andre@0: /* andre@0: * mpi.c andre@0: * andre@0: * Arbitrary precision integer arithmetic library andre@0: * andre@0: * This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #include "mpi-priv.h" andre@0: #if defined(OSF1) andre@0: #include andre@0: #endif andre@0: andre@0: #if defined(__arm__) && \ andre@0: ((defined(__thumb__) && !defined(__thumb2__)) || defined(__ARM_ARCH_3__)) andre@0: /* 16-bit thumb or ARM v3 doesn't work inlined assember version */ andre@0: #undef MP_ASSEMBLY_MULTIPLY andre@0: #undef MP_ASSEMBLY_SQUARE andre@0: #endif andre@0: andre@0: #if MP_LOGTAB andre@0: /* andre@0: A table of the logs of 2 for various bases (the 0 and 1 entries of andre@0: this table are meaningless and should not be referenced). andre@0: andre@0: This table is used to compute output lengths for the mp_toradix() andre@0: function. Since a number n in radix r takes up about log_r(n) andre@0: digits, we estimate the output size by taking the least integer andre@0: greater than log_r(n), where: andre@0: andre@0: log_r(n) = log_2(n) * log_r(2) andre@0: andre@0: This table, therefore, is a table of log_r(2) for 2 <= r <= 36, andre@0: which are the output bases supported. andre@0: */ andre@0: #include "logtab.h" andre@0: #endif andre@0: andre@0: /* {{{ Constant strings */ andre@0: andre@0: /* Constant strings returned by mp_strerror() */ andre@0: static const char *mp_err_string[] = { andre@0: "unknown result code", /* say what? */ andre@0: "boolean true", /* MP_OKAY, MP_YES */ andre@0: "boolean false", /* MP_NO */ andre@0: "out of memory", /* MP_MEM */ andre@0: "argument out of range", /* MP_RANGE */ andre@0: "invalid input parameter", /* MP_BADARG */ andre@0: "result is undefined" /* MP_UNDEF */ andre@0: }; andre@0: andre@0: /* Value to digit maps for radix conversion */ andre@0: andre@0: /* s_dmap_1 - standard digits and letters */ andre@0: static const char *s_dmap_1 = andre@0: "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; andre@0: andre@0: /* }}} */ andre@0: andre@0: unsigned long mp_allocs; andre@0: unsigned long mp_frees; andre@0: unsigned long mp_copies; andre@0: andre@0: /* {{{ Default precision manipulation */ andre@0: andre@0: /* Default precision for newly created mp_int's */ andre@0: static mp_size s_mp_defprec = MP_DEFPREC; andre@0: andre@0: mp_size mp_get_prec(void) andre@0: { andre@0: return s_mp_defprec; andre@0: andre@0: } /* end mp_get_prec() */ andre@0: andre@0: void mp_set_prec(mp_size prec) andre@0: { andre@0: if(prec == 0) andre@0: s_mp_defprec = MP_DEFPREC; andre@0: else andre@0: s_mp_defprec = prec; andre@0: andre@0: } /* end mp_set_prec() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ mp_init(mp) */ andre@0: andre@0: /* andre@0: mp_init(mp) andre@0: andre@0: Initialize a new zero-valued mp_int. Returns MP_OKAY if successful, andre@0: MP_MEM if memory could not be allocated for the structure. andre@0: */ andre@0: andre@0: mp_err mp_init(mp_int *mp) andre@0: { andre@0: return mp_init_size(mp, s_mp_defprec); andre@0: andre@0: } /* end mp_init() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_init_size(mp, prec) */ andre@0: andre@0: /* andre@0: mp_init_size(mp, prec) andre@0: andre@0: Initialize a new zero-valued mp_int with at least the given andre@0: precision; returns MP_OKAY if successful, or MP_MEM if memory could andre@0: not be allocated for the structure. andre@0: */ andre@0: andre@0: mp_err mp_init_size(mp_int *mp, mp_size prec) andre@0: { andre@0: ARGCHK(mp != NULL && prec > 0, MP_BADARG); andre@0: andre@0: prec = MP_ROUNDUP(prec, s_mp_defprec); andre@0: if((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL) andre@0: return MP_MEM; andre@0: andre@0: SIGN(mp) = ZPOS; andre@0: USED(mp) = 1; andre@0: ALLOC(mp) = prec; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_init_size() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_init_copy(mp, from) */ andre@0: andre@0: /* andre@0: mp_init_copy(mp, from) andre@0: andre@0: Initialize mp as an exact copy of from. Returns MP_OKAY if andre@0: successful, MP_MEM if memory could not be allocated for the new andre@0: structure. andre@0: */ andre@0: andre@0: mp_err mp_init_copy(mp_int *mp, const mp_int *from) andre@0: { andre@0: ARGCHK(mp != NULL && from != NULL, MP_BADARG); andre@0: andre@0: if(mp == from) andre@0: return MP_OKAY; andre@0: andre@0: if((DIGITS(mp) = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL) andre@0: return MP_MEM; andre@0: andre@0: s_mp_copy(DIGITS(from), DIGITS(mp), USED(from)); andre@0: USED(mp) = USED(from); andre@0: ALLOC(mp) = ALLOC(from); andre@0: SIGN(mp) = SIGN(from); andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_init_copy() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_copy(from, to) */ andre@0: andre@0: /* andre@0: mp_copy(from, to) andre@0: andre@0: Copies the mp_int 'from' to the mp_int 'to'. It is presumed that andre@0: 'to' has already been initialized (if not, use mp_init_copy() andre@0: instead). If 'from' and 'to' are identical, nothing happens. andre@0: */ andre@0: andre@0: mp_err mp_copy(const mp_int *from, mp_int *to) andre@0: { andre@0: ARGCHK(from != NULL && to != NULL, MP_BADARG); andre@0: andre@0: if(from == to) andre@0: return MP_OKAY; andre@0: andre@0: { /* copy */ andre@0: mp_digit *tmp; andre@0: andre@0: /* andre@0: If the allocated buffer in 'to' already has enough space to hold andre@0: all the used digits of 'from', we'll re-use it to avoid hitting andre@0: the memory allocater more than necessary; otherwise, we'd have andre@0: to grow anyway, so we just allocate a hunk and make the copy as andre@0: usual andre@0: */ andre@0: if(ALLOC(to) >= USED(from)) { andre@0: s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from)); andre@0: s_mp_copy(DIGITS(from), DIGITS(to), USED(from)); andre@0: andre@0: } else { andre@0: if((tmp = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL) andre@0: return MP_MEM; andre@0: andre@0: s_mp_copy(DIGITS(from), tmp, USED(from)); andre@0: andre@0: if(DIGITS(to) != NULL) { andre@0: #if MP_CRYPTO andre@0: s_mp_setz(DIGITS(to), ALLOC(to)); andre@0: #endif andre@0: s_mp_free(DIGITS(to)); andre@0: } andre@0: andre@0: DIGITS(to) = tmp; andre@0: ALLOC(to) = ALLOC(from); andre@0: } andre@0: andre@0: /* Copy the precision and sign from the original */ andre@0: USED(to) = USED(from); andre@0: SIGN(to) = SIGN(from); andre@0: } /* end copy */ andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_copy() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_exch(mp1, mp2) */ andre@0: andre@0: /* andre@0: mp_exch(mp1, mp2) andre@0: andre@0: Exchange mp1 and mp2 without allocating any intermediate memory andre@0: (well, unless you count the stack space needed for this call and the andre@0: locals it creates...). This cannot fail. andre@0: */ andre@0: andre@0: void mp_exch(mp_int *mp1, mp_int *mp2) andre@0: { andre@0: #if MP_ARGCHK == 2 andre@0: assert(mp1 != NULL && mp2 != NULL); andre@0: #else andre@0: if(mp1 == NULL || mp2 == NULL) andre@0: return; andre@0: #endif andre@0: andre@0: s_mp_exch(mp1, mp2); andre@0: andre@0: } /* end mp_exch() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_clear(mp) */ andre@0: andre@0: /* andre@0: mp_clear(mp) andre@0: andre@0: Release the storage used by an mp_int, and void its fields so that andre@0: if someone calls mp_clear() again for the same int later, we won't andre@0: get tollchocked. andre@0: */ andre@0: andre@0: void mp_clear(mp_int *mp) andre@0: { andre@0: if(mp == NULL) andre@0: return; andre@0: andre@0: if(DIGITS(mp) != NULL) { andre@0: #if MP_CRYPTO andre@0: s_mp_setz(DIGITS(mp), ALLOC(mp)); andre@0: #endif andre@0: s_mp_free(DIGITS(mp)); andre@0: DIGITS(mp) = NULL; andre@0: } andre@0: andre@0: USED(mp) = 0; andre@0: ALLOC(mp) = 0; andre@0: andre@0: } /* end mp_clear() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_zero(mp) */ andre@0: andre@0: /* andre@0: mp_zero(mp) andre@0: andre@0: Set mp to zero. Does not change the allocated size of the structure, andre@0: and therefore cannot fail (except on a bad argument, which we ignore) andre@0: */ andre@0: void mp_zero(mp_int *mp) andre@0: { andre@0: if(mp == NULL) andre@0: return; andre@0: andre@0: s_mp_setz(DIGITS(mp), ALLOC(mp)); andre@0: USED(mp) = 1; andre@0: SIGN(mp) = ZPOS; andre@0: andre@0: } /* end mp_zero() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_set(mp, d) */ andre@0: andre@0: void mp_set(mp_int *mp, mp_digit d) andre@0: { andre@0: if(mp == NULL) andre@0: return; andre@0: andre@0: mp_zero(mp); andre@0: DIGIT(mp, 0) = d; andre@0: andre@0: } /* end mp_set() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_set_int(mp, z) */ andre@0: andre@0: mp_err mp_set_int(mp_int *mp, long z) andre@0: { andre@0: int ix; andre@0: unsigned long v = labs(z); andre@0: mp_err res; andre@0: andre@0: ARGCHK(mp != NULL, MP_BADARG); andre@0: andre@0: mp_zero(mp); andre@0: if(z == 0) andre@0: return MP_OKAY; /* shortcut for zero */ andre@0: andre@0: if (sizeof v <= sizeof(mp_digit)) { andre@0: DIGIT(mp,0) = v; andre@0: } else { andre@0: for (ix = sizeof(long) - 1; ix >= 0; ix--) { andre@0: if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY) andre@0: return res; andre@0: andre@0: res = s_mp_add_d(mp, (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX)); andre@0: if (res != MP_OKAY) andre@0: return res; andre@0: } andre@0: } andre@0: if(z < 0) andre@0: SIGN(mp) = NEG; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_set_int() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_set_ulong(mp, z) */ andre@0: andre@0: mp_err mp_set_ulong(mp_int *mp, unsigned long z) andre@0: { andre@0: int ix; andre@0: mp_err res; andre@0: andre@0: ARGCHK(mp != NULL, MP_BADARG); andre@0: andre@0: mp_zero(mp); andre@0: if(z == 0) andre@0: return MP_OKAY; /* shortcut for zero */ andre@0: andre@0: if (sizeof z <= sizeof(mp_digit)) { andre@0: DIGIT(mp,0) = z; andre@0: } else { andre@0: for (ix = sizeof(long) - 1; ix >= 0; ix--) { andre@0: if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY) andre@0: return res; andre@0: andre@0: res = s_mp_add_d(mp, (mp_digit)((z >> (ix * CHAR_BIT)) & UCHAR_MAX)); andre@0: if (res != MP_OKAY) andre@0: return res; andre@0: } andre@0: } andre@0: return MP_OKAY; andre@0: } /* end mp_set_ulong() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ Digit arithmetic */ andre@0: andre@0: /* {{{ mp_add_d(a, d, b) */ andre@0: andre@0: /* andre@0: mp_add_d(a, d, b) andre@0: andre@0: Compute the sum b = a + d, for a single digit d. Respects the sign of andre@0: its primary addend (single digits are unsigned anyway). andre@0: */ andre@0: andre@0: mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b) andre@0: { andre@0: mp_int tmp; andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_init_copy(&tmp, a)) != MP_OKAY) andre@0: return res; andre@0: andre@0: if(SIGN(&tmp) == ZPOS) { andre@0: if((res = s_mp_add_d(&tmp, d)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } else if(s_mp_cmp_d(&tmp, d) >= 0) { andre@0: if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } else { andre@0: mp_neg(&tmp, &tmp); andre@0: andre@0: DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0); andre@0: } andre@0: andre@0: if(s_mp_cmp_d(&tmp, 0) == 0) andre@0: SIGN(&tmp) = ZPOS; andre@0: andre@0: s_mp_exch(&tmp, b); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&tmp); andre@0: return res; andre@0: andre@0: } /* end mp_add_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_sub_d(a, d, b) */ andre@0: andre@0: /* andre@0: mp_sub_d(a, d, b) andre@0: andre@0: Compute the difference b = a - d, for a single digit d. Respects the andre@0: sign of its subtrahend (single digits are unsigned anyway). andre@0: */ andre@0: andre@0: mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b) andre@0: { andre@0: mp_int tmp; andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_init_copy(&tmp, a)) != MP_OKAY) andre@0: return res; andre@0: andre@0: if(SIGN(&tmp) == NEG) { andre@0: if((res = s_mp_add_d(&tmp, d)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } else if(s_mp_cmp_d(&tmp, d) >= 0) { andre@0: if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } else { andre@0: mp_neg(&tmp, &tmp); andre@0: andre@0: DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0); andre@0: SIGN(&tmp) = NEG; andre@0: } andre@0: andre@0: if(s_mp_cmp_d(&tmp, 0) == 0) andre@0: SIGN(&tmp) = ZPOS; andre@0: andre@0: s_mp_exch(&tmp, b); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&tmp); andre@0: return res; andre@0: andre@0: } /* end mp_sub_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_mul_d(a, d, b) */ andre@0: andre@0: /* andre@0: mp_mul_d(a, d, b) andre@0: andre@0: Compute the product b = a * d, for a single digit d. Respects the sign andre@0: of its multiplicand (single digits are unsigned anyway) andre@0: */ andre@0: andre@0: mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: if(d == 0) { andre@0: mp_zero(b); andre@0: return MP_OKAY; andre@0: } andre@0: andre@0: if((res = mp_copy(a, b)) != MP_OKAY) andre@0: return res; andre@0: andre@0: res = s_mp_mul_d(b, d); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_mul_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_mul_2(a, c) */ andre@0: andre@0: mp_err mp_mul_2(const mp_int *a, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_copy(a, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: return s_mp_mul_2(c); andre@0: andre@0: } /* end mp_mul_2() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_div_d(a, d, q, r) */ andre@0: andre@0: /* andre@0: mp_div_d(a, d, q, r) andre@0: andre@0: Compute the quotient q = a / d and remainder r = a mod d, for a andre@0: single digit d. Respects the sign of its divisor (single digits are andre@0: unsigned anyway). andre@0: */ andre@0: andre@0: mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r) andre@0: { andre@0: mp_err res; andre@0: mp_int qp; andre@0: mp_digit rem; andre@0: int pow; andre@0: andre@0: ARGCHK(a != NULL, MP_BADARG); andre@0: andre@0: if(d == 0) andre@0: return MP_RANGE; andre@0: andre@0: /* Shortcut for powers of two ... */ andre@0: if((pow = s_mp_ispow2d(d)) >= 0) { andre@0: mp_digit mask; andre@0: andre@0: mask = ((mp_digit)1 << pow) - 1; andre@0: rem = DIGIT(a, 0) & mask; andre@0: andre@0: if(q) { andre@0: mp_copy(a, q); andre@0: s_mp_div_2d(q, pow); andre@0: } andre@0: andre@0: if(r) andre@0: *r = rem; andre@0: andre@0: return MP_OKAY; andre@0: } andre@0: andre@0: if((res = mp_init_copy(&qp, a)) != MP_OKAY) andre@0: return res; andre@0: andre@0: res = s_mp_div_d(&qp, d, &rem); andre@0: andre@0: if(s_mp_cmp_d(&qp, 0) == 0) andre@0: SIGN(q) = ZPOS; andre@0: andre@0: if(r) andre@0: *r = rem; andre@0: andre@0: if(q) andre@0: s_mp_exch(&qp, q); andre@0: andre@0: mp_clear(&qp); andre@0: return res; andre@0: andre@0: } /* end mp_div_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_div_2(a, c) */ andre@0: andre@0: /* andre@0: mp_div_2(a, c) andre@0: andre@0: Compute c = a / 2, disregarding the remainder. andre@0: */ andre@0: andre@0: mp_err mp_div_2(const mp_int *a, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_copy(a, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: s_mp_div_2(c); andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_div_2() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_expt_d(a, d, b) */ andre@0: andre@0: mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c) andre@0: { andre@0: mp_int s, x; andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_init(&s)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_init_copy(&x, a)) != MP_OKAY) andre@0: goto X; andre@0: andre@0: DIGIT(&s, 0) = 1; andre@0: andre@0: while(d != 0) { andre@0: if(d & 1) { andre@0: if((res = s_mp_mul(&s, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: d /= 2; andre@0: andre@0: if((res = s_mp_sqr(&x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: s_mp_exch(&s, c); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&x); andre@0: X: andre@0: mp_clear(&s); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_expt_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ Full arithmetic */ andre@0: andre@0: /* {{{ mp_abs(a, b) */ andre@0: andre@0: /* andre@0: mp_abs(a, b) andre@0: andre@0: Compute b = |a|. 