/***************************************************************************
*
* BSD LICENSE
*
* Copyright(c) 2007-2023 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*
***************************************************************************/
/*
*****************************************************************************
* Doxygen group definitions
****************************************************************************/
/**
*****************************************************************************
* @file cpa_cy_ec.h
*
* @defgroup cpaCyEc Elliptic Curve (EC) API
*
* @ingroup cpaCy
*
* @description
* These functions specify the API for Public Key Encryption
* (Cryptography) Elliptic Curve (EC) operations.
*
* All implementations will support at least the following:
*
* - "NIST RECOMMENDED ELLIPTIC CURVES FOR FEDERAL GOVERNMENT USE"
* as defined by
* http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
*
* - Random curves where the max(log2(q), log2(n) + log2(h)) <= 512
* where q is the modulus, n is the order of the curve and h is the
* cofactor
*
* For Montgomery and Edwards 25519 and 448 elliptic curves,
* the following operations are supported:
* 1. Montgomery 25519 Curve | scalar point Multiplication
* Input: Montgomery affine coordinate X of point P
* Scalar k
* Output: Montgomery affine coordinate X of point [k]P
* Decode: Scalar k always decoded by implementation
*
* 2. Montgomery 25519 Curve | generator point Multiplication
* Input: Scalar k
* Output: Montgomery affine coordinate X of point [k]G
* Decode: Scalar k always decoded by implementation
*
* 3. Twisted Edwards 25519 Curve | scalar point Multiplication
* Input: Twisted Edwards affine coordinate X of point P
* Twisted Edwards affine coordinate Y of point P
* Scalar k
* Output: Twisted Edwards affine coordinate X of point [k]P
* Twisted Edwards affine coordinate Y of point [k]P
* Decode: Caller must supply parameters in MSB order, the
* implementation will not explicitly decode according
* to RFC#7748 Section 5
*
* 4. Twisted Edwards 25519 Curve | generator point Multiplication
* Input: Scalar k
* Output: Twisted Edwards affine coordinate X of point [k]G
* Twisted Edwards affine coordinate Y of point [k]G
* Decode: Caller must supply parameters in MSB order, the
* implementation will not explicitly decode according
* to RFC#7748 Section 5
*
* 5. Montgomery 448 Curve | scalar point Multiplication
* Input: Montgomery affine coordinate X of point P
* Scalar k
* Output: Montgomery affine coordinate X of point [k]P
* Decode: Scalar k always decoded by implementation
*
* 6. Montgomery 448 Curve | generator point Multiplication
* Input: Scalar k
* Output: Montgomery affine coordinate X of point [k]G
* Decode: Scalar k always decoded by implementation
*
* 7. Edwards 448 Curve | scalar point Multiplication
* Input: Edwards affine coordinate X of point P
* Edwards affine coordinate Y of point P
* Scalar k
* Output: Edwards affine coordinate X of point [k]P
* Edwards affine coordinate Y of point [k]P
* Decode: Caller must supply parameters in MSB order, the
* implementation will not explicitly decode according
* to RFC#7748 Section 5
*
* 8. Edwards 448 Curve | generator point Multiplication
* Input: Scalar k
* Output: Edwards affine coordinate X of point [k]G
* Edwards affine coordinate Y of point [k]G
* Decode: Caller must supply parameters in MSB order, the
* implementation will not explicitly decode according
* to RFC#7748 Section 5
*
* @note
* Large numbers are represented on the QuickAssist API as described
* in the Large Number API (@ref cpaCyLn).
*
* In addition, the bit length of large numbers passed to the API
* MUST NOT exceed 576 bits for Elliptic Curve operations.
*****************************************************************************/
#ifndef CPA_CY_EC_H_
#define CPA_CY_EC_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "cpa_cy_common.h"
/**
*****************************************************************************
* @ingroup cpaCyEc
* Field types for Elliptic Curve
* @description
* As defined by FIPS-186-3, for each cryptovariable length, there are
* two kinds of fields.
*
* - A prime field is the field GF(p) which contains a prime number
* p of elements. The elements of this field are the integers modulo
* p, and the field arithmetic is implemented in terms of the
* arithmetic of integers modulo p.
*
* - A binary field is the field GF(2^m) which contains 2^m elements
* for some m (called the degree of the field). The elements of
* this field are the bit strings of length m, and the field
* arithmetic is implemented in terms of operations on the bits.
