From 69131474f05e5d8fd1c32330bf80642d167b5a02 Mon Sep 17 00:00:00 2001 From: Gorachya Date: Sat, 9 Feb 2019 04:39:08 -0800 Subject: [PATCH] moreupdate --- crypto/sm9/sm9_lcl.h | 6 ++- crypto/sm9/sm9_params.c | 77 +++++++++++++++++++++++++++- crypto/sm9/sm9_rate.c | 108 ++++++++++++++++++++++++---------------- 3 files changed, 147 insertions(+), 44 deletions(-) diff --git a/crypto/sm9/sm9_lcl.h b/crypto/sm9/sm9_lcl.h index 847f65ec..0f34bfb2 100755 --- a/crypto/sm9/sm9_lcl.h +++ b/crypto/sm9/sm9_lcl.h @@ -151,7 +151,11 @@ const BIGNUM *SM9_get0_order(void); const BIGNUM *SM9_get0_order_minus_one(void); const BIGNUM *SM9_get0_loop_count(void); const BIGNUM *SM9_get0_final_exponent(void); -const BIGNUM *SM9_get0_fast_final_exponent(void); +const BIGNUM *SM9_get0_fast_final_exponent_p20(void); +const BIGNUM *SM9_get0_fast_final_exponent_p21(void); +const BIGNUM *SM9_get0_fast_final_exponent_p22(void); +const BIGNUM *SM9_get0_fast_final_exponent_p23(void); +const BIGNUM *SM9_get0_fast_final_exponent_p3(void); const BIGNUM *SM9_get0_generator2_x0(void); const BIGNUM *SM9_get0_generator2_x1(void); const BIGNUM *SM9_get0_generator2_y0(void); diff --git a/crypto/sm9/sm9_params.c b/crypto/sm9/sm9_params.c index 9a058845..967edd50 100755 --- a/crypto/sm9/sm9_params.c +++ b/crypto/sm9/sm9_params.c @@ -62,6 +62,7 @@ #define BN_SM9_BN256_TOP (256+BN_BITS2-1)/BN_BITS2 #define BN_SM9_LOOP_TOP (66+BN_BITS2-1)/BN_BITS2 #define BN_SM9_FINAL_EXPO_TOP (2816+BN_BITS2-1)/BN_BITS2 +#define BN_SM9_FAST_FINAL_EXPO_P2_TOP (256+BN_BITS2-1)/BN_BITS2 #define BN_SM9_FAST_FINAL_EXPO_P3_TOP (768+BN_BITS2-1)/BN_BITS2 #if BN_BITS2 == 64 @@ -123,6 +124,17 @@ static const BN_ULONG _sm9bn256v1_final_expo[BN_SM9_FINAL_EXPO_TOP] = { 0x1A09A6AE43ADE454ULL, 0x061835E8B1259499ULL, }; +static const BN_ULONG _sm9bn256v1_fast_final_expo_p2[][BN_SM9_FAST_FINAL_EXPO_P2_TOP] = { + {0xD5FC11967BE65334ULL, 0x780272354F8B78F4ULL, + 0xF300000002A3A6F2ULL}, + {0x0F738991676AF249ULL, 0xA9F02115CAEF75E7ULL, + 0xE303AB4FF2EB2052ULL, 0xB640000002A3A6F0ULL}, + {0xD5FC11967BE65333ULL, 0x780272354F8B78F4ULL, + 0xF300000002A3A6F2ULL}, + {0x0F738991676AF24AULL, 0xA9F02115CAEF75E7ULL, + 0xE303AB4FF2EB2052ULL, 0xB640000002A3A6F0ULL} +}; + static const BN_ULONG _sm9bn256v1_fast_final_expo_p3[BN_SM9_FAST_FINAL_EXPO_P3_TOP] = { 0xA9B2ADA593152855ULL, 0x44BF9D0FA74DDFB7ULL, 0x83687EE0C6D9188CULL, 0xE0D49DE3AA8A4748ULL, @@ -191,6 +203,17 @@ static const BN_ULONG _sm9bn256v1_final_expo[BN_SM9_FINAL_EXPO_TOP] = { 0x43ADE454, 0x1A09A6AE, 0xB1259499, 0x061835E8, }; +static const BN_ULONG _sm9bn256v1_fast_final_expo_p2[][BN_SM9_FAST_FINAL_EXPO_P2_TOP] = { + {0x7BE65334, 0xD5FC1196, 0x4F8B78F4, 0x78027235, + 0x02A3A6F2, 0xF3000000}, + {0x676AF249, 0x0F738991, 0xCAEF75E7, 0xA9F02115, + 0xF2EB2052, 0xE303AB4F, 0x02A3A6F0, 0xB6400000}, + {0x7BE65333, 0xD5FC1196, 0x4F8B78F4, 0x78027235, + 0x02A3A6F2, 0xF3000000}, + {0x676AF24A, 0x0F738991, 0xCAEF75E7, 0xA9F02115, + 0xF2EB2052, 0xE303AB4F, 0x02A3A6F0, 0xB6400000} +}; + static const BN_ULONG _sm9bn256v1_fast_final_expo_p3[BN_SM9_FAST_FINAL_EXPO_P3_TOP] = { 0x93152855, 0xA9B2ADA5, 0xA74DDFB7, 0x44BF9D0F, 0xC6D9188C, 0x83687EE0, 0xAA8A4748, 0xE0D49DE3, @@ -244,6 +267,38 @@ static const BIGNUM _bignum_sm9bn256v1_final_expo = { BN_FLG_STATIC_DATA }; +static const BIGNUM _bignum_sm9bn256v1_fast_final_expo_p20 = { + (BN_ULONG *)_sm9bn256v1_fast_final_expo_p2[0], + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_sm9bn256v1_fast_final_expo_p21 = { + (BN_ULONG *)_sm9bn256v1_fast_final_expo_p2[1], + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_sm9bn256v1_fast_final_expo_p22 = { + (BN_ULONG *)_sm9bn256v1_fast_final_expo_p2[2], + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_sm9bn256v1_fast_final_expo_p23 = { + (BN_ULONG *)_sm9bn256v1_fast_final_expo_p2[3], + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + BN_SM9_FAST_FINAL_EXPO_P2_TOP, + 0, + BN_FLG_STATIC_DATA +}; + static const BIGNUM _bignum_sm9bn256v1_fast_final_expo_p3 = { (BN_ULONG *)_sm9bn256v1_fast_final_expo_p3, BN_SM9_FAST_FINAL_EXPO_P3_TOP, @@ -329,7 +384,27 @@ const BIGNUM *SM9_get0_final_exponent(void) return &_bignum_sm9bn256v1_final_expo; } -const BIGNUM *SM9_get0_fast_final_exponent(void) +const BIGNUM *SM9_get0_fast_final_exponent_p20(void) +{ + return &_bignum_sm9bn256v1_fast_final_expo_p20; +} + +const BIGNUM *SM9_get0_fast_final_exponent_p21(void) +{ + return &_bignum_sm9bn256v1_fast_final_expo_p21; +} + +const BIGNUM *SM9_get0_fast_final_exponent_p22(void) +{ + return &_bignum_sm9bn256v1_fast_final_expo_p22; +} + +const BIGNUM *SM9_get0_fast_final_exponent_p23(void) +{ + return &_bignum_sm9bn256v1_fast_final_expo_p23; +} + +const BIGNUM *SM9_get0_fast_final_exponent_p3(void) { return &_bignum_sm9bn256v1_fast_final_expo_p3; } diff --git a/crypto/sm9/sm9_rate.c b/crypto/sm9/sm9_rate.c index 06c6c495..913026f2 100755 --- a/crypto/sm9/sm9_rate.c +++ b/crypto/sm9/sm9_rate.c @@ -293,6 +293,27 @@ static int fp2_mul_u(fp2_t r, const fp2_t a, const fp2_t b, const BIGNUM *p, BN_ return 1; } +static int fp2_mul_num(fp2_t r, const fp2_t a, const BIGNUM *n, const BIGNUM *p, BN_CTX *ctx) +{ + BIGNUM *r0 = NULL; + BIGNUM *r1 = NULL; + if (!(r0 = BN_CTX_get(ctx)) + || !(r1 = BN_CTX_get(ctx)) + + || !BN_mod_mul(r0, a[0], n, p, ctx) + || !BN_mod_mul(r1, a[1], n, p, ctx) + + || !BN_copy(r[0], r0) + || !BN_copy(r[1], r1)) { + BN_free(r0); + BN_free(r1); + return 0; + } + BN_free(r0); + BN_free(r1); + return 1; +} + static int fp2_sqr(fp2_t r, const fp2_t a, const BIGNUM *p, BN_CTX *ctx) { BIGNUM *r0 = NULL; @@ -1425,6 +1446,39 @@ int fp12_pow(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX return 1; } +static int fp12_fast_expo_p1(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx) +{ + return fp2_copy(r[0][0], a[0][0]) + && fp2_neg (r[0][1], a[0][1], p, ctx) + && fp2_neg (r[1][0], a[1][0], p, ctx) + && fp2_copy(r[1][1], a[1][1]) + && fp2_copy(r[2][0], a[2][0]) + && fp2_neg (r[2][1], a[2][1], p, ctx); +} + +static int fp12_fast_expo_p2(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx) +{ + const BIGNUM *pw20; + const BIGNUM *pw21; + const BIGNUM *pw22; + const BIGNUM *pw23; + pw20 = SM9_get0_fast_final_exponent_p20(); + pw21 = SM9_get0_fast_final_exponent_p21(); + pw22 = SM9_get0_fast_final_exponent_p22(); + pw23 = SM9_get0_fast_final_exponent_p23(); + + if(!fp2_copy(r[0][0], a[0][0]) + || !fp2_neg (r[0][1], a[0][1], p, ctx) + || !fp2_mul_num(r[1][0], a[1][0], pw20, p, ctx) + || !fp2_mul_num(r[1][1], a[1][1], pw21, p, ctx) + || !fp2_mul_num(r[2][0], a[2][0], pw22, p, ctx) + || !fp2_mul_num(r[2][1], a[2][1], pw23, p, ctx)) { + + return 0; + } + return 1; +} + static int fp12_test(const BIGNUM *p, BN_CTX *ctx) { const char *_a[] = { @@ -2397,7 +2451,6 @@ static int final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx) { - // (p^4-p^2+1)/n is k int i, n; fp12_t t; fp12_t t0; @@ -2412,57 +2465,27 @@ static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGN return 0; } - // first step: a1 = a ^ (p^6-1) - if (!fp12_inv(t0, t, p, ctx)) { // t0 = a ^ (-1) + if (!fp12_inv(t0, t, p, ctx)) { return 0; } - if (!BN_sub(t[0][1][0], p, t[0][1][0]) - || !BN_sub(t[0][1][1], p, t[0][1][1]) - || !BN_sub(t[1][0][0], p, t[1][0][0]) - || !BN_sub(t[1][0][1], p, t[1][0][1]) - || !BN_sub(t[2][1][0], p, t[2][1][0]) - || !BN_sub(t[2][1][1], p, t[2][1][1])) { // t = a ^ (p^6) + if (!fp12_fast_expo_p1(t, t, p, ctx)) { return 0; } - if (!fp12_mul(t, t0, t, p, ctx)) { // t = t0 * t = a ^ (p^6-1) = a1 + if (!fp12_mul(t, t0, t, p, ctx)) { return 0; } - // second step: a = a ^ (p^2+1) - if (!fp12_copy(t0, t)) { // t0 = t = a1 + if (!fp12_copy(t0, t)) { return 0; } - const char *power_p2[] = { - "5958342662901643427453578939755302545063035311436308304692", - "82434016654578246438872420442344325702149582327179867092849556861979152020041", - "5958342662901643427453578939755302545063035311436308304691", - "82434016654578246438872420442344325702149582327179867092849556861979152020042"}; - BIGNUM *par[4]; - for(i=0;i<4;++i) { - par[i] = BN_new(); - BN_init(par[i]); - if(!BN_dec2bn(&par[i], power_p2[i])){ - return 0; - } + + if(!fp12_fast_expo_p2(t, t, p, ctx)){ + return 0; } - if (!BN_sub(t[0][1][0], p, t[0][1][0]) - || !BN_sub(t[0][1][1], p, t[0][1][1]) - || !BN_mod_mul(t[1][0][0], t[1][0][0], par[0], p, ctx) - || !BN_mod_mul(t[1][0][1], t[1][0][1], par[0], p, ctx) - || !BN_mod_mul(t[1][1][0], t[1][1][0], par[1], p, ctx) - || !BN_mod_mul(t[1][1][1], t[1][1][1], par[1], p, ctx) - || !BN_mod_mul(t[2][0][0], t[2][0][0], par[2], p, ctx) - || !BN_mod_mul(t[2][0][1], t[2][0][1], par[2], p, ctx) - || !BN_mod_mul(t[2][1][0], t[2][1][0], par[3], p, ctx) - || !BN_mod_mul(t[2][1][1], t[2][1][1], par[3], p, ctx)) { // t = a1 ^ (p^2) + if (!fp12_mul(t, t0, t, p, ctx)) { return 0; } - if (!fp12_mul(t, t0, t, p, ctx)) { // t = t0 * t = a ^ (p^2+1) = a2 - return 0; - } - - // third step: a = a ^ [(p^4-p^2+1)/n] if (!fp12_copy(t0, t)) { return 0; @@ -2562,11 +2585,12 @@ static int rate(fp12_t f, const point_t *Q, const BIGNUM *xP, const BIGNUM *yP, /* T = T - Q2 */ point_add(&T, &T, &Q2, p, ctx); - /* f = f^((p^12 - 1)/n) */ #ifdef NOSM9_FAST + /* f = f^((p^12 - 1)/n) */ final_expo(f, f, k, p, ctx); #else - fast_final_expo(f, f, k, p, ctx); // (p^6-1) * (p^2+1) * [(p^4-p^2+1)/n] + /* f = ((f ^ (p^6-1)) ^ (p^2+1)) ^ [(p^4-p^2+1)/n] */ + fast_final_expo(f, f, k, p, ctx); #endif point_cleanup(&T); @@ -2605,7 +2629,7 @@ int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx) #ifdef NOSM9_FAST k = SM9_get0_final_exponent(); #else - k = SM9_get0_fast_final_exponent(); + k = SM9_get0_fast_final_exponent_p3(); #endif xP = BN_CTX_get(ctx); yP = BN_CTX_get(ctx);