'a' and 'b' may be identical. andre@0: */ andre@0: andre@0: mp_err mp_abs(const mp_int *a, mp_int *b) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_copy(a, b)) != MP_OKAY) andre@0: return res; andre@0: andre@0: SIGN(b) = ZPOS; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_abs() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_neg(a, b) */ andre@0: andre@0: /* andre@0: mp_neg(a, b) andre@0: andre@0: Compute b = -a. 'a' and 'b' may be identical. andre@0: */ andre@0: andre@0: mp_err mp_neg(const mp_int *a, mp_int *b) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_copy(a, b)) != MP_OKAY) andre@0: return res; andre@0: andre@0: if(s_mp_cmp_d(b, 0) == MP_EQ) andre@0: SIGN(b) = ZPOS; andre@0: else andre@0: SIGN(b) = (SIGN(b) == NEG) ? ZPOS : NEG; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_neg() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_add(a, b, c) */ andre@0: andre@0: /* andre@0: mp_add(a, b, c) andre@0: andre@0: Compute c = a + b. All parameters may be identical. andre@0: */ andre@0: andre@0: mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if(SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */ andre@0: MP_CHECKOK( s_mp_add_3arg(a, b, c) ); andre@0: } else if(s_mp_cmp(a, b) >= 0) { /* different sign: |a| >= |b| */ andre@0: MP_CHECKOK( s_mp_sub_3arg(a, b, c) ); andre@0: } else { /* different sign: |a| < |b| */ andre@0: MP_CHECKOK( s_mp_sub_3arg(b, a, c) ); andre@0: } andre@0: andre@0: if (s_mp_cmp_d(c, 0) == MP_EQ) andre@0: SIGN(c) = ZPOS; andre@0: andre@0: CLEANUP: andre@0: return res; andre@0: andre@0: } /* end mp_add() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_sub(a, b, c) */ andre@0: andre@0: /* andre@0: mp_sub(a, b, c) andre@0: andre@0: Compute c = a - b. All parameters may be identical. andre@0: */ andre@0: andre@0: mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: int magDiff; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if (a == b) { andre@0: mp_zero(c); andre@0: return MP_OKAY; andre@0: } andre@0: andre@0: if (MP_SIGN(a) != MP_SIGN(b)) { andre@0: MP_CHECKOK( s_mp_add_3arg(a, b, c) ); andre@0: } else if (!(magDiff = s_mp_cmp(a, b))) { andre@0: mp_zero(c); andre@0: res = MP_OKAY; andre@0: } else if (magDiff > 0) { andre@0: MP_CHECKOK( s_mp_sub_3arg(a, b, c) ); andre@0: } else { andre@0: MP_CHECKOK( s_mp_sub_3arg(b, a, c) ); andre@0: MP_SIGN(c) = !MP_SIGN(a); andre@0: } andre@0: andre@0: if (s_mp_cmp_d(c, 0) == MP_EQ) andre@0: MP_SIGN(c) = MP_ZPOS; andre@0: andre@0: CLEANUP: andre@0: return res; andre@0: andre@0: } /* end mp_sub() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_mul(a, b, c) */ andre@0: andre@0: /* andre@0: mp_mul(a, b, c) andre@0: andre@0: Compute c = a * b. All parameters may be identical. andre@0: */ andre@0: mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int * c) andre@0: { andre@0: mp_digit *pb; andre@0: mp_int tmp; andre@0: mp_err res; andre@0: mp_size ib; andre@0: mp_size useda, usedb; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if (a == c) { andre@0: if ((res = mp_init_copy(&tmp, a)) != MP_OKAY) andre@0: return res; andre@0: if (a == b) andre@0: b = &tmp; andre@0: a = &tmp; andre@0: } else if (b == c) { andre@0: if ((res = mp_init_copy(&tmp, b)) != MP_OKAY) andre@0: return res; andre@0: b = &tmp; andre@0: } else { andre@0: MP_DIGITS(&tmp) = 0; andre@0: } andre@0: andre@0: if (MP_USED(a) < MP_USED(b)) { andre@0: const mp_int *xch = b; /* switch a and b, to do fewer outer loops */ andre@0: b = a; andre@0: a = xch; andre@0: } andre@0: andre@0: MP_USED(c) = 1; MP_DIGIT(c, 0) = 0; andre@0: if((res = s_mp_pad(c, USED(a) + USED(b))) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: #ifdef NSS_USE_COMBA andre@0: if ((MP_USED(a) == MP_USED(b)) && IS_POWER_OF_2(MP_USED(b))) { andre@0: if (MP_USED(a) == 4) { andre@0: s_mp_mul_comba_4(a, b, c); andre@0: goto CLEANUP; andre@0: } andre@0: if (MP_USED(a) == 8) { andre@0: s_mp_mul_comba_8(a, b, c); andre@0: goto CLEANUP; andre@0: } andre@0: if (MP_USED(a) == 16) { andre@0: s_mp_mul_comba_16(a, b, c); andre@0: goto CLEANUP; andre@0: } andre@0: if (MP_USED(a) == 32) { andre@0: s_mp_mul_comba_32(a, b, c); andre@0: goto CLEANUP; andre@0: } andre@0: } andre@0: #endif andre@0: andre@0: pb = MP_DIGITS(b); andre@0: s_mpv_mul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c)); andre@0: andre@0: /* Outer loop: Digits of b */ andre@0: useda = MP_USED(a); andre@0: usedb = MP_USED(b); andre@0: for (ib = 1; ib < usedb; ib++) { andre@0: mp_digit b_i = *pb++; andre@0: andre@0: /* Inner product: Digits of a */ andre@0: if (b_i) andre@0: s_mpv_mul_d_add(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib); andre@0: else andre@0: MP_DIGIT(c, ib + useda) = b_i; andre@0: } andre@0: andre@0: s_mp_clamp(c); andre@0: andre@0: if(SIGN(a) == SIGN(b) || s_mp_cmp_d(c, 0) == MP_EQ) andre@0: SIGN(c) = ZPOS; andre@0: else andre@0: SIGN(c) = NEG; andre@0: andre@0: CLEANUP: andre@0: mp_clear(&tmp); andre@0: return res; andre@0: } /* end mp_mul() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_sqr(a, sqr) */ andre@0: andre@0: #if MP_SQUARE andre@0: /* andre@0: Computes the square of a. This can be done more andre@0: efficiently than a general multiplication, because many of the andre@0: computation steps are redundant when squaring. The inner product andre@0: step is a bit more complicated, but we save a fair number of andre@0: iterations of the multiplication loop. andre@0: */ andre@0: andre@0: /* sqr = a^2; Caller provides both a and tmp; */ andre@0: mp_err mp_sqr(const mp_int *a, mp_int *sqr) andre@0: { andre@0: mp_digit *pa; andre@0: mp_digit d; andre@0: mp_err res; andre@0: mp_size ix; andre@0: mp_int tmp; andre@0: int count; andre@0: andre@0: ARGCHK(a != NULL && sqr != NULL, MP_BADARG); andre@0: andre@0: if (a == sqr) { andre@0: if((res = mp_init_copy(&tmp, a)) != MP_OKAY) andre@0: return res; andre@0: a = &tmp; andre@0: } else { andre@0: DIGITS(&tmp) = 0; andre@0: res = MP_OKAY; andre@0: } andre@0: andre@0: ix = 2 * MP_USED(a); andre@0: if (ix > MP_ALLOC(sqr)) { andre@0: MP_USED(sqr) = 1; andre@0: MP_CHECKOK( s_mp_grow(sqr, ix) ); andre@0: } andre@0: MP_USED(sqr) = ix; andre@0: MP_DIGIT(sqr, 0) = 0; andre@0: andre@0: #ifdef NSS_USE_COMBA andre@0: if (IS_POWER_OF_2(MP_USED(a))) { andre@0: if (MP_USED(a) == 4) { andre@0: s_mp_sqr_comba_4(a, sqr); andre@0: goto CLEANUP; andre@0: } andre@0: if (MP_USED(a) == 8) { andre@0: s_mp_sqr_comba_8(a, sqr); andre@0: goto CLEANUP; andre@0: } andre@0: if (MP_USED(a) == 16) { andre@0: s_mp_sqr_comba_16(a, sqr); andre@0: goto CLEANUP; andre@0: } andre@0: if (MP_USED(a) == 32) { andre@0: s_mp_sqr_comba_32(a, sqr); andre@0: goto CLEANUP; andre@0: } andre@0: } andre@0: #endif andre@0: andre@0: pa = MP_DIGITS(a); andre@0: count = MP_USED(a) - 1; andre@0: if (count > 0) { andre@0: d = *pa++; andre@0: s_mpv_mul_d(pa, count, d, MP_DIGITS(sqr) + 1); andre@0: for (ix = 3; --count > 0; ix += 2) { andre@0: d = *pa++; andre@0: s_mpv_mul_d_add(pa, count, d, MP_DIGITS(sqr) + ix); andre@0: } /* for(ix ...) */ andre@0: MP_DIGIT(sqr, MP_USED(sqr)-1) = 0; /* above loop stopped short of this. */ andre@0: andre@0: /* now sqr *= 2 */ andre@0: s_mp_mul_2(sqr); andre@0: } else { andre@0: MP_DIGIT(sqr, 1) = 0; andre@0: } andre@0: andre@0: /* now add the squares of the digits of a to sqr. */ andre@0: s_mpv_sqr_add_prop(MP_DIGITS(a), MP_USED(a), MP_DIGITS(sqr)); andre@0: andre@0: SIGN(sqr) = ZPOS; andre@0: s_mp_clamp(sqr); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&tmp); andre@0: return res; andre@0: andre@0: } /* end mp_sqr() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_div(a, b, q, r) */ andre@0: andre@0: /* andre@0: mp_div(a, b, q, r) andre@0: andre@0: Compute q = a / b and r = a mod b. Input parameters may be re-used andre@0: as output parameters. If q or r is NULL, that portion of the andre@0: computation will be discarded (although it will still be computed) andre@0: */ andre@0: mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r) andre@0: { andre@0: mp_err res; andre@0: mp_int *pQ, *pR; andre@0: mp_int qtmp, rtmp, btmp; andre@0: int cmp; andre@0: mp_sign signA; andre@0: mp_sign signB; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: signA = MP_SIGN(a); andre@0: signB = MP_SIGN(b); andre@0: andre@0: if(mp_cmp_z(b) == MP_EQ) andre@0: return MP_RANGE; andre@0: andre@0: DIGITS(&qtmp) = 0; andre@0: DIGITS(&rtmp) = 0; andre@0: DIGITS(&btmp) = 0; andre@0: andre@0: /* Set up some temporaries... */ andre@0: if (!r || r == a || r == b) { andre@0: MP_CHECKOK( mp_init_copy(&rtmp, a) ); andre@0: pR = &rtmp; andre@0: } else { andre@0: MP_CHECKOK( mp_copy(a, r) ); andre@0: pR = r; andre@0: } andre@0: andre@0: if (!q || q == a || q == b) { andre@0: MP_CHECKOK( mp_init_size(&qtmp, MP_USED(a)) ); andre@0: pQ = &qtmp; andre@0: } else { andre@0: MP_CHECKOK( s_mp_pad(q, MP_USED(a)) ); andre@0: pQ = q; andre@0: mp_zero(pQ); andre@0: } andre@0: andre@0: /* andre@0: If |a| <= |b|, we can compute the solution without division; andre@0: otherwise, we actually do the work required. andre@0: */ andre@0: if ((cmp = s_mp_cmp(a, b)) <= 0) { andre@0: if (cmp) { andre@0: /* r was set to a above. */ andre@0: mp_zero(pQ); andre@0: } else { andre@0: mp_set(pQ, 1); andre@0: mp_zero(pR); andre@0: } andre@0: } else { andre@0: MP_CHECKOK( mp_init_copy(&btmp, b) ); andre@0: MP_CHECKOK( s_mp_div(pR, &btmp, pQ) ); andre@0: } andre@0: andre@0: /* Compute the signs for the output */ andre@0: MP_SIGN(pR) = signA; /* Sr = Sa */ andre@0: /* Sq = ZPOS if Sa == Sb */ /* Sq = NEG if Sa != Sb */ andre@0: MP_SIGN(pQ) = (signA == signB) ? ZPOS : NEG; andre@0: andre@0: if(s_mp_cmp_d(pQ, 0) == MP_EQ) andre@0: SIGN(pQ) = ZPOS; andre@0: if(s_mp_cmp_d(pR, 0) == MP_EQ) andre@0: SIGN(pR) = ZPOS; andre@0: andre@0: /* Copy output, if it is needed */ andre@0: if(q && q != pQ) andre@0: s_mp_exch(pQ, q); andre@0: andre@0: if(r && r != pR) andre@0: s_mp_exch(pR, r); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&btmp); andre@0: mp_clear(&rtmp); andre@0: mp_clear(&qtmp); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_div() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_div_2d(a, d, q, r) */ andre@0: andre@0: mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL, MP_BADARG); andre@0: andre@0: if(q) { andre@0: if((res = mp_copy(a, q)) != MP_OKAY) andre@0: return res; andre@0: } andre@0: if(r) { andre@0: if((res = mp_copy(a, r)) != MP_OKAY) andre@0: return res; andre@0: } andre@0: if(q) { andre@0: s_mp_div_2d(q, d); andre@0: } andre@0: if(r) { andre@0: s_mp_mod_2d(r, d); andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_div_2d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_expt(a, b, c) */ andre@0: andre@0: /* andre@0: mp_expt(a, b, c) andre@0: andre@0: Compute c = a ** b, that is, raise a to the b power. Uses a andre@0: standard iterative square-and-multiply technique. andre@0: */ andre@0: andre@0: mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) andre@0: { andre@0: mp_int s, x; andre@0: mp_err res; andre@0: mp_digit d; andre@0: int dig, bit; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if(mp_cmp_z(b) < 0) andre@0: return MP_RANGE; andre@0: andre@0: if((res = mp_init(&s)) != MP_OKAY) andre@0: return res; andre@0: andre@0: mp_set(&s, 1); andre@0: andre@0: if((res = mp_init_copy(&x, a)) != MP_OKAY) andre@0: goto X; andre@0: andre@0: /* Loop over low-order digits in ascending order */ andre@0: for(dig = 0; dig < (USED(b) - 1); dig++) { andre@0: d = DIGIT(b, dig); andre@0: andre@0: /* Loop over bits of each non-maximal digit */ andre@0: for(bit = 0; bit < DIGIT_BIT; bit++) { andre@0: if(d & 1) { andre@0: if((res = s_mp_mul(&s, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: d >>= 1; andre@0: andre@0: if((res = s_mp_sqr(&x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: } andre@0: andre@0: /* Consider now the last digit... */ andre@0: d = DIGIT(b, dig); andre@0: andre@0: while(d) { andre@0: if(d & 1) { andre@0: if((res = s_mp_mul(&s, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: d >>= 1; andre@0: andre@0: if((res = s_mp_sqr(&x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: if(mp_iseven(b)) andre@0: SIGN(&s) = SIGN(a); andre@0: andre@0: res = mp_copy(&s, c); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&x); andre@0: X: andre@0: mp_clear(&s); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_expt() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_2expt(a, k) */ andre@0: andre@0: /* Compute a = 2^k */ andre@0: andre@0: mp_err mp_2expt(mp_int *a, mp_digit k) andre@0: { andre@0: ARGCHK(a != NULL, MP_BADARG); andre@0: andre@0: return s_mp_2expt(a, k); andre@0: andre@0: } /* end mp_2expt() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_mod(a, m, c) */ andre@0: andre@0: /* andre@0: mp_mod(a, m, c) andre@0: andre@0: Compute c = a (mod m). Result will always be 0 <= c < m. andre@0: */ andre@0: andre@0: mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: int mag; andre@0: andre@0: ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if(SIGN(m) == NEG) andre@0: return MP_RANGE; andre@0: andre@0: /* andre@0: If |a| > m, we need to divide to get the remainder and take the andre@0: absolute value. andre@0: andre@0: If |a| < m, we don't need to do any division, just copy and adjust andre@0: the sign (if a is negative). andre@0: andre@0: If |a| == m, we can simply set the result to zero. andre@0: andre@0: This order is intended to minimize the average path length of the andre@0: comparison chain on common workloads -- the most frequent cases are andre@0: that |a| != m, so we do those first. andre@0: */ andre@0: if((mag = s_mp_cmp(a, m)) > 0) { andre@0: if((res = mp_div(a, m, NULL, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: if(SIGN(c) == NEG) { andre@0: if((res = mp_add(c, m, c)) != MP_OKAY) andre@0: return res; andre@0: } andre@0: andre@0: } else if(mag < 0) { andre@0: if((res = mp_copy(a, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: if(mp_cmp_z(a) < 0) { andre@0: if((res = mp_add(c, m, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: } andre@0: andre@0: } else { andre@0: mp_zero(c); andre@0: andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_mod() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_mod_d(a, d, c) */ andre@0: andre@0: /* andre@0: mp_mod_d(a, d, c) andre@0: andre@0: Compute c = a (mod d). Result will always be 0 <= c < d andre@0: */ andre@0: mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c) andre@0: { andre@0: mp_err res; andre@0: mp_digit rem; andre@0: andre@0: ARGCHK(a != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if(s_mp_cmp_d(a, d) > 0) { andre@0: if((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY) andre@0: return res; andre@0: andre@0: } else { andre@0: if(SIGN(a) == NEG) andre@0: rem = d - DIGIT(a, 0); andre@0: else andre@0: rem = DIGIT(a, 0); andre@0: } andre@0: andre@0: if(c) andre@0: *c = rem; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_mod_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_sqrt(a, b) */ andre@0: andre@0: /* andre@0: mp_sqrt(a, b) andre@0: andre@0: Compute the integer square root of a, and store the result in b. andre@0: Uses an integer-arithmetic version of Newton's iterative linear andre@0: approximation technique to determine this value; the result has the andre@0: following two properties: andre@0: andre@0: b^2 <= a andre@0: (b+1)^2 >= a andre@0: andre@0: It is a range error to pass a negative value. andre@0: */ andre@0: mp_err mp_sqrt(const mp_int *a, mp_int *b) andre@0: { andre@0: mp_int x, t; andre@0: mp_err res; andre@0: mp_size used; andre@0: andre@0: ARGCHK(a != NULL && b != NULL, MP_BADARG); andre@0: andre@0: /* Cannot take square root of a negative value */ andre@0: if(SIGN(a) == NEG) andre@0: return MP_RANGE; andre@0: andre@0: /* Special cases for zero and one, trivial */ andre@0: if(mp_cmp_d(a, 1) <= 0) andre@0: return mp_copy(a, b); andre@0: andre@0: /* Initialize the temporaries we'll use below */ andre@0: if((res = mp_init_size(&t, USED(a))) != MP_OKAY) andre@0: return res; andre@0: andre@0: /* Compute an initial guess for the iteration as a itself */ andre@0: if((res = mp_init_copy(&x, a)) != MP_OKAY) andre@0: goto X; andre@0: andre@0: used = MP_USED(&x); andre@0: if (used > 1) { andre@0: s_mp_rshd(&x, used / 2); andre@0: } andre@0: andre@0: for(;;) { andre@0: /* t = (x * x) - a */ andre@0: mp_copy(&x, &t); /* can't fail, t is big enough for original x */ andre@0: if((res = mp_sqr(&t, &t)) != MP_OKAY || andre@0: (res = mp_sub(&t, a, &t)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: /* t = t / 2x */ andre@0: s_mp_mul_2(&x); andre@0: if((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: s_mp_div_2(&x); andre@0: andre@0: /* Terminate the loop, if the quotient is zero */ andre@0: if(mp_cmp_z(&t) == MP_EQ) andre@0: break; andre@0: andre@0: /* x = x - t */ andre@0: if((res = mp_sub(&x, &t, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: } andre@0: andre@0: /* Copy result to output parameter */ andre@0: mp_sub_d(&x, 1, &x); andre@0: s_mp_exch(&x, b); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&x); andre@0: X: andre@0: mp_clear(&t); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_sqrt() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ Modular arithmetic */ andre@0: andre@0: #if MP_MODARITH andre@0: /* {{{ mp_addmod(a, b, m, c) */ andre@0: andre@0: /* andre@0: mp_addmod(a, b, m, c) andre@0: andre@0: Compute c = (a + b) mod m andre@0: */ andre@0: andre@0: mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_add(a, b, c)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_mod(c, m, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_submod(a, b, m, c) */ andre@0: andre@0: /* andre@0: mp_submod(a, b, m, c) andre@0: andre@0: Compute c = (a - b) mod m andre@0: */ andre@0: andre@0: mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_sub(a, b, c)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_mod(c, m, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_mulmod(a, b, m, c) */ andre@0: andre@0: /* andre@0: mp_mulmod(a, b, m, c) andre@0: andre@0: Compute c = (a * b) mod m andre@0: */ andre@0: andre@0: mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_mul(a, b, c)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_mod(c, m, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_sqrmod(a, m, c) */ andre@0: andre@0: #if MP_SQUARE andre@0: mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_sqr(a, c)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_mod(c, m, c)) != MP_OKAY) andre@0: return res; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_sqrmod() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_exptmod(a, b, m, c) */ andre@0: andre@0: /* andre@0: s_mp_exptmod(a, b, m, c) andre@0: andre@0: Compute c = (a ** b) mod m. Uses a standard square-and-multiply andre@0: method with modular reductions at each step. (This is basically the andre@0: same code as mp_expt(), except for the addition of the reductions) andre@0: andre@0: The modular reductions are done using Barrett's algorithm (see andre@0: s_mp_reduce() below for details) andre@0: */ andre@0: andre@0: mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_int s, x, mu; andre@0: mp_err res; andre@0: mp_digit d; andre@0: int dig, bit; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if(mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0) andre@0: return MP_RANGE; andre@0: andre@0: if((res = mp_init(&s)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_init_copy(&x, a)) != MP_OKAY || andre@0: (res = mp_mod(&x, m, &x)) != MP_OKAY) andre@0: goto X; andre@0: if((res = mp_init(&mu)) != MP_OKAY) andre@0: goto MU; andre@0: andre@0: mp_set(&s, 1); andre@0: andre@0: /* mu = b^2k / m */ andre@0: s_mp_add_d(&mu, 1); andre@0: s_mp_lshd(&mu, 2 * USED(m)); andre@0: if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: /* Loop over digits of b in ascending order, except highest order */ andre@0: for(dig = 0; dig < (USED(b) - 1); dig++) { andre@0: d = DIGIT(b, dig); andre@0: andre@0: /* Loop over the bits of the lower-order digits */ andre@0: for(bit = 0; bit < DIGIT_BIT; bit++) { andre@0: if(d & 1) { andre@0: if((res = s_mp_mul(&s, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: d >>= 1; andre@0: andre@0: if((res = s_mp_sqr(&x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: } andre@0: andre@0: /* Now do the last digit... */ andre@0: d = DIGIT(b, dig); andre@0: andre@0: while(d) { andre@0: if(d & 1) { andre@0: if((res = s_mp_mul(&s, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: d >>= 1; andre@0: andre@0: if((res = s_mp_sqr(&x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: s_mp_exch(&s, c); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&mu); andre@0: MU: andre@0: mp_clear(&x); andre@0: X: andre@0: mp_clear(&s); andre@0: andre@0: return res; andre@0: andre@0: } /* end s_mp_exptmod() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_exptmod_d(a, d, m, c) */ andre@0: andre@0: mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_int s, x; andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if((res = mp_init(&s)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_init_copy(&x, a)) != MP_OKAY) andre@0: goto X; andre@0: andre@0: mp_set(&s, 1); andre@0: andre@0: while(d != 0) { andre@0: if(d & 1) { andre@0: if((res = s_mp_mul(&s, &x)) != MP_OKAY || andre@0: (res = mp_mod(&s, m, &s)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: d /= 2; andre@0: andre@0: if((res = s_mp_sqr(&x)) != MP_OKAY || andre@0: (res = mp_mod(&x, m, &x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: s_mp_exch(&s, c); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&x); andre@0: X: andre@0: mp_clear(&s); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_exptmod_d() */ andre@0: andre@0: /* }}} */ andre@0: #endif /* if MP_MODARITH */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ Comparison functions */ andre@0: andre@0: /* {{{ mp_cmp_z(a) */ andre@0: andre@0: /* andre@0: mp_cmp_z(a) andre@0: andre@0: Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0. andre@0: */ andre@0: andre@0: int mp_cmp_z(const mp_int *a) andre@0: { andre@0: if(SIGN(a) == NEG) andre@0: return MP_LT; andre@0: else if(USED(a) == 1 && DIGIT(a, 0) == 0) andre@0: return MP_EQ; andre@0: else andre@0: return MP_GT; andre@0: andre@0: } /* end mp_cmp_z() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_cmp_d(a, d) */ andre@0: andre@0: /* andre@0: mp_cmp_d(a, d) andre@0: andre@0: Compare a <=> d. Returns <0 if a0 if a>d andre@0: */ andre@0: andre@0: int mp_cmp_d(const mp_int *a, mp_digit d) andre@0: { andre@0: ARGCHK(a != NULL, MP_EQ); andre@0: andre@0: if(SIGN(a) == NEG) andre@0: return MP_LT; andre@0: andre@0: return s_mp_cmp_d(a, d); andre@0: andre@0: } /* end mp_cmp_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_cmp(a, b) */ andre@0: andre@0: int mp_cmp(const mp_int *a, const mp_int *b) andre@0: { andre@0: ARGCHK(a != NULL && b != NULL, MP_EQ); andre@0: andre@0: if(SIGN(a) == SIGN(b)) { andre@0: int mag; andre@0: andre@0: if((mag = s_mp_cmp(a, b)) == MP_EQ) andre@0: return MP_EQ; andre@0: andre@0: if(SIGN(a) == ZPOS) andre@0: return mag; andre@0: else andre@0: return -mag; andre@0: andre@0: } else if(SIGN(a) == ZPOS) { andre@0: return MP_GT; andre@0: } else { andre@0: return MP_LT; andre@0: } andre@0: andre@0: } /* end mp_cmp() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_cmp_mag(a, b) */ andre@0: andre@0: /* andre@0: mp_cmp_mag(a, b) andre@0: andre@0: Compares |a| <=> |b|, and returns an appropriate comparison result andre@0: */ andre@0: andre@0: int mp_cmp_mag(mp_int *a, mp_int *b) andre@0: { andre@0: ARGCHK(a != NULL && b != NULL, MP_EQ); andre@0: andre@0: return s_mp_cmp(a, b); andre@0: andre@0: } /* end mp_cmp_mag() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_cmp_int(a, z) */ andre@0: andre@0: /* andre@0: This just converts z to an mp_int, and uses the existing comparison andre@0: routines. This is sort of inefficient, but it's not clear to me how andre@0: frequently this wil get used anyway. For small positive constants, andre@0: you can always use mp_cmp_d(), and for zero, there is mp_cmp_z(). andre@0: */ andre@0: int mp_cmp_int(const mp_int *a, long z) andre@0: { andre@0: mp_int tmp; andre@0: int out; andre@0: andre@0: ARGCHK(a != NULL, MP_EQ); andre@0: andre@0: mp_init(&tmp); mp_set_int(&tmp, z); andre@0: out = mp_cmp(a, &tmp); andre@0: mp_clear(&tmp); andre@0: andre@0: return out; andre@0: andre@0: } /* end mp_cmp_int() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_isodd(a) */ andre@0: andre@0: /* andre@0: mp_isodd(a) andre@0: andre@0: Returns a true (non-zero) value if a is odd, false (zero) otherwise. andre@0: */ andre@0: int mp_isodd(const mp_int *a) andre@0: { andre@0: ARGCHK(a != NULL, 0); andre@0: andre@0: return (int)(DIGIT(a, 0) & 1); andre@0: andre@0: } /* end mp_isodd() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_iseven(a) */ andre@0: andre@0: int mp_iseven(const mp_int *a) andre@0: { andre@0: return !mp_isodd(a); andre@0: andre@0: } /* end mp_iseven() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ Number theoretic functions */ andre@0: andre@0: #if MP_NUMTH andre@0: /* {{{ mp_gcd(a, b, c) */ andre@0: andre@0: /* andre@0: Like the old mp_gcd() function, except computes the GCD using the andre@0: binary algorithm due to Josef Stein in 1961 (via Knuth). andre@0: */ andre@0: mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: mp_int u, v, t; andre@0: mp_size k = 0; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: if(mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ) andre@0: return MP_RANGE; andre@0: if(mp_cmp_z(a) == MP_EQ) { andre@0: return mp_copy(b, c); andre@0: } else if(mp_cmp_z(b) == MP_EQ) { andre@0: return mp_copy(a, c); andre@0: } andre@0: andre@0: if((res = mp_init(&t)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_init_copy(&u, a)) != MP_OKAY) andre@0: goto U; andre@0: if((res = mp_init_copy(&v, b)) != MP_OKAY) andre@0: goto V; andre@0: andre@0: SIGN(&u) = ZPOS; andre@0: SIGN(&v) = ZPOS; andre@0: andre@0: /* Divide out common factors of 2 until at least 1 of a, b is even */ andre@0: while(mp_iseven(&u) && mp_iseven(&v)) { andre@0: s_mp_div_2(&u); andre@0: s_mp_div_2(&v); andre@0: ++k; andre@0: } andre@0: andre@0: /* Initialize t */ andre@0: if(mp_isodd(&u)) { andre@0: if((res = mp_copy(&v, &t)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: /* t = -v */ andre@0: if(SIGN(&v) == ZPOS) andre@0: SIGN(&t) = NEG; andre@0: else andre@0: SIGN(&t) = ZPOS; andre@0: andre@0: } else { andre@0: if((res = mp_copy(&u, &t)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: } andre@0: andre@0: for(;;) { andre@0: while(mp_iseven(&t)) { andre@0: s_mp_div_2(&t); andre@0: } andre@0: andre@0: if(mp_cmp_z(&t) == MP_GT) { andre@0: if((res = mp_copy(&t, &u)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: } else { andre@0: if((res = mp_copy(&t, &v)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: /* v = -t */ andre@0: if(SIGN(&t) == ZPOS) andre@0: SIGN(&v) = NEG; andre@0: else andre@0: SIGN(&v) = ZPOS; andre@0: } andre@0: andre@0: if((res = mp_sub(&u, &v, &t)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: if(s_mp_cmp_d(&t, 0) == MP_EQ) andre@0: break; andre@0: } andre@0: andre@0: s_mp_2expt(&v, k); /* v = 2^k */ andre@0: res = mp_mul(&u, &v, c); /* c = u * v */ andre@0: andre@0: CLEANUP: andre@0: mp_clear(&v); andre@0: V: andre@0: mp_clear(&u); andre@0: U: andre@0: mp_clear(&t); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_gcd() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_lcm(a, b, c) */ andre@0: andre@0: /* We compute the least common multiple using the rule: andre@0: andre@0: ab = [a, b](a, b) andre@0: andre@0: ... by computing the product, and dividing out the gcd. andre@0: */ andre@0: andre@0: mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c) andre@0: { andre@0: mp_int gcd, prod; andre@0: mp_err res; andre@0: andre@0: ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); andre@0: andre@0: /* Set up temporaries */ andre@0: if((res = mp_init(&gcd)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_init(&prod)) != MP_OKAY) andre@0: goto GCD; andre@0: andre@0: if((res = mp_mul(a, b, &prod)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: if((res = mp_gcd(a, b, &gcd)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: res = mp_div(&prod, &gcd, c, NULL); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&prod); andre@0: GCD: andre@0: mp_clear(&gcd); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_lcm() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_xgcd(a, b, g, x, y) */ andre@0: andre@0: /* andre@0: mp_xgcd(a, b, g, x, y) andre@0: andre@0: Compute g = (a, b) and values x and y satisfying Bezout's identity andre@0: (that is, ax + by = g). This uses the binary extended GCD algorithm andre@0: based on the Stein algorithm used for mp_gcd() andre@0: See algorithm 14.61 in Handbook of Applied Cryptogrpahy. andre@0: */ andre@0: andre@0: mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y) andre@0: { andre@0: mp_int gx, xc, yc, u, v, A, B, C, D; andre@0: mp_int *clean[9]; andre@0: mp_err res; andre@0: int last = -1; andre@0: andre@0: if(mp_cmp_z(b) == 0) andre@0: return MP_RANGE; andre@0: andre@0: /* Initialize all these variables we need */ andre@0: MP_CHECKOK( mp_init(&u) ); andre@0: clean[++last] = &u; andre@0: MP_CHECKOK( mp_init(&v) ); andre@0: clean[++last] = &v; andre@0: MP_CHECKOK( mp_init(&gx) ); andre@0: clean[++last] = &gx; andre@0: MP_CHECKOK( mp_init(&A) ); andre@0: clean[++last] = &A; andre@0: MP_CHECKOK( mp_init(&B) ); andre@0: clean[++last] = &B; andre@0: MP_CHECKOK( mp_init(&C) ); andre@0: clean[++last] = &C; andre@0: MP_CHECKOK( mp_init(&D) ); andre@0: clean[++last] = &D; andre@0: MP_CHECKOK( mp_init_copy(&xc, a) ); andre@0: clean[++last] = &xc; andre@0: mp_abs(&xc, &xc); andre@0: MP_CHECKOK( mp_init_copy(&yc, b) ); andre@0: clean[++last] = &yc; andre@0: mp_abs(&yc, &yc); andre@0: andre@0: mp_set(&gx, 1); andre@0: andre@0: /* Divide by two until at least one of them is odd */ andre@0: while(mp_iseven(&xc) && mp_iseven(&yc)) { andre@0: mp_size nx = mp_trailing_zeros(&xc); andre@0: mp_size ny = mp_trailing_zeros(&yc); andre@0: mp_size n = MP_MIN(nx, ny); andre@0: s_mp_div_2d(&xc,n); andre@0: s_mp_div_2d(&yc,n); andre@0: MP_CHECKOK( s_mp_mul_2d(&gx,n) ); andre@0: } andre@0: andre@0: mp_copy(&xc, &u); andre@0: mp_copy(&yc, &v); andre@0: mp_set(&A, 1); mp_set(&D, 1); andre@0: andre@0: /* Loop through binary GCD algorithm */ andre@0: do { andre@0: while(mp_iseven(&u)) { andre@0: s_mp_div_2(&u); andre@0: andre@0: if(mp_iseven(&A) && mp_iseven(&B)) { andre@0: s_mp_div_2(&A); s_mp_div_2(&B); andre@0: } else { andre@0: MP_CHECKOK( mp_add(&A, &yc, &A) ); andre@0: s_mp_div_2(&A); andre@0: MP_CHECKOK( mp_sub(&B, &xc, &B) ); andre@0: s_mp_div_2(&B); andre@0: } andre@0: } andre@0: andre@0: while(mp_iseven(&v)) { andre@0: s_mp_div_2(&v); andre@0: andre@0: if(mp_iseven(&C) && mp_iseven(&D)) { andre@0: s_mp_div_2(&C); s_mp_div_2(&D); andre@0: } else { andre@0: MP_CHECKOK( mp_add(&C, &yc, &C) ); andre@0: s_mp_div_2(&C); andre@0: MP_CHECKOK( mp_sub(&D, &xc, &D) ); andre@0: s_mp_div_2(&D); andre@0: } andre@0: } andre@0: andre@0: if(mp_cmp(&u, &v) >= 0) { andre@0: MP_CHECKOK( mp_sub(&u, &v, &u) ); andre@0: MP_CHECKOK( mp_sub(&A, &C, &A) ); andre@0: MP_CHECKOK( mp_sub(&B, &D, &B) ); andre@0: } else { andre@0: MP_CHECKOK( mp_sub(&v, &u, &v) ); andre@0: MP_CHECKOK( mp_sub(&C, &A, &C) ); andre@0: MP_CHECKOK( mp_sub(&D, &B, &D) ); andre@0: } andre@0: } while (mp_cmp_z(&u) != 0); andre@0: andre@0: /* copy results to output */ andre@0: if(x) andre@0: MP_CHECKOK( mp_copy(&C, x) ); andre@0: andre@0: if(y) andre@0: MP_CHECKOK( mp_copy(&D, y) ); andre@0: andre@0: if(g) andre@0: MP_CHECKOK( mp_mul(&gx, &v, g) ); andre@0: andre@0: CLEANUP: andre@0: while(last >= 0) andre@0: mp_clear(clean[last--]); andre@0: andre@0: return res; andre@0: andre@0: } /* end mp_xgcd() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: mp_size mp_trailing_zeros(const mp_int *mp) andre@0: { andre@0: mp_digit d; andre@0: mp_size n = 0; andre@0: int ix; andre@0: andre@0: if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) andre@0: return n; andre@0: andre@0: for (ix = 0; !