Home | History | Annotate | Download | only in ippcp 
      1 /*******************************************************************************
      2 * Copyright 2013-2018 Intel Corporation
      3 * All Rights Reserved.
      4 *
      5 * If this  software was obtained  under the  Intel Simplified  Software License,
      6 * the following terms apply:
      7 *
      8 * The source code,  information  and material  ("Material") contained  herein is
      9 * owned by Intel Corporation or its  suppliers or licensors,  and  title to such
     10 * Material remains with Intel  Corporation or its  suppliers or  licensors.  The
     11 * Material  contains  proprietary  information  of  Intel or  its suppliers  and
     12 * licensors.  The Material is protected by  worldwide copyright  laws and treaty
     13 * provisions.  No part  of  the  Material   may  be  used,  copied,  reproduced,
     14 * modified, published,  uploaded, posted, transmitted,  distributed or disclosed
     15 * in any way without Intel's prior express written permission.  No license under
     16 * any patent,  copyright or other  intellectual property rights  in the Material
     17 * is granted to  or  conferred  upon  you,  either   expressly,  by implication,
     18 * inducement,  estoppel  or  otherwise.  Any  license   under such  intellectual
     19 * property rights must be express and approved by Intel in writing.
     20 *
     21 * Unless otherwise agreed by Intel in writing,  you may not remove or alter this
     22 * notice or  any  other  notice   embedded  in  Materials  by  Intel  or Intel's
     23 * suppliers or licensors in any way.
     24 *
     25 *
     26 * If this  software  was obtained  under the  Apache License,  Version  2.0 (the
     27 * "License"), the following terms apply:
     28 *
     29 * You may  not use this  file except  in compliance  with  the License.  You may
     30 * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
     31 *
     32 *
     33 * Unless  required  by   applicable  law  or  agreed  to  in  writing,  software
     34 * distributed under the License  is distributed  on an  "AS IS"  BASIS,  WITHOUT
     35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     36 *
     37 * See the   License  for the   specific  language   governing   permissions  and
     38 * limitations under the License.
     39 *******************************************************************************/
     40 
     41 /*
     42 //
     43 //  Purpose:
     44 //     Cryptography Primitive.
     45 //     RSA Functions
     46 //
     47 //
     48 */
     49 
     50 #include "owndefs.h"
     51 #include "owncp.h"
     52 #include "pcpbn.h"
     53 #include "pcpprimeg.h"
     54 #include "pcpprng.h"
     55 #include "pcpngrsa.h"
     56 
     57 
     58 static int cpMillerRabinTest(BNU_CHUNK_T* pW, cpSize nsW,
     59     const BNU_CHUNK_T* pE, cpSize bitsizeE,
     60     int k,
     61     const BNU_CHUNK_T* pPrime1,
     62     gsModEngine* pMont,
     63     BNU_CHUNK_T* pBuffer)
     64 {
     65     cpSize nsP = MOD_LEN(pMont);
     66 
     67     /* to Montgomery Domain */
     68     ZEXPAND_BNU(pW, nsW, nsP);
     69     MOD_METHOD(pMont)->encode(pW, pW, pMont);
     70 
     71     /* w = exp(w,e) */
     72     gsMontExpWin_BNU_sscm(pW, pW, nsP, pE, bitsizeE, pMont, pBuffer);
     73 
     74     /* if (w==1) ||(w==prime-1) => probably prime */
     75     if ((0 == cpCmp_BNU(pW, nsP, MOD_MNT_R(pMont), nsP))
     76         || (0 == cpCmp_BNU(pW, nsP, pPrime1, nsP)))
     77         return 1;      /* witness of the primality */
     78 
     79     while (--k) {
     80         MOD_METHOD(pMont)->sqr(pW, pW, pMont);
     81 
     82         if (0 == cpCmp_BNU(pW, nsP, MOD_MNT_R(pMont), nsP))
     83             return 0;   /* witness of the compositeness */
     84         if (0 == cpCmp_BNU(pW, nsP, pPrime1, nsP))
     85             return 1;   /* witness of the primality */
     86     }
     87     return 0;
     88 }
     89 
     90 /* test if P is prime
     91 
     92 returns:
     93 IPP_IS_PRIME     (==1) - prime value has been detected
     94 IPP_IS_COMPOSITE (==0) - composite value has been detected
     95 -1 - if internal error (ippStsNoErr != rndFunc())
     96 */
     97 static int cpIsProbablyPrime(BNU_CHUNK_T* pPrime, int bitSize,
     98     int nTrials,
     99     IppBitSupplier rndFunc, void* pRndParam,
    100     gsModEngine* pME,
    101     BNU_CHUNK_T* pBuffer)
    102 {
    103     /* if test for trivial divisors passed*/
    104     int ret = cpMimimalPrimeTest((Ipp32u*)pPrime, BITS2WORD32_SIZE(bitSize));
    105 
    106     /* appy Miller-Rabin test */
    107     if (ret) {
    108         int ns = BITS_BNU_CHUNK(bitSize);
    109         BNU_CHUNK_T* pPrime1 = pBuffer;
    110         BNU_CHUNK_T* pOdd = pPrime1 + ns;
    111         BNU_CHUNK_T* pWitness = pOdd + ns;
    112         BNU_CHUNK_T* pMontPrime1 = pWitness + ns;
    113         BNU_CHUNK_T* pScratchBuffer = pMontPrime1 + ns;
    114         int k, a, lenOdd;
    115 
    116         /* prime1 = prime-1 = odd*2^a */
    117         cpDec_BNU(pPrime1, pPrime, ns, 1);
    118         for (k = 0, a = 0; k<ns; k++) {
    119             cpSize da = cpNTZ_BNU(pPrime1[k]);
    120             a += da;
    121             if (BNU_CHUNK_BITS != da)
    122                 break;
    123         }
    124         lenOdd = cpLSR_BNU(pOdd, pPrime1, ns, a);
    125         FIX_BNU(pOdd, lenOdd);
    126 
    127         /* prime1 to (Montgomery Domain) */
    128         cpSub_BNU(pMontPrime1, pPrime, MOD_MNT_R(pME), ns);
    129 
    130         for (k = 0, ret = 0; k<nTrials && !ret; k++) {
    131             BNU_CHUNK_T one = 1;
    132             ret = cpPRNGenRange(pWitness, &one, 1, pPrime1, ns, rndFunc, pRndParam);
    133             if (ret <= 0) break; /* internal error */
    134                                  /* test primality */
    135             ret = cpMillerRabinTest(pWitness, ns,
    136                 //pOdd, lenOdd, a,
    137                 pOdd, bitSize - a, a,
    138                 pMontPrime1,
    139                 pME, pScratchBuffer);
    140         }
    141     }
    142     return ret;
    143 }