bn32.c 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182
  1. /*
  2. * Copyright (c) 1995 Colin Plumb. All rights reserved.
  3. * For licensing and other legal details, see the file legal.c.
  4. *
  5. * bn32.c - the high-level bignum interface
  6. *
  7. * Like lbn32.c, this reserves the string "32" for textual replacement.
  8. * The string must not appear anywhere unless it is intended to be replaced
  9. * to generate other bignum interface functions.
  10. */
  11. #ifndef HAVE_CONFIG_H
  12. #define HAVE_CONFIG_H 0
  13. #endif
  14. #if HAVE_CONFIG_H
  15. #include "bnconfig.h"
  16. #endif
  17. /*
  18. * Some compilers complain about #if FOO if FOO isn't defined,
  19. * so do the ANSI-mandated thing explicitly...
  20. */
  21. #ifndef NO_ASSERT_H
  22. #define NO_ASSERT_H 0
  23. #endif
  24. #ifndef NO_STRING_H
  25. #define NO_STRING_H 0
  26. #endif
  27. #ifndef HAVE_STRINGS_H
  28. #define HAVE_STRINGS_H 0
  29. #endif
  30. #if !NO_ASSERT_H
  31. #include <assert.h>
  32. #else
  33. #define assert(x) (void)0
  34. #endif
  35. #if !NO_STRING_H
  36. #include <string.h> /* for memmove() in bnMakeOdd */
  37. #elif HAVE_STRINGS_H
  38. #include <strings.h>
  39. #endif
  40. /*
  41. * This was useful during debugging, so it's left in here.
  42. * You can ignore it. DBMALLOC is generally undefined.
  43. */
  44. #ifndef DBMALLOC
  45. #define DBMALLOC 0
  46. #endif
  47. #if DBMALLOC
  48. #include "../dbmalloc/malloc.h"
  49. #define MALLOCDB malloc_chain_check(1)
  50. #else
  51. #define MALLOCDB (void)0
  52. #endif
  53. #include "lbn.h"
  54. #include "lbn32.h"
  55. #include "lbnmem.h"
  56. #include "bn32.h"
  57. #include "bn.h"
  58. /* Work-arounds for some particularly broken systems */
  59. #include "kludge.h" /* For memmove() */
  60. /* Functions */
  61. void
  62. bnInit_32(void)
  63. {
  64. bnEnd = bnEnd_32;
  65. bnPrealloc = bnPrealloc_32;
  66. bnCopy = bnCopy_32;
  67. bnNorm = bnNorm_32;
  68. bnExtractBigBytes = bnExtractBigBytes_32;
  69. bnInsertBigBytes = bnInsertBigBytes_32;
  70. bnExtractLittleBytes = bnExtractLittleBytes_32;
  71. bnInsertLittleBytes = bnInsertLittleBytes_32;
  72. bnLSWord = bnLSWord_32;
  73. bnReadBit = bnReadBit_32;
  74. bnBits = bnBits_32;
  75. bnAdd = bnAdd_32;
  76. bnSub = bnSub_32;
  77. bnCmpQ = bnCmpQ_32;
  78. bnSetQ = bnSetQ_32;
  79. bnAddQ = bnAddQ_32;
  80. bnSubQ = bnSubQ_32;
  81. bnCmp = bnCmp_32;
  82. bnSquare = bnSquare_32;
  83. bnMul = bnMul_32;
  84. bnMulQ = bnMulQ_32;
  85. bnDivMod = bnDivMod_32;
  86. bnMod = bnMod_32;
  87. bnModQ = bnModQ_32;
  88. bnExpMod = bnExpMod_32;
  89. bnDoubleExpMod = bnDoubleExpMod_32;
  90. bnTwoExpMod = bnTwoExpMod_32;
  91. bnGcd = bnGcd_32;
  92. bnInv = bnInv_32;
  93. bnLShift = bnLShift_32;
  94. bnRShift = bnRShift_32;
  95. bnMakeOdd = bnMakeOdd_32;
  96. bnBasePrecompBegin = bnBasePrecompBegin_32;
  97. bnBasePrecompEnd = bnBasePrecompEnd_32;
  98. bnBasePrecompExpMod = bnBasePrecompExpMod_32;
  99. bnDoubleBasePrecompExpMod = bnDoubleBasePrecompExpMod_32;