*
*****************************************************************************/
typedef enum _CpaCyEcFieldType
{
CPA_CY_EC_FIELD_TYPE_PRIME = 1,
/**< A prime field, GF(p) */
CPA_CY_EC_FIELD_TYPE_BINARY,
/**< A binary field, GF(2^m) */
} CpaCyEcFieldType;
/**
*****************************************************************************
* @ingroup cpaCyEc
* Enumeration listing curve types to use with generic multiplication
* and verification routines.
*
* @description
* This structure contains a list of different elliptic curve types.
* EC Point multiplication and other operations depend on the type of
* the curve.
*
* @see
* cpaCyEcGenericPointMultiply()
* cpaCyEcGenericPointVerify()
*
*****************************************************************************/
typedef enum _CpaCyEcCurveType
{
CPA_CY_EC_CURVE_TYPE_WEIERSTRASS_PRIME = 1,
/**< A Weierstrass curve with arithmetic in terms of the
* arithmetic of integers modulo p over a prime field. */
CPA_CY_EC_CURVE_TYPE_WEIERSTRASS_BINARY,
/**< A Weierstrass curve with arithmetic in terms of operations on bits
* over a binary field. */
CPA_CY_EC_CURVE_TYPE_WEIERSTRASS_KOBLITZ_BINARY,
/**< A Weierstrass-koblitz curve with arithmetic in terms of operations on
* the bits over a binary field. */
} CpaCyEcCurveType;
/**
*****************************************************************************
* @ingroup cpaCyEc
* Curve types for Elliptic Curves defined in RFC#7748
* @description
* As defined by RFC 7748, there are four elliptic curves in this
* group. The Montgomery curves are denoted curve25519 and curve448,
* and the birationally equivalent Twisted Edwards curves are denoted
* edwards25519 and edwards448
*
*****************************************************************************/
typedef enum _CpaCyEcMontEdwdsCurveType
{
CPA_CY_EC_MONTEDWDS_CURVE25519_TYPE = 1,
/**< Montgomery 25519 curve */
CPA_CY_EC_MONTEDWDS_ED25519_TYPE,
/**< Edwards 25519 curve */
CPA_CY_EC_MONTEDWDS_CURVE448_TYPE,
/**< Montgomery 448 curve */
CPA_CY_EC_MONTEDWDS_ED448_TYPE,
/**< Edwards 448 curve */
} CpaCyEcMontEdwdsCurveType;
/**
*****************************************************************************
* @ingroup cpaCyEc
* Curve parameters for a Weierstrass type curve.
*
* @description
* This structure contains curve parameters for Weierstrass type
* curve: y^2 = x^3 + ax + b
* The client MUST allocate the memory for this structure
* When the structure is passed into the function, ownership of the memory
* passes to the function. Ownership of the memory returns to the client
* when this structure is returned in the callback function.
*
* For optimal performance all data buffers SHOULD be 8-byte aligned.
* The legend used in this structure is borrowed from RFC7748
*
* @note
* If the client modifies or frees the memory referenced in this
* structure after it has been submitted to the function, and before it
* has been returned in the callback, undefined behavior will result.
*
* @see
* CpaCyEcCurveParameters
* CpaCyEcFieldType
*
*****************************************************************************/
typedef struct _CpaCyEcCurveParametersWeierstrass
{
CpaCyEcFieldType fieldType;
/**< Prime or Binary */
CpaFlatBuffer p;
/**< Prime modulus or irreducible polynomial over GF(2^m) */
CpaFlatBuffer a;
/**< a coefficient */
CpaFlatBuffer b;
/**< b coefficient */
CpaFlatBuffer h;
/**< Cofactor */
} CpaCyEcCurveParametersWeierstrass;
/**
*****************************************************************************
* @ingroup cpaCyEc
* Union characterised by a specific curve.
*
* @description
* This union allows for the characterisation of different curve types
* encapsulted in one data type. The intention is that new curve types
* will be added in the future.
*
* @note
*
* @see
* CpaCyEcCurveParametersWeierstrass
*
*****************************************************************************/
typedef union _CpaCyEcCurveParameters
{
CpaCyEcCurveParametersWeierstrass weierstrassParameters;
} CpaCyEcCurveParameters;
/**
*****************************************************************************
* @ingroup cpaCyEc
* Unified curve parameters.
*
* @description
* This structure provides a single data type that can describe a number
* of different curve types. The intention is to add further
* curve types in the future, thus the union field will allow for that
* expansion.
