crys_dh_kg.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
  1. /**************************************************************************************
  2. * Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved *
  3. * *
  4. * This file and the related binary are licensed under the following license: *
  5. * *
  6. * ARM Object Code and Header Files License, v1.0 Redistribution. *
  7. * *
  8. * Redistribution and use of object code, header files, and documentation, without *
  9. * modification, are permitted provided that the following conditions are met: *
  10. * *
  11. * 1) Redistributions must reproduce the above copyright notice and the *
  12. * following disclaimer in the documentation and/or other materials *
  13. * provided with the distribution. *
  14. * *
  15. * 2) Unless to the extent explicitly permitted by law, no reverse *
  16. * engineering, decompilation, or disassembly of is permitted. *
  17. * *
  18. * 3) Redistribution and use is permitted solely for the purpose of *
  19. * developing or executing applications that are targeted for use *
  20. * on an ARM-based product. *
  21. * *
  22. * DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND *
  23. * CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT *
  24. * NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, *
  25. * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE *
  26. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *
  27. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED *
  28. * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
  29. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
  30. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
  31. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
  32. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
  33. **************************************************************************************/
  34. #ifndef _CRYS_DH_KG_H
  35. #define _CRYS_DH_KG_H
  36. #include "crys_dh.h"
  37. #ifdef __cplusplus
  38. extern "C"
  39. {
  40. #endif
  41. /*! @file
  42. @brief This module defines the API that supports Diffie-Hellman domain.
  43. @defgroup crys_dh_kg CryptoCell DH Key Generation APIs
  44. @{
  45. @ingroup crys_dh
  46. */
  47. /************************ Defines ******************************/
  48. /*! Minimal size of DH seed in bytes. */
  49. #define CRYS_DH_SEED_MIN_SIZE_IN_BYTES CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES
  50. /*! Minimal size of DH seed in bits. */
  51. #define CRYS_DH_SEED_MIN_SIZE_IN_BITS (CRYS_DH_SEED_MIN_SIZE_IN_BYTES * 8)
  52. /************************ Enums ********************************/
  53. /************************ Typedefs ****************************/
  54. /* temp buffers, used in different DH KG functions */
  55. /*! Temporary data buffer structure for domain parameters generation in DH. */
  56. typedef struct CRYS_DHKGData_t
  57. {
  58. /* The aligned input and output temp buffers */
  59. /*! Temporary buffer. */
  60. uint32_t TempBuff1[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  61. /*! Temporary buffer. */
  62. uint32_t TempBuff2[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  63. /*! Temporary buffer. */
  64. uint32_t TempBuff3[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  65. /*! Temporary buffer. */
  66. uint32_t TempBuff4[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  67. /*! Temporary buffer. */
  68. uint32_t TempBuff5[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  69. /*! Temporary buffer. */
  70. uint32_t TempBuff6[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  71. /*! Temporary buffer. */
  72. CRYS_DH_Temp_t ExpTemps;
  73. }CRYS_DHKGData_t;
  74. /*! Temporary buffer structure . */
  75. typedef struct CRYS_DHKG_CheckTemp_t
  76. {
  77. /*! Temporary buffer. */
  78. uint32_t CheckTempBuff[3*CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS];
  79. /*! Temporary buffer. */
  80. CRYS_DHKGData_t DhKgBuff;
  81. }CRYS_DHKG_CheckTemp_t;
  82. /*! DH Domain generation values definitions */
  83. /*! Minimal modulus size for X942 - 1024.*/
  84. #define DH_X942_PRIME_MOD_MIN_VAL 1024
  85. /*! Maximal modulus size for X942 - 2048.*/
  86. #define DH_X942_PRIME_MOD_MAX_VAL 2048
  87. /*! PGeneration counter for X942 - 4096.*/
  88. #define DH_X942_PGEN_COUNTER_CONST 4096
  89. /*! HASH size in bits for X942 - 160.*/
  90. #define DH_X942_HASH_SIZE_BITS 160
  91. /*! Maximal allowed ratio between modulus and generator order sizes (by implementation) */
  92. #define DH_MAX_RATIO_MODULO_TO_ORDER 4
  93. /************************ Structs ******************************/
  94. /************************ Public Variables **********************/
  95. /************************ Public Functions **********************/
  96. /******************************************************************************************/
  97. /*!
  98. @brief This function generates DH domain parameters in Galois prime field according to standard [ANS X9.42].
  99. It receives the required sizes (in bits) of the modulus, the generator's order, and the seed, and then generates
  100. the prime modulus and the generator according to given sizes.
  101. If generateSeed argument is set to 1, the function generates and outputs the random seed. Otherwise (if set to 0),
  102. the seed has to be passed as an input argument. According to implementation the seed should be not greate, than (2^seedSizeBits - 2^32).
  103. The seed and some additional parameters, generated by the function (factorJ, pgenCounter), are used for checking
  104. that all domain parameters are generated according to the standard and not forged.