(d = MP_DIGIT(mp,ix)) && (ix < MP_USED(mp)); ++ix) andre@0: n += MP_DIGIT_BIT; andre@0: if (!d) andre@0: return 0; /* shouldn't happen, but ... */ andre@0: #if !defined(MP_USE_UINT_DIGIT) andre@0: if (!(d & 0xffffffffU)) { andre@0: d >>= 32; andre@0: n += 32; andre@0: } andre@0: #endif andre@0: if (!(d & 0xffffU)) { andre@0: d >>= 16; andre@0: n += 16; andre@0: } andre@0: if (!(d & 0xffU)) { andre@0: d >>= 8; andre@0: n += 8; andre@0: } andre@0: if (!(d & 0xfU)) { andre@0: d >>= 4; andre@0: n += 4; andre@0: } andre@0: if (!(d & 0x3U)) { andre@0: d >>= 2; andre@0: n += 2; andre@0: } andre@0: if (!(d & 0x1U)) { andre@0: d >>= 1; andre@0: n += 1; andre@0: } andre@0: #if MP_ARGCHK == 2 andre@0: assert(0 != (d & 1)); andre@0: #endif andre@0: return n; andre@0: } andre@0: andre@0: /* Given a and prime p, computes c and k such that a*c == 2**k (mod p). andre@0: ** Returns k (positive) or error (negative). andre@0: ** This technique from the paper "Fast Modular Reciprocals" (unpublished) andre@0: ** by Richard Schroeppel (a.k.a. Captain Nemo). andre@0: */ andre@0: mp_err s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: mp_err k = 0; andre@0: mp_int d, f, g; andre@0: andre@0: ARGCHK(a && p && c, MP_BADARG); andre@0: andre@0: MP_DIGITS(&d) = 0; andre@0: MP_DIGITS(&f) = 0; andre@0: MP_DIGITS(&g) = 0; andre@0: MP_CHECKOK( mp_init(&d) ); andre@0: MP_CHECKOK( mp_init_copy(&f, a) ); /* f = a */ andre@0: MP_CHECKOK( mp_init_copy(&g, p) ); /* g = p */ andre@0: andre@0: mp_set(c, 1); andre@0: mp_zero(&d); andre@0: andre@0: if (mp_cmp_z(&f) == 0) { andre@0: res = MP_UNDEF; andre@0: } else andre@0: for (;;) { andre@0: int diff_sign; andre@0: while (mp_iseven(&f)) { andre@0: mp_size n = mp_trailing_zeros(&f); andre@0: if (!n) { andre@0: res = MP_UNDEF; andre@0: goto CLEANUP; andre@0: } andre@0: s_mp_div_2d(&f, n); andre@0: MP_CHECKOK( s_mp_mul_2d(&d, n) ); andre@0: k += n; andre@0: } andre@0: if (mp_cmp_d(&f, 1) == MP_EQ) { /* f == 1 */ andre@0: res = k; andre@0: break; andre@0: } andre@0: diff_sign = mp_cmp(&f, &g); andre@0: if (diff_sign < 0) { /* f < g */ andre@0: s_mp_exch(&f, &g); andre@0: s_mp_exch(c, &d); andre@0: } else if (diff_sign == 0) { /* f == g */ andre@0: res = MP_UNDEF; /* a and p are not relatively prime */ andre@0: break; andre@0: } andre@0: if ((MP_DIGIT(&f,0) % 4) == (MP_DIGIT(&g,0) % 4)) { andre@0: MP_CHECKOK( mp_sub(&f, &g, &f) ); /* f = f - g */ andre@0: MP_CHECKOK( mp_sub(c, &d, c) ); /* c = c - d */ andre@0: } else { andre@0: MP_CHECKOK( mp_add(&f, &g, &f) ); /* f = f + g */ andre@0: MP_CHECKOK( mp_add(c, &d, c) ); /* c = c + d */ andre@0: } andre@0: } andre@0: if (res >= 0) { andre@0: while (MP_SIGN(c) != MP_ZPOS) { andre@0: MP_CHECKOK( mp_add(c, p, c) ); andre@0: } andre@0: res = k; andre@0: } andre@0: andre@0: CLEANUP: andre@0: mp_clear(&d); andre@0: mp_clear(&f); andre@0: mp_clear(&g); andre@0: return res; andre@0: } andre@0: andre@0: /* Compute T = (P ** -1) mod MP_RADIX. Also works for 16-bit mp_digits. andre@0: ** This technique from the paper "Fast Modular Reciprocals" (unpublished) andre@0: ** by Richard Schroeppel (a.k.a. Captain Nemo). andre@0: */ andre@0: mp_digit s_mp_invmod_radix(mp_digit P) andre@0: { andre@0: mp_digit T = P; andre@0: T *= 2 - (P * T); andre@0: T *= 2 - (P * T); andre@0: T *= 2 - (P * T); andre@0: T *= 2 - (P * T); andre@0: #if !defined(MP_USE_UINT_DIGIT) andre@0: T *= 2 - (P * T); andre@0: T *= 2 - (P * T); andre@0: #endif andre@0: return T; andre@0: } andre@0: andre@0: /* Given c, k, and prime p, where a*c == 2**k (mod p), andre@0: ** Compute x = (a ** -1) mod p. This is similar to Montgomery reduction. andre@0: ** This technique from the paper "Fast Modular Reciprocals" (unpublished) andre@0: ** by Richard Schroeppel (a.k.a. Captain Nemo). andre@0: */ andre@0: mp_err s_mp_fixup_reciprocal(const mp_int *c, const mp_int *p, int k, mp_int *x) andre@0: { andre@0: int k_orig = k; andre@0: mp_digit r; andre@0: mp_size ix; andre@0: mp_err res; andre@0: andre@0: if (mp_cmp_z(c) < 0) { /* c < 0 */ andre@0: MP_CHECKOK( mp_add(c, p, x) ); /* x = c + p */ andre@0: } else { andre@0: MP_CHECKOK( mp_copy(c, x) ); /* x = c */ andre@0: } andre@0: andre@0: /* make sure x is large enough */ andre@0: ix = MP_HOWMANY(k, MP_DIGIT_BIT) + MP_USED(p) + 1; andre@0: ix = MP_MAX(ix, MP_USED(x)); andre@0: MP_CHECKOK( s_mp_pad(x, ix) ); andre@0: andre@0: r = 0 - s_mp_invmod_radix(MP_DIGIT(p,0)); andre@0: andre@0: for (ix = 0; k > 0; ix++) { andre@0: int j = MP_MIN(k, MP_DIGIT_BIT); andre@0: mp_digit v = r * MP_DIGIT(x, ix); andre@0: if (j < MP_DIGIT_BIT) { andre@0: v &= ((mp_digit)1 << j) - 1; /* v = v mod (2 ** j) */ andre@0: } andre@0: s_mp_mul_d_add_offset(p, v, x, ix); /* x += p * v * (RADIX ** ix) */ andre@0: k -= j; andre@0: } andre@0: s_mp_clamp(x); andre@0: s_mp_div_2d(x, k_orig); andre@0: res = MP_OKAY; andre@0: andre@0: CLEANUP: andre@0: return res; andre@0: } andre@0: andre@0: /* compute mod inverse using Schroeppel's method, only if m is odd */ andre@0: mp_err s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c) andre@0: { andre@0: int k; andre@0: mp_err res; andre@0: mp_int x; andre@0: andre@0: ARGCHK(a && m && c, MP_BADARG); andre@0: andre@0: if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) andre@0: return MP_RANGE; andre@0: if (mp_iseven(m)) andre@0: return MP_UNDEF; andre@0: andre@0: MP_DIGITS(&x) = 0; andre@0: andre@0: if (a == c) { andre@0: if ((res = mp_init_copy(&x, a)) != MP_OKAY) andre@0: return res; andre@0: if (a == m) andre@0: m = &x; andre@0: a = &x; andre@0: } else if (m == c) { andre@0: if ((res = mp_init_copy(&x, m)) != MP_OKAY) andre@0: return res; andre@0: m = &x; andre@0: } else { andre@0: MP_DIGITS(&x) = 0; andre@0: } andre@0: andre@0: MP_CHECKOK( s_mp_almost_inverse(a, m, c) ); andre@0: k = res; andre@0: MP_CHECKOK( s_mp_fixup_reciprocal(c, m, k, c) ); andre@0: CLEANUP: andre@0: mp_clear(&x); andre@0: return res; andre@0: } andre@0: andre@0: /* Known good algorithm for computing modular inverse. But slow. */ andre@0: mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_int g, x; andre@0: mp_err res; andre@0: andre@0: ARGCHK(a && m && c, MP_BADARG); andre@0: andre@0: if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) andre@0: return MP_RANGE; andre@0: andre@0: MP_DIGITS(&g) = 0; andre@0: MP_DIGITS(&x) = 0; andre@0: MP_CHECKOK( mp_init(&x) ); andre@0: MP_CHECKOK( mp_init(&g) ); andre@0: andre@0: MP_CHECKOK( mp_xgcd(a, m, &g, &x, NULL) ); andre@0: andre@0: if (mp_cmp_d(&g, 1) != MP_EQ) { andre@0: res = MP_UNDEF; andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: res = mp_mod(&x, m, c); andre@0: SIGN(c) = SIGN(a); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&x); andre@0: mp_clear(&g); andre@0: andre@0: return res; andre@0: } andre@0: andre@0: /* modular inverse where modulus is 2**k. */ andre@0: /* c = a**-1 mod 2**k */ andre@0: mp_err s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: mp_size ix = k + 4; andre@0: mp_int t0, t1, val, tmp, two2k; andre@0: andre@0: static const mp_digit d2 = 2; andre@0: static const mp_int two = { MP_ZPOS, 1, 1, (mp_digit *)&d2 }; andre@0: andre@0: if (mp_iseven(a)) andre@0: return MP_UNDEF; andre@0: if (k <= MP_DIGIT_BIT) { andre@0: mp_digit i = s_mp_invmod_radix(MP_DIGIT(a,0)); andre@0: if (k < MP_DIGIT_BIT) andre@0: i &= ((mp_digit)1 << k) - (mp_digit)1; andre@0: mp_set(c, i); andre@0: return MP_OKAY; andre@0: } andre@0: MP_DIGITS(&t0) = 0; andre@0: MP_DIGITS(&t1) = 0; andre@0: MP_DIGITS(&val) = 0; andre@0: MP_DIGITS(&tmp) = 0; andre@0: MP_DIGITS(&two2k) = 0; andre@0: MP_CHECKOK( mp_init_copy(&val, a) ); andre@0: s_mp_mod_2d(&val, k); andre@0: MP_CHECKOK( mp_init_copy(&t0, &val) ); andre@0: MP_CHECKOK( mp_init_copy(&t1, &t0) ); andre@0: MP_CHECKOK( mp_init(&tmp) ); andre@0: MP_CHECKOK( mp_init(&two2k) ); andre@0: MP_CHECKOK( s_mp_2expt(&two2k, k) ); andre@0: do { andre@0: MP_CHECKOK( mp_mul(&val, &t1, &tmp) ); andre@0: MP_CHECKOK( mp_sub(&two, &tmp, &tmp) ); andre@0: MP_CHECKOK( mp_mul(&t1, &tmp, &t1) ); andre@0: s_mp_mod_2d(&t1, k); andre@0: while (MP_SIGN(&t1) != MP_ZPOS) { andre@0: MP_CHECKOK( mp_add(&t1, &two2k, &t1) ); andre@0: } andre@0: if (mp_cmp(&t1, &t0) == MP_EQ) andre@0: break; andre@0: MP_CHECKOK( mp_copy(&t1, &t0) ); andre@0: } while (--ix > 0); andre@0: if (!ix) { andre@0: res = MP_UNDEF; andre@0: } else { andre@0: mp_exch(c, &t1); andre@0: } andre@0: andre@0: CLEANUP: andre@0: mp_clear(&t0); andre@0: mp_clear(&t1); andre@0: mp_clear(&val); andre@0: mp_clear(&tmp); andre@0: mp_clear(&two2k); andre@0: return res; andre@0: } andre@0: andre@0: mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c) andre@0: { andre@0: mp_err res; andre@0: mp_size k; andre@0: mp_int oddFactor, evenFactor; /* factors of the modulus */ andre@0: mp_int oddPart, evenPart; /* parts to combine via CRT. */ andre@0: mp_int C2, tmp1, tmp2; andre@0: andre@0: /*static const mp_digit d1 = 1; */ andre@0: /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */ andre@0: andre@0: if ((res = s_mp_ispow2(m)) >= 0) { andre@0: k = res; andre@0: return s_mp_invmod_2d(a, k, c); andre@0: } andre@0: MP_DIGITS(&oddFactor) = 0; andre@0: MP_DIGITS(&evenFactor) = 0; andre@0: MP_DIGITS(&oddPart) = 0; andre@0: MP_DIGITS(&evenPart) = 0; andre@0: MP_DIGITS(&C2) = 0; andre@0: MP_DIGITS(&tmp1) = 0; andre@0: MP_DIGITS(&tmp2) = 0; andre@0: andre@0: MP_CHECKOK( mp_init_copy(&oddFactor, m) ); /* oddFactor = m */ andre@0: MP_CHECKOK( mp_init(&evenFactor) ); andre@0: MP_CHECKOK( mp_init(&oddPart) ); andre@0: MP_CHECKOK( mp_init(&evenPart) ); andre@0: MP_CHECKOK( mp_init(&C2) ); andre@0: MP_CHECKOK( mp_init(&tmp1) ); andre@0: MP_CHECKOK( mp_init(&tmp2) ); andre@0: andre@0: k = mp_trailing_zeros(m); andre@0: s_mp_div_2d(&oddFactor, k); andre@0: MP_CHECKOK( s_mp_2expt(&evenFactor, k) ); andre@0: andre@0: /* compute a**-1 mod oddFactor. */ andre@0: MP_CHECKOK( s_mp_invmod_odd_m(a, &oddFactor, &oddPart) ); andre@0: /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */ andre@0: MP_CHECKOK( s_mp_invmod_2d( a, k, &evenPart) ); andre@0: andre@0: /* Use Chinese Remainer theorem to compute a**-1 mod m. */ andre@0: /* let m1 = oddFactor, v1 = oddPart, andre@0: * let m2 = evenFactor, v2 = evenPart. andre@0: */ andre@0: andre@0: /* Compute C2 = m1**-1 mod m2. */ andre@0: MP_CHECKOK( s_mp_invmod_2d(&oddFactor, k, &C2) ); andre@0: andre@0: /* compute u = (v2 - v1)*C2 mod m2 */ andre@0: MP_CHECKOK( mp_sub(&evenPart, &oddPart, &tmp1) ); andre@0: MP_CHECKOK( mp_mul(&tmp1, &C2, &tmp2) ); andre@0: s_mp_mod_2d(&tmp2, k); andre@0: while (MP_SIGN(&tmp2) != MP_ZPOS) { andre@0: MP_CHECKOK( mp_add(&tmp2, &evenFactor, &tmp2) ); andre@0: } andre@0: andre@0: /* compute answer = v1 + u*m1 */ andre@0: MP_CHECKOK( mp_mul(&tmp2, &oddFactor, c) ); andre@0: MP_CHECKOK( mp_add(&oddPart, c, c) ); andre@0: /* not sure this is necessary, but it's low cost if not. */ andre@0: MP_CHECKOK( mp_mod(c, m, c) ); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&oddFactor); andre@0: mp_clear(&evenFactor); andre@0: mp_clear(&oddPart); andre@0: mp_clear(&evenPart); andre@0: mp_clear(&C2); andre@0: mp_clear(&tmp1); andre@0: mp_clear(&tmp2); andre@0: return res; andre@0: } andre@0: andre@0: andre@0: /* {{{ mp_invmod(a, m, c) */ andre@0: andre@0: /* andre@0: mp_invmod(a, m, c) andre@0: andre@0: Compute c = a^-1 (mod m), if there is an inverse for a (mod m). andre@0: This is equivalent to the question of whether (a, m) = 1. If not, andre@0: MP_UNDEF is returned, and there is no inverse. andre@0: */ andre@0: andre@0: mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c) andre@0: { andre@0: andre@0: ARGCHK(a && m && c, MP_BADARG); andre@0: andre@0: if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) andre@0: return MP_RANGE; andre@0: andre@0: if (mp_isodd(m)) { andre@0: return s_mp_invmod_odd_m(a, m, c); andre@0: } andre@0: if (mp_iseven(a)) andre@0: return MP_UNDEF; /* not invertable */ andre@0: andre@0: return s_mp_invmod_even_m(a, m, c); andre@0: andre@0: } /* end mp_invmod() */ andre@0: andre@0: /* }}} */ andre@0: #endif /* if MP_NUMTH */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ mp_print(mp, ofp) */ andre@0: andre@0: #if MP_IOFUNC andre@0: /* andre@0: mp_print(mp, ofp) andre@0: andre@0: Print a textual representation of the given mp_int on the output andre@0: stream 'ofp'. Output is generated using the internal radix. andre@0: */ andre@0: andre@0: void mp_print(mp_int *mp, FILE *ofp) andre@0: { andre@0: int ix; andre@0: andre@0: if(mp == NULL || ofp == NULL) andre@0: return; andre@0: andre@0: fputc((SIGN(mp) == NEG) ? '-' : '+', ofp); andre@0: andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix)); andre@0: } andre@0: andre@0: } /* end mp_print() */ andre@0: andre@0: #endif /* if MP_IOFUNC */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* {{{ More I/O Functions */ andre@0: andre@0: /* {{{ mp_read_raw(mp, str, len) */ andre@0: andre@0: /* andre@0: mp_read_raw(mp, str, len) andre@0: andre@0: Read in a raw value (base 256) into the given mp_int andre@0: */ andre@0: andre@0: mp_err mp_read_raw(mp_int *mp, char *str, int len) andre@0: { andre@0: int ix; andre@0: mp_err res; andre@0: unsigned char *ustr = (unsigned char *)str; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); andre@0: andre@0: mp_zero(mp); andre@0: andre@0: /* Get sign from first byte */ andre@0: if(ustr[0]) andre@0: SIGN(mp) = NEG; andre@0: else andre@0: SIGN(mp) = ZPOS; andre@0: andre@0: /* Read the rest of the digits */ andre@0: for(ix = 1; ix < len; ix++) { andre@0: if((res = mp_mul_d(mp, 256, mp)) != MP_OKAY) andre@0: return res; andre@0: if((res = mp_add_d(mp, ustr[ix], mp)) != MP_OKAY) andre@0: return res; andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_read_raw() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_raw_size(mp) */ andre@0: andre@0: int mp_raw_size(mp_int *mp) andre@0: { andre@0: ARGCHK(mp != NULL, 0); andre@0: andre@0: return (USED(mp) * sizeof(mp_digit)) + 1; andre@0: andre@0: } /* end mp_raw_size() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_toraw(mp, str) */ andre@0: andre@0: mp_err mp_toraw(mp_int *mp, char *str) andre@0: { andre@0: int ix, jx, pos = 1; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL, MP_BADARG); andre@0: andre@0: str[0] = (char)SIGN(mp); andre@0: andre@0: /* Iterate over each digit... */ andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: mp_digit d = DIGIT(mp, ix); andre@0: andre@0: /* Unpack digit bytes, high order first */ andre@0: for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { andre@0: str[pos++] = (char)(d >> (jx * CHAR_BIT)); andre@0: } andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_toraw() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_read_radix(mp, str, radix) */ andre@0: andre@0: /* andre@0: mp_read_radix(mp, str, radix) andre@0: andre@0: Read an integer from the given string, and set mp to the resulting andre@0: value. The input is presumed to be in base 10. Leading non-digit andre@0: characters are ignored, and the function reads until a non-digit andre@0: character or the end of the string. andre@0: */ andre@0: andre@0: mp_err mp_read_radix(mp_int *mp, const char *str, int radix) andre@0: { andre@0: int ix = 0, val = 0; andre@0: mp_err res; andre@0: mp_sign sig = ZPOS; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX, andre@0: MP_BADARG); andre@0: andre@0: mp_zero(mp); andre@0: andre@0: /* Skip leading non-digit characters until a digit or '-' or '+' */ andre@0: while(str[ix] && andre@0: (s_mp_tovalue(str[ix], radix) < 0) && andre@0: str[ix] != '-' && andre@0: str[ix] != '+') { andre@0: ++ix; andre@0: } andre@0: andre@0: if(str[ix] == '-') { andre@0: sig = NEG; andre@0: ++ix; andre@0: } else if(str[ix] == '+') { andre@0: sig = ZPOS; /* this is the default anyway... */ andre@0: ++ix; andre@0: } andre@0: andre@0: while((val = s_mp_tovalue(str[ix], radix)) >= 0) { andre@0: if((res = s_mp_mul_d(mp, radix)) != MP_OKAY) andre@0: return res; andre@0: if((res = s_mp_add_d(mp, val)) != MP_OKAY) andre@0: return res; andre@0: ++ix; andre@0: } andre@0: andre@0: if(s_mp_cmp_d(mp, 0) == MP_EQ) andre@0: SIGN(mp) = ZPOS; andre@0: else andre@0: SIGN(mp) = sig; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_read_radix() */ andre@0: andre@0: mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix) andre@0: { andre@0: int radix = default_radix; andre@0: int cx; andre@0: mp_sign sig = ZPOS; andre@0: mp_err res; andre@0: andre@0: /* Skip leading non-digit characters until a digit or '-' or '+' */ andre@0: while ((cx = *str) != 0 && andre@0: (s_mp_tovalue(cx, radix) < 0) && andre@0: cx != '-' && andre@0: cx != '+') { andre@0: ++str; andre@0: } andre@0: andre@0: if (cx == '-') { andre@0: sig = NEG; andre@0: ++str; andre@0: } else if (cx == '+') { andre@0: sig = ZPOS; /* this is the default anyway... */ andre@0: ++str; andre@0: } andre@0: andre@0: if (str[0] == '0') { andre@0: if ((str[1] | 0x20) == 'x') { andre@0: radix = 16; andre@0: str += 2; andre@0: } else { andre@0: radix = 8; andre@0: str++; andre@0: } andre@0: } andre@0: res = mp_read_radix(a, str, radix); andre@0: if (res == MP_OKAY) { andre@0: MP_SIGN(a) = (s_mp_cmp_d(a, 0) == MP_EQ) ? ZPOS : sig; andre@0: } andre@0: return res; andre@0: } andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_radix_size(mp, radix) */ andre@0: andre@0: int mp_radix_size(mp_int *mp, int radix) andre@0: { andre@0: int bits; andre@0: andre@0: if(!mp || radix < 2 || radix > MAX_RADIX) andre@0: return 0; andre@0: andre@0: bits = USED(mp) * DIGIT_BIT - 1; andre@0: andre@0: return s_mp_outlen(bits, radix); andre@0: andre@0: } /* end mp_radix_size() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_toradix(mp, str, radix) */ andre@0: andre@0: mp_err mp_toradix(mp_int *mp, char *str, int radix) andre@0: { andre@0: int ix, pos = 0; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL, MP_BADARG); andre@0: ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE); andre@0: andre@0: if(mp_cmp_z(mp) == MP_EQ) { andre@0: str[0] = '0'; andre@0: str[1] = '\0'; andre@0: } else { andre@0: mp_err res; andre@0: mp_int tmp; andre@0: mp_sign sgn; andre@0: mp_digit rem, rdx = (mp_digit)radix; andre@0: char ch; andre@0: andre@0: if((res = mp_init_copy(&tmp, mp)) != MP_OKAY) andre@0: return res; andre@0: andre@0: /* Save sign for later, and take absolute value */ andre@0: sgn = SIGN(&tmp); SIGN(&tmp) = ZPOS; andre@0: andre@0: /* Generate output digits in reverse order */ andre@0: while(mp_cmp_z(&tmp) != 0) { andre@0: if((res = mp_div_d(&tmp, rdx, &tmp, &rem)) != MP_OKAY) { andre@0: mp_clear(&tmp); andre@0: return res; andre@0: } andre@0: andre@0: /* Generate digits, use capital letters */ andre@0: ch = s_mp_todigit(rem, radix, 0); andre@0: andre@0: str[pos++] = ch; andre@0: } andre@0: andre@0: /* Add - sign if original value was negative */ andre@0: if(sgn == NEG) andre@0: str[pos++] = '-'; andre@0: andre@0: /* Add trailing NUL to end the string */ andre@0: str[pos--] = '\0'; andre@0: andre@0: /* Reverse the digits and sign indicator */ andre@0: ix = 0; andre@0: while(ix < pos) { andre@0: char tmp = str[ix]; andre@0: andre@0: str[ix] = str[pos]; andre@0: str[pos] = tmp; andre@0: ++ix; andre@0: --pos; andre@0: } andre@0: andre@0: mp_clear(&tmp); andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end mp_toradix() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_tovalue(ch, r) */ andre@0: andre@0: int mp_tovalue(char ch, int r) andre@0: { andre@0: return s_mp_tovalue(ch, r); andre@0: andre@0: } /* end mp_tovalue() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_strerror(ec) */ andre@0: andre@0: /* andre@0: mp_strerror(ec) andre@0: andre@0: Return a string describing the meaning of error code 'ec'. The andre@0: string returned is allocated in static memory, so the caller should andre@0: not attempt to modify or free the memory associated with this andre@0: string. andre@0: */ andre@0: const char *mp_strerror(mp_err ec) andre@0: { andre@0: int aec = (ec < 0) ? -ec : ec; andre@0: andre@0: /* Code values are negative, so the senses of these comparisons andre@0: are accurate */ andre@0: if(ec < MP_LAST_CODE || ec > MP_OKAY) { andre@0: return mp_err_string[0]; /* unknown error code */ andre@0: } else { andre@0: return mp_err_string[aec + 1]; andre@0: } andre@0: andre@0: } /* end mp_strerror() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /*========================================================================*/ andre@0: /*------------------------------------------------------------------------*/ andre@0: /* Static function definitions (internal use only) */ andre@0: andre@0: /* {{{ Memory management */ andre@0: andre@0: /* {{{ s_mp_grow(mp, min) */ andre@0: andre@0: /* Make sure there are at least 'min' digits allocated to mp */ andre@0: mp_err s_mp_grow(mp_int *mp, mp_size min) andre@0: { andre@0: if(min > ALLOC(mp)) { andre@0: mp_digit *tmp; andre@0: andre@0: /* Set min to next nearest default precision block size */ andre@0: min = MP_ROUNDUP(min, s_mp_defprec); andre@0: andre@0: if((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL) andre@0: return MP_MEM; andre@0: andre@0: s_mp_copy(DIGITS(mp), tmp, USED(mp)); andre@0: andre@0: #if MP_CRYPTO andre@0: s_mp_setz(DIGITS(mp), ALLOC(mp)); andre@0: #endif andre@0: s_mp_free(DIGITS(mp)); andre@0: DIGITS(mp) = tmp; andre@0: ALLOC(mp) = min; andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end s_mp_grow() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_pad(mp, min) */ andre@0: andre@0: /* Make sure the used size of mp is at least 'min', growing if needed */ andre@0: mp_err s_mp_pad(mp_int *mp, mp_size min) andre@0: { andre@0: if(min > USED(mp)) { andre@0: mp_err res; andre@0: andre@0: /* Make sure there is room to increase precision */ andre@0: if (min > ALLOC(mp)) { andre@0: if ((res = s_mp_grow(mp, min)) != MP_OKAY) andre@0: return res; andre@0: } else { andre@0: s_mp_setz(DIGITS(mp) + USED(mp), min - USED(mp)); andre@0: } andre@0: andre@0: /* Increase precision; should already be 0-filled */ andre@0: USED(mp) = min; andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end s_mp_pad() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_setz(dp, count) */ andre@0: andre@0: #if MP_MACRO == 0 andre@0: /* Set 'count' digits pointed to by dp to be zeroes */ andre@0: void s_mp_setz(mp_digit *dp, mp_size count) andre@0: { andre@0: #if MP_MEMSET == 0 andre@0: int ix; andre@0: andre@0: for(ix = 0; ix < count; ix++) andre@0: dp[ix] = 0; andre@0: #else andre@0: memset(dp, 0, count * sizeof(mp_digit)); andre@0: #endif andre@0: andre@0: } /* end s_mp_setz() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_copy(sp, dp, count) */ andre@0: andre@0: #if MP_MACRO == 0 andre@0: /* Copy 'count' digits from sp to dp */ andre@0: void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count) andre@0: { andre@0: #if MP_MEMCPY == 0 andre@0: int ix; andre@0: andre@0: for(ix = 0; ix < count; ix++) andre@0: dp[ix] = sp[ix]; andre@0: #else andre@0: memcpy(dp, sp, count * sizeof(mp_digit)); andre@0: #endif andre@0: ++mp_copies; andre@0: andre@0: } /* end s_mp_copy() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_alloc(nb, ni) */ andre@0: andre@0: #if MP_MACRO == 0 andre@0: /* Allocate ni records of nb bytes each, and return a pointer to that */ andre@0: void *s_mp_alloc(size_t nb, size_t ni) andre@0: { andre@0: ++mp_allocs; andre@0: return calloc(nb, ni); andre@0: andre@0: } /* end s_mp_alloc() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_free(ptr) */ andre@0: andre@0: #if MP_MACRO == 0 andre@0: /* Free the memory pointed to by ptr */ andre@0: void s_mp_free(void *ptr) andre@0: { andre@0: if(ptr) { andre@0: ++mp_frees; andre@0: free(ptr); andre@0: } andre@0: } /* end s_mp_free() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_clamp(mp) */ andre@0: andre@0: #if MP_MACRO == 0 andre@0: /* Remove leading zeroes from the given value */ andre@0: void s_mp_clamp(mp_int *mp) andre@0: { andre@0: mp_size used = MP_USED(mp); andre@0: while (used > 1 && DIGIT(mp, used - 1) == 0) andre@0: --used; andre@0: MP_USED(mp) = used; andre@0: } /* end s_mp_clamp() */ andre@0: #endif andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_exch(a, b) */ andre@0: andre@0: /* Exchange the data for a and b; (b, a) = (a, b) */ andre@0: void s_mp_exch(mp_int *a, mp_int *b) andre@0: { andre@0: mp_int tmp; andre@0: andre@0: tmp = *a; andre@0: *a = *b; andre@0: *b = tmp; andre@0: andre@0: } /* end s_mp_exch() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ Arithmetic helpers */ andre@0: andre@0: /* {{{ s_mp_lshd(mp, p) */ andre@0: andre@0: /* andre@0: Shift mp leftward by p digits, growing if needed, and zero-filling andre@0: the in-shifted digits at the right end. This is a convenient andre@0: alternative to multiplication by powers of the radix andre@0: */ andre@0: andre@0: mp_err s_mp_lshd(mp_int *mp, mp_size p) andre@0: { andre@0: mp_err res; andre@0: mp_size pos; andre@0: int ix; andre@0: andre@0: if(p == 0) andre@0: return MP_OKAY; andre@0: andre@0: if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0) andre@0: return MP_OKAY; andre@0: andre@0: if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) andre@0: return res; andre@0: andre@0: pos = USED(mp) - 1; andre@0: andre@0: /* Shift all the significant figures over as needed */ andre@0: for(ix = pos - p; ix >= 0; ix--) andre@0: DIGIT(mp, ix + p) = DIGIT(mp, ix); andre@0: andre@0: /* Fill the bottom digits with zeroes */ andre@0: for(ix = 0; ix < p; ix++) andre@0: DIGIT(mp, ix) = 0; andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end s_mp_lshd() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_mul_2d(mp, d) */ andre@0: andre@0: /* andre@0: Multiply the integer by 2^d, where d is a number of bits. This andre@0: amounts to a bitwise shift of the value. andre@0: */ andre@0: mp_err s_mp_mul_2d(mp_int *mp, mp_digit d) andre@0: { andre@0: mp_err res; andre@0: mp_digit dshift, bshift; andre@0: mp_digit mask; andre@0: andre@0: ARGCHK(mp != NULL, MP_BADARG); andre@0: andre@0: dshift = d / MP_DIGIT_BIT; andre@0: bshift = d % MP_DIGIT_BIT; andre@0: /* bits to be shifted out of the top word */ andre@0: mask = ((mp_digit)~0 << (MP_DIGIT_BIT - bshift)); andre@0: mask &= MP_DIGIT(mp, MP_USED(mp) - 1); andre@0: andre@0: if (MP_OKAY != (res = s_mp_pad(mp, MP_USED(mp) + dshift + (mask != 0) ))) andre@0: return res; andre@0: andre@0: if (dshift && MP_OKAY != (res = s_mp_lshd(mp, dshift))) andre@0: return res; andre@0: andre@0: if (bshift) { andre@0: mp_digit *pa = MP_DIGITS(mp); andre@0: mp_digit *alim = pa + MP_USED(mp); andre@0: mp_digit prev = 0; andre@0: andre@0: for (pa += dshift; pa < alim; ) { andre@0: mp_digit x = *pa; andre@0: *pa++ = (x << bshift) | prev; andre@0: prev = x >> (DIGIT_BIT - bshift); andre@0: } andre@0: } andre@0: andre@0: s_mp_clamp(mp); andre@0: return MP_OKAY; andre@0: } /* end s_mp_mul_2d() */ andre@0: andre@0: /* {{{ s_mp_rshd(mp, p) */ andre@0: andre@0: /* andre@0: Shift mp rightward by p digits. Maintains the invariant that andre@0: digits above the precision are all zero. Digits shifted off the andre@0: end are lost. Cannot fail. andre@0: */ andre@0: andre@0: void s_mp_rshd(mp_int *mp, mp_size p) andre@0: { andre@0: mp_size ix; andre@0: mp_digit *src, *dst; andre@0: andre@0: if(p == 0) andre@0: return; andre@0: andre@0: /* Shortcut when all digits are to be shifted off */ andre@0: if(p >= USED(mp)) { andre@0: s_mp_setz(DIGITS(mp), ALLOC(mp)); andre@0: USED(mp) = 1; andre@0: SIGN(mp) = ZPOS; andre@0: return; andre@0: } andre@0: andre@0: /* Shift all the significant figures over as needed */ andre@0: dst = MP_DIGITS(mp); andre@0: src = dst + p; andre@0: for (ix = USED(mp) - p; ix > 0; ix--) andre@0: *dst++ = *src++; andre@0: andre@0: MP_USED(mp) -= p; andre@0: /* Fill the top digits with zeroes */ andre@0: while (p-- > 0) andre@0: *dst++ = 0; andre@0: andre@0: #if 0 andre@0: /* Strip off any leading zeroes */ andre@0: s_mp_clamp(mp); andre@0: #endif andre@0: andre@0: } /* end s_mp_rshd() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_div_2(mp) */ andre@0: andre@0: /* Divide by two -- take advantage of radix properties to do it fast */ andre@0: void s_mp_div_2(mp_int *mp) andre@0: { andre@0: s_mp_div_2d(mp, 1); andre@0: andre@0: } /* end s_mp_div_2() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_mul_2(mp) */ andre@0: andre@0: mp_err s_mp_mul_2(mp_int *mp) andre@0: { andre@0: mp_digit *pd; andre@0: int ix, used; andre@0: mp_digit kin = 0; andre@0: andre@0: /* Shift digits leftward by 1 bit */ andre@0: used = MP_USED(mp); andre@0: pd = MP_DIGITS(mp); andre@0: for (ix = 0; ix < used; ix++) { andre@0: mp_digit d = *pd; andre@0: *pd++ = (d << 1) | kin; andre@0: kin = (d >> (DIGIT_BIT - 1)); andre@0: } andre@0: andre@0: /* Deal with rollover from last digit */ andre@0: if (kin) { andre@0: if (ix >= ALLOC(mp)) { andre@0: mp_err res; andre@0: if((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY) andre@0: return res; andre@0: } andre@0: andre@0: DIGIT(mp, ix) = kin; andre@0: USED(mp) += 1; andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end s_mp_mul_2() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_mod_2d(mp, d) */ andre@0: andre@0: /* andre@0: Remainder the integer by 2^d, where d is a number of bits. This andre@0: amounts to a bitwise AND of the value, and does not require the full andre@0: division code andre@0: */ andre@0: void s_mp_mod_2d(mp_int *mp, mp_digit d) andre@0: { andre@0: mp_size ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT); andre@0: mp_size ix; andre@0: mp_digit dmask; andre@0: andre@0: if(ndig >= USED(mp)) andre@0: return; andre@0: andre@0: /* Flush all the bits above 2^d in its digit */ andre@0: dmask = ((mp_digit)1 << nbit) - 1; andre@0: DIGIT(mp, ndig) &= dmask; andre@0: andre@0: /* Flush all digits above the one with 2^d in it */ andre@0: for(ix = ndig + 1; ix < USED(mp); ix++) andre@0: DIGIT(mp, ix) = 0; andre@0: andre@0: s_mp_clamp(mp); andre@0: andre@0: } /* end s_mp_mod_2d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_div_2d(mp, d) */ andre@0: andre@0: /* andre@0: Divide the integer by 2^d, where d is a number of bits. This andre@0: amounts to a bitwise shift of the value, and does not require the andre@0: full division code (used in Barrett reduction, see below) andre@0: */ andre@0: void s_mp_div_2d(mp_int *mp, mp_digit d) andre@0: { andre@0: int ix; andre@0: mp_digit save, next, mask; andre@0: andre@0: s_mp_rshd(mp, d / DIGIT_BIT); andre@0: d %= DIGIT_BIT; andre@0: if (d) { andre@0: mask = ((mp_digit)1 << d) - 1; andre@0: save = 0; andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: next = DIGIT(mp, ix) & mask; andre@0: DIGIT(mp, ix) = (DIGIT(mp, ix) >> d) | (save << (DIGIT_BIT - d)); andre@0: save = next; andre@0: } andre@0: } andre@0: s_mp_clamp(mp); andre@0: andre@0: } /* end s_mp_div_2d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_norm(a, b, *d) */ andre@0: andre@0: /* andre@0: s_mp_norm(a, b, *d) andre@0: andre@0: Normalize a and b for division, where b is the divisor. In order andre@0: that we might make good guesses for quotient digits, we want the andre@0: leading digit of b to be at least half the radix, which we andre@0: accomplish by multiplying a and b by a power of 2. The exponent andre@0: (shift count) is placed in *pd, so that the remainder can be shifted andre@0: back at the end of the division process. andre@0: */ andre@0: andre@0: mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd) andre@0: { andre@0: mp_digit d; andre@0: mp_digit mask; andre@0: mp_digit b_msd; andre@0: mp_err res = MP_OKAY; andre@0: andre@0: d = 0; andre@0: mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */ andre@0: b_msd = DIGIT(b, USED(b) - 1); andre@0: while (!