zh/crypt__bn_8h_source.html

/*

 * This file is part of the openHiTLS project.

 *

 * openHiTLS is licensed under the Mulan PSL v2.

 * You can use this software according to the terms and conditions of the Mulan PSL v2.

 * You may obtain a copy of Mulan PSL v2 at:

 *

 *     http://license.coscl.org.cn/MulanPSL2

 *

 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,

 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,

 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.

 * See the Mulan PSL v2 for more details.

 */


#ifndef CRYPT_BN_H

#define CRYPT_BN_H


#include "hitls_build.h"

#ifdef HITLS_CRYPTO_BN


#include <stdint.h>

#include <stdlib.h>

#include <stdbool.h>


#ifdef __cplusplus

extern "C" {

#endif


#if defined(HITLS_SIXTY_FOUR_BITS)

#define BN_UINT uint64_t

#define BN_MASK (0xffffffffffffffffL)

#define BN_DEC_VAL (10000000000000000000ULL)

#define BN_DEC_LEN 19

#define BN_UNIT_BITS 64

#elif defined(HITLS_THIRTY_TWO_BITS)

#define BN_UINT uint32_t

#define BN_MASK (0xffffffffL)

#define BN_DEC_VAL (1000000000L)

#define BN_DEC_LEN 9

#define BN_UNIT_BITS 32

#else

#error BN_UINT MUST be defined first.

#endif


#define BN_MAX_BITS         (1u << 29) /* @note: BN_BigNum bits limitation 2^29 bits */

#define BN_BITS_TO_BYTES(n) (((n) + 7) >> 3) /* @note: Calcute bytes form bits, bytes = (bits + 7) >> 3 */

#define BN_BYTES_TO_BITS(n) ((n) << 3) /* bits = bytes * 8 = bytes << 3 */

#define BN_UINT_BITS ((uint32_t)sizeof(BN_UINT) << 3)

#define BITS_TO_BN_UNIT(bits) (((bits) + BN_UINT_BITS - 1) / BN_UINT_BITS)

/* Flag of BigNum. If a new number is added, the value increases by 0x01 0x02 0x04... */

typedef enum {

    CRYPT_BN_FLAG_OPTIMIZER = 0x01,

    CRYPT_BN_FLAG_STATIC = 0x02,

    CRYPT_BN_FLAG_CONSTTIME = 0x04,

} CRYPT_BN_FLAG;


typedef struct BigNum {

    bool sign; /* *< bignum sign: negtive(true) or not(false) */

    uint32_t size; /* *< bignum size (count of BN_UINT) */

    uint32_t room; /* *< bignum max size (count of BN_UINT) */

    uint32_t flag; /* *< bignum flag */

    BN_UINT *data; /* *< bignum data chunk(most significant limb at the largest) */

} BN_BigNum;


typedef struct BnMont BN_Mont;


typedef struct BnOptimizer BN_Optimizer;


typedef struct BnCbCtx BN_CbCtx;


typedef int32_t (*BN_CallBack)(BN_CbCtx *, int32_t, int32_t);


/* If a == 0, return 0xFFFFFFFF...; otherwise return 0. */

static inline BN_UINT BN_IsZeroUintConsttime(BN_UINT a)

{

    BN_UINT t = ~a & (a - 1); // The most significant bit of t is 1 only when a == 0.

    // Shifting 3 bits to the left is equivalent to multiplying 8, convert the number of bytes into the number of bits.

    return (BN_UINT)0 - (t >> (((uint32_t)sizeof(BN_UINT) << 3) - 1));

}


#ifdef HITLS_CRYPTO_EAL_BN

/* Check whether the BN entered externally is valid. */

bool BnVaild(const BN_BigNum *a);

#endif


BN_BigNum *BN_Create(uint32_t bits);


void BN_Destroy(BN_BigNum *a);


void BN_Init(BN_BigNum *bn, BN_UINT *data, uint32_t room, int32_t number);


#ifdef HITLS_CRYPTO_BN_CB


BN_CbCtx *BN_CbCtxCreate(void);


void BN_CbCtxSet(BN_CbCtx *gencb, BN_CallBack callBack, void *arg);


int32_t BN_CbCtxCall(BN_CbCtx *callBack, int32_t process, int32_t target);


void *BN_CbCtxGetArg(BN_CbCtx *callBack);


void BN_CbCtxDestroy(BN_CbCtx *cb);

#endif


int32_t BN_SetSign(BN_BigNum *a, bool sign);


int32_t BN_SetFlag(BN_BigNum *a, uint32_t flag);


int32_t BN_Copy(BN_BigNum *r, const BN_BigNum *a);


BN_BigNum *BN_Dup(const BN_BigNum *a);


bool BN_IsZero(const BN_BigNum *a);


bool BN_IsOne(const BN_BigNum *a);


bool BN_IsNegative(const BN_BigNum *a);


bool BN_IsOdd(const BN_BigNum *a);


bool BN_IsFlag(const BN_BigNum *a, uint32_t flag);


int32_t BN_Zeroize(BN_BigNum *a);


bool BN_IsLimb(const BN_BigNum *a, const BN_UINT w);


int32_t BN_SetLimb(BN_BigNum *r, BN_UINT w);


