diff options
Diffstat (limited to 'ext/ipp/sources/ippcp/pcpmont_expsafebinary.c')
-rw-r--r-- | ext/ipp/sources/ippcp/pcpmont_expsafebinary.c | 364 |
1 files changed, 364 insertions, 0 deletions
diff --git a/ext/ipp/sources/ippcp/pcpmont_expsafebinary.c b/ext/ipp/sources/ippcp/pcpmont_expsafebinary.c new file mode 100644 index 0000000..2bd8153 --- /dev/null +++ b/ext/ipp/sources/ippcp/pcpmont_expsafebinary.c @@ -0,0 +1,364 @@ +/******************************************************************************* +* Copyright 2003-2018 Intel Corporation +* All Rights Reserved. +* +* If this software was obtained under the Intel Simplified Software License, +* the following terms apply: +* +* The source code, information and material ("Material") contained herein is +* owned by Intel Corporation or its suppliers or licensors, and title to such +* Material remains with Intel Corporation or its suppliers or licensors. The +* Material contains proprietary information of Intel or its suppliers and +* licensors. The Material is protected by worldwide copyright laws and treaty +* provisions. No part of the Material may be used, copied, reproduced, +* modified, published, uploaded, posted, transmitted, distributed or disclosed +* in any way without Intel's prior express written permission. No license under +* any patent, copyright or other intellectual property rights in the Material +* is granted to or conferred upon you, either expressly, by implication, +* inducement, estoppel or otherwise. Any license under such intellectual +* property rights must be express and approved by Intel in writing. +* +* Unless otherwise agreed by Intel in writing, you may not remove or alter this +* notice or any other notice embedded in Materials by Intel or Intel's +* suppliers or licensors in any way. +* +* +* If this software was obtained under the Apache License, Version 2.0 (the +* "License"), the following terms apply: +* +* You may not use this file except in compliance with the License. You may +* obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +* +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* +* See the License for the specific language governing permissions and +* limitations under the License. +*******************************************************************************/ + +/* +// +// Purpose: +// Cryptography Primitive. +// Modular Exponentiation (binary version) +// +// Contents: +// cpSafeMontExp_Binary() +*/ + +#include "owndefs.h" +#include "owncp.h" +#include "pcpbn.h" +#include "pcpmontgomery.h" + +//tbcd: temporary excluded: #include <assert.h> + +/*F* +// Name: cpSafeMontExp_Binary +// +// Purpose: Binary method of Exponentiation +// +// +// Parameters: +// pX big number integer of Montgomery form within the +// range [0,m-1] +// pE big number exponent +// pMont Montgomery modulus of IppsMontState. +/ pY the Montgomery exponentation result. +// +*F*/ + +#if !defined(_USE_VERSION1_CBA_MITIGATION_) && !defined(_USE_IPP_OWN_CBA_MITIGATION_) // unsafe version +void cpSafeMontExp_Binary(IppsBigNumState* pY, + const IppsBigNumState* pX, const IppsBigNumState* pE, + IppsMontState* pMont) +{ + int k; + + /* if E==0 then Y=R mod m */ + if (pE->size == 1 && pE->number[0] == 0) { + int len = IPP_MULTIPLE_OF(pMont->n->size, BNUBASE_TYPE_SIZE); + cpMemset32u(pMont->wb->number, 0, len); + pMont->wb->number[len] = 1; + + cpMod_BNU(pMont->wb->number, len + 1, pMont->n->number, pMont->n->size, &pY->size); + + cpMemcpy32u(pY->number, pMont->wb->number, pY->size); + pY->sgn = ippBigNumPOS; + return; + } + + else { + Ipp32u* r_number = pY->workBuffer; + int r_size = pY->size; + + int flag=1; + Ipp32u power = pE->number[pE->size-1]; + + for( k = 31; k >= 0; k-- ) { + Ipp32u powd = power & 0x80000000;/* from top to bottom*/ + power <<= 1; + + if((flag == 1) && (powd == 0)) + continue; + + else if (flag == 0) { + #if defined(_USE_NN_MONTMUL_) + cpMontMul(r_number, r_size, r_number,r_size, + pMont->n->number, pMont->n->size, + r_number,&r_size, pMont->n0, pMont->wb->number); + #else + cpMontMul(r_number, r_size, r_number,r_size, + pMont->n->number, pMont->n->size, + r_number,&r_size, pMont->n0, pMont->wb->number, pMont->pBuffer); + #endif + if (powd) + #if defined(_USE_NN_MONTMUL_) + cpMontMul(r_number, r_size, pX->number,pX->size, + pMont->n->number, pMont->n->size, + r_number,&r_size, pMont->n0, pMont->wb->number); + #else + cpMontMul(r_number, r_size, pX->number,pX->size, + pMont->n->number, pMont->n->size, + r_number,&r_size, pMont->n0, pMont->wb->number, pMont->pBuffer); + #endif + } + + else { + int i; + flag = 0; + r_size = pMont->n->size; + if( pX->size < pMont->n->size ) + for(i = r_size - 1; i >= pX->size; i-- ) + r_number[i] = 0; + + for( i = pX->size - 1; i >= 0; i-- ) + r_number[i] = pX->number[i]; + } + } + + if (pE->size > 1) { + struct BNU { + Ipp32u *number; + int *size; + } BNUs[2]; + BNUs[0].number = r_number; + BNUs[0].size = &r_size; + BNUs[1].number = pX->number; + BNUs[1].size = &(((IppsBigNumState*)pX)->size); + + for( k = pE->size - 2; k >= 0; k-- ) { + int j; + Ipp32u powd = 0; + power = pE->number[k]; + + for( j = 31; j >= 0; j-- ) { + #if defined(_USE_NN_MONTMUL_) + cpMontMul(r_number, r_size, BNUs[powd].number, *(BNUs[powd].size), + pMont->n->number, pMont->n->size, + r_number,&r_size, pMont->n0, pMont->wb->number); + #else + cpMontMul(r_number, r_size, BNUs[powd].number, *(BNUs[powd].size), + pMont->n->number, pMont->n->size, + r_number,&r_size, pMont->n0, pMont->wb->number, pMont->pBuffer); + #endif + powd = ((power >> j) & 0x1) & (powd ^ 1); + j += powd; + } + } + } + + for(k=r_size-1; k>= 0; k--) + pY->number[k] = r_number[k]; + + pY->sgn = ippBigNumPOS; + pY->size = r_size; + + while((pY->size > 1) && (pY->number[pY->size-1] == 0)) + pY->size--; + + return; + } +} +#endif /* _USE_VERSION1_CBA_MITIGATION_, _xUSE_IPP_OWN_CBA_MITIGATION_ */ + + +#if defined(_USE_VERSION1_CBA_MITIGATION_) +/* +// The version below was designed according to recommendation +// from Crypto experts. +// The reason was to mitigate "cache monitoring" attack on RSA +// Note: this version slower than pre-mitigated version ~ 30-40% +*/ + + +#define SET_BNU(dst,val,len) \ +{ \ + int n; \ + for(n=0; n<(len); n++) (dst)[n] = (val); \ +} + +#define AND_BNU(dst,src1,src2,len) \ +{ \ + int n; \ + for(n=0; n<(len); n++) (dst)[n] = (src1)[n] & (src2)[n]; \ +} + +/*F* +// Name: cpSafeMontExp_Binary +// +// Purpose: Binary method of Exponentiation +// +// +// Parameters: +// pX big number integer of Montgomery form within the +// range [0,m-1] +// pE big number exponent +// pMont Montgomery modulus of IppsMontState. +/ pY the Montgomery exponentation result. +// +*F*/ + +void cpSafeMontExp_Binary(IppsBigNumState* pY, + const IppsBigNumState* pX, const IppsBigNumState* pE, + IppsMontState* pMont) +{ + Ipp32u* eData = BN_NUMBER(pE); + int eSize = BN_SIZE(pE); + + /* + // if e==0 then r=R mod m (i.e MontEnc(1)) + */ + if (eSize == 1 && eData[0] == 0) { + cpBN_copy(MNT_1(pMont), pY); + return; + } + + /* + // modulo exponentiation + */ + if(pY!=pX) /* init result */ + cpBN_copy(pX, pY); + + { + Ipp32u eValue; + int nBits; + + Ipp32u* pModulus = BN_NUMBER(MNT_MODULO(pMont)); + int mSize = BN_SIZE(MNT_MODULO(pMont)); + Ipp32u* pHelper = MNT_HELPER(pMont); + + Ipp32u* yData = BN_NUMBER(pY); + Ipp32u* xData = BN_BUFFER(pY); + int ySize = BN_SIZE(pY); + + Ipp32u* tData = BN_NUMBER(MNT_PRODUCT(pMont)); + Ipp32u* pBuffer = BN_BUFFER(MNT_PRODUCT(pMont)); + Ipp32u* pMontOne= BN_NUMBER(MNT_1(pMont)); + + /* expand Mont(1) */ + ZEXPAND_BNU(pMontOne, BN_SIZE(MNT_1(pMont)), mSize); + + /* copy base */ + ZEXPAND_COPY_BNU(yData,ySize, xData,mSize); + + + /* execute most significant part pE */ + eValue = eData[eSize-1]; + nBits = 32-NLZ32u(eValue); + eValue <<= (32-nBits); + + nBits--; + eValue <<=1; + for(; nBits>0; nBits--, eValue<<=1) { + Ipp32u carry; + + /* squaring: R^2 mod Modulus */ + #if defined(_USE_NN_MONTMUL_) + cpMontMul(yData, ySize, + yData, ySize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer); + #else + cpMontMul(yData, ySize, + yData, ySize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer, MNT_BUFFER(pMont)); + #endif + + /* T = (X-1)*bitof(E,j) + 1 */ + SET_BNU(pBuffer, ((Ipp32s)eValue)>>31, mSize); + carry = cpSub_BNU(tData, xData, pMontOne, mSize); + AND_BNU(tData, tData, pBuffer, mSize); + carry = cpAdd_BNU(tData, tData, pMontOne, mSize); + + /* multiply: Y*T mod Modulus */ + #if defined(_USE_NN_MONTMUL_) + cpMontMul(yData, ySize, + tData, mSize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer); + #else + cpMontMul(yData, ySize, + tData, mSize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer, MNT_BUFFER(pMont)); + #endif + } + + /* execute rest bits of E */ + eSize--; + for(; eSize>0; eSize--) { + eValue = eData[eSize-1]; + + for(nBits=32; nBits>0; nBits--, eValue<<=1) { + Ipp32u carry; + + /* squaring: R^2 mod Modulus */ + #if defined(_USE_NN_MONTMUL_) + cpMontMul(yData, ySize, + yData, ySize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer); + #else + cpMontMul(yData, ySize, + yData, ySize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer, MNT_BUFFER(pMont)); + #endif + + /* T = (X-1)*bitof(E,j) + 1 */ + SET_BNU(pBuffer, ((Ipp32s)eValue)>>31, mSize); + carry = cpSub_BNU(tData, xData, pMontOne, mSize); + AND_BNU(tData, tData, pBuffer, mSize); + carry = cpAdd_BNU(tData, tData, pMontOne, mSize); + + /* multiply: R*T mod Modulus */ + #if defined(_USE_NN_MONTMUL_) + cpMontMul(yData, ySize, + tData, mSize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer); + #else + cpMontMul(yData, ySize, + tData, mSize, + pModulus, mSize, + yData, &ySize, + pHelper, pBuffer, MNT_BUFFER(pMont)); + #endif + } + } + + BN_SIZE(pY) = ySize; + } +} +#endif /* _USE_VERSION1_CBA_MITIGATION_ */
\ No newline at end of file |