From 1f8d13bf8d2e813f0c5da653c4abffb7a817db9a Mon Sep 17 00:00:00 2001 From: "Pavel V. Shatov (Meister)" Date: Wed, 19 Dec 2018 16:03:08 +0300 Subject: * New hardware architecture * Randomized test vector --- fpga_curve.cpp | 340 --------------------------------------------------------- 1 file changed, 340 deletions(-) delete mode 100644 fpga_curve.cpp (limited to 'fpga_curve.cpp') diff --git a/fpga_curve.cpp b/fpga_curve.cpp deleted file mode 100644 index 9cc8ec0..0000000 --- a/fpga_curve.cpp +++ /dev/null @@ -1,340 +0,0 @@ -//------------------------------------------------------------------------------ -// -// fpga_curve.cpp -// ------------------------------------ -// Elliptic curve arithmetic procedures -// -// Authors: Pavel Shatov -// -// Copyright (c) 2015-2016, NORDUnet A/S -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// - Redistributions of source code must retain the above copyright notice, -// this list of conditions and the following disclaimer. -// -// - Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// - Neither the name of the NORDUnet nor the names of its contributors may be -// used to endorse or promote products derived from this software without -// specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -// -//------------------------------------------------------------------------------ - - -//------------------------------------------------------------------------------ -// Headers -//------------------------------------------------------------------------------ -#include -#include "ecdsa_model.h" -#include "fpga_lowlevel.h" -#include "fpga_modular.h" -#include "fpga_curve.h" -#include "fpga_util.h" - - -//------------------------------------------------------------------------------ -// Globals -//------------------------------------------------------------------------------ -FPGA_BUFFER ecdsa_g_x, ecdsa_g_y; -FPGA_BUFFER ecdsa_h_x, ecdsa_h_y; -FPGA_BUFFER ecdsa_q_x, ecdsa_q_y; -FPGA_BUFFER ecdsa_r_x, ecdsa_r_y; - - -//------------------------------------------------------------------------------ -void fpga_curve_init() -//------------------------------------------------------------------------------ -{ - int w; // word counter - - FPGA_BUFFER tmp_g_x = ECDSA_G_X, tmp_g_y = ECDSA_G_Y; - FPGA_BUFFER tmp_h_x = ECDSA_H_X, tmp_h_y = ECDSA_H_Y; - FPGA_BUFFER tmp_q_x = ECDSA_Q_X, tmp_q_y = ECDSA_Q_Y; - FPGA_BUFFER tmp_r_x = ECDSA_R_X, tmp_r_y = ECDSA_R_Y; - - /* fill buffers for large multi-word integers */ - for (w=0; w R=2*G) : (P==-Q => R=O) - fpga_buffer_copy(t2_is_zero ? &ecdsa_h_y : &ecdsa_one, ry); // | - fpga_buffer_copy(t2_is_zero ? &ecdsa_one : &ecdsa_zero, rz); // | - } -} - - -//------------------------------------------------------------------------------ -// -// Conversion from projective Jacobian to affine coordinates. -// -// P(px,py,pz) -> Q(qx,qy) -// -// Note, that qx = px / Z^2 and qy = py / Z^3. Division in modular arithmetic -// is equivalent to multiplication by the inverse value of divisor, so -// qx = px * (pz^-1)^2 and qy = py * (pz^-1)^3. -// -// Note, that this procedure does *NOT* handle points at infinity correctly. It -// can only be called from the base point multiplication routine, that -// specifically makes sure that P is not at infinity, so pz will always be -// non-zero value. -// -//------------------------------------------------------------------------------ -void fpga_curve_point_to_affine(FPGA_BUFFER *px, FPGA_BUFFER *py, FPGA_BUFFER *pz, FPGA_BUFFER *qx, FPGA_BUFFER *qy) -//------------------------------------------------------------------------------ -{ - FPGA_BUFFER pz1; // inverse value of pz - FPGA_BUFFER t2, t3; // intermediate values - - fpga_modular_inv(pz, &pz1); // pz1 = pz^-1 (mod q) - - fpga_modular_mul(&pz1, &pz1, &t2); // t2 = pz1 ^ 2 (mod q) - fpga_modular_mul(&pz1, &t2, &t3); // t3 = tz1 ^ 3 (mod q) - - fpga_modular_mul(px, &t2, qx); // qx = px * (pz^-1)^2 (mod q) - fpga_modular_mul(py, &t3, qy); // qy = py * (pz^-1)^3 (mod q) -} - - -//------------------------------------------------------------------------------ -// -// Elliptic curve base point scalar multiplication routine. -// -// Q(qx,qy) = k * G(px,py) -// -// Note, that Q is supposed to be in affine coordinates. Multiplication is done -// using the double-and-add algorithm 3.27 from "Guide to Elliptic Curve -// Cryptography". -// -// WARNING: Though this procedure always does the addition step, it only -// updates the result when current bit of k is set. It does not take any -// active measures to keep run-time constant. The main purpose of this model -// is to help debug Verilog code for FPGA, so *DO NOT* use it anywhere near -// production! -// -//------------------------------------------------------------------------------ -void fpga_curve_scalar_multiply(FPGA_BUFFER *k, FPGA_BUFFER *qx, FPGA_BUFFER *qy) -//------------------------------------------------------------------------------ -{ - int word_count, bit_count; // counters - - FPGA_BUFFER rx, ry, rz; // intermediate result - FPGA_BUFFER tx, ty, tz; // temporary variable - - /* set initial value of R to point at infinity */ - fpga_buffer_copy(&ecdsa_one, &rx); - fpga_buffer_copy(&ecdsa_one, &ry); - fpga_buffer_copy(&ecdsa_zero, &rz); - - /* process bits of k left-to-right */ - for (word_count=OPERAND_NUM_WORDS; word_count>0; word_count--) - for (bit_count=FPGA_WORD_WIDTH; bit_count>0; bit_count--) - { - /* calculate T = 2 * R */ - fpga_curve_double_jacobian(&rx, &ry, &rz, &tx, &ty, &tz); - - /* always calculate R = T + P for constant-time */ - fpga_curve_add_jacobian(&tx, &ty, &tz, &rx, &ry, &rz); - - /* revert to the value of T before addition if the current bit of k is not set */ - if (!((k->words[word_count-1] >> (bit_count-1)) & 1)) - { fpga_buffer_copy(&tx, &rx); - fpga_buffer_copy(&ty, &ry); - fpga_buffer_copy(&tz, &rz); - } - - } - - // convert result to affine coordinates anyway - fpga_curve_point_to_affine(&rx, &ry, &rz, qx, qy); - - // check, that rz is non-zero (not point at infinity) - bool rz_is_zero = fpga_buffer_is_zero(&rz); - - // handle special case (result is point at infinity) - if (rz_is_zero) - { fpga_buffer_copy(&ecdsa_zero, qx); - fpga_buffer_copy(&ecdsa_zero, qy); - } -} - - -//------------------------------------------------------------------------------ -// End-of-File -//------------------------------------------------------------------------------ -- cgit v1.2.3