1 files changed, 364 insertions, 0 deletions

diff --git a/ext/ipp/sources/ippcp/pcpmont_expsafebinary.c b/ext/ipp/sources/ippcp/pcpmont_expsafebinary.c
new file mode 100644
index 0000000..2bd8153
--- /dev/null
+++ b/ext/ipp/sources/ippcp/pcpmont_expsafebinary.c
@@ -0,0 +1,364 @@
+/*******************************************************************************
+* Copyright 2003-2018 Intel Corporation
+* All Rights Reserved.
+*
+* If this  software was obtained  under the  Intel Simplified  Software License,
+* the following terms apply:
+*
+* The source code,  information  and material  ("Material") contained  herein is
+* owned by Intel Corporation or its  suppliers or licensors,  and  title to such
+* Material remains with Intel  Corporation or its  suppliers or  licensors.  The
+* Material  contains  proprietary  information  of  Intel or  its suppliers  and
+* licensors.  The Material is protected by  worldwide copyright  laws and treaty
+* provisions.  No part  of  the  Material   may  be  used,  copied,  reproduced,
+* modified, published,  uploaded, posted, transmitted,  distributed or disclosed
+* in any way without Intel's prior express written permission.  No license under
+* any patent,  copyright or other  intellectual property rights  in the Material
+* is granted to  or  conferred  upon  you,  either   expressly,  by implication,
+* inducement,  estoppel  or  otherwise.  Any  license   under such  intellectual
+* property rights must be express and approved by Intel in writing.
+*
+* Unless otherwise agreed by Intel in writing,  you may not remove or alter this
+* notice or  any  other  notice   embedded  in  Materials  by  Intel  or Intel's
+* suppliers or licensors in any way.
+*
+*
+* If this  software  was obtained  under the  Apache License,  Version  2.0 (the
+* "License"), the following terms apply:
+*
+* You may  not use this  file except  in compliance  with  the License.  You may
+* obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+*
+*
+* Unless  required  by   applicable  law  or  agreed  to  in  writing,  software
+* distributed under the License  is distributed  on an  "AS IS"  BASIS,  WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*
+* See the   License  for the   specific  language   governing   permissions  and
+* limitations under the License.
+*******************************************************************************/
+
+/* 
+// 
+//  Purpose:
+//     Cryptography Primitive.
+//     Modular Exponentiation (binary version)
+// 
+//  Contents:
+//        cpSafeMontExp_Binary()
+*/
+
+#include "owndefs.h"
+#include "owncp.h"
+#include "pcpbn.h"
+#include "pcpmontgomery.h"
+
+//tbcd: temporary excluded: #include <assert.h>
+
+/*F*
+// Name: cpSafeMontExp_Binary
+//
+// Purpose: Binary method of Exponentiation
+//
+//
+// Parameters:
+//      pX           big number integer of Montgomery form within the
+//                      range [0,m-1]
+//      pE           big number exponent
+//      pMont        Montgomery modulus of IppsMontState.
+/       pY           the Montgomery exponentation result.
+//
+*F*/
+
+#if !defined(_USE_VERSION1_CBA_MITIGATION_) && !defined(_USE_IPP_OWN_CBA_MITIGATION_) // unsafe version
+void cpSafeMontExp_Binary(IppsBigNumState* pY,
+                const IppsBigNumState* pX, const IppsBigNumState* pE,
+                      IppsMontState* pMont)
+{
+   int k;
+
+   /* if E==0 then Y=R mod m */
+   if (pE->size == 1 && pE->number[0] == 0) {
+      int len = IPP_MULTIPLE_OF(pMont->n->size, BNUBASE_TYPE_SIZE);
+      cpMemset32u(pMont->wb->number, 0, len);
+      pMont->wb->number[len] = 1;
+
+      cpMod_BNU(pMont->wb->number, len + 1, pMont->n->number, pMont->n->size, &pY->size);
+
+      cpMemcpy32u(pY->number, pMont->wb->number, pY->size);
+      pY->sgn = ippBigNumPOS;
+      return;
+   }
+
+   else {
+      Ipp32u* r_number = pY->workBuffer;
+      int r_size = pY->size;
+
+      int flag=1;
+      Ipp32u power = pE->number[pE->size-1];