  100. }
  101. void
  102. bnEnd_32(struct BigNum *bn)
  103. {
  104. if (bn->ptr) {
  105. LBNFREE((BNWORD32 *)bn->ptr, bn->allocated);
  106. bn->ptr = 0;
  107. }
  108. bn->size = 0;
  109. bn->allocated = 0;
  110. MALLOCDB;
  111. }
  112. /* Internal function. It operates in words. */
  113. static int
  114. bnResize_32(struct BigNum *bn, unsigned len)
  115. {
  116. void *p;
  117. /* Round size up: most mallocs impose 8-byte granularity anyway */
  118. len = (len + (8/sizeof(BNWORD32) - 1)) & ~(8/sizeof(BNWORD32) - 1);
  119. p = LBNREALLOC((BNWORD32 *)bn->ptr, bn->allocated, len);
  120. if (!p)
  121. return -1;
  122. bn->ptr = p;
  123. bn->allocated = len;
  124. MALLOCDB;
  125. return 0;
  126. }
  127. #define bnSizeCheck(bn, size) \
  128. if (bn->allocated < size && bnResize_32(bn, size) < 0) \
  129. return -1
  130. /* Preallocate enough space in bn to hold "bits" bits. */
  131. int
  132. bnPrealloc_32(struct BigNum *bn, unsigned bits)
  133. {
  134. bits = (bits + 32-1)/32;
  135. bnSizeCheck(bn, bits);
  136. MALLOCDB;
  137. return 0;
  138. }
  139. int
  140. bnCopy_32(struct BigNum *dest, struct BigNum const *src)
  141. {
  142. bnSizeCheck(dest, src->size);
  143. dest->size = src->size;
  144. lbnCopy_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, src->size);
  145. MALLOCDB;
  146. return 0;
  147. }
  148. /* Is this ever needed? Normalize the bn by deleting high-order 0 words */
  149. void
  150. bnNorm_32(struct BigNum *bn)
  151. {
  152. bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, bn->size);
  153. }
  154. /*
  155. * Convert a bignum to big-endian bytes. Returns, in big-endian form, a
  156. * substring of the bignum starting from lsbyte and "len" bytes long.
  157. * Unused high-order (leading) bytes are filled with 0.
  158. */
  159. void
  160. bnExtractBigBytes_32(struct BigNum const *bn, unsigned char *dest,
  161. unsigned lsbyte, unsigned len)
  162. {
  163. unsigned s = bn->size * (32 / 8);
  164. /* Fill unused leading bytes with 0 */
  165. while (s < lsbyte + len) {
  166. *dest++ = 0;
  167. len--;
  168. }
  169. if (len)
  170. lbnExtractBigBytes_32((BNWORD32 *)bn->ptr, dest, lsbyte, len);
  171. MALLOCDB;
  172. }
  173. /* The inverse of the above. */
  174. int
  175. bnInsertBigBytes_32(struct BigNum *bn, unsigned char const *src,
  176. unsigned lsbyte, unsigned len)
  177. {
  178. unsigned s = bn->size;
  179. unsigned words = (len+lsbyte+sizeof(BNWORD32)-1) / sizeof(BNWORD32);
  180. /* Pad with zeros as required */
  181. bnSizeCheck(bn, words);
  182. if (s < words) {
  183. lbnZero_32((BNWORD32 *)bn->ptr BIGLITTLE(-s,+s), words-s);
  184. s = words;
  185. }
  186. lbnInsertBigBytes_32((BNWORD32 *)bn->ptr, src, lsbyte, len);
  187. bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, s);
  188. MALLOCDB;
  189. return 0;
  190. }
  191. /*
  192. * Convert a bignum to little-endian bytes. Returns, in little-endian form, a
  193. * substring of the bignum starting from lsbyte and "len" bytes long.