(b_msd & mask)) { andre@0: b_msd <<= 1; andre@0: ++d; andre@0: } andre@0: andre@0: if (d) { andre@0: MP_CHECKOK( s_mp_mul_2d(a, d) ); andre@0: MP_CHECKOK( s_mp_mul_2d(b, d) ); andre@0: } andre@0: andre@0: *pd = d; andre@0: CLEANUP: andre@0: return res; andre@0: andre@0: } /* end s_mp_norm() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ Primitive digit arithmetic */ andre@0: andre@0: /* {{{ s_mp_add_d(mp, d) */ andre@0: andre@0: /* Add d to |mp| in place */ andre@0: mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */ andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: mp_word w, k = 0; andre@0: mp_size ix = 1; andre@0: andre@0: w = (mp_word)DIGIT(mp, 0) + d; andre@0: DIGIT(mp, 0) = ACCUM(w); andre@0: k = CARRYOUT(w); andre@0: andre@0: while(ix < USED(mp) && k) { andre@0: w = (mp_word)DIGIT(mp, ix) + k; andre@0: DIGIT(mp, ix) = ACCUM(w); andre@0: k = CARRYOUT(w); andre@0: ++ix; andre@0: } andre@0: andre@0: if(k != 0) { andre@0: mp_err res; andre@0: andre@0: if((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(mp, ix) = (mp_digit)k; andre@0: } andre@0: andre@0: return MP_OKAY; andre@0: #else andre@0: mp_digit * pmp = MP_DIGITS(mp); andre@0: mp_digit sum, mp_i, carry = 0; andre@0: mp_err res = MP_OKAY; andre@0: int used = (int)MP_USED(mp); andre@0: andre@0: mp_i = *pmp; andre@0: *pmp++ = sum = d + mp_i; andre@0: carry = (sum < d); andre@0: while (carry && --used > 0) { andre@0: mp_i = *pmp; andre@0: *pmp++ = sum = carry + mp_i; andre@0: carry = !sum; andre@0: } andre@0: if (carry && !used) { andre@0: /* mp is growing */ andre@0: used = MP_USED(mp); andre@0: MP_CHECKOK( s_mp_pad(mp, used + 1) ); andre@0: MP_DIGIT(mp, used) = carry; andre@0: } andre@0: CLEANUP: andre@0: return res; andre@0: #endif andre@0: } /* end s_mp_add_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_sub_d(mp, d) */ andre@0: andre@0: /* Subtract d from |mp| in place, assumes |mp| > d */ andre@0: mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */ andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: mp_word w, b = 0; andre@0: mp_size ix = 1; andre@0: andre@0: /* Compute initial subtraction */ andre@0: w = (RADIX + (mp_word)DIGIT(mp, 0)) - d; andre@0: b = CARRYOUT(w) ? 0 : 1; andre@0: DIGIT(mp, 0) = ACCUM(w); andre@0: andre@0: /* Propagate borrows leftward */ andre@0: while(b && ix < USED(mp)) { andre@0: w = (RADIX + (mp_word)DIGIT(mp, ix)) - b; andre@0: b = CARRYOUT(w) ? 0 : 1; andre@0: DIGIT(mp, ix) = ACCUM(w); andre@0: ++ix; andre@0: } andre@0: andre@0: /* Remove leading zeroes */ andre@0: s_mp_clamp(mp); andre@0: andre@0: /* If we have a borrow out, it's a violation of the input invariant */ andre@0: if(b) andre@0: return MP_RANGE; andre@0: else andre@0: return MP_OKAY; andre@0: #else andre@0: mp_digit *pmp = MP_DIGITS(mp); andre@0: mp_digit mp_i, diff, borrow; andre@0: mp_size used = MP_USED(mp); andre@0: andre@0: mp_i = *pmp; andre@0: *pmp++ = diff = mp_i - d; andre@0: borrow = (diff > mp_i); andre@0: while (borrow && --used) { andre@0: mp_i = *pmp; andre@0: *pmp++ = diff = mp_i - borrow; andre@0: borrow = (diff > mp_i); andre@0: } andre@0: s_mp_clamp(mp); andre@0: return (borrow && !used) ? MP_RANGE : MP_OKAY; andre@0: #endif andre@0: } /* end s_mp_sub_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_mul_d(a, d) */ andre@0: andre@0: /* Compute a = a * d, single digit multiplication */ andre@0: mp_err s_mp_mul_d(mp_int *a, mp_digit d) andre@0: { andre@0: mp_err res; andre@0: mp_size used; andre@0: int pow; andre@0: andre@0: if (!d) { andre@0: mp_zero(a); andre@0: return MP_OKAY; andre@0: } andre@0: if (d == 1) andre@0: return MP_OKAY; andre@0: if (0 <= (pow = s_mp_ispow2d(d))) { andre@0: return s_mp_mul_2d(a, (mp_digit)pow); andre@0: } andre@0: andre@0: used = MP_USED(a); andre@0: MP_CHECKOK( s_mp_pad(a, used + 1) ); andre@0: andre@0: s_mpv_mul_d(MP_DIGITS(a), used, d, MP_DIGITS(a)); andre@0: andre@0: s_mp_clamp(a); andre@0: andre@0: CLEANUP: andre@0: return res; andre@0: andre@0: } /* end s_mp_mul_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_div_d(mp, d, r) */ andre@0: andre@0: /* andre@0: s_mp_div_d(mp, d, r) andre@0: andre@0: Compute the quotient mp = mp / d and remainder r = mp mod d, for a andre@0: single digit d. If r is null, the remainder will be discarded. andre@0: */ andre@0: andre@0: mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r) andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) andre@0: mp_word w = 0, q; andre@0: #else andre@0: mp_digit w, q; andre@0: #endif andre@0: int ix; andre@0: mp_err res; andre@0: mp_int quot; andre@0: mp_int rem; andre@0: andre@0: if(d == 0) andre@0: return MP_RANGE; andre@0: if (d == 1) { andre@0: if (r) andre@0: *r = 0; andre@0: return MP_OKAY; andre@0: } andre@0: /* could check for power of 2 here, but mp_div_d does that. */ andre@0: if (MP_USED(mp) == 1) { andre@0: mp_digit n = MP_DIGIT(mp,0); andre@0: mp_digit rem; andre@0: andre@0: q = n / d; andre@0: rem = n % d; andre@0: MP_DIGIT(mp,0) = q; andre@0: if (r) andre@0: *r = rem; andre@0: return MP_OKAY; andre@0: } andre@0: andre@0: MP_DIGITS(&rem) = 0; andre@0: MP_DIGITS(") = 0; andre@0: /* Make room for the quotient */ andre@0: MP_CHECKOK( mp_init_size(", USED(mp)) ); andre@0: andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: w = (w << DIGIT_BIT) | DIGIT(mp, ix); andre@0: andre@0: if(w >= d) { andre@0: q = w / d; andre@0: w = w % d; andre@0: } else { andre@0: q = 0; andre@0: } andre@0: andre@0: s_mp_lshd(", 1); andre@0: DIGIT(", 0) = (mp_digit)q; andre@0: } andre@0: #else andre@0: { andre@0: mp_digit p; andre@0: #if !defined(MP_ASSEMBLY_DIV_2DX1D) andre@0: mp_digit norm; andre@0: #endif andre@0: andre@0: MP_CHECKOK( mp_init_copy(&rem, mp) ); andre@0: andre@0: #if !defined(MP_ASSEMBLY_DIV_2DX1D) andre@0: MP_DIGIT(", 0) = d; andre@0: MP_CHECKOK( s_mp_norm(&rem, ", &norm) ); andre@0: if (norm) andre@0: d <<= norm; andre@0: MP_DIGIT(", 0) = 0; andre@0: #endif andre@0: andre@0: p = 0; andre@0: for (ix = USED(&rem) - 1; ix >= 0; ix--) { andre@0: w = DIGIT(&rem, ix); andre@0: andre@0: if (p) { andre@0: MP_CHECKOK( s_mpv_div_2dx1d(p, w, d, &q, &w) ); andre@0: } else if (w >= d) { andre@0: q = w / d; andre@0: w = w % d; andre@0: } else { andre@0: q = 0; andre@0: } andre@0: andre@0: MP_CHECKOK( s_mp_lshd(", 1) ); andre@0: DIGIT(", 0) = q; andre@0: p = w; andre@0: } andre@0: #if !defined(MP_ASSEMBLY_DIV_2DX1D) andre@0: if (norm) andre@0: w >>= norm; andre@0: #endif andre@0: } andre@0: #endif andre@0: andre@0: /* Deliver the remainder, if desired */ andre@0: if(r) andre@0: *r = (mp_digit)w; andre@0: andre@0: s_mp_clamp("); andre@0: mp_exch(", mp); andre@0: CLEANUP: andre@0: mp_clear("); andre@0: mp_clear(&rem); andre@0: andre@0: return res; andre@0: } /* end s_mp_div_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ Primitive full arithmetic */ andre@0: andre@0: /* {{{ s_mp_add(a, b) */ andre@0: andre@0: /* Compute a = |a| + |b| */ andre@0: mp_err s_mp_add(mp_int *a, const mp_int *b) /* magnitude addition */ andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: mp_word w = 0; andre@0: #else andre@0: mp_digit d, sum, carry = 0; andre@0: #endif andre@0: mp_digit *pa, *pb; andre@0: mp_size ix; andre@0: mp_size used; andre@0: mp_err res; andre@0: andre@0: /* Make sure a has enough precision for the output value */ andre@0: if((USED(b) > USED(a)) && (res = s_mp_pad(a, USED(b))) != MP_OKAY) andre@0: return res; andre@0: andre@0: /* andre@0: Add up all digits up to the precision of b. If b had initially andre@0: the same precision as a, or greater, we took care of it by the andre@0: padding step above, so there is no problem. If b had initially andre@0: less precision, we'll have to make sure the carry out is duly andre@0: propagated upward among the higher-order digits of the sum. andre@0: */ andre@0: pa = MP_DIGITS(a); andre@0: pb = MP_DIGITS(b); andre@0: used = MP_USED(b); andre@0: for(ix = 0; ix < used; ix++) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: w = w + *pa + *pb++; andre@0: *pa++ = ACCUM(w); andre@0: w = CARRYOUT(w); andre@0: #else andre@0: d = *pa; andre@0: sum = d + *pb++; andre@0: d = (sum < d); /* detect overflow */ andre@0: *pa++ = sum += carry; andre@0: carry = d + (sum < carry); /* detect overflow */ andre@0: #endif andre@0: } andre@0: andre@0: /* If we run out of 'b' digits before we're actually done, make andre@0: sure the carries get propagated upward... andre@0: */ andre@0: used = MP_USED(a); andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: while (w && ix < used) { andre@0: w = w + *pa; andre@0: *pa++ = ACCUM(w); andre@0: w = CARRYOUT(w); andre@0: ++ix; andre@0: } andre@0: #else andre@0: while (carry && ix < used) { andre@0: sum = carry + *pa; andre@0: *pa++ = sum; andre@0: carry = !sum; andre@0: ++ix; andre@0: } andre@0: #endif andre@0: andre@0: /* If there's an overall carry out, increase precision and include andre@0: it. We could have done this initially, but why touch the memory andre@0: allocator unless we're sure we have to? andre@0: */ andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: if (w) { andre@0: if((res = s_mp_pad(a, used + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(a, ix) = (mp_digit)w; andre@0: } andre@0: #else andre@0: if (carry) { andre@0: if((res = s_mp_pad(a, used + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(a, used) = carry; andre@0: } andre@0: #endif andre@0: andre@0: return MP_OKAY; andre@0: } /* end s_mp_add() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* Compute c = |a| + |b| */ /* magnitude addition */ andre@0: mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c) andre@0: { andre@0: mp_digit *pa, *pb, *pc; andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: mp_word w = 0; andre@0: #else andre@0: mp_digit sum, carry = 0, d; andre@0: #endif andre@0: mp_size ix; andre@0: mp_size used; andre@0: mp_err res; andre@0: andre@0: MP_SIGN(c) = MP_SIGN(a); andre@0: if (MP_USED(a) < MP_USED(b)) { andre@0: const mp_int *xch = a; andre@0: a = b; andre@0: b = xch; andre@0: } andre@0: andre@0: /* Make sure a has enough precision for the output value */ andre@0: if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a)))) andre@0: return res; andre@0: andre@0: /* andre@0: Add up all digits up to the precision of b. If b had initially andre@0: the same precision as a, or greater, we took care of it by the andre@0: exchange step above, so there is no problem. If b had initially andre@0: less precision, we'll have to make sure the carry out is duly andre@0: propagated upward among the higher-order digits of the sum. andre@0: */ andre@0: pa = MP_DIGITS(a); andre@0: pb = MP_DIGITS(b); andre@0: pc = MP_DIGITS(c); andre@0: used = MP_USED(b); andre@0: for (ix = 0; ix < used; ix++) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: w = w + *pa++ + *pb++; andre@0: *pc++ = ACCUM(w); andre@0: w = CARRYOUT(w); andre@0: #else andre@0: d = *pa++; andre@0: sum = d + *pb++; andre@0: d = (sum < d); /* detect overflow */ andre@0: *pc++ = sum += carry; andre@0: carry = d + (sum < carry); /* detect overflow */ andre@0: #endif andre@0: } andre@0: andre@0: /* If we run out of 'b' digits before we're actually done, make andre@0: sure the carries get propagated upward... andre@0: */ andre@0: for (used = MP_USED(a); ix < used; ++ix) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: w = w + *pa++; andre@0: *pc++ = ACCUM(w); andre@0: w = CARRYOUT(w); andre@0: #else andre@0: *pc++ = sum = carry + *pa++; andre@0: carry = (sum < carry); andre@0: #endif andre@0: } andre@0: andre@0: /* If there's an overall carry out, increase precision and include andre@0: it. We could have done this initially, but why touch the memory andre@0: allocator unless we're sure we have to? andre@0: */ andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: if (w) { andre@0: if((res = s_mp_pad(c, used + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(c, used) = (mp_digit)w; andre@0: ++used; andre@0: } andre@0: #else andre@0: if (carry) { andre@0: if((res = s_mp_pad(c, used + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(c, used) = carry; andre@0: ++used; andre@0: } andre@0: #endif andre@0: MP_USED(c) = used; andre@0: return MP_OKAY; andre@0: } andre@0: /* {{{ s_mp_add_offset(a, b, offset) */ andre@0: andre@0: /* Compute a = |a| + ( |b| * (RADIX ** offset) ) */ andre@0: mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset) andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: mp_word w, k = 0; andre@0: #else andre@0: mp_digit d, sum, carry = 0; andre@0: #endif andre@0: mp_size ib; andre@0: mp_size ia; andre@0: mp_size lim; andre@0: mp_err res; andre@0: andre@0: /* Make sure a has enough precision for the output value */ andre@0: lim = MP_USED(b) + offset; andre@0: if((lim > USED(a)) && (res = s_mp_pad(a, lim)) != MP_OKAY) andre@0: return res; andre@0: andre@0: /* andre@0: Add up all digits up to the precision of b. If b had initially andre@0: the same precision as a, or greater, we took care of it by the andre@0: padding step above, so there is no problem. If b had initially andre@0: less precision, we'll have to make sure the carry out is duly andre@0: propagated upward among the higher-order digits of the sum. andre@0: */ andre@0: lim = USED(b); andre@0: for(ib = 0, ia = offset; ib < lim; ib++, ia++) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: w = (mp_word)DIGIT(a, ia) + DIGIT(b, ib) + k; andre@0: DIGIT(a, ia) = ACCUM(w); andre@0: k = CARRYOUT(w); andre@0: #else andre@0: d = MP_DIGIT(a, ia); andre@0: sum = d + MP_DIGIT(b, ib); andre@0: d = (sum < d); andre@0: MP_DIGIT(a,ia) = sum += carry; andre@0: carry = d + (sum < carry); andre@0: #endif andre@0: } andre@0: andre@0: /* If we run out of 'b' digits before we're actually done, make andre@0: sure the carries get propagated upward... andre@0: */ andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: for (lim = MP_USED(a); k && (ia < lim); ++ia) { andre@0: w = (mp_word)DIGIT(a, ia) + k; andre@0: DIGIT(a, ia) = ACCUM(w); andre@0: k = CARRYOUT(w); andre@0: } andre@0: #else andre@0: for (lim = MP_USED(a); carry && (ia < lim); ++ia) { andre@0: d = MP_DIGIT(a, ia); andre@0: MP_DIGIT(a,ia) = sum = d + carry; andre@0: carry = (sum < d); andre@0: } andre@0: #endif andre@0: andre@0: /* If there's an overall carry out, increase precision and include andre@0: it. We could have done this initially, but why touch the memory andre@0: allocator unless we're sure we have to? andre@0: */ andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) andre@0: if(k) { andre@0: if((res = s_mp_pad(a, USED(a) + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(a, ia) = (mp_digit)k; andre@0: } andre@0: #else andre@0: if (carry) { andre@0: if((res = s_mp_pad(a, lim + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(a, lim) = carry; andre@0: } andre@0: #endif andre@0: s_mp_clamp(a); andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end s_mp_add_offset() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_sub(a, b) */ andre@0: andre@0: /* Compute a = |a| - |b|, assumes |a| >= |b| */ andre@0: mp_err s_mp_sub(mp_int *a, const mp_int *b) /* magnitude subtract */ andre@0: { andre@0: mp_digit *pa, *pb, *limit; andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: mp_sword w = 0; andre@0: #else andre@0: mp_digit d, diff, borrow = 0; andre@0: #endif andre@0: andre@0: /* andre@0: Subtract and propagate borrow. Up to the