+
+      for( k = 31; k >= 0; k-- ) {
+         Ipp32u powd = power & 0x80000000;/* from top to bottom*/
+         power <<= 1;
+
+         if((flag == 1) && (powd == 0))
+            continue;
+
+         else if (flag == 0) {
+            #if defined(_USE_NN_MONTMUL_)
+            cpMontMul(r_number, r_size, r_number,r_size,
+                      pMont->n->number, pMont->n->size,
+                      r_number,&r_size, pMont->n0, pMont->wb->number);
+            #else
+            cpMontMul(r_number, r_size, r_number,r_size,
+                      pMont->n->number, pMont->n->size,
+                      r_number,&r_size, pMont->n0, pMont->wb->number, pMont->pBuffer);
+            #endif
+            if (powd)
+               #if defined(_USE_NN_MONTMUL_)
+               cpMontMul(r_number, r_size, pX->number,pX->size,
+                         pMont->n->number, pMont->n->size,
+                         r_number,&r_size, pMont->n0, pMont->wb->number);
+               #else
+               cpMontMul(r_number, r_size, pX->number,pX->size,
+                         pMont->n->number, pMont->n->size,
+                         r_number,&r_size, pMont->n0, pMont->wb->number, pMont->pBuffer);
+               #endif
+         }
+
+         else {
+            int i;
+            flag = 0;
+            r_size = pMont->n->size;
+            if( pX->size < pMont->n->size )
+               for(i = r_size - 1; i >= pX->size; i-- )
+                  r_number[i] = 0;
+
+            for( i = pX->size - 1; i >= 0; i-- )
+               r_number[i] = pX->number[i];
+         }
+      }
+
+      if (pE->size > 1) {
+         struct BNU {
+            Ipp32u *number;
+            int    *size;
+         } BNUs[2];
+         BNUs[0].number = r_number;
+         BNUs[0].size   = &r_size;
+         BNUs[1].number = pX->number;
+         BNUs[1].size   = &(((IppsBigNumState*)pX)->size);
+
+         for( k = pE->size - 2; k >= 0; k-- ) {
+            int j;
+            Ipp32u powd = 0;
+            power = pE->number[k];
+
+            for( j = 31; j >= 0; j-- ) {
+               #if defined(_USE_NN_MONTMUL_)
+               cpMontMul(r_number, r_size, BNUs[powd].number, *(BNUs[powd].size),
+                         pMont->n->number, pMont->n->size,
+                         r_number,&r_size, pMont->n0, pMont->wb->number);
+               #else
+               cpMontMul(r_number, r_size, BNUs[powd].number, *(BNUs[powd].size),
+                         pMont->n->number, pMont->n->size,
+                         r_number,&r_size, pMont->n0, pMont->wb->number, pMont->pBuffer);
+               #endif
+               powd = ((power >> j) & 0x1) & (powd ^ 1);
+               j += powd;
+            }
+         }
+      }
+
+      for(k=r_size-1; k>= 0; k--)
+         pY->number[k] = r_number[k];
+
+      pY->sgn = ippBigNumPOS;
+      pY->size = r_size;
+
+      while((pY->size > 1) && (pY->number[pY->size-1] == 0))
+         pY->size--;
+
+      return;
+   }
+}
+#endif /* _USE_VERSION1_CBA_MITIGATION_,  _xUSE_IPP_OWN_CBA_MITIGATION_ */
+
+
+#if defined(_USE_VERSION1_CBA_MITIGATION_)
+/*
+// The version below was designed according to recommendation
+// from Crypto experts.
+// The reason was to mitigate "cache monitoring" attack on RSA
+// Note: this version slower than pre-mitigated version ~ 30-40%
+*/
+
+
+#define SET_BNU(dst,val,len) \
+{ \
+   int n; \
+   for(n=0; n<(len); n++) (dst)[n] = (val); \
+}
+
+#define AND_BNU(dst,src1,src2,len) \
+{ \
+   int n; \
+   for(n=0; n<(len); n++) (dst)[n] = (src1)[n] & (src2)[n]; \
+}
+
+/*F*
+// Name: cpSafeMontExp_Binary
+//
+// Purpose: Binary method of Exponentiation
+//
+//
+// Parameters:
+//      pX           big number integer of Montgomery form within the
+//                      range [0,m-1]
+//      pE           big number exponent
+//      pMont        Montgomery modulus of IppsMontState.
+/       pY           the Montgomery exponentation result.