*
* The client MUST allocate the memory for this structure and the
* items pointed to by this structure. When the structure is passed into
* the function, ownership of the memory passes to the function. Ownership
* of the memory returns to the client when this structure is returned in
* the callback function.
*
* For optimal performance all data buffers SHOULD be 8-byte aligned.
*
* @note
* If the client modifies or frees the memory referenced in this
* structure after it has been submitted to the function, and before it
* has been returned in the callback, undefined behavior will result.
*
* @see
* CpaCyEcCurveParameters
* cpaCyEcGenericPointMultiply
* cpaCyEcGenericPointVerify
*
*****************************************************************************/
typedef struct _CpaCyEcCurve
{
CpaCyEcCurveType curveType;
CpaCyEcCurveParameters parameters;
} CpaCyEcCurve;
/**
*****************************************************************************
* @ingroup cpaCyEc
* EC Point Multiplication Operation Data.
*
* @description
* This structure contains the operation data for the cpaCyEcPointMultiply
* function. The client MUST allocate the memory for this structure and the
* items pointed to by this structure. When the structure is passed into
* the function, ownership of the memory passes to the function. Ownership
* of the memory returns to the client when this structure is returned in
* the callback function.
*
* For optimal performance all data buffers SHOULD be 8-byte aligned.
*
* All values in this structure are required to be in Most Significant Byte
* first order, e.g. a.pData[0] = MSB.
*
* @note
* If the client modifies or frees the memory referenced in this
* structure after it has been submitted to the cpaCyEcPointMultiply
* function, and before it has been returned in the callback, undefined
* behavior will result.
*
* @see
* cpaCyEcPointMultiply()
*
*****************************************************************************/
typedef struct _CpaCyEcPointMultiplyOpData {
CpaFlatBuffer k;
/**< scalar multiplier (k > 0 and k < n) */
CpaFlatBuffer xg;
/**< x coordinate of curve point */
CpaFlatBuffer yg;
/**< y coordinate of curve point */
CpaFlatBuffer a;
/**< a elliptic curve coefficient */
CpaFlatBuffer b;
/**< b elliptic curve coefficient */
CpaFlatBuffer q;
/**< prime modulus or irreducible polynomial over GF(2^m)*/
CpaFlatBuffer h;
/**< cofactor of the operation.
* If the cofactor is NOT required then set the cofactor to 1 or the
* data pointer of the Flat Buffer to NULL. */
CpaCyEcFieldType fieldType;
/**< field type for the operation */
} CpaCyEcPointMultiplyOpData CPA_DEPRECATED;
/**
*****************************************************************************
* @ingroup cpaCyEc
* Generic EC Point Multiplication Operation Data.
*
* @description
* This structure contains a generic EC point and a multiplier for use with
* cpaCyEcGenericPointMultiply. This is common for representing all EC
* points, irrespective of curve type: Weierstrass, Montgomery and Twisted
* Edwards (at this time only Weierstrass are supported). The same
* point + multiplier format can be used when performing generator
* multiplication, in which case the xP, yP supplied in this structure will
* be ignored by QAT API library & a generator point will be inserted in
* their place.
*
* For optimal performance all data buffers SHOULD be 8-byte aligned.
*
* All values in this structure are required to be in Most Significant Byte
* first order, e.g. a.pData[0] = MSB.
*
* @note
* If the client modifies or frees the memory referenced in this
* structure after it has been submitted to the cpaCyEcGenericPointMultiply
* function, and before it has been returned in the callback, undefined
* behavior will result.
*
* @see
* cpaCyEcGenericPointMultiply()
*
*****************************************************************************/
typedef struct _CpaCyEcGenericPointMultiplyOpData {
CpaFlatBuffer k;
/** 0 and k < n) */
CpaFlatBuffer xP;
/** pair specified in the structure
* lies on the curve indicated in the cpaCyEcGenericPointVerify API.
*
* For optimal performance all data buffers SHOULD be 8-byte aligned.
*
* All values in this structure are required to be in Most Significant Byte
* first order, e.g. a.pData[0] = MSB.
*
* @note
* If the client modifies or frees the memory referenced in this
* structure after it has been submitted to the cpaCyEcGenericPointVerify
* function, and before it has been returned in the callback, undefined
* behavior will result.
*
* @see
* cpaCyEcGenericPointVerify()
*
*****************************************************************************/
typedef struct _CpaCyEcGenericPointVerifyOpData {
CpaFlatBuffer xP;
/**