  194. * Unused high-order (trailing) bytes are filled with 0.
  195. */
  196. void
  197. bnExtractLittleBytes_32(struct BigNum const *bn, unsigned char *dest,
  198. unsigned lsbyte, unsigned len)
  199. {
  200. unsigned s = bn->size * (32 / 8);
  201. /* Fill unused leading bytes with 0 */
  202. while (s < lsbyte + len)
  203. dest[--len] = 0;
  204. if (len)
  205. lbnExtractLittleBytes_32((BNWORD32 *)bn->ptr, dest,
  206. lsbyte, len);
  207. MALLOCDB;
  208. }
  209. /* The inverse of the above */
  210. int
  211. bnInsertLittleBytes_32(struct BigNum *bn, unsigned char const *src,
  212. unsigned lsbyte, unsigned len)
  213. {
  214. unsigned s = bn->size;
  215. unsigned words = (len+lsbyte+sizeof(BNWORD32)-1) / sizeof(BNWORD32);
  216. /* Pad with zeros as required */
  217. bnSizeCheck(bn, words);
  218. if (s < words) {
  219. lbnZero_32((BNWORD32 *)bn->ptr BIGLITTLE(-s,+s), words-s);
  220. s = words;
  221. }
  222. lbnInsertLittleBytes_32((BNWORD32 *)bn->ptr, src, lsbyte, len);
  223. bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, s);
  224. MALLOCDB;
  225. return 0;
  226. }
  227. /* Return the least-significant word of the input. */
  228. unsigned
  229. bnLSWord_32(struct BigNum const *bn)
  230. {
  231. return bn->size ? (unsigned)((BNWORD32 *)bn->ptr)[BIGLITTLE(-1,0)]: 0;
  232. }
  233. /* Return a selected bit of the data */
  234. int
  235. bnReadBit_32(struct BigNum const *bn, unsigned bit)
  236. {
  237. BNWORD32 word;
  238. if (bit/32 >= bn->size)
  239. return 0;
  240. word = ((BNWORD32 *)bn->ptr)[BIGLITTLE(-1-bit/32,bit/32)];
  241. return (int)(word >> (bit % 32) & 1);
  242. }
  243. /* Count the number of significant bits. */
  244. unsigned
  245. bnBits_32(struct BigNum const *bn)
  246. {
  247. return lbnBits_32((BNWORD32 *)bn->ptr, bn->size);
  248. }
  249. /* dest += src */
  250. int
  251. bnAdd_32(struct BigNum *dest, struct BigNum const *src)
  252. {
  253. unsigned s = src->size, d = dest->size;
  254. BNWORD32 t;
  255. if (!s)
  256. return 0;
  257. bnSizeCheck(dest, s);
  258. if (d < s) {
  259. lbnZero_32((BNWORD32 *)dest->ptr BIGLITTLE(-d,+d), s-d);
  260. dest->size = d = s;
  261. MALLOCDB;
  262. }
  263. t = lbnAddN_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
  264. MALLOCDB;
  265. if (t) {
  266. if (d > s) {
  267. t = lbnAdd1_32((BNWORD32 *)dest->ptr BIGLITTLE(-s,+s),
  268. d-s, t);
  269. MALLOCDB;
  270. }
  271. if (t) {
  272. bnSizeCheck(dest, d+1);
  273. ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1-d,d)] = t;
  274. dest->size = d+1;
  275. }
  276. }
  277. return 0;
  278. }
  279. /*
  280. * dest -= src.
  281. * If dest goes negative, this produces the absolute value of
  282. * the difference (the negative of the true value) and returns 1.
  283. * Otherwise, it returls 0.
