Skip to content

Commit

Permalink
Merge pull request #426 from aido/cx_bn_gf2_n_mul
Browse files Browse the repository at this point in the history
Implement cx_bn_gf2_n_mul()
  • Loading branch information
xchapron-ledger authored Oct 27, 2023
2 parents 2452ccf + 97d9519 commit c59b939
Show file tree
Hide file tree
Showing 8 changed files with 124 additions and 2 deletions.
2 changes: 1 addition & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ else()
openssl
URL https://www.openssl.org/source/openssl-1.1.1k.tar.gz
URL_HASH SHA256=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
CONFIGURE_COMMAND ./Configure "CC=${CMAKE_C_COMPILER}" "CFLAGS=${OPENSSL_CFLAGS}" no-afalgeng no-aria no-asan no-asm no-async no-autoalginit no-autoerrinit no-autoload-config no-bf no-buildtest-c++ no-camellia no-capieng no-cast no-chacha no-cmac no-cms no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-ct no-deprecated no-des no-devcryptoeng no-dgram no-dh no-dsa no-dso no-dtls no-ec2m no-ecdh no-egd no-engine no-err no-external-tests no-filenames no-fuzz-afl no-fuzz-libfuzzer no-gost no-heartbeats no-hw no-idea no-makedepend no-md2 no-md4 no-mdc2 no-msan no-multiblock no-nextprotoneg no-ocb no-ocsp no-pinshared no-poly1305 no-posix-io no-psk no-rc2 no-rc4 no-rc5 no-rdrand no-rfc3779 no-scrypt no-sctp no-seed no-shared no-siphash no-sm2 no-sm3 no-sm4 no-sock no-srp no-srtp no-sse2 no-ssl no-ssl3-method no-ssl-trace no-stdio no-tests no-threads no-tls no-ts no-ubsan no-ui-console no-unit-test no-whirlpool no-zlib no-zlib-dynamic linux-armv4 --prefix=${INSTALL_DIR}
CONFIGURE_COMMAND ./Configure "CC=${CMAKE_C_COMPILER}" "CFLAGS=${OPENSSL_CFLAGS}" no-afalgeng no-aria no-asan no-asm no-async no-autoalginit no-autoerrinit no-autoload-config no-bf no-buildtest-c++ no-camellia no-capieng no-cast no-chacha no-cmac no-cms no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-ct no-deprecated no-des no-devcryptoeng no-dgram no-dh no-dsa no-dso no-dtls no-ecdh no-egd no-engine no-err no-external-tests no-filenames no-fuzz-afl no-fuzz-libfuzzer no-gost no-heartbeats no-hw no-idea no-makedepend no-md2 no-md4 no-mdc2 no-msan no-multiblock no-nextprotoneg no-ocb no-ocsp no-pinshared no-poly1305 no-posix-io no-psk no-rc2 no-rc4 no-rc5 no-rdrand no-rfc3779 no-scrypt no-sctp no-seed no-shared no-siphash no-sm2 no-sm3 no-sm4 no-sock no-srp no-srtp no-sse2 no-ssl no-ssl3-method no-ssl-trace no-stdio no-tests no-threads no-tls no-ts no-ubsan no-ui-console no-unit-test no-whirlpool no-zlib no-zlib-dynamic linux-armv4 --prefix=${INSTALL_DIR}
BUILD_COMMAND make
INSTALL_COMMAND make install_sw
BUILD_IN_SOURCE 1
Expand Down
18 changes: 18 additions & 0 deletions src/bolos/cx_bn.c
Original file line number Diff line number Diff line change
Expand Up @@ -481,3 +481,21 @@ cx_err_t sys_cx_bn_next_prime(const cx_bn_t bn_x)
end:
return error;
}

cx_err_t sys_cx_bn_gf2_n_mul(cx_bn_t bn_r, const cx_bn_t bn_a,
const cx_bn_t bn_b, const cx_bn_t bn_n,
const cx_bn_t bn_h)
{
cx_err_t error = CX_OK; // By default, until some error occurs
cx_mpi_t *r, *a, *b, *n, *h;

// Convert bn to mpi
CX_CHECK(cx_bn_rab_to_mpi(bn_r, &r, bn_a, &a, bn_b, &b));
CX_CHECK(cx_bn_ab_to_mpi(bn_n, &n, bn_h, &h));

