Update to 1.1.4 (#17)

* Improve RNG security (#9) * Fix insecure prng (#3) - Add RDSEED and RDRAND instruction check in compile time - Prioritize RDSEED/RDRAND based RNG to produce random big number * Add RNG support for non-RDRAND, non-RDSEED systems (#5) - Use IPP-Crypto pseudo random number generator if none of those instructions are supported * Removing seed setup and replacing rng function for PrimeGen_BN (#8) - Remove seed setup for prime number generator - Add support to TRNGen_RDSEED and PRNGen_RDRAND for prime number generator Co-authored-by: Pengfei Zhao <pengfei.zhao@intel.com> * Refactor apply obfuscator (#10) - Refactor apply_obfuscator - minor typo fix * Update version for 1.1.4 * Update ipp-crypto version to use ippcp_2021.6 (#12) - Minor update to use IPP-Crypto v2021.6 * 13 errors building installing questions about docs (#15) * Minor fixes - Fix gbenchmark build error on other platforms - Fixed IPCLTargets typo - Update version to 1.1.4 Co-authored-by: Pengfei Zhao <pengfei.zhao@intel.com>
intel · Sep 16, 2022 · ea6aa26 · ea6aa26
1 parent c9f4f4a
commit ea6aa26
Show file tree

Hide file tree

Showing 10 changed files with 158 additions and 132 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -3,7 +3,7 @@
 
 cmake_minimum_required(VERSION 3.15.1)
 
-project(IPCL VERSION 1.1.3 LANGUAGES C CXX)
+project(IPCL VERSION 1.1.4 LANGUAGES C CXX)
 
 include(CMakePackageConfigHelpers)
 include(CheckCCompilerFlag)
@@ -115,6 +115,23 @@ else()
   endif()
 endif()
 
+# check whether cpu support rdseed or rdrand instruction
+set(CPU_RDSEED_FLAG "rdseed")
+execute_process(COMMAND lscpu COMMAND grep ${CPU_RDSEED_FLAG}  OUTPUT_VARIABLE CPU_ENABLE_RDSEED)
+if("${CPU_ENABLE_RDSEED}" STREQUAL "")
+  set(CPU_RDRAND_FLAG "rdrand")
+  execute_process(COMMAND lscpu COMMAND grep ${CPU_RDRAND_FLAG}  OUTPUT_VARIABLE CPU_ENABLE_RDRAND)
+  if("${CPU_ENABLE_RDRAND}" STREQUAL "")
+    message(WARNING "CPU doesn't support RDSEED and RDRAND instruction, using random generator will cause errors.")
+  else ()
+    message(STATUS "Support RDRAND instruction: True")
+    add_compile_definitions(IPCL_RNG_INSTR_RDRAND)
+  endif()
+else()
+  message(STATUS "Support RDSEED instruction: True")
+  add_compile_definitions(IPCL_RNG_INSTR_RDSEED)
+endif()
+
 # find package for OpenSSL and Threads
 set(OPENSSL_USE_STATIC_LIBS TRUE)
 find_package(Threads REQUIRED)

diff --git a/cmake/gbenchmark.cmake b/cmake/gbenchmark.cmake
@@ -33,14 +33,7 @@ add_library(libgbenchmark INTERFACE)
 add_dependencies(libgbenchmark ext_gbenchmark)
 
 ExternalProject_Get_Property(ext_gbenchmark SOURCE_DIR BINARY_DIR)
-file(STRINGS /etc/os-release LINUX_ID REGEX "^ID=")
-string(REGEX REPLACE "ID=\(.*)" "\\1" LINUX_ID "${LINUX_ID}")
-if(${LINUX_ID} STREQUAL "ubuntu")
-  target_link_libraries(libgbenchmark INTERFACE ${GBENCHMARK_PREFIX}/lib/libbenchmark.a)
-else()
-  # non debian systems install gbenchmark lib under lib64
-  target_link_libraries(libgbenchmark INTERFACE ${GBENCHMARK_PREFIX}/lib64/libbenchmark.a)
-endif()
+target_link_libraries(libgbenchmark INTERFACE ${GBENCHMARK_PREFIX}/${CMAKE_INSTALL_LIBDIR}/libbenchmark.a)
 
 target_include_directories(libgbenchmark SYSTEM
                                     INTERFACE ${GBENCHMARK_PREFIX}/include)
diff --git a/cmake/ipcl/IPCLConfig.cmake.in b/cmake/ipcl/IPCLConfig.cmake.in
@@ -4,7 +4,7 @@
 
 include(CMakeFindDependencyMacro)
 
