EXTERNAL_HEADERS/corecrypto/cczp.h

   1 /*
   2  *  cczp.h
   3  *  corecrypto
   4  *
   5  *  Created on 11/16/2010
   6  *
   7  *  Copyright (c) 2010,2011,2012,2013,2014,2015 Apple Inc. All rights reserved.
   8  *
   9  */
  10
  11 #ifndef _CORECRYPTO_CCZP_H_
  12 #define _CORECRYPTO_CCZP_H_
  13
  14 #include <corecrypto/ccn.h>
  15 #include <corecrypto/ccrng.h>
  16
  17 /*
  18  Don't use cczp_hd struct directly, except in static tables such as eliptic curve parameter
  19  definitions.
  20
  21  Declare cczp objects using cczp_decl_n(). It allocates cc_unit arrays of the length returned by
  22  cczp_nof_n().
  23 */
  24
  25 struct cczp;
  26
  27 typedef struct cczp *cczp_t;
  28 typedef const struct cczp *cczp_const_t;
  29
  30 typedef void (*ccmod_func_t)(cc_ws_t ws, cczp_const_t zp, cc_unit *t, const cc_unit *x, const cc_unit *y);
  31
  32 // keep cczp_hd and cczp structures consistent
  33 // cczp_hd is typecasted to cczp to read EC curve params
  34 // options field is to specify Montgomery arithmetic, bit field, etc
  35 // make sure n is the first element see ccrsa_ctx_n macro
  36 #define __CCZP_HEADER_ELEMENTS_DEFINITIONS(pre) \
  37     cc_size pre##n;                             \
  38     cc_unit pre##options;                       \
  39     ccmod_func_t pre##mulmod_prime;
  40
  41 #define __CCZP_ELEMENTS_DEFINITIONS(pre)    \
  42     __CCZP_HEADER_ELEMENTS_DEFINITIONS(pre) \
  43     cc_unit pre##ccn[];
  44
  45 // cczp_hd must be defined separetly without variable length array ccn[], because it is used in
  46 // sructures such as ccdh_gp_decl_n
  47 struct cczp_hd {
  48     __CCZP_HEADER_ELEMENTS_DEFINITIONS()
  49 } CC_ALIGNED(CCN_UNIT_SIZE);
  50
  51 struct cczp {
  52     __CCZP_ELEMENTS_DEFINITIONS()
  53 } CC_ALIGNED(CCN_UNIT_SIZE);
  54
  55 /* Return the size of an cczp where each ccn is _size_ bytes. */
  56 #define cczp_size(_size_) (sizeof(struct cczp) + ccn_sizeof_n(1) + 2 * (_size_))
  57
  58 /* Return number of units that a struct cczp needs to be in units for a prime
  59    size of N units.  This is large enough for all operations.  */
  60 #define cczp_nof_n(_n_) (ccn_nof_size(sizeof(struct cczp)) + 1 + 2 * (_n_))
  61
  62 /* Return number of units that a struct cczp needs to be in units for a prime
  63    size of _n_ units. */
  64 #define cczp_decl_n(_n_, _name_) cc_ctx_decl(struct cczp, ccn_sizeof_n(cczp_nof_n(_n_)), _name_)
  65 #define cczp_clear_n(_n_, _name_) cc_clear(ccn_sizeof_n(cczp_nof_n(_n_)), _name_)
  66
  67 #define CCZP_N(ZP) ((ZP)->n)
  68 #define CCZP_PRIME(ZP) ((ZP)->ccn)
  69 #define CCZP_RECIP(ZP) ((ZP)->ccn + CCZP_N(ZP))
  70 CC_NONNULL((1)) CC_INLINE cc_size cczp_n(cczp_const_t zp)
  71 {
  72     return zp->n;
  73 }
  74
  75 CC_NONNULL((1)) CC_INLINE const cc_unit *cczp_prime(cczp_const_t zp)
  76 {
  77     return zp->ccn;
  78 }
  79
  80 /* Return a pointer to the Reciprocal or Montgomery constant of zp, which is
  81  allocated cczp_n(zp) + 1 units long. */
  82 CC_NONNULL((1)) CC_INLINE const cc_unit *cczp_recip(cczp_const_t zp)
  83 {
  84     return zp->ccn + zp->n;
  85 }
  86
  87 /* Ensure both cczp_mod_prime(zp) and cczp_recip(zp) are valid. cczp_n and
  88    cczp_prime must have been previously initialized. The reciprocal will
  89    be computed and set. */
  90 CC_NONNULL((1))
  91 int cczp_init(cczp_t zp);
  92
  93 /*! @function cczp_init_with_recip
  94  @abstract Initializes a cczp struct with a given reciprocal.
  95
  96  @param zp    Pointer to a cczp struct.
  97  @param recip Reciprocal for zp's prime.
  98  */
  99 CC_NONNULL((1, 2))
 100 void cczp_init_with_recip(cczp_t zp, const cc_unit *recip);
 101
 102 /* Compute r = m ^ e mod cczp_prime(zp), using Montgomery ladder.
 103    - writes cczp_n(zp) units to r
 104    - reads  cczp_n(zp) units units from m and e
 105    - if r and m are not identical they must not overlap.
 106    - r and e must not overlap nor be identical.
 107    - before calling this function either cczp_init(zp) must have been called
 108    or both CCZP_MOD_PRIME((cc_unit *)zp) and CCZP_RECIP((cc_unit *)zp) must
 109    be initialized some other way.
 110  */
 111 CC_NONNULL((1, 2, 3, 4))
 112 int cczp_power(cczp_const_t zp, cc_unit *r, const cc_unit *m, const cc_unit *e);
 113
 114 /*!
 115  @brief cczp_inv(zp, r, x) computes r = x^-1 (mod p) , where p=cczp_prime(zp).
 116  @discussion It is a general function and works for any p. It validates the inputs. r and x can
 117  overlap. It writes n =cczp_n(zp) units to r, and read n units units from x and p. The output r is
 118  overwriten only if the inverse is correctly computed. This function is not constant time in
 119  absolute sense, but it does not have data dependent 'if' statements in the code.
 120  @param zp  The input zp. cczp_n(zp) and cczp_prime(zp) need to be valid. cczp_init(zp) need not to
 121  be called before invoking cczp_inv().
 122  @param x input big integer
 123  @param r output big integer
 124  @return  0 if inverse exists and correctly computed.
 125  */
 126 CC_NONNULL((1, 2, 3))
 127 int cczp_inv(cczp_const_t zp, cc_unit *r, const cc_unit *x);
 128
 129 #endif /* _CORECRYPTO_CCZP_H_ */