BN_UINT BN_GetLimb(const BN_BigNum *a);


bool BN_GetBit(const BN_BigNum *a, uint32_t n);


int32_t BN_SetBit(BN_BigNum *a, uint32_t n);


int32_t BN_ClrBit(BN_BigNum *a, uint32_t n);


int32_t BN_MaskBit(BN_BigNum *a, uint32_t n);


uint32_t BN_Bits(const BN_BigNum *a);


uint32_t BN_Bytes(const BN_BigNum *a);


int32_t BN_Gcd(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, BN_Optimizer *opt);


int32_t BN_ModInv(BN_BigNum *r, const BN_BigNum *x, const BN_BigNum *m, BN_Optimizer *opt);

int32_t BN_Cmp(const BN_BigNum *a, const BN_BigNum *b);


int32_t BN_Add(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b);


int32_t BN_AddLimb(BN_BigNum *r, const BN_BigNum *a, BN_UINT w);


int32_t BN_Sub(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b);


int32_t BN_SubLimb(BN_BigNum *r, const BN_BigNum *a, BN_UINT w);


int32_t BN_Mul(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, BN_Optimizer *opt);


int32_t BN_MulLimb(BN_BigNum *r, const BN_BigNum *a, const BN_UINT w);


int32_t BN_Sqr(BN_BigNum *r, const BN_BigNum *a, BN_Optimizer *opt);


int32_t BN_Div(BN_BigNum *q, BN_BigNum *r, const BN_BigNum *x, const BN_BigNum *y, BN_Optimizer *opt);


int32_t BN_DivLimb(BN_BigNum *q, BN_UINT *r, const BN_BigNum *x, const BN_UINT y);


int32_t BN_ModAdd(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

    const BN_BigNum *mod, BN_Optimizer *opt);

int32_t BN_ModSub(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

    const BN_BigNum *mod, BN_Optimizer *opt);


int32_t BN_ModMul(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

    const BN_BigNum *mod, BN_Optimizer *opt);


int32_t BN_ModSqr(

    BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *mod, BN_Optimizer *opt);


int32_t BN_ModExp(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *e,

    const BN_BigNum *m, BN_Optimizer *opt);


int32_t BN_Mod(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *m, BN_Optimizer *opt);


int32_t BN_ModLimb(BN_UINT *r, const BN_BigNum *a, const BN_UINT m);


#ifdef HITLS_CRYPTO_BN_PRIME

int32_t BN_GenPrime(BN_BigNum *r, BN_BigNum *e, uint32_t bits, bool half, BN_Optimizer *opt, BN_CbCtx *cb);


int32_t BN_PrimeCheck(const BN_BigNum *bn, uint32_t checkTimes, BN_Optimizer *opt, BN_CbCtx *cb);

#endif // HITLS_CRYPTO_BN_PRIME


#ifdef HITLS_CRYPTO_BN_RAND

#define BN_RAND_TOP_NOBIT      0 /* Not set bits */

#define BN_RAND_TOP_ONEBIT     1 /* Set the most significant bit to 1. */

#define BN_RAND_TOP_TWOBIT     2 /* Set the highest two bits to 1 */


#define BN_RAND_BOTTOM_NOBIT   0 /* Not set bits */

#define BN_RAND_BOTTOM_ONEBIT  1 /* Set the least significant bit to 1. */

#define BN_RAND_BOTTOM_TWOBIT  2 /* Set the least significant two bits to 1. */


int32_t BN_Rand(BN_BigNum *r, uint32_t bits, uint32_t top, uint32_t bottom);


int32_t BN_RandEx(void *libCtx, BN_BigNum *r, uint32_t bits, uint32_t top, uint32_t bottom);


int32_t BN_RandRange(BN_BigNum *r, const BN_BigNum *p);


int32_t BN_RandRangeEx(void *libCtx, BN_BigNum *r, const BN_BigNum *p);

#endif

int32_t BN_Bin2Bn(BN_BigNum *r, const uint8_t *bin, uint32_t binLen);


int32_t BN_Bn2Bin(const BN_BigNum *a, uint8_t *bin, uint32_t *binLen);


void BN_FixSize(BN_BigNum *a);


int32_t BN_Extend(BN_BigNum *a, uint32_t words);


int32_t BN_Bn2BinFixZero(const BN_BigNum *a, uint8_t *bin, uint32_t binLen);


#ifdef HITLS_CRYPTO_BN_STR_CONV

int32_t BN_Hex2Bn(BN_BigNum **r, const char *str);


char *BN_Bn2Hex(const BN_BigNum *a);


int32_t BN_Dec2Bn(BN_BigNum **r, const char *str);


char *BN_Bn2Dec(const BN_BigNum *a);

#endif


#if defined(HITLS_CRYPTO_CURVE_SM2_ASM) ||                                             \