-include(${CMAKE_CURRENT_LIST_DIR}/ipclTargets.cmake)
+include(${CMAKE_CURRENT_LIST_DIR}/IPCLTargets.cmake)
 
 if(TARGET IPCL::ipcl)
   set(IPCL_FOUND TRUE)

diff --git a/cmake/ippcrypto.cmake b/cmake/ippcrypto.cmake
@@ -5,7 +5,7 @@ include(ExternalProject)
 MESSAGE(STATUS "Configuring ipp-crypto")
 set(IPPCRYPTO_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/ext_ipp-crypto)
 set(IPPCRYPTO_GIT_REPO_URL https://github.com/intel/ipp-crypto.git)
-set(IPPCRYPTO_GIT_LABEL ipp-crypto_2021_4)
+set(IPPCRYPTO_GIT_LABEL ippcp_2021.6)
 set(IPPCRYPTO_SRC_DIR ${IPPCRYPTO_PREFIX}/src/ext_ipp-crypto/)
 
 set(IPPCRYPTO_CXX_FLAGS "${IPCL_FORWARD_CMAKE_ARGS} -DNONPIC_LIB:BOOL=off -DMERGED_BLD:BOOL=on")

diff --git a/ipcl/CMakeLists.txt b/ipcl/CMakeLists.txt
@@ -10,6 +10,7 @@ set(IPCL_SRCS pri_key.cpp
                             plaintext.cpp
                             ciphertext.cpp
                             util.cpp
+                            common.cpp
 )
 
 

diff --git a/ipcl/common.cpp b/ipcl/common.cpp
@@ -0,0 +1,56 @@
+// Copyright (C) 2021 Intel Corporation
+// SPDX-License-Identifier: Apache-2.0
+
+#include "ipcl/common.hpp"
+
+#include <crypto_mb/exp.h>
+
+#include "ipcl/util.hpp"
+
+namespace ipcl {
+
+IppStatus ippGenRandom(Ipp32u* rand, int bits, void* ctx) {
+#ifdef IPCL_RNG_INSTR_RDSEED
+  return ippsTRNGenRDSEED(rand, bits, ctx);
+#elif defined(IPCL_RNG_INSTR_RDRAND)
+  return ippsPRNGenRDRAND(rand, bits, ctx);
+#else
+  return ippsPRNGen(rand, bits, ctx);
+#endif
+}
+
+IppStatus ippGenRandomBN(IppsBigNumState* rand, int bits, void* ctx) {
+#ifdef IPCL_RNG_INSTR_RDSEED
+  return ippsTRNGenRDSEED_BN(rand, bits, ctx);
+#elif defined(IPCL_RNG_INSTR_RDRAND)
+  return ippsPRNGenRDRAND_BN(rand, bits, ctx);
+#else
+  return ippsPRNGen_BN(rand, bits, ctx);
+#endif
+}
+
+BigNumber getRandomBN(int bits) {
+  IppStatus stat;
+  int bn_buf_size;
+
+  int bn_len = BITSIZE_WORD(bits);
+  stat = ippsBigNumGetSize(bn_len, &bn_buf_size);
+  ERROR_CHECK(stat == ippStsNoErr,
+              "getRandomBN: get IppsBigNumState context error.");
+
+  IppsBigNumState* pBN =
+      reinterpret_cast<IppsBigNumState*>(alloca(bn_buf_size));
+  ERROR_CHECK(pBN != nullptr, "getRandomBN: big number alloca error");
+
+  stat = ippsBigNumInit(bn_len, pBN);
+  ERROR_CHECK(stat == ippStsNoErr,
+              "getRandomBN: init big number context error.");
+
+  stat = ippGenRandomBN(pBN, bits, NULL);
+  ERROR_CHECK(stat == ippStsNoErr,
+              "getRandomBN:  generate random big number error.");
+
+  return BigNumber{pBN};
+}
+
+}  // namespace ipcl
diff --git a/ipcl/include/ipcl/common.hpp b/ipcl/include/ipcl/common.hpp
@@ -4,9 +4,38 @@
 #ifndef IPCL_INCLUDE_IPCL_COMMON_HPP_
 #define IPCL_INCLUDE_IPCL_COMMON_HPP_
 