  105. \note All buffer parameters should be in Big-Endian form.
  106. @return CRYS_OK on success.
  107. @return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_hash_error.h.
  108. */
  109. CIMPORT_C CRYSError_t CRYS_DH_CreateDomainParams(
  110. void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */
  111. SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to a random vector generation function. */
  112. uint32_t modPsizeBits, /*!< [in] Size of the modulus (Prime) in bits equal 256*n, where n >= 4. FIPS 186-4
  113. defines sizes 1024 and 2048 bit. */
  114. uint32_t orderQsizeBits, /*!< [in] Size of the Generator's order in bits. FIPS 186-4 defines orderQSizeBits = 160
  115. for modulus 1024 bit and 224 or 256 bit for modPSizeBits = 2048. We not recommend
  116. sizes > 256 and returns an error if orderQSizeBits > modPSizeBits/4 */
  117. uint32_t seedSizeBits, /*!< [in] Seed size in bits. Requirements: modPSizeBits >= seedSizeBits >= orderQSizeBits
  118. (the first is required by our implementation). */
  119. uint8_t *modP_ptr, /*!< [out] Pointer to the modulus (prime) buffer. The size of the buffer for output
  120. generated value must be no less than given modulus size. */
  121. uint8_t *orderQ_ptr, /*!< [out] Pointer to the order Q of generator. The size of the buffer for output generated
  122. value must be no less than the given order size. */
  123. uint8_t *generatorG_ptr, /*!< [out] Pointer to the generator of multiplicative subgroup in GF(P).
  124. If the user does not need this output, then both the pointer and the buffer size
  125. must be set to 0. */
  126. uint32_t *generGsizeBytes_ptr, /*!< [in/out] Pointer to the one word buffer for outputting the generator's size.
  127. The passed size (if needed) must be not less than modulus size and the function
  128. returns the actual size of the generator. */
  129. uint8_t *factorJ_ptr, /*!< [out] Pointer to the buffer for integer factor J. If NULL, the function does not output
  130. this parameter (in this case JsizeBytes_ptr also must be set to NULL, else the function
  131. returns an error). */
  132. uint32_t *JsizeBytes_ptr, /*!< [in/out] Pointer to the size of integer factor J. If NULL, the function does not output
  133. this parameter. */
  134. uint8_t *seedS_ptr, /*!< [in/out] Random seed used for prime generation. The size of the buffer must be
  135. at least the seed size. */
  136. int8_t generateSeed, /*!< [in] Flag, defining whether the seed should be generated randomly by the function
  137. (1) or is passed by the user (0). */
  138. uint32_t *pgenCounter_ptr, /*!< [out] Pointer to counter of tries to generate the primes. If NULL, the function does not
  139. output this parameter. */
  140. CRYS_DHKGData_t *DHKGbuff_ptr /*!< [out] The temp buffer of defined structure for internal calculations. */
  141. );
  142. /******************************************************************************************/
  143. /*!
  144. @brief This function receives DH domain parameters, seed and prime generation counter and then verifies
  145. that the domain was created according to the standard [ANS X9.42].
  146. According to implementation, the value of the user passed seed should be not
  147. greate, than (2^seedSizeBits - 2^32), otherwise an error is returned.
  148. \note All buffer parameters should be in Big-Endian form. For more detailed
  149. description of the parameters see ::CRYS_DH_CreateDomainParams.
  150. @return CRYS_OK on success.
  151. @return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_hash_error.h.
  152. */
  153. CIMPORT_C CRYSError_t CRYS_DH_CheckDomainParams(
  154. void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */
  155. SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */
  156. uint8_t *modP_ptr, /*!< [in] Pointer to the modulus (Prime). */
  157. uint32_t modPsizeBytes, /*!< [in] Size of the modulus (Prime) in bytes. */
  158. uint8_t *orderQ_ptr, /*!< [in] Pointer to the order Q of generator. The size of the buffer for output
  159. generated value must be no less than the order size. */
  160. uint32_t orderQsizeBytes, /*!< [in] Size of the Generator's order in bytes. */
  161. uint8_t *generatorG_ptr, /*!< [in] Pointer to the generator of the multiplicative subgroup in GF(P). */
  162. uint32_t generatorSizeBytes, /*!< [in] Size of the generator in bytes. */
  163. uint8_t *seedS_ptr, /*!< [in] Random seed used for prime generation. */
  164. uint32_t seedSizeBits, /*!< [in] Seed size in bits. */
  165. uint32_t pgenCounter, /*!< [in] Counter of prime generation attempts. */
  166. CRYS_DHKG_CheckTemp_t *checkTempBuff_ptr /*!< [in] Temporary buffer for internal calculations. */
  167. );
  168. #ifdef __cplusplus
  169. }
  170. #endif
  171. /**
  172. @}
  173. */
  174. #endif