+//
+*F*/
+
+void cpSafeMontExp_Binary(IppsBigNumState* pY,
+                const IppsBigNumState* pX, const IppsBigNumState* pE,
+                      IppsMontState* pMont)
+{
+   Ipp32u* eData = BN_NUMBER(pE);
+   int eSize = BN_SIZE(pE);
+
+   /*
+   // if e==0 then r=R mod m (i.e MontEnc(1))
+   */
+   if (eSize == 1 && eData[0] == 0) {
+      cpBN_copy(MNT_1(pMont), pY);
+      return;
+   }
+
+   /*
+   // modulo exponentiation
+   */
+   if(pY!=pX) /* init result */
+      cpBN_copy(pX, pY);
+
+   {
+      Ipp32u eValue;
+      int nBits;
+
+      Ipp32u* pModulus = BN_NUMBER(MNT_MODULO(pMont));
+      int mSize = BN_SIZE(MNT_MODULO(pMont));
+      Ipp32u* pHelper = MNT_HELPER(pMont);
+
+      Ipp32u* yData = BN_NUMBER(pY);
+      Ipp32u* xData = BN_BUFFER(pY);
+      int ySize = BN_SIZE(pY);
+
+      Ipp32u* tData   = BN_NUMBER(MNT_PRODUCT(pMont));
+      Ipp32u* pBuffer = BN_BUFFER(MNT_PRODUCT(pMont));
+      Ipp32u* pMontOne= BN_NUMBER(MNT_1(pMont));
+
+      /* expand Mont(1) */
+      ZEXPAND_BNU(pMontOne, BN_SIZE(MNT_1(pMont)), mSize);
+
+      /* copy base */
+      ZEXPAND_COPY_BNU(yData,ySize, xData,mSize);
+
+
+      /* execute most significant part pE */
+      eValue = eData[eSize-1];
+      nBits = 32-NLZ32u(eValue);
+      eValue <<= (32-nBits);
+
+      nBits--;
+      eValue <<=1;
+      for(; nBits>0; nBits--, eValue<<=1) {
+         Ipp32u carry;
+
+         /* squaring: R^2 mod Modulus */
+         #if defined(_USE_NN_MONTMUL_)
+         cpMontMul(yData,     ySize,
+                   yData,     ySize,
+                   pModulus,  mSize,
+                   yData,    &ySize,
+                   pHelper,   pBuffer);
+         #else
+         cpMontMul(yData,     ySize,
+                   yData,     ySize,
+                   pModulus,  mSize,
+                   yData,    &ySize,
+                   pHelper,   pBuffer, MNT_BUFFER(pMont));
+         #endif
+
+         /* T = (X-1)*bitof(E,j) + 1 */
+         SET_BNU(pBuffer, ((Ipp32s)eValue)>>31, mSize);
+         carry = cpSub_BNU(tData, xData, pMontOne, mSize);
+         AND_BNU(tData, tData, pBuffer, mSize);
+         carry = cpAdd_BNU(tData, tData, pMontOne, mSize);
+
+         /* multiply: Y*T mod Modulus */
+         #if defined(_USE_NN_MONTMUL_)
+         cpMontMul(yData,    ySize,
+                   tData,    mSize,
+                   pModulus, mSize,
+                   yData,   &ySize,
+                   pHelper, pBuffer);
+         #else
+         cpMontMul(yData,    ySize,
+                   tData,    mSize,
+                   pModulus, mSize,
+                   yData,   &ySize,
+                   pHelper, pBuffer, MNT_BUFFER(pMont));
+         #endif
+      }
+
+      /* execute rest bits of E */
+      eSize--;
+      for(; eSize>0; eSize--) {
+         eValue = eData[eSize-1];
+
+         for(nBits=32; nBits>0; nBits--, eValue<<=1) {
+            Ipp32u carry;
+
+            /* squaring: R^2 mod Modulus */
+            #if defined(_USE_NN_MONTMUL_)
+            cpMontMul(yData,     ySize,
+                      yData,     ySize,
+                      pModulus,  mSize,
+                      yData,    &ySize,
+                      pHelper,   pBuffer);
+            #else
+            cpMontMul(yData,     ySize,
+                      yData,     ySize,
+                      pModulus,  mSize,
+                      yData,    &ySize,
+                      pHelper,   pBuffer, MNT_BUFFER(pMont));
+            #endif
+
+            /* T = (X-1)*bitof(E,j) + 1 */
+            SET_BNU(pBuffer, ((Ipp32s)eValue)>>31, mSize);
+            carry = cpSub_BNU(tData, xData, pMontOne, mSize);
+            AND_BNU(tData, tData, pBuffer, mSize);
+            carry = cpAdd_BNU(tData, tData, pMontOne, mSize);
+
+            /* multiply: R*T mod Modulus */
+            #if defined(_USE_NN_MONTMUL_)
+            cpMontMul(yData,    ySize,
+                      tData,    mSize,
+                      pModulus, mSize,
+                      yData,   &ySize,
+                      pHelper, pBuffer);
+            #else
+            cpMontMul(yData,    ySize,
+                      tData,    mSize,
+                      pModulus, mSize,
+                      yData,   &ySize,
+                      pHelper, pBuffer, MNT_BUFFER(pMont));
+            #endif
+         }
+      }
+
+      BN_SIZE(pY) = ySize;
+   }
+}
+#endif /* _USE_VERSION1_CBA_MITIGATION_ */
\ No newline at end of file