1 /******************************************************************************* 2 * Copyright 2016-2018 Intel Corporation 3 * All Rights Reserved. 4 * 5 * If this software was obtained under the Intel Simplified Software License, 6 * the following terms apply: 7 * 8 * The source code, information and material ("Material") contained herein is 9 * owned by Intel Corporation or its suppliers or licensors, and title to such 10 * Material remains with Intel Corporation or its suppliers or licensors. The 11 * Material contains proprietary information of Intel or its suppliers and 12 * licensors. The Material is protected by worldwide copyright laws and treaty 13 * provisions. No part of the Material may be used, copied, reproduced, 14 * modified, published, uploaded, posted, transmitted, distributed or disclosed 15 * in any way without Intel's prior express written permission. No license under 16 * any patent, copyright or other intellectual property rights in the Material 17 * is granted to or conferred upon you, either expressly, by implication, 18 * inducement, estoppel or otherwise. Any license under such intellectual 19 * property rights must be express and approved by Intel in writing. 20 * 21 * Unless otherwise agreed by Intel in writing, you may not remove or alter this 22 * notice or any other notice embedded in Materials by Intel or Intel's 23 * suppliers or licensors in any way. 24 * 25 * 26 * If this software was obtained under the Apache License, Version 2.0 (the 27 * "License"), the following terms apply: 28 * 29 * You may not use this file except in compliance with the License. You may 30 * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 31 * 32 * 33 * Unless required by applicable law or agreed to in writing, software 34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 36 * 37 * See the License for the specific language governing permissions and 38 * limitations under the License. 39 *******************************************************************************/ 40 41 /* 42 // Intel(R) Integrated Performance Primitives. Cryptography Primitives. 43 // 44 // Context: 45 // ippsGFpECSharedSecretDH() 46 // 47 */ 48 49 #include "owndefs.h" 50 #include "owncp.h" 51 #include "pcpgfpecstuff.h" 52 53 54 55 56 57 /*F* 58 // Name: ippsGFpECSharedSecretDHC 59 // 60 // Purpose: Compute Shared Secret (Diffie-Hellman) 61 // 62 // Returns: Reason: 63 // ippStsNullPtrErr NULL == pEC 64 // NULL == pPrivateA 65 // NULL == pPublicB 66 // NULL == pShare 67 // 68 // ippStsContextMatchErr illegal pEC->idCtx 69 // pEC->subgroup == NULL 70 // illegal pPrivateA->idCtx 71 // illegal pPublicB->idCtx 72 // illegal pShare->idCtx 73 // 74 // ippStsRangeErr not enough room for share key 75 // 76 // ippStsShareKeyErr (infinity) => z 77 // 78 // ippStsNoErr no errors 79 // 80 // Parameters: 81 // pPrivateA pointer to own private key 82 // pPublicB pointer to alien public key 83 // pShare pointer to the shared secret value 84 // pEC pointer to the EC context 85 // pScratchBuffer pointer to the scratch buffer 86 // 87 *F*/ 88 IPPFUN(IppStatus, ippsGFpECSharedSecretDH,(const IppsBigNumState* pPrivateA, const IppsGFpECPoint* pPublicB, 89 IppsBigNumState* pShare, 90 IppsGFpECState* pEC, Ipp8u* pScratchBuffer)) 91 { 92 IppsGFpState* pGF; 93 gsModEngine* pGFE; 94 95 /* EC context and buffer */ 96 IPP_BAD_PTR2_RET(pEC, pScratchBuffer); 97 pEC = (IppsGFpECState*)( IPP_ALIGNED_PTR(pEC, ECGFP_ALIGNMENT) ); 98 IPP_BADARG_RET(!ECP_TEST_ID(pEC), ippStsContextMatchErr); 99 IPP_BADARG_RET(!ECP_SUBGROUP(pEC), ippStsContextMatchErr); 100 101 pGF = ECP_GFP(pEC); 102 pGFE = GFP_PMA(pGF); 103 104 /* test private (own) key */ 105 IPP_BAD_PTR1_RET(pPrivateA); 106 pPrivateA = (IppsBigNumState*)( IPP_ALIGNED_PTR(pPrivateA, ALIGN_VAL) ); 107 IPP_BADARG_RET(!BN_VALID_ID(pPrivateA), ippStsContextMatchErr); 108 109 /* test public (other party) key */ 110 IPP_BAD_PTR1_RET(pPublicB); 111 IPP_BADARG_RET( !ECP_POINT_TEST_ID(pPublicB), ippStsContextMatchErr ); 112 113 /* test share secret value */ 114 IPP_BAD_PTR1_RET(pShare); 115 pShare = (IppsBigNumState*)( IPP_ALIGNED_PTR(pShare, ALIGN_VAL) ); 116 IPP_BADARG_RET(!BN_VALID_ID(pShare), ippStsContextMatchErr); 117 IPP_BADARG_RET((BN_ROOM(pShare)<GFP_FELEN(pGFE)), ippStsRangeErr); 118 119 { 120 int elmLen = GFP_FELEN(pGFE); 121 122 IppsGFpElement elm; 123 IppsGFpECPoint T; 124 int finite_point; 125 126 /* T = [privateA]pPublicB */ 127 cpEcGFpInitPoint(&T, cpEcGFpGetPool(1, pEC),0, pEC); 128 gfec_MulPoint(&T, pPublicB, BN_NUMBER(pPrivateA), BN_SIZE(pPrivateA), /*ECP_ORDBITSIZE(pEC),*/ pEC, pScratchBuffer); 129 130 /* share = T.x */ 131 cpGFpElementConstruct(&elm, cpGFpGetPool(1, pGFE), elmLen); 132 finite_point = gfec_GetPoint(GFPE_DATA(&elm), NULL, &T, pEC); 133 134 if(finite_point) { 135 BNU_CHUNK_T* pShareData = BN_NUMBER(pShare); 136 int nsShare = BN_ROOM(pShare); 137 /* share = decode(T.x) */ 138 GFP_METHOD(pGFE)->decode(pShareData, GFPE_DATA(&elm), pGFE); 139 cpGFpElementPadd(pShareData+elmLen, nsShare-elmLen, 0); 140 141 BN_SIGN(pShare) = ippBigNumPOS; 142 FIX_BNU(pShareData, nsShare); 143 BN_SIZE(pShare) = nsShare; 144 } 145 146 cpGFpReleasePool(1, pGFE); 147 cpEcGFpReleasePool(1, pEC); 148 149 return finite_point? ippStsNoErr : ippStsShareKeyErr; 150 } 151 } 152