+#include "ipcl/bignum.h"
+
 namespace ipcl {
 
 constexpr int IPCL_CRYPTO_MB_SIZE = 8;
 
+/**
+ * Random generator wrapper.Generates a random unsigned Big Number of the
+ * specified bit length
+ * @param[in] rand Pointer to the output unsigned integer big number
+ * @param[in] bits The number of generated bits
+ * @param[in] ctx Pointer to the IppsPRNGState context.
+ * @return Error code
+ */
+IppStatus ippGenRandom(Ipp32u* rand, int bits, void* ctx);
+
+/**
+ * Random generator wrapper.Generates a random positive Big Number of the
+ * specified bit length
+ * @param[in] rand Pointer to the output Big Number
+ * @param[in] bits The number of generated bits
+ * @param[in] ctx Pointer to the IppsPRNGState context.
+ * @return Error code
+ */
+IppStatus ippGenRandomBN(IppsBigNumState* rand, int bits, void* ctx);
+
+/**
+ * Get random value
+ * @param[in] bits The number of Big Number bits
+ * @return The random value of type Big Number
+ */
+BigNumber getRandomBN(int bits);
+
 }  // namespace ipcl
 #endif  // IPCL_INCLUDE_IPCL_COMMON_HPP_
diff --git a/ipcl/include/ipcl/pub_key.hpp b/ipcl/include/ipcl/pub_key.hpp
@@ -82,7 +82,7 @@ class PublicKey {
    * Apply obfuscator for ciphertext
    * @param[out] obfuscator output of obfuscator with random value
    */
-  void applyObfuscator(std::vector<BigNumber>& obfuscator) const;
+  void applyObfuscator(std::vector<BigNumber>& ciphertext) const;
 
   /**
    * Set the Random object for ISO/IEC 18033-6 compliance check
@@ -128,13 +128,6 @@ class PublicKey {
   std::vector<BigNumber> m_r;
   bool m_testv;
 
-  /**
-   * Get random value
-   * @param[in] size size of random
-   * @return addr of random of type Ipp32u vector
-   */
-  std::vector<Ipp32u> randIpp32u(int size) const;
-
   /**
    * Big number vector multi buffer encryption
    * @param[in] pt plaintext of BigNumber vector type
@@ -144,16 +137,9 @@ class PublicKey {
   std::vector<BigNumber> raw_encrypt(const std::vector<BigNumber>& pt,
                                      bool make_secure = true) const;
 
-  /**
-   * Get random value
-   * @param[in] length bit length
-   * @return the random value of type BigNumber
-   */
-  BigNumber getRandom(int length) const;
-
-  void applyDjnObfuscator(std::vector<BigNumber>& obfuscator) const;
+  std::vector<BigNumber> getDJNObfuscator(std::size_t sz) const;
 
-  void applyNormalObfuscator(std::vector<BigNumber>& obfuscator) const;
+  std::vector<BigNumber> getNormalObfuscator(std::size_t sz) const;
 };
 
 }  // namespace ipcl

diff --git a/ipcl/keygen.cpp b/ipcl/keygen.cpp
@@ -3,54 +3,38 @@
 
 #include "ipcl/keygen.hpp"
 
