parameters: // pPrime pointer to the prime (specify FG(p)) // pA pointer to the A coefficient of EC equation // pB pointer to the B coefficient of EC equation // pGX,pGY pointer to the Base Point (x and y coordinates) of EC // pOrder pointer to the Base Point order // cofactor cofactor value // pECC pointer to the ECC context // *F*/ static void ECCPSetDP(IppECCType flag, int primeSize, const Ipp32u* pPrime, int aSize, const Ipp32u* pA, int bSize, const Ipp32u* pB, int gxSize, const Ipp32u* pGx, int gySize, const Ipp32u* pGy, int orderSize, const Ipp32u* pOrder, Ipp32u cofactor, IppsECCPState* pECC) { ECP_TYPE(pECC) = flag; /* reset size (bits) of field element */ ECP_GFEBITS(pECC) = cpMSBit_BNU32(pPrime, primeSize) +1; /* reset size (bits) of Base Point order */ ECP_ORDBITS(pECC) = cpMSBit_BNU32(pOrder, orderSize) +1; /* set up prime */ ippsSet_BN(ippBigNumPOS, primeSize, pPrime, ECP_PRIME(pECC)); /* set up A */ ippsSet_BN(ippBigNumPOS, aSize, pA, ECP_A(pECC)); /* test A */ BN_Word(ECP_B(pECC), 3); PMA_add(ECP_B(pECC), ECP_A(pECC), ECP_B(pECC), ECP_PRIME(pECC)); ECP_AMI3(pECC) = IsZero_BN(ECP_B(pECC)); /* set up B */ ippsSet_BN(ippBigNumPOS, bSize, pB, ECP_B(pECC)); /* set up affine coordinates of Base Point and order */ ippsSet_BN(ippBigNumPOS, gxSize, pGx, ECP_GX(pECC)); ippsSet_BN(ippBigNumPOS, gySize, pGy, ECP_GY(pECC)); ippsSet_BN(ippBigNumPOS, orderSize, pOrder, ECP_ORDER(pECC)); /* set up cofactor */ //ippsSet_BN(ippBigNumPOS, 1, &((Ipp32u)cofactor), ECP_COFACTOR(pECC)); ippsSet_BN(ippBigNumPOS, 1, &cofactor, ECP_COFACTOR(pECC)); /* montgomery engine (prime) */ if( ippStsNoErr == ippsMontSet((Ipp32u*)BN_NUMBER(ECP_PRIME(pECC)), BN_SIZE32(ECP_PRIME(pECC)), ECP_PMONT(pECC)) ) { /* modulo reduction and montgomery form of A and B */ PMA_mod(ECP_AENC(pECC), ECP_A(pECC), ECP_PRIME(pECC)); PMA_enc(ECP_AENC(pECC), ECP_AENC(pECC), ECP_PMONT(pECC)); PMA_mod(ECP_BENC(pECC), ECP_B(pECC), ECP_PRIME(pECC)); PMA_enc(ECP_BENC(pECC), ECP_BENC(pECC), ECP_PMONT(pECC)); /* projective coordinates and montgomery form of of Base Point */ if( ( IsZero_BN(ECP_BENC(pECC)) && ECCP_IsPointAtAffineInfinity1(ECP_GX(pECC), ECP_GY(pECC))) || (!IsZero_BN(ECP_BENC(pECC)) && ECCP_IsPointAtAffineInfinity0(ECP_GX(pECC), ECP_GY(pECC))) ) ECCP_SetPointToInfinity(ECP_GENC(pECC)); else { ECP_METHOD(pECC)->SetPointProjective(ECP_GX(pECC), ECP_GY(pECC), BN_ONE_REF(), ECP_GENC(pECC), pECC); } } /* montgomery engine (order) */ if( ippStsNoErr == ippsMontSet((Ipp32u*)BN_NUMBER(ECP_ORDER(pECC)), BN_SIZE32(ECP_ORDER(pECC)), ECP_RMONT(pECC)) ) PMA_enc(ECP_COFACTOR(pECC), ECP_COFACTOR(pECC), ECP_RMONT(pECC)); /* set zero private keys */ BN_Word(ECP_PRIVATE(pECC), 0); BN_Word(ECP_PRIVATE_E(pECC), 0); /* set infinity public keys */ ECCP_SetPointToInfinity(ECP_PUBLIC(pECC)); ECCP_SetPointToInfinity(ECP_PUBLIC_E(pECC)); } IPPFUN(IppStatus, ippsECCPSet, (const