  284. */
  285. int
  286. bnSub_32(struct BigNum *dest, struct BigNum const *src)
  287. {
  288. unsigned s = src->size, d = dest->size;
  289. BNWORD32 t;
  290. if (d < s && d < (s = lbnNorm_32((BNWORD32 *)src->ptr, s))) {
  291. bnSizeCheck(dest, s);
  292. lbnZero_32((BNWORD32 *)dest->ptr BIGLITTLE(-d,+d), s-d);
  293. dest->size = d = s;
  294. MALLOCDB;
  295. }
  296. if (!s)
  297. return 0;
  298. t = lbnSubN_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
  299. MALLOCDB;
  300. if (t) {
  301. if (d > s) {
  302. t = lbnSub1_32((BNWORD32 *)dest->ptr BIGLITTLE(-s,+s),
  303. d-s, t);
  304. MALLOCDB;
  305. }
  306. if (t) {
  307. lbnNeg_32((BNWORD32 *)dest->ptr, d);
  308. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr,
  309. dest->size);
  310. MALLOCDB;
  311. return 1;
  312. }
  313. }
  314. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dest->size);
  315. return 0;
  316. }
  317. /*
  318. * Compare the BigNum to the given value, which must be < 65536.
  319. * Returns -1. 0 or 1 if a<b, a == b or a>b.
  320. * a <=> b --> bnCmpQ(a,b) <=> 0
  321. */
  322. int
  323. bnCmpQ_32(struct BigNum const *a, unsigned b)
  324. {
  325. unsigned t;
  326. BNWORD32 v;
  327. t = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
  328. /* If a is more than one word long or zero, it's easy... */
  329. if (t != 1)
  330. return (t > 1) ? 1 : (b ? -1 : 0);
  331. v = (unsigned)((BNWORD32 *)a->ptr)[BIGLITTLE(-1,0)];
  332. return (v > b) ? 1 : ((v < b) ? -1 : 0);
  333. }
  334. /* Set dest to a small value */
  335. int
  336. bnSetQ_32(struct BigNum *dest, unsigned src)
  337. {
  338. if (src) {
  339. bnSizeCheck(dest, 1);
  340. ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1,0)] = (BNWORD32)src;
  341. dest->size = 1;
  342. } else {
  343. dest->size = 0;
  344. }
  345. return 0;
  346. }
  347. /* dest += src */
  348. int
  349. bnAddQ_32(struct BigNum *dest, unsigned src)
  350. {
  351. BNWORD32 t;
  352. if (!dest->size)
  353. return bnSetQ(dest, src);
  354. t = lbnAdd1_32((BNWORD32 *)dest->ptr, dest->size, (BNWORD32)src);
  355. MALLOCDB;
  356. if (t) {
  357. src = dest->size;
  358. bnSizeCheck(dest, src+1);
  359. ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1-src,src)] = t;
  360. dest->size = src+1;
  361. }
  362. return 0;
  363. }
  364. /*
  365. * Return value as for bnSub: 1 if subtract underflowed, in which
  366. * case the return is the negative of the computed value.
  367. */
  368. int
  369. bnSubQ_32(struct BigNum *dest, unsigned src)
  370. {
  371. BNWORD32 t;
  372. if (!dest->size)
  373. return bnSetQ(dest, src) < 0 ? -1 : (src != 0);
  374. t = lbnSub1_32((BNWORD32 *)dest->ptr, dest->size, src);
  375. MALLOCDB;
  376. if (t) {
  377. /* Underflow. <= 1 word, so do it simply. */
  378. lbnNeg_32((BNWORD32 *)dest->ptr, 1);
  379. dest->size = 1;
  380. return 1;
  381. }
  382. /* Try to normalize? Needing this is going to be pretty damn rare. */
  383. /* dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dest->size); */
  384. return 0;
  385. }
  386. /*
  387. * Compare two BigNums. Returns -1. 0 or 1 if a<b, a == b or a>b.