-#include <climits>
-#include <random>
 #include <vector>
 
 #include "ipcl/util.hpp"
 
 namespace ipcl {
 
 constexpr int N_BIT_SIZE_MAX = 2048;
-constexpr int N_BIT_SIZE_MIN = 16;
-
-static void rand32u(std::vector<Ipp32u>& addr) {
-  std::random_device dev;
-  std::mt19937 rng(dev());
-  std::uniform_int_distribution<std::mt19937::result_type> dist(0, UINT_MAX);
-  for (auto& x : addr) x = (dist(rng) << 16) + dist(rng);
-}
-
-BigNumber getPrimeBN(int maxBitSize) {
-  int PrimeSize;
-  ippsPrimeGetSize(maxBitSize, &PrimeSize);
-  auto primeGen = std::vector<Ipp8u>(PrimeSize);
-  ippsPrimeInit(maxBitSize, reinterpret_cast<IppsPrimeState*>(primeGen.data()));
-
-  // define Pseudo Random Generator (default settings)
-  constexpr int seedBitSize = 160;
-  constexpr int seedSize = BITSIZE_WORD(seedBitSize);
-
-  ippsPRNGGetSize(&PrimeSize);
-  auto rand = std::vector<Ipp8u>(PrimeSize);
-  ippsPRNGInit(seedBitSize, reinterpret_cast<IppsPRNGState*>(rand.data()));
-
-  auto seed = std::vector<Ipp32u>(seedSize);
-  rand32u(seed);
-  BigNumber bseed(seed.data(), seedSize, IppsBigNumPOS);
-
-  ippsPRNGSetSeed(BN(bseed), reinterpret_cast<IppsPRNGState*>(rand.data()));
-
-  // generate maxBit prime
-  BigNumber pBN(0, maxBitSize / 8);
+constexpr int N_BIT_SIZE_MIN = 200;
+
+BigNumber getPrimeBN(int max_bits) {
+  int prime_size;
+  ippsPrimeGetSize(max_bits, &prime_size);
+  auto prime_ctx = std::vector<Ipp8u>(prime_size);
+  ippsPrimeInit(max_bits, reinterpret_cast<IppsPrimeState*>(prime_ctx.data()));
+
+#if defined(IPCL_RNG_INSTR_RDSEED) || defined(IPCL_RNG_INSTR_RDRAND)
+  bool rand_param = NULL;
+#else
+  auto buff = std::vector<Ipp8u>(prime_size);
+  auto rand_param = buff.data();
+  ippsPRNGInit(160, reinterpret_cast<IppsPRNGState*>(rand_param));
+#endif
+
+  BigNumber prime_bn(0, max_bits / 8);
   while (ippStsNoErr !=
-         ippsPrimeGen_BN(pBN, maxBitSize, 10,
-                         reinterpret_cast<IppsPrimeState*>(primeGen.data()),
-                         ippsPRNGen,
-                         reinterpret_cast<IppsPRNGState*>(rand.data()))) {
+         ippsPrimeGen_BN(prime_bn, max_bits, 10,
+                         reinterpret_cast<IppsPrimeState*>(prime_ctx.data()),
+                         ippGenRandom,
+                         reinterpret_cast<IppsPRNGState*>(rand_param))) {
   }
 
-  return pBN;
+  return prime_bn;
 }
 
 static BigNumber getPrimeDistance(int64_t key_size) {
@@ -111,7 +95,7 @@ keyPair generateKeypair(int64_t n_length, bool enable_DJN) {
       "generateKeyPair: modulus size in bits should belong to either 1Kb, 2Kb, "
       "3Kb or 4Kb range only, key size exceed the range!!!");
   ERROR_CHECK((n_length >= N_BIT_SIZE_MIN) && (n_length % 4 == 0),
-              "generateKeyPair: key size should >=16, and divisible by 4");
+              "generateKeyPair: key size should >=200, and divisible by 4");
 
   BigNumber ref_dist = getPrimeDistance(n_length);