// Perform a Galois field multiplication operation reduced by n
CX_CHECK(cx_mpi_gf2_n_mul(r, a, b, n, h));

end:
return error;
}
13 changes: 13 additions & 0 deletions src/bolos/cx_mpi.c
Original file line number Diff line number Diff line change
Expand Up @@ -1167,6 +1167,19 @@ cx_err_t cx_mpi_next_prime(cx_mpi_t *x)
return error;
}

cx_err_t cx_mpi_gf2_n_mul(cx_mpi_t *r, const cx_mpi_t *a, const cx_mpi_t *b,
const cx_mpi_t *n,
const cx_mpi_t *h __attribute__((unused)))
{
cx_err_t error = CX_OK; // By default, until some error occurs

if (!BN_GF2m_mod_mul(r, a, b, n, local_bn_ctx)) {
error = CX_INTERNAL_ERROR;
}

return error;
}

#define MAX_BYTE_LEN 128
void cx_mpi_reverse(cx_mpi_t *x, uint32_t nbytes)
{
Expand Down
5 changes: 5 additions & 0 deletions src/bolos/cxlib.h
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,8 @@ cx_err_t cx_mpi_mod_pow(cx_mpi_t *r, const cx_mpi_t *a, const cx_mpi_t *e,
const cx_mpi_t *n);
cx_err_t cx_mpi_is_prime(cx_mpi_t *x, bool *prime);
cx_err_t cx_mpi_next_prime(cx_mpi_t *x);
cx_err_t cx_mpi_gf2_n_mul(cx_mpi_t *r, const cx_mpi_t *a, const cx_mpi_t *b,
const cx_mpi_t *n, const cx_mpi_t *h);
void cx_mpi_reverse(cx_mpi_t *x, uint32_t nbytes);
void cx_mpi_swap(cx_mpi_t *a, cx_mpi_t *b, const int c);

Expand Down Expand Up @@ -196,6 +198,9 @@ cx_err_t sys_cx_bn_mod_pow2(cx_bn_t bn_r, const cx_bn_t bn_a, const uint8_t *e,
uint32_t len_e, const cx_bn_t bn_n);
cx_err_t sys_cx_bn_is_prime(const cx_bn_t bn_x, bool *prime);
cx_err_t sys_cx_bn_next_prime(const cx_bn_t bn_x);
cx_err_t sys_cx_bn_gf2_n_mul(cx_bn_t bn_r, const cx_bn_t bn_a,
const cx_bn_t bn_b, const cx_bn_t bn_n,
const cx_bn_t bn_h);

// cx_ecdomain.c
int cx_nid_from_curve(cx_curve_t curve);
Expand Down
3 changes: 3 additions & 0 deletions src/emulate_lnsp_1.0.c
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,9 @@ int emulate_nanosp_1_0(unsigned long syscall, unsigned long *parameters,

SYSCALL1(cx_bn_next_prime, "(%u)", uint32_t, a);

SYSCALL5(cx_bn_gf2_n_mul, "(%u, %u, %u, %u, %u)", uint32_t, r, uint32_t, a,
uint32_t, b, uint32_t, n, uint32_t, h);

// SYSCALLs that may exists on other SDK versions, but with a different ID:

SYSCALL0i(os_perso_isonboarded, os_perso_isonboarded_2_0);
Expand Down
7 changes: 7 additions & 0 deletions src/emulate_unified_sdk.c
Original file line number Diff line number Diff line change
Expand Up @@ -524,6 +524,13 @@ int emulate_syscall_cx(unsigned long syscall, unsigned long *parameters,
SYSCALL1(cx_bn_next_prime, "(%u)",
uint32_t, a);

SYSCALL5(cx_bn_gf2_n_mul, "(%u, %u, %u, %u, %u)",
uint32_t, r,
uint32_t, a,
uint32_t, b,
uint32_t, n,
uint32_t, h);