    ((defined(HITLS_CRYPTO_CURVE_NISTP521) || defined(HITLS_CRYPTO_CURVE_NISTP384_ASM)) && \

        defined(HITLS_CRYPTO_NIST_USE_ACCEL))

int32_t BN_U64Array2Bn(BN_BigNum *r, const uint64_t *array, uint32_t len);


int32_t BN_Bn2U64Array(const BN_BigNum *a, uint64_t *array, uint32_t *len);

#endif


BN_Optimizer *BN_OptimizerCreate(void);


void BN_OptimizerDestroy(BN_Optimizer *opt);


void BN_OptimizerSetLibCtx(void *libCtx, BN_Optimizer *opt);


void *BN_OptimizerGetLibCtx(BN_Optimizer *opt);


BN_Mont *BN_MontCreate(const BN_BigNum *m);


int32_t BN_MontExp(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *e, BN_Mont *mont,

    BN_Optimizer *opt);


int32_t BN_MontExpConsttime(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *e,

    BN_Mont *mont, BN_Optimizer *opt);


void BN_MontDestroy(BN_Mont *mont);


int32_t BN_Rshift(BN_BigNum *r, const BN_BigNum *a, uint32_t n);


int32_t BN_Lshift(BN_BigNum *r, const BN_BigNum *a, uint32_t n);


#ifdef HITLS_CRYPTO_DSA

int32_t BN_MontExpMul(BN_BigNum *r, const BN_BigNum *a1, const BN_BigNum *e1,

    const BN_BigNum *a2, const BN_BigNum *e2, BN_Mont *mont, BN_Optimizer *opt);

#endif


#ifdef HITLS_CRYPTO_ECC

int32_t BN_ModSqrt(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *p, BN_Optimizer *opt);

#endif


#if defined(HITLS_CRYPTO_CURVE_SM2_ASM) || (defined(HITLS_CRYPTO_CURVE_NISTP256_ASM) && \

    defined(HITLS_CRYPTO_NIST_ECC_ACCELERATE))

int32_t BN_BN2Array(const BN_BigNum *src, BN_UINT *dst, uint32_t size);


int32_t BN_Array2BN(BN_BigNum *dst, const BN_UINT *src, const uint32_t size);

#endif


#ifdef HITLS_CRYPTO_ECC

int32_t BN_CopyWithMask(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, BN_UINT mask);


int32_t BN_ModSubQuick(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

    const BN_BigNum *mod, const BN_Optimizer *opt);


int32_t BN_ModAddQuick(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

    const BN_BigNum *mod, const BN_Optimizer *opt);


int32_t BN_ModNistEccMul(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

    void *data, BN_Optimizer *opt);


int32_t BN_ModNistEccSqr(BN_BigNum *r, const BN_BigNum *a, void *data, BN_Optimizer *opt);

#endif


#ifdef HITLS_CRYPTO_CURVE_SM2

int32_t BN_ModSm2EccMul(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, void *data, BN_Optimizer *opt);


int32_t BN_ModSm2EccSqr(BN_BigNum *r, const BN_BigNum *a, void *data, BN_Optimizer *opt);

#endif


#ifdef HITLS_CRYPTO_BN_RFC_PRIME

BN_BigNum *BN_GetRfcConstPrime(BN_BigNum *r, int32_t paraId);

#endif


int32_t BN_SecBits(int32_t pubLen, int32_t prvLen);


#if defined(HITLS_CRYPTO_RSA)


int32_t MontMulCore(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, BN_Mont *mont, BN_Optimizer *opt);


#endif // HITLS_CRYPTO_RSA


#if defined(HITLS_CRYPTO_BN_PRIME)

int32_t MontSqrCore(BN_BigNum *r, const BN_BigNum *a, BN_Mont *mont, BN_Optimizer *opt);


#endif // HITLS_CRYPTO_BN_PRIME


int32_t OptimizerStart(BN_Optimizer *opt);


void OptimizerEnd(BN_Optimizer *opt);


BN_BigNum *OptimizerGetBn(BN_Optimizer *opt, uint32_t room);


#ifdef HITLS_CRYPTO_CURVE_MONT


int32_t BN_EcPrimeMontMul(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, void *data, BN_Optimizer *opt);


int32_t BN_EcPrimeMontSqr(BN_BigNum *r, const BN_BigNum *a, void *data, BN_Optimizer *opt);


int32_t BnMontEnc(BN_BigNum *r, BN_Mont *mont, BN_Optimizer *opt, bool consttime);


void BnMontDec(BN_BigNum *r, BN_Mont *mont);


int32_t BN_SwapWithMask(BN_BigNum *a, BN_BigNum *b, BN_UINT mask);


#endif // HITLS_CRYPTO_CURVE_MONT


#if defined(HITLS_CRYPTO_PAILLIER) || defined(HITLS_CRYPTO_RSA_CHECK)

int32_t BN_Lcm(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b, BN_Optimizer *opt);


#endif // HITLS_CRYPTO_PAILLIER || HITLS_CRYPTO_RSA_CHECK


#ifdef __cplusplus

}

#endif


#endif /* HITLS_CRYPTO_BN */


#endif