  388. * a <=> b --> bnCmp(a,b) <=> 0
  389. */
  390. int
  391. bnCmp_32(struct BigNum const *a, struct BigNum const *b)
  392. {
  393. unsigned s, t;
  394. s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
  395. t = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
  396. if (s != t)
  397. return s > t ? 1 : -1;
  398. return lbnCmp_32((BNWORD32 *)a->ptr, (BNWORD32 *)b->ptr, s);
  399. }
  400. /* dest = src*src. This is more efficient than bnMul. */
  401. int
  402. bnSquare_32(struct BigNum *dest, struct BigNum const *src)
  403. {
  404. unsigned s;
  405. BNWORD32 *srcbuf;
  406. s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
  407. if (!s) {
  408. dest->size = 0;
  409. return 0;
  410. }
  411. bnSizeCheck(dest, 2*s);
  412. if (src == dest) {
  413. LBNALLOC(srcbuf, BNWORD32, s);
  414. if (!srcbuf)
  415. return -1;
  416. lbnCopy_32(srcbuf, (BNWORD32 *)src->ptr, s);
  417. lbnSquare_32((BNWORD32 *)dest->ptr, (BNWORD32 *)srcbuf, s);
  418. LBNFREE(srcbuf, s);
  419. } else {
  420. lbnSquare_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
  421. }
  422. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, 2*s);
  423. MALLOCDB;
  424. return 0;
  425. }
  426. /* dest = a * b. Any overlap between operands is allowed. */
  427. int
  428. bnMul_32(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
  429. {
  430. unsigned s, t;
  431. BNWORD32 *srcbuf;
  432. s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
  433. t = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
  434. if (!s || !t) {
  435. dest->size = 0;
  436. return 0;
  437. }
  438. if (a == b)
  439. return bnSquare_32(dest, a);
  440. bnSizeCheck(dest, s+t);
  441. if (dest == a) {
  442. LBNALLOC(srcbuf, BNWORD32, s);
  443. if (!srcbuf)
  444. return -1;
  445. lbnCopy_32(srcbuf, (BNWORD32 *)a->ptr, s);
  446. lbnMul_32((BNWORD32 *)dest->ptr, srcbuf, s,
  447. (BNWORD32 *)b->ptr, t);
  448. LBNFREE(srcbuf, s);
  449. } else if (dest == b) {
  450. LBNALLOC(srcbuf, BNWORD32, t);
  451. if (!srcbuf)
  452. return -1;
  453. lbnCopy_32(srcbuf, (BNWORD32 *)b->ptr, t);
  454. lbnMul_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s,
  455. srcbuf, t);
  456. LBNFREE(srcbuf, t);
  457. } else {
  458. lbnMul_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s,
  459. (BNWORD32 *)b->ptr, t);
  460. }
  461. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s+t);
  462. MALLOCDB;
  463. return 0;
  464. }
  465. /* dest = a * b */
  466. int
  467. bnMulQ_32(struct BigNum *dest, struct BigNum const *a, unsigned b)
  468. {
  469. unsigned s;
  470. s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
  471. if (!s || !b) {
  472. dest->size = 0;
  473. return 0;
  474. }
  475. if (b == 1)
  476. return bnCopy_32(dest, a);
  477. bnSizeCheck(dest, s+1);
  478. lbnMulN1_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s, b);
  479. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s+1);
  480. MALLOCDB;
  481. return 0;
  482. }
  483. /* q = n/d, r = n % d */
  484. int
  485. bnDivMod_32(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
  486. struct BigNum const *d)
  487. {
  488. unsigned dsize, nsize;
  489. BNWORD32 qhigh;
  490. dsize = lbnNorm_32((BNWORD32 *)d->ptr, d->size);
  491. nsize = lbnNorm_32((BNWORD32 *)n->ptr, n->size);