SYSCALL10(cx_bls12381_key_gen, "(%u, %p, %u, %p, %u, %p, %u, %p, %p, %u)",
uint8_t, mode,
uint8_t *, secret,
Expand Down
3 changes: 2 additions & 1 deletion tests/syscalls/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ add_executable(test_aes test_aes.c nist_cavp.c utils.c)
add_executable(test_bip32 test_bip32.c utils.c)
add_executable(test_blake2 test_blake2.c nist_cavp.c utils.c)
add_executable(test_bls test_bls.c utils.c)
add_executable(test_bn test_bn.c)
add_executable(test_crc16 test_crc16.c)
add_executable(test_ecdh test_ecdh.c utils.c)
add_executable(test_ecdsa test_ecdsa.c utils.c)
Expand All @@ -26,6 +27,6 @@ add_executable(test_sha2 test_sha2.c nist_cavp.c utils.c)
add_executable(test_sha3 test_sha3.c nist_cavp.c utils.c)
add_executable(test_slip21 test_slip21.c)

foreach(target hello test_aes test_bip32 test_blake2 test_bls test_crc16 test_ec test_ecpoint test_ecdh test_ecdsa test_eddsa test_endorsement test_hmac test_math test_os_global_pin_is_validated test_rfc6979 test_ripemd test_sha2 test_sha3 test_slip21 test_eip2333)
foreach(target hello test_aes test_bip32 test_blake2 test_bls test_bn test_crc16 test_ec test_ecpoint test_ecdh test_ecdsa test_eddsa test_endorsement test_hmac test_math test_os_global_pin_is_validated test_rfc6979 test_ripemd test_sha2 test_sha3 test_slip21 test_eip2333)
add_test(NAME ${target} COMMAND qemu-arm-static ${target} WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
endforeach()
75 changes: 75 additions & 0 deletions tests/syscalls/test_bn.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
#include <setjmp.h>
#include <stdarg.h>
#include <stddef.h>
// must come after setjmp.h
#include <cmocka.h>

#include "bolos/cxlib.h"

#define GF2_8_MPI_BYTES 1

static void test_cx_bn_gf2_n_mul(void **state __attribute__((unused)))
{
cx_err_t error = CX_OK;

cx_bn_t a, // multiplicand
b, // multiplier
m, // modulus
r, // result
r2; // Montgomery constant

// A(x)
const uint8_t multiplicand[1] = { 0x1B }; // 27
// B(x)
const uint8_t multiplier[1] = { 0x3D }; // 61

// The irreducible polynomial N(x) = x^8 + x^4 + x^3 + x + 1
const uint8_t N[2] = { 0x01, 0x1B }; // 283

// 2nd Montgomery constant: R2 = x^(2*t*8) mod N(x)
// t = 1 since the number of bytes of R is 1.
const uint8_t R2[1] = { 0x56 };

// Expected result of N(x) = A(x )* B(x)
const uint32_t re = 0x49; // result expected = 71
int diff;

CX_CHECK(sys_cx_bn_lock(GF2_8_MPI_BYTES, 0));
CX_CHECK(sys_cx_bn_alloc(&r, GF2_8_MPI_BYTES));
CX_CHECK(sys_cx_bn_alloc_init(&a, GF2_8_MPI_BYTES, multiplicand,
sizeof(multiplicand)));
CX_CHECK(sys_cx_bn_alloc_init(&b, GF2_8_MPI_BYTES, multiplier,
sizeof(multiplier)));
CX_CHECK(sys_cx_bn_alloc_init(&m, GF2_8_MPI_BYTES, N, sizeof(N)));
CX_CHECK(sys_cx_bn_alloc_init(&r2, GF2_8_MPI_BYTES, R2, sizeof(R2)));

// Perform the Galois Field GF(2m) multiplication operation
CX_CHECK(sys_cx_bn_gf2_n_mul(r, a, b, m, r2));

// Compare result to expected result
CX_CHECK(sys_cx_bn_cmp_u32(r, re, &diff));

CX_CHECK(sys_cx_bn_destroy(&r));
CX_CHECK(sys_cx_bn_destroy(&a));
CX_CHECK(sys_cx_bn_destroy(&b));
CX_CHECK(sys_cx_bn_destroy(&m));
CX_CHECK(sys_cx_bn_destroy(&r2));

end:
if (sys_cx_bn_is_locked()) {
sys_cx_bn_unlock();
}

// Assert that there are no errors
assert_int_equal(error, CX_OK);

// Assert that the result is correct
assert_int_equal(diff, 0);
}

int main(void)
{
const struct CMUnitTest tests[] = { cmocka_unit_test(test_cx_bn_gf2_n_mul) };

return cmocka_run_group_tests(tests, NULL, NULL);
}

0 comments on commit c59b939

Please sign in to comment.