precision of b, this andre@0: accounts for the digits of b; after that, we just make sure the andre@0: carries get to the right place. This saves having to pad b out to andre@0: the precision of a just to make the loops work right... andre@0: */ andre@0: pa = MP_DIGITS(a); andre@0: pb = MP_DIGITS(b); andre@0: limit = pb + MP_USED(b); andre@0: while (pb < limit) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: w = w + *pa - *pb++; andre@0: *pa++ = ACCUM(w); andre@0: w >>= MP_DIGIT_BIT; andre@0: #else andre@0: d = *pa; andre@0: diff = d - *pb++; andre@0: d = (diff > d); /* detect borrow */ andre@0: if (borrow && --diff == MP_DIGIT_MAX) andre@0: ++d; andre@0: *pa++ = diff; andre@0: borrow = d; andre@0: #endif andre@0: } andre@0: limit = MP_DIGITS(a) + MP_USED(a); andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: while (w && pa < limit) { andre@0: w = w + *pa; andre@0: *pa++ = ACCUM(w); andre@0: w >>= MP_DIGIT_BIT; andre@0: } andre@0: #else andre@0: while (borrow && pa < limit) { andre@0: d = *pa; andre@0: *pa++ = diff = d - borrow; andre@0: borrow = (diff > d); andre@0: } andre@0: #endif andre@0: andre@0: /* Clobber any leading zeroes we created */ andre@0: s_mp_clamp(a); andre@0: andre@0: /* andre@0: If there was a borrow out, then |b| > |a| in violation andre@0: of our input invariant. We've already done the work, andre@0: but we'll at least complain about it... andre@0: */ andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: return w ? MP_RANGE : MP_OKAY; andre@0: #else andre@0: return borrow ? MP_RANGE : MP_OKAY; andre@0: #endif andre@0: } /* end s_mp_sub() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* Compute c = |a| - |b|, assumes |a| >= |b| */ /* magnitude subtract */ andre@0: mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c) andre@0: { andre@0: mp_digit *pa, *pb, *pc; andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: mp_sword w = 0; andre@0: #else andre@0: mp_digit d, diff, borrow = 0; andre@0: #endif andre@0: int ix, limit; andre@0: mp_err res; andre@0: andre@0: MP_SIGN(c) = MP_SIGN(a); andre@0: andre@0: /* Make sure a has enough precision for the output value */ andre@0: if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a)))) andre@0: return res; andre@0: andre@0: /* andre@0: Subtract and propagate borrow. Up to the precision of b, this andre@0: accounts for the digits of b; after that, we just make sure the andre@0: carries get to the right place. This saves having to pad b out to andre@0: the precision of a just to make the loops work right... andre@0: */ andre@0: pa = MP_DIGITS(a); andre@0: pb = MP_DIGITS(b); andre@0: pc = MP_DIGITS(c); andre@0: limit = MP_USED(b); andre@0: for (ix = 0; ix < limit; ++ix) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: w = w + *pa++ - *pb++; andre@0: *pc++ = ACCUM(w); andre@0: w >>= MP_DIGIT_BIT; andre@0: #else andre@0: d = *pa++; andre@0: diff = d - *pb++; andre@0: d = (diff > d); andre@0: if (borrow && --diff == MP_DIGIT_MAX) andre@0: ++d; andre@0: *pc++ = diff; andre@0: borrow = d; andre@0: #endif andre@0: } andre@0: for (limit = MP_USED(a); ix < limit; ++ix) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: w = w + *pa++; andre@0: *pc++ = ACCUM(w); andre@0: w >>= MP_DIGIT_BIT; andre@0: #else andre@0: d = *pa++; andre@0: *pc++ = diff = d - borrow; andre@0: borrow = (diff > d); andre@0: #endif andre@0: } andre@0: andre@0: /* Clobber any leading zeroes we created */ andre@0: MP_USED(c) = ix; andre@0: s_mp_clamp(c); andre@0: andre@0: /* andre@0: If there was a borrow out, then |b| > |a| in violation andre@0: of our input invariant. We've already done the work, andre@0: but we'll at least complain about it... andre@0: */ andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD) andre@0: return w ? MP_RANGE : MP_OKAY; andre@0: #else andre@0: return borrow ? MP_RANGE : MP_OKAY; andre@0: #endif andre@0: } andre@0: /* {{{ s_mp_mul(a, b) */ andre@0: andre@0: /* Compute a = |a| * |b| */ andre@0: mp_err s_mp_mul(mp_int *a, const mp_int *b) andre@0: { andre@0: return mp_mul(a, b, a); andre@0: } /* end s_mp_mul() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: #if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY) andre@0: /* This trick works on Sparc V8 CPUs with the Workshop compilers. */ andre@0: #define MP_MUL_DxD(a, b, Phi, Plo) \ andre@0: { unsigned long long product = (unsigned long long)a * b; \ andre@0: Plo = (mp_digit)product; \ andre@0: Phi = (mp_digit)(product >> MP_DIGIT_BIT); } andre@0: #elif defined(OSF1) andre@0: #define MP_MUL_DxD(a, b, Phi, Plo) \ andre@0: { Plo = asm ("mulq %a0, %a1, %v0", a, b);\ andre@0: Phi = asm ("umulh %a0, %a1, %v0", a, b); } andre@0: #else andre@0: #define MP_MUL_DxD(a, b, Phi, Plo) \ andre@0: { mp_digit a0b1, a1b0; \ andre@0: Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX); \ andre@0: Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \ andre@0: a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \ andre@0: a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \ andre@0: a1b0 += a0b1; \ andre@0: Phi += a1b0 >> MP_HALF_DIGIT_BIT; \ andre@0: if (a1b0 < a0b1) \ andre@0: Phi += MP_HALF_RADIX; \ andre@0: a1b0 <<= MP_HALF_DIGIT_BIT; \ andre@0: Plo += a1b0; \ andre@0: if (Plo < a1b0) \ andre@0: ++Phi; \ andre@0: } andre@0: #endif andre@0: andre@0: #if !defined(MP_ASSEMBLY_MULTIPLY) andre@0: /* c = a * b */ andre@0: void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) andre@0: mp_digit d = 0; andre@0: andre@0: /* Inner product: Digits of a */ andre@0: while (a_len--) { andre@0: mp_word w = ((mp_word)b * *a++) + d; andre@0: *c++ = ACCUM(w); andre@0: d = CARRYOUT(w); andre@0: } andre@0: *c = d; andre@0: #else andre@0: mp_digit carry = 0; andre@0: while (a_len--) { andre@0: mp_digit a_i = *a++; andre@0: mp_digit a0b0, a1b1; andre@0: andre@0: MP_MUL_DxD(a_i, b, a1b1, a0b0); andre@0: andre@0: a0b0 += carry; andre@0: if (a0b0 < carry) andre@0: ++a1b1; andre@0: *c++ = a0b0; andre@0: carry = a1b1; andre@0: } andre@0: *c = carry; andre@0: #endif andre@0: } andre@0: andre@0: /* c += a * b */ andre@0: void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, andre@0: mp_digit *c) andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) andre@0: mp_digit d = 0; andre@0: andre@0: /* Inner product: Digits of a */ andre@0: while (a_len--) { andre@0: mp_word w = ((mp_word)b * *a++) + *c + d; andre@0: *c++ = ACCUM(w); andre@0: d = CARRYOUT(w); andre@0: } andre@0: *c = d; andre@0: #else andre@0: mp_digit carry = 0; andre@0: while (a_len--) { andre@0: mp_digit a_i = *a++; andre@0: mp_digit a0b0, a1b1; andre@0: andre@0: MP_MUL_DxD(a_i, b, a1b1, a0b0); andre@0: andre@0: a0b0 += carry; andre@0: if (a0b0 < carry) andre@0: ++a1b1; andre@0: a0b0 += a_i = *c; andre@0: if (a0b0 < a_i) andre@0: ++a1b1; andre@0: *c++ = a0b0; andre@0: carry = a1b1; andre@0: } andre@0: *c = carry; andre@0: #endif andre@0: } andre@0: andre@0: /* Presently, this is only used by the Montgomery arithmetic code. */ andre@0: /* c += a * b */ andre@0: void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c) andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) andre@0: mp_digit d = 0; andre@0: andre@0: /* Inner product: Digits of a */ andre@0: while (a_len--) { andre@0: mp_word w = ((mp_word)b * *a++) + *c + d; andre@0: *c++ = ACCUM(w); andre@0: d = CARRYOUT(w); andre@0: } andre@0: andre@0: while (d) { andre@0: mp_word w = (mp_word)*c + d; andre@0: *c++ = ACCUM(w); andre@0: d = CARRYOUT(w); andre@0: } andre@0: #else andre@0: mp_digit carry = 0; andre@0: while (a_len--) { andre@0: mp_digit a_i = *a++; andre@0: mp_digit a0b0, a1b1; andre@0: andre@0: MP_MUL_DxD(a_i, b, a1b1, a0b0); andre@0: andre@0: a0b0 += carry; andre@0: if (a0b0 < carry) andre@0: ++a1b1; andre@0: andre@0: a0b0 += a_i = *c; andre@0: if (a0b0 < a_i) andre@0: ++a1b1; andre@0: andre@0: *c++ = a0b0; andre@0: carry = a1b1; andre@0: } andre@0: while (carry) { andre@0: mp_digit c_i = *c; andre@0: carry += c_i; andre@0: *c++ = carry; andre@0: carry = carry < c_i; andre@0: } andre@0: #endif andre@0: } andre@0: #endif andre@0: andre@0: #if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY) andre@0: /* This trick works on Sparc V8 CPUs with the Workshop compilers. */ andre@0: #define MP_SQR_D(a, Phi, Plo) \ andre@0: { unsigned long long square = (unsigned long long)a * a; \ andre@0: Plo = (mp_digit)square; \ andre@0: Phi = (mp_digit)(square >> MP_DIGIT_BIT); } andre@0: #elif defined(OSF1) andre@0: #define MP_SQR_D(a, Phi, Plo) \ andre@0: { Plo = asm ("mulq %a0, %a0, %v0", a);\ andre@0: Phi = asm ("umulh %a0, %a0, %v0", a); } andre@0: #else andre@0: #define MP_SQR_D(a, Phi, Plo) \ andre@0: { mp_digit Pmid; \ andre@0: Plo = (a & MP_HALF_DIGIT_MAX) * (a & MP_HALF_DIGIT_MAX); \ andre@0: Phi = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \ andre@0: Pmid = (a & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \ andre@0: Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1); \ andre@0: Pmid <<= (MP_HALF_DIGIT_BIT + 1); \ andre@0: Plo += Pmid; \ andre@0: if (Plo < Pmid) \ andre@0: ++Phi; \ andre@0: } andre@0: #endif andre@0: andre@0: #if !defined(MP_ASSEMBLY_SQUARE) andre@0: /* Add the squares of the digits of a to the digits of b. */ andre@0: void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps) andre@0: { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD) andre@0: mp_word w; andre@0: mp_digit d; andre@0: mp_size ix; andre@0: andre@0: w = 0; andre@0: #define ADD_SQUARE(n) \ andre@0: d = pa[n]; \ andre@0: w += (d * (mp_word)d) + ps[2*n]; \ andre@0: ps[2*n] = ACCUM(w); \ andre@0: w = (w >> DIGIT_BIT) + ps[2*n+1]; \ andre@0: ps[2*n+1] = ACCUM(w); \ andre@0: w = (w >> DIGIT_BIT) andre@0: andre@0: for (ix = a_len; ix >= 4; ix -= 4) { andre@0: ADD_SQUARE(0); andre@0: ADD_SQUARE(1); andre@0: ADD_SQUARE(2); andre@0: ADD_SQUARE(3); andre@0: pa += 4; andre@0: ps += 8; andre@0: } andre@0: if (ix) { andre@0: ps += 2*ix; andre@0: pa += ix; andre@0: switch (ix) { andre@0: case 3: ADD_SQUARE(-3); /* FALLTHRU */ andre@0: case 2: ADD_SQUARE(-2); /* FALLTHRU */ andre@0: case 1: ADD_SQUARE(-1); /* FALLTHRU */ andre@0: case 0: break; andre@0: } andre@0: } andre@0: while (w) { andre@0: w += *ps; andre@0: *ps++ = ACCUM(w); andre@0: w = (w >> DIGIT_BIT); andre@0: } andre@0: #else andre@0: mp_digit carry = 0; andre@0: while (a_len--) { andre@0: mp_digit a_i = *pa++; andre@0: mp_digit a0a0, a1a1; andre@0: andre@0: MP_SQR_D(a_i, a1a1, a0a0); andre@0: andre@0: /* here a1a1 and a0a0 constitute a_i ** 2 */ andre@0: a0a0 += carry; andre@0: if (a0a0 < carry) andre@0: ++a1a1; andre@0: andre@0: /* now add to ps */ andre@0: a0a0 += a_i = *ps; andre@0: if (a0a0 < a_i) andre@0: ++a1a1; andre@0: *ps++ = a0a0; andre@0: a1a1 += a_i = *ps; andre@0: carry = (a1a1 < a_i); andre@0: *ps++ = a1a1; andre@0: } andre@0: while (carry) { andre@0: mp_digit s_i = *ps; andre@0: carry += s_i; andre@0: *ps++ = carry; andre@0: carry = carry < s_i; andre@0: } andre@0: #endif andre@0: } andre@0: #endif andre@0: andre@0: #if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) \ andre@0: && !defined(MP_ASSEMBLY_DIV_2DX1D) andre@0: /* andre@0: ** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized andre@0: ** so its high bit is 1. This code is from NSPR. andre@0: */ andre@0: mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, andre@0: mp_digit *qp, mp_digit *rp) andre@0: { andre@0: mp_digit d1, d0, q1, q0; andre@0: mp_digit r1, r0, m; andre@0: andre@0: d1 = divisor >> MP_HALF_DIGIT_BIT; andre@0: d0 = divisor & MP_HALF_DIGIT_MAX; andre@0: r1 = Nhi % d1; andre@0: q1 = Nhi / d1; andre@0: m = q1 * d0; andre@0: r1 = (r1 << MP_HALF_DIGIT_BIT) | (Nlo >> MP_HALF_DIGIT_BIT); andre@0: if (r1 < m) { andre@0: q1--, r1 += divisor; andre@0: if (r1 >= divisor && r1 < m) { andre@0: q1--, r1 += divisor; andre@0: } andre@0: } andre@0: r1 -= m; andre@0: r0 = r1 % d1; andre@0: q0 = r1 / d1; andre@0: m = q0 * d0; andre@0: r0 = (r0 << MP_HALF_DIGIT_BIT) | (Nlo & MP_HALF_DIGIT_MAX); andre@0: if (r0 < m) { andre@0: q0--, r0 += divisor; andre@0: if (r0 >= divisor && r0 < m) { andre@0: q0--, r0 += divisor; andre@0: } andre@0: } andre@0: if (qp) andre@0: *qp = (q1 << MP_HALF_DIGIT_BIT) | q0; andre@0: if (rp) andre@0: *rp = r0 - m; andre@0: return MP_OKAY; andre@0: } andre@0: #endif andre@0: andre@0: #if MP_SQUARE andre@0: /* {{{ s_mp_sqr(a) */ andre@0: andre@0: mp_err s_mp_sqr(mp_int *a) andre@0: { andre@0: mp_err res; andre@0: mp_int tmp; andre@0: andre@0: if((res = mp_init_size(&tmp, 2 * USED(a))) != MP_OKAY) andre@0: return res; andre@0: res = mp_sqr(a, &tmp); andre@0: if (res == MP_OKAY) { andre@0: s_mp_exch(&tmp, a); andre@0: } andre@0: mp_clear(&tmp); andre@0: return res; andre@0: } andre@0: andre@0: /* }}} */ andre@0: #endif andre@0: andre@0: /* {{{ s_mp_div(a, b) */ andre@0: andre@0: /* andre@0: s_mp_div(a, b) andre@0: andre@0: Compute a = a / b and b = a mod b. Assumes b > a. andre@0: */ andre@0: andre@0: mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ andre@0: mp_int *div, /* i: divisor */ andre@0: mp_int *quot) /* i: 0; o: quotient */ andre@0: { andre@0: mp_int part, t; andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) andre@0: mp_word q_msd; andre@0: #else andre@0: mp_digit q_msd; andre@0: #endif andre@0: mp_err res; andre@0: mp_digit d; andre@0: mp_digit div_msd; andre@0: int ix; andre@0: andre@0: if(mp_cmp_z(div) == 0) andre@0: return MP_RANGE; andre@0: andre@0: DIGITS(&t) = 0; andre@0: /* Shortcut if divisor is power of two */ andre@0: if((ix = s_mp_ispow2(div)) >= 0) { andre@0: MP_CHECKOK( mp_copy(rem, quot) ); andre@0: s_mp_div_2d(quot, (mp_digit)ix); andre@0: s_mp_mod_2d(rem, (mp_digit)ix); andre@0: andre@0: return MP_OKAY; andre@0: } andre@0: andre@0: MP_SIGN(rem) = ZPOS; andre@0: MP_SIGN(div) = ZPOS; andre@0: andre@0: /* A working temporary for division */ andre@0: MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem))); andre@0: andre@0: /* Normalize to optimize guessing */ andre@0: MP_CHECKOK( s_mp_norm(rem, div, &d) ); andre@0: andre@0: part = *rem; andre@0: andre@0: /* Perform the division itself...woo! */ andre@0: MP_USED(quot) = MP_ALLOC(quot); andre@0: andre@0: /* Find a partial substring of rem which is at least div */ andre@0: /* If we didn't find one, we're finished dividing */ andre@0: while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) { andre@0: int i; andre@0: int unusedRem; andre@0: andre@0: unusedRem = MP_USED(rem) - MP_USED(div); andre@0: MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem; andre@0: MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem; andre@0: MP_USED(&part) = MP_USED(div); andre@0: if (s_mp_cmp(&part, div) < 0) { andre@0: -- unusedRem; andre@0: #if MP_ARGCHK == 2 andre@0: assert(unusedRem >= 0); andre@0: #endif andre@0: -- MP_DIGITS(&part); andre@0: ++ MP_USED(&part); andre@0: ++ MP_ALLOC(&part); andre@0: } andre@0: andre@0: /* Compute a guess for the next quotient digit */ andre@0: q_msd = MP_DIGIT(&part, MP_USED(&part) - 1); andre@0: div_msd = MP_DIGIT(div, MP_USED(div) - 1); andre@0: if (q_msd >= div_msd) { andre@0: q_msd = 1; andre@0: } else if (MP_USED(&part) > 1) { andre@0: #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) andre@0: q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2); andre@0: q_msd /= div_msd; andre@0: if (q_msd == RADIX) andre@0: --q_msd; andre@0: #else andre@0: mp_digit r; andre@0: MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), andre@0: div_msd, &q_msd, &r) ); andre@0: #endif andre@0: } else { andre@0: q_msd = 0; andre@0: } andre@0: #if MP_ARGCHK == 2 andre@0: assert(q_msd > 0); /* This case should never occur any more. */ andre@0: #endif andre@0: if (q_msd <= 0) andre@0: break; andre@0: andre@0: /* See what that multiplies out to */ andre@0: mp_copy(div, &t); andre@0: MP_CHECKOK( s_mp_mul_d(&t, (mp_digit)q_msd) ); andre@0: andre@0: /* andre@0: If it's too big, back it off. We should not have to do this andre@0: more than once, or, in rare