  492. if (nsize < dsize) {
  493. q->size = 0; /* No quotient */
  494. r->size = nsize;
  495. return 0; /* Success */
  496. }
  497. bnSizeCheck(q, nsize-dsize);
  498. if (r != n) { /* You are allowed to reduce in place */
  499. bnSizeCheck(r, nsize);
  500. lbnCopy_32((BNWORD32 *)r->ptr, (BNWORD32 *)n->ptr, nsize);
  501. }
  502. qhigh = lbnDiv_32((BNWORD32 *)q->ptr, (BNWORD32 *)r->ptr, nsize,
  503. (BNWORD32 *)d->ptr, dsize);
  504. nsize -= dsize;
  505. if (qhigh) {
  506. bnSizeCheck(q, nsize+1);
  507. *((BNWORD32 *)q->ptr BIGLITTLE(-nsize-1,+nsize)) = qhigh;
  508. q->size = nsize+1;
  509. } else {
  510. q->size = lbnNorm_32((BNWORD32 *)q->ptr, nsize);
  511. }
  512. r->size = lbnNorm_32((BNWORD32 *)r->ptr, dsize);
  513. MALLOCDB;
  514. return 0;
  515. }
  516. /* det = src % d */
  517. int
  518. bnMod_32(struct BigNum *dest, struct BigNum const *src, struct BigNum const *d)
  519. {
  520. unsigned dsize, nsize;
  521. nsize = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
  522. dsize = lbnNorm_32((BNWORD32 *)d->ptr, d->size);
  523. if (dest != src) {
  524. bnSizeCheck(dest, nsize);
  525. lbnCopy_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, nsize);
  526. }
  527. if (nsize < dsize) {
  528. dest->size = nsize; /* No quotient */
  529. return 0;
  530. }
  531. (void)lbnDiv_32((BNWORD32 *)dest->ptr BIGLITTLE(-dsize,+dsize),
  532. (BNWORD32 *)dest->ptr, nsize,
  533. (BNWORD32 *)d->ptr, dsize);
  534. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dsize);
  535. MALLOCDB;
  536. return 0;
  537. }
  538. /* return src % d. */
  539. unsigned
  540. bnModQ_32(struct BigNum const *src, unsigned d)
  541. {
  542. unsigned s;
  543. s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
  544. if (!s)
  545. return 0;
  546. if (d & (d-1)) /* Not a power of 2 */
  547. d = lbnModQ_32((BNWORD32 *)src->ptr, s, d);
  548. else
  549. d = (unsigned)((BNWORD32 *)src->ptr)[BIGLITTLE(-1,0)] & (d-1);
  550. return d;
  551. }
  552. /* dest = n^exp (mod mod) */
  553. int
  554. bnExpMod_32(struct BigNum *dest, struct BigNum const *n,
  555. struct BigNum const *exp, struct BigNum const *mod)
  556. {
  557. unsigned nsize, esize, msize;
  558. nsize = lbnNorm_32((BNWORD32 *)n->ptr, n->size);
  559. esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
  560. msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  561. if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
  562. return -1; /* Illegal modulus! */
  563. bnSizeCheck(dest, msize);
  564. /* Special-case base of 2 */
  565. if (nsize == 1 && ((BNWORD32 *)n->ptr)[BIGLITTLE(-1,0)] == 2) {
  566. if (lbnTwoExpMod_32((BNWORD32 *)dest->ptr,
  567. (BNWORD32 *)exp->ptr, esize,
  568. (BNWORD32 *)mod->ptr, msize) < 0)
  569. return -1;
  570. } else {
  571. if (lbnExpMod_32((BNWORD32 *)dest->ptr,
  572. (BNWORD32 *)n->ptr, nsize,
  573. (BNWORD32 *)exp->ptr, esize,
  574. (BNWORD32 *)mod->ptr, msize) < 0)
  575. return -1;
  576. }
  577. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
  578. MALLOCDB;
  579. return 0;
  580. }
  581. /*
  582. * dest = n1^e1 * n2^e2 (mod mod). This is more efficient than two
  583. * separate modular exponentiations, and in fact asymptotically approaches
  584. * the cost of one.