IppsBigNumState* pPrime, const IppsBigNumState* pA, const IppsBigNumState* pB, const IppsBigNumState* pGX,const IppsBigNumState* pGY,const IppsBigNumState* pOrder, int cofactor, IppsECCPState* pECC)) { /* test pECC */ IPP_BAD_PTR1_RET(pECC); /* use aligned EC context */ pECC = (IppsECCPState*)( IPP_ALIGNED_PTR(pECC, ALIGN_VAL) ); /* test ID */ IPP_BADARG_RET(!ECP_VALID_ID(pECC), ippStsContextMatchErr); /* test pPrime */ IPP_BAD_PTR1_RET(pPrime); pPrime = (IppsBigNumState*)( IPP_ALIGNED_PTR(pPrime, ALIGN_VAL) ); IPP_BADARG_RET(!BN_VALID_ID(pPrime), ippStsContextMatchErr); IPP_BADARG_RET((cpBN_bitsize(pPrime)>ECP_GFEBITS(pECC)), ippStsRangeErr); /* test pA and pB */ IPP_BAD_PTR2_RET(pA,pB); pA = (IppsBigNumState*)( IPP_ALIGNED_PTR(pA, ALIGN_VAL) ); pB = (IppsBigNumState*)( IPP_ALIGNED_PTR(pB, ALIGN_VAL) ); IPP_BADARG_RET(!BN_VALID_ID(pA), ippStsContextMatchErr); IPP_BADARG_RET(!BN_VALID_ID(pB), ippStsContextMatchErr); IPP_BADARG_RET((cpBN_bitsize(pA)>ECP_GFEBITS(pECC)), ippStsRangeErr); IPP_BADARG_RET((cpBN_bitsize(pB)>ECP_GFEBITS(pECC)), ippStsRangeErr); /* test pG and pGorder pointers */ IPP_BAD_PTR3_RET(pGX,pGY, pOrder); pGX = (IppsBigNumState*)( IPP_ALIGNED_PTR(pGX, ALIGN_VAL) ); pGY = (IppsBigNumState*)( IPP_ALIGNED_PTR(pGY, ALIGN_VAL) ); pOrder = (IppsBigNumState*)( IPP_ALIGNED_PTR(pOrder, ALIGN_VAL) ); IPP_BADARG_RET(!BN_VALID_ID(pGX), ippStsContextMatchErr); IPP_BADARG_RET(!BN_VALID_ID(pGY), ippStsContextMatchErr); IPP_BADARG_RET(!BN_VALID_ID(pOrder), ippStsContextMatchErr); IPP_BADARG_RET((cpBN_bitsize(pGX)>ECP_GFEBITS(pECC)), ippStsRangeErr); IPP_BADARG_RET((cpBN_bitsize(pGY)>ECP_GFEBITS(pECC)), ippStsRangeErr); IPP_BADARG_RET((cpBN_bitsize(pOrder)>ECP_ORDBITS(pECC)), ippStsRangeErr); /* test cofactor */ IPP_BADARG_RET(!(0idCtx // // ippStsECCInvalidFlagErr invalid flag // // ippStsNoErr no errors // // Parameters: // flag specify standard ECC parameter(s) to be setup // pECC pointer to the ECC context // *F*/ IPPFUN(IppStatus, ippsECCPSetStd, (IppECCType flag, IppsECCPState* pECC)) { /* test pECC */ IPP_BAD_PTR1_RET(pECC); /* use aligned EC context */ pECC = (IppsECCPState*)( IPP_ALIGNED_PTR(pECC, ALIGN_VAL) ); /* test ID */ IPP_BADARG_RET(!ECP_VALID_ID(pECC), ippStsContextMatchErr); *(ECP_METHOD(pECC)) = *(ECCPcom_Methods()); switch(flag) { case IppECCPStd112r1: ECCPSetDP(IppECCPStd112r1, BITS2WORD32_SIZE(112), secp112r1_p, BITS2WORD32_SIZE(112), secp112r1_a, BITS2WORD32_SIZE(112), secp112r1_b, BITS2WORD32_SIZE(112), secp112r1_gx, BITS2WORD32_SIZE(112), secp112r1_gy, BITS2WORD32_SIZE(112), secp112r1_r, secp112r1_h, pECC); break; case IppECCPStd112r2: ECCPSetDP(IppECCPStd112r2, BITS2WORD32_SIZE(112), secp112r2_p, BITS2WORD32_SIZE(112), secp112r2_a, BITS2WORD32_SIZE(112), secp112r2_b, BITS2WORD32_SIZE(112), secp112r2_gx, BITS2WORD32_SIZE(112), secp112r2_gy, BITS2WORD32_SIZE(112), secp112r2_r, secp112r2_h, pECC); break; case