cases, twice. Knuth describes a andre@0: method by which this could be reduced to a maximum of once, but andre@0: I didn't implement that here. andre@0: * When using s_mpv_div_2dx1d, we may have to do this 3 times. andre@0: */ andre@0: for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) { andre@0: --q_msd; andre@0: s_mp_sub(&t, div); /* t -= div */ andre@0: } andre@0: if (i < 0) { andre@0: res = MP_RANGE; andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: /* At this point, q_msd should be the right next digit */ andre@0: MP_CHECKOK( s_mp_sub(&part, &t) ); /* part -= t */ andre@0: s_mp_clamp(rem); andre@0: andre@0: /* andre@0: Include the digit in the quotient. We allocated enough memory andre@0: for any quotient we could ever possibly get, so we should not andre@0: have to check for failures here andre@0: */ andre@0: MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd; andre@0: } andre@0: andre@0: /* Denormalize remainder */ andre@0: if (d) { andre@0: s_mp_div_2d(rem, d); andre@0: } andre@0: andre@0: s_mp_clamp(quot); andre@0: andre@0: CLEANUP: andre@0: mp_clear(&t); andre@0: andre@0: return res; andre@0: andre@0: } /* end s_mp_div() */ andre@0: andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_2expt(a, k) */ andre@0: andre@0: mp_err s_mp_2expt(mp_int *a, mp_digit k) andre@0: { andre@0: mp_err res; andre@0: mp_size dig, bit; andre@0: andre@0: dig = k / DIGIT_BIT; andre@0: bit = k % DIGIT_BIT; andre@0: andre@0: mp_zero(a); andre@0: if((res = s_mp_pad(a, dig + 1)) != MP_OKAY) andre@0: return res; andre@0: andre@0: DIGIT(a, dig) |= ((mp_digit)1 << bit); andre@0: andre@0: return MP_OKAY; andre@0: andre@0: } /* end s_mp_2expt() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_reduce(x, m, mu) */ andre@0: andre@0: /* andre@0: Compute Barrett reduction, x (mod m), given a precomputed value for andre@0: mu = b^2k / m, where b = RADIX and k = #digits(m). This should be andre@0: faster than straight division, when many reductions by the same andre@0: value of m are required (such as in modular exponentiation). This andre@0: can nearly halve the time required to do modular exponentiation, andre@0: as compared to using the full integer divide to reduce. andre@0: andre@0: This algorithm was derived from the _Handbook of Applied andre@0: Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14, andre@0: pp. 603-604. andre@0: */ andre@0: andre@0: mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu) andre@0: { andre@0: mp_int q; andre@0: mp_err res; andre@0: andre@0: if((res = mp_init_copy(&q, x)) != MP_OKAY) andre@0: return res; andre@0: andre@0: s_mp_rshd(&q, USED(m) - 1); /* q1 = x / b^(k-1) */ andre@0: s_mp_mul(&q, mu); /* q2 = q1 * mu */ andre@0: s_mp_rshd(&q, USED(m) + 1); /* q3 = q2 / b^(k+1) */ andre@0: andre@0: /* x = x mod b^(k+1), quick (no division) */ andre@0: s_mp_mod_2d(x, DIGIT_BIT * (USED(m) + 1)); andre@0: andre@0: /* q = q * m mod b^(k+1), quick (no division) */ andre@0: s_mp_mul(&q, m); andre@0: s_mp_mod_2d(&q, DIGIT_BIT * (USED(m) + 1)); andre@0: andre@0: /* x = x - q */ andre@0: if((res = mp_sub(x, &q, x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: andre@0: /* If x < 0, add b^(k+1) to it */ andre@0: if(mp_cmp_z(x) < 0) { andre@0: mp_set(&q, 1); andre@0: if((res = s_mp_lshd(&q, USED(m) + 1)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: if((res = mp_add(x, &q, x)) != MP_OKAY) andre@0: goto CLEANUP; andre@0: } andre@0: andre@0: /* Back off if it's too big */ andre@0: while(mp_cmp(x, m) >= 0) { andre@0: if((res = s_mp_sub(x, m)) != MP_OKAY) andre@0: break; andre@0: } andre@0: andre@0: CLEANUP: andre@0: mp_clear(&q); andre@0: andre@0: return res; andre@0: andre@0: } /* end s_mp_reduce() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ Primitive comparisons */ andre@0: andre@0: /* {{{ s_mp_cmp(a, b) */ andre@0: andre@0: /* Compare |a| <=> |b|, return 0 if equal, <0 if a0 if a>b */ andre@0: int s_mp_cmp(const mp_int *a, const mp_int *b) andre@0: { andre@0: mp_size used_a = MP_USED(a); andre@0: { andre@0: mp_size used_b = MP_USED(b); andre@0: andre@0: if (used_a > used_b) andre@0: goto IS_GT; andre@0: if (used_a < used_b) andre@0: goto IS_LT; andre@0: } andre@0: { andre@0: mp_digit *pa, *pb; andre@0: mp_digit da = 0, db = 0; andre@0: andre@0: #define CMP_AB(n) if ((da = pa[n]) != (db = pb[n])) goto done andre@0: andre@0: pa = MP_DIGITS(a) + used_a; andre@0: pb = MP_DIGITS(b) + used_a; andre@0: while (used_a >= 4) { andre@0: pa -= 4; andre@0: pb -= 4; andre@0: used_a -= 4; andre@0: CMP_AB(3); andre@0: CMP_AB(2); andre@0: CMP_AB(1); andre@0: CMP_AB(0); andre@0: } andre@0: while (used_a-- > 0 && ((da = *--pa) == (db = *--pb))) andre@0: /* do nothing */; andre@0: done: andre@0: if (da > db) andre@0: goto IS_GT; andre@0: if (da < db) andre@0: goto IS_LT; andre@0: } andre@0: return MP_EQ; andre@0: IS_LT: andre@0: return MP_LT; andre@0: IS_GT: andre@0: return MP_GT; andre@0: } /* end s_mp_cmp() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_cmp_d(a, d) */ andre@0: andre@0: /* Compare |a| <=> d, return 0 if equal, <0 if a0 if a>d */ andre@0: int s_mp_cmp_d(const mp_int *a, mp_digit d) andre@0: { andre@0: if(USED(a) > 1) andre@0: return MP_GT; andre@0: andre@0: if(DIGIT(a, 0) < d) andre@0: return MP_LT; andre@0: else if(DIGIT(a, 0) > d) andre@0: return MP_GT; andre@0: else andre@0: return MP_EQ; andre@0: andre@0: } /* end s_mp_cmp_d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_ispow2(v) */ andre@0: andre@0: /* andre@0: Returns -1 if the value is not a power of two; otherwise, it returns andre@0: k such that v = 2^k, i.e. lg(v). andre@0: */ andre@0: int s_mp_ispow2(const mp_int *v) andre@0: { andre@0: mp_digit d; andre@0: int extra = 0, ix; andre@0: andre@0: ix = MP_USED(v) - 1; andre@0: d = MP_DIGIT(v, ix); /* most significant digit of v */ andre@0: andre@0: extra = s_mp_ispow2d(d); andre@0: if (extra < 0 || ix == 0) andre@0: return extra; andre@0: andre@0: while (--ix >= 0) { andre@0: if (DIGIT(v, ix) != 0) andre@0: return -1; /* not a power of two */ andre@0: extra += MP_DIGIT_BIT; andre@0: } andre@0: andre@0: return extra; andre@0: andre@0: } /* end s_mp_ispow2() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_ispow2d(d) */ andre@0: andre@0: int s_mp_ispow2d(mp_digit d) andre@0: { andre@0: if ((d != 0) && ((d & (d-1)) == 0)) { /* d is a power of 2 */ andre@0: int pow = 0; andre@0: #if defined (MP_USE_UINT_DIGIT) andre@0: if (d & 0xffff0000U) andre@0: pow += 16; andre@0: if (d & 0xff00ff00U) andre@0: pow += 8; andre@0: if (d & 0xf0f0f0f0U) andre@0: pow += 4; andre@0: if (d & 0xccccccccU) andre@0: pow += 2; andre@0: if (d & 0xaaaaaaaaU) andre@0: pow += 1; andre@0: #elif defined(MP_USE_LONG_LONG_DIGIT) andre@0: if (d & 0xffffffff00000000ULL) andre@0: pow += 32; andre@0: if (d & 0xffff0000ffff0000ULL) andre@0: pow += 16; andre@0: if (d & 0xff00ff00ff00ff00ULL) andre@0: pow += 8; andre@0: if (d & 0xf0f0f0f0f0f0f0f0ULL) andre@0: pow += 4; andre@0: if (d & 0xccccccccccccccccULL) andre@0: pow += 2; andre@0: if (d & 0xaaaaaaaaaaaaaaaaULL) andre@0: pow += 1; andre@0: #elif defined(MP_USE_LONG_DIGIT) andre@0: if (d & 0xffffffff00000000UL) andre@0: pow += 32; andre@0: if (d & 0xffff0000ffff0000UL) andre@0: pow += 16; andre@0: if (d & 0xff00ff00ff00ff00UL) andre@0: pow += 8; andre@0: if (d & 0xf0f0f0f0f0f0f0f0UL) andre@0: pow += 4; andre@0: if (d & 0xccccccccccccccccUL) andre@0: pow += 2; andre@0: if (d & 0xaaaaaaaaaaaaaaaaUL) andre@0: pow += 1; andre@0: #else andre@0: #error "unknown type for mp_digit" andre@0: #endif andre@0: return pow; andre@0: } andre@0: return -1; andre@0: andre@0: } /* end s_mp_ispow2d() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ Primitive I/O helpers */ andre@0: andre@0: /* {{{ s_mp_tovalue(ch, r) */ andre@0: andre@0: /* andre@0: Convert the given character to its digit value, in the given radix. andre@0: If the given character is not understood in the given radix, -1 is andre@0: returned. Otherwise the digit's numeric value is returned. andre@0: andre@0: The results will be odd if you use a radix < 2 or > 62, you are andre@0: expected to know what you're up to. andre@0: */ andre@0: int s_mp_tovalue(char ch, int r) andre@0: { andre@0: int val, xch; andre@0: andre@0: if(r > 36) andre@0: xch = ch; andre@0: else andre@0: xch = toupper(ch); andre@0: andre@0: if(isdigit(xch)) andre@0: val = xch - '0'; andre@0: else if(isupper(xch)) andre@0: val = xch - 'A' + 10; andre@0: else if(islower(xch)) andre@0: val = xch - 'a' + 36; andre@0: else if(xch == '+') andre@0: val = 62; andre@0: else if(xch == '/') andre@0: val = 63; andre@0: else andre@0: return -1; andre@0: andre@0: if(val < 0 || val >= r) andre@0: return -1; andre@0: andre@0: return val; andre@0: andre@0: } /* end s_mp_tovalue() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_todigit(val, r, low) */ andre@0: andre@0: /* andre@0: Convert val to a radix-r digit, if possible. If val is out of range andre@0: for r, returns zero. Otherwise, returns an ASCII character denoting andre@0: the value in the given radix. andre@0: andre@0: The results may be odd if you use a radix < 2 or > 64, you are andre@0: expected to know what you're doing. andre@0: */ andre@0: andre@0: char s_mp_todigit(mp_digit val, int r, int low) andre@0: { andre@0: char ch; andre@0: andre@0: if(val >= r) andre@0: return 0; andre@0: andre@0: ch = s_dmap_1[val]; andre@0: andre@0: if(r <= 36 && low) andre@0: ch = tolower(ch); andre@0: andre@0: return ch; andre@0: andre@0: } /* end s_mp_todigit() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ s_mp_outlen(bits, radix) */ andre@0: andre@0: /* andre@0: Return an estimate for how long a string is needed to hold a radix andre@0: r representation of a number with 'bits' significant bits, plus an andre@0: extra for a zero terminator (assuming C style strings here) andre@0: */ andre@0: int s_mp_outlen(int bits, int r) andre@0: { andre@0: return (int)((double)bits * LOG_V_2(r) + 1.5) + 1; andre@0: andre@0: } /* end s_mp_outlen() */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_read_unsigned_octets(mp, str, len) */ andre@0: /* mp_read_unsigned_octets(mp, str, len) andre@0: Read in a raw value (base 256) into the given mp_int andre@0: No sign bit, number is positive. Leading zeros ignored. andre@0: */ andre@0: andre@0: mp_err andre@0: mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) andre@0: { andre@0: int count; andre@0: mp_err res; andre@0: mp_digit d; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); andre@0: andre@0: mp_zero(mp); andre@0: andre@0: count = len % sizeof(mp_digit); andre@0: if (count) { andre@0: for (d = 0; count-- > 0; --len) { andre@0: d = (d << 8) | *str++; andre@0: } andre@0: MP_DIGIT(mp, 0) = d; andre@0: } andre@0: andre@0: /* Read the rest of the digits */ andre@0: for(; len > 0; len -= sizeof(mp_digit)) { andre@0: for (d = 0, count = sizeof(mp_digit); count > 0; --count) { andre@0: d = (d << 8) | *str++; andre@0: } andre@0: if (MP_EQ == mp_cmp_z(mp)) { andre@0: if (!d) andre@0: continue; andre@0: } else { andre@0: if((res = s_mp_lshd(mp, 1)) != MP_OKAY) andre@0: return res; andre@0: } andre@0: MP_DIGIT(mp, 0) = d; andre@0: } andre@0: return MP_OKAY; andre@0: } /* end mp_read_unsigned_octets() */ andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_unsigned_octet_size(mp) */ andre@0: int andre@0: mp_unsigned_octet_size(const mp_int *mp) andre@0: { andre@0: int bytes; andre@0: int ix; andre@0: mp_digit d = 0; andre@0: andre@0: ARGCHK(mp != NULL, MP_BADARG); andre@0: ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG); andre@0: andre@0: bytes = (USED(mp) * sizeof(mp_digit)); andre@0: andre@0: /* subtract leading zeros. */ andre@0: /* Iterate over each digit... */ andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: d = DIGIT(mp, ix); andre@0: if (d) andre@0: break; andre@0: bytes -= sizeof(d); andre@0: } andre@0: if (!bytes) andre@0: return 1; andre@0: andre@0: /* Have MSD, check digit bytes, high order first */ andre@0: for(ix = sizeof(mp_digit) - 1; ix >= 0; ix--) { andre@0: unsigned char x = (unsigned char)(d >> (ix * CHAR_BIT)); andre@0: if (x) andre@0: break; andre@0: --bytes; andre@0: } andre@0: return bytes; andre@0: } /* end mp_unsigned_octet_size() */ andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_to_unsigned_octets(mp, str) */ andre@0: /* output a buffer of big endian octets no longer than specified. */ andre@0: mp_err andre@0: mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) andre@0: { andre@0: int ix, pos = 0; andre@0: int bytes; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); andre@0: andre@0: bytes = mp_unsigned_octet_size(mp); andre@0: ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); andre@0: andre@0: /* Iterate over each digit... */ andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: mp_digit d = DIGIT(mp, ix); andre@0: int jx; andre@0: andre@0: /* Unpack digit bytes, high order first */ andre@0: for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { andre@0: unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); andre@0: if (!pos && !x) /* suppress leading zeros */ andre@0: continue; andre@0: str[pos++] = x; andre@0: } andre@0: } andre@0: if (!pos) andre@0: str[pos++] = 0; andre@0: return pos; andre@0: } /* end mp_to_unsigned_octets() */ andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_to_signed_octets(mp, str) */ andre@0: /* output a buffer of big endian octets no longer than specified. */ andre@0: mp_err andre@0: mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) andre@0: { andre@0: int ix, pos = 0; andre@0: int bytes; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); andre@0: andre@0: bytes = mp_unsigned_octet_size(mp); andre@0: ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); andre@0: andre@0: /* Iterate over each digit... */ andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: mp_digit d = DIGIT(mp, ix); andre@0: int jx; andre@0: andre@0: /* Unpack digit bytes, high order first */ andre@0: for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { andre@0: unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); andre@0: if (!pos) { andre@0: if (!x) /* suppress leading zeros */ andre@0: continue; andre@0: if (x & 0x80) { /* add one leading zero to make output positive. */ andre@0: ARGCHK(bytes + 1 <= maxlen, MP_BADARG); andre@0: if (bytes + 1 > maxlen) andre@0: return MP_BADARG; andre@0: str[pos++] = 0; andre@0: } andre@0: } andre@0: str[pos++] = x; andre@0: } andre@0: } andre@0: if (!pos) andre@0: str[pos++] = 0; andre@0: return pos; andre@0: } /* end mp_to_signed_octets() */ andre@0: /* }}} */ andre@0: andre@0: /* {{{ mp_to_fixlen_octets(mp, str) */ andre@0: /* output a buffer of big endian octets exactly as long as requested. */ andre@0: mp_err andre@0: mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) andre@0: { andre@0: int ix, pos = 0; andre@0: int bytes; andre@0: andre@0: ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); andre@0: andre@0: bytes = mp_unsigned_octet_size(mp); andre@0: ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG); andre@0: andre@0: /* place any needed leading zeros */ andre@0: for (;length > bytes; --length) { andre@0: *str++ = 0; andre@0: } andre@0: andre@0: /* Iterate over each digit... */ andre@0: for(ix = USED(mp) - 1; ix >= 0; ix--) { andre@0: mp_digit d = DIGIT(mp, ix); andre@0: int jx; andre@0: andre@0: /* Unpack digit bytes, high order first */ andre@0: for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { andre@0: unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); andre@0: if (!pos && !x) /* suppress leading zeros */ andre@0: continue; andre@0: str[pos++] = x; andre@0: } andre@0: } andre@0: if (!pos) andre@0: str[pos++] = 0; andre@0: return MP_OKAY; andre@0: } /* end mp_to_fixlen_octets() */ andre@0: /* }}} */ andre@0: andre@0: andre@0: /*------------------------------------------------------------------------*/ andre@0: /* HERE THERE BE DRAGONS */