IppECCPStd128r1: ECCPSetDP(IppECCPStd128r1, BITS2WORD32_SIZE(128), secp128r1_p, BITS2WORD32_SIZE(128), secp128r1_a, BITS2WORD32_SIZE(128), secp128r1_b, BITS2WORD32_SIZE(128), secp128r1_gx, BITS2WORD32_SIZE(128), secp128r1_gy, BITS2WORD32_SIZE(128), secp128r1_r, secp128r1_h, pECC); break; case IppECCPStd128r2: ECCPSetDP(IppECCPStd128r2, BITS2WORD32_SIZE(128), secp128r2_p, BITS2WORD32_SIZE(128), secp128r2_a, BITS2WORD32_SIZE(128), secp128r2_b, BITS2WORD32_SIZE(128), secp128r2_gx, BITS2WORD32_SIZE(128), secp128r2_gy, BITS2WORD32_SIZE(128), secp128r2_r, secp128r2_h, pECC); break; case IppECCPStd160r1: ECCPSetDP(IppECCPStd160r1, BITS2WORD32_SIZE(160), secp160r1_p, BITS2WORD32_SIZE(160), secp160r1_a, BITS2WORD32_SIZE(160), secp160r1_b, BITS2WORD32_SIZE(160), secp160r1_gx, BITS2WORD32_SIZE(160), secp160r1_gy, BITS2WORD32_SIZE(161), secp160r1_r, secp160r1_h, pECC); break; case IppECCPStd160r2: ECCPSetDP(IppECCPStd160r2, BITS2WORD32_SIZE(160), secp160r2_p, BITS2WORD32_SIZE(160), secp160r2_a, BITS2WORD32_SIZE(160), secp160r2_b, BITS2WORD32_SIZE(160), secp160r2_gx, BITS2WORD32_SIZE(160), secp160r2_gy, BITS2WORD32_SIZE(161), secp160r2_r, secp160r2_h, pECC); break; case IppECCPStd192r1: ECCPSetDP(IppECCPStd192r1, BITS2WORD32_SIZE(192), secp192r1_p, BITS2WORD32_SIZE(192), secp192r1_a, BITS2WORD32_SIZE(192), secp192r1_b, BITS2WORD32_SIZE(192), secp192r1_gx, BITS2WORD32_SIZE(192), secp192r1_gy, BITS2WORD32_SIZE(192), secp192r1_r, secp192r1_h, pECC); break; case IppECCPStd224r1: ECCPSetDP(IppECCPStd224r1, BITS2WORD32_SIZE(224), secp224r1_p, BITS2WORD32_SIZE(224), secp224r1_a, BITS2WORD32_SIZE(224), secp224r1_b, BITS2WORD32_SIZE(224), secp224r1_gx, BITS2WORD32_SIZE(224), secp224r1_gy, BITS2WORD32_SIZE(224), secp224r1_r, secp224r1_h, pECC); break; case IppECCPStd256r1: ECCPSetDP(IppECCPStd256r1, BITS2WORD32_SIZE(256), secp256r1_p, BITS2WORD32_SIZE(256), secp256r1_a, BITS2WORD32_SIZE(256), secp256r1_b, BITS2WORD32_SIZE(256), secp256r1_gx, BITS2WORD32_SIZE(256), secp256r1_gy, BITS2WORD32_SIZE(256), secp256r1_r, secp256r1_h, pECC); break; case IppECCPStd384r1: ECCPSetDP(IppECCPStd384r1, BITS2WORD32_SIZE(384), secp384r1_p, BITS2WORD32_SIZE(384), secp384r1_a, BITS2WORD32_SIZE(384), secp384r1_b, BITS2WORD32_SIZE(384), secp384r1_gx, BITS2WORD32_SIZE(384), secp384r1_gy, BITS2WORD32_SIZE(384), secp384r1_r, secp384r1_h, pECC); break; case IppECCPStd521r1: ECCPSetDP(IppECCPStd521r1, BITS2WORD32_SIZE(521), secp521r1_p, BITS2WORD32_SIZE(521), secp521r1_a, BITS2WORD32_SIZE(521), secp521r1_b, BITS2WORD32_SIZE(521), secp521r1_gx, BITS2WORD32_SIZE(521), secp521r1_gy, BITS2WORD32_SIZE(521), secp521r1_r, secp521r1_h, pECC); break; default: return ippStsECCInvalidFlagErr; } return ippStsNoErr; }