  585. */
  586. int
  587. bnDoubleExpMod_32(struct BigNum *dest,
  588. struct BigNum const *n1, struct BigNum const *e1,
  589. struct BigNum const *n2, struct BigNum const *e2,
  590. struct BigNum const *mod)
  591. {
  592. unsigned n1size, e1size, n2size, e2size, msize;
  593. n1size = lbnNorm_32((BNWORD32 *)n1->ptr, n1->size);
  594. e1size = lbnNorm_32((BNWORD32 *)e1->ptr, e1->size);
  595. n2size = lbnNorm_32((BNWORD32 *)n2->ptr, n2->size);
  596. e2size = lbnNorm_32((BNWORD32 *)e2->ptr, e2->size);
  597. msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  598. if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
  599. return -1; /* Illegal modulus! */
  600. bnSizeCheck(dest, msize);
  601. if (lbnDoubleExpMod_32((BNWORD32 *)dest->ptr,
  602. (BNWORD32 *)n1->ptr, n1size, (BNWORD32 *)e1->ptr, e1size,
  603. (BNWORD32 *)n2->ptr, n2size, (BNWORD32 *)e2->ptr, e2size,
  604. (BNWORD32 *)mod->ptr, msize) < 0)
  605. return -1;
  606. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
  607. MALLOCDB;
  608. return 0;
  609. }
  610. /* n = 2^exp (mod mod) */
  611. int
  612. bnTwoExpMod_32(struct BigNum *n, struct BigNum const *exp,
  613. struct BigNum const *mod)
  614. {
  615. unsigned esize, msize;
  616. esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
  617. msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  618. if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
  619. return -1; /* Illegal modulus! */
  620. bnSizeCheck(n, msize);
  621. if (lbnTwoExpMod_32((BNWORD32 *)n->ptr, (BNWORD32 *)exp->ptr, esize,
  622. (BNWORD32 *)mod->ptr, msize) < 0)
  623. return -1;
  624. n->size = lbnNorm_32((BNWORD32 *)n->ptr, msize);
  625. MALLOCDB;
  626. return 0;
  627. }
  628. /* dest = gcd(a, b) */
  629. int
  630. bnGcd_32(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
  631. {
  632. BNWORD32 *tmp;
  633. unsigned asize, bsize;
  634. int i;
  635. /* Kind of silly, but we might as well permit it... */
  636. if (a == b)
  637. return dest == a ? 0 : bnCopy(dest, a);
  638. /* Ensure a is not the same as "dest" */
  639. if (a == dest) {
  640. a = b;
  641. b = dest;
  642. }
  643. asize = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
  644. bsize = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
  645. bnSizeCheck(dest, bsize+1);
  646. /* Copy a to tmp */
  647. LBNALLOC(tmp, BNWORD32, asize+1);
  648. if (!tmp)
  649. return -1;
  650. lbnCopy_32(tmp, (BNWORD32 *)a->ptr, asize);
  651. /* Copy b to dest, if necessary */
  652. if (dest != b)
  653. lbnCopy_32((BNWORD32 *)dest->ptr,
  654. (BNWORD32 *)b->ptr, bsize);
  655. if (bsize > asize || (bsize == asize &&
  656. lbnCmp_32((BNWORD32 *)b->ptr, (BNWORD32 *)a->ptr, asize) > 0))
  657. {
  658. i = lbnGcd_32((BNWORD32 *)dest->ptr, bsize, tmp, asize,
  659. &dest->size);
  660. if (i > 0) /* Result in tmp, not dest */
  661. lbnCopy_32((BNWORD32 *)dest->ptr, tmp, dest->size);
  662. } else {
  663. i = lbnGcd_32(tmp, asize, (BNWORD32 *)dest->ptr, bsize,
  664. &dest->size);
  665. if (i == 0) /* Result in tmp, not dest */
  666. lbnCopy_32((BNWORD32 *)dest->ptr, tmp, dest->size);
  667. }
  668. LBNFREE(tmp, asize+1);
  669. MALLOCDB;
  670. return (i < 0) ? i : 0;
  671. }
  672. /*
  673. * dest = 1/src (mod mod). Returns >0 if gcd(src, mod) != 1 (in which case
  674. * the inverse does not exist).
  675. */
  676. int
  677. bnInv_32(struct BigNum *dest, struct BigNum const *src,
  678. struct BigNum const *mod)
  679. {
  680. unsigned s, m;
  681. int i;
  682. s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
  683. m = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  684. /* lbnInv_32 requires that the input be less than the modulus */
  685. if (m < s ||
  686. (m==s && lbnCmp_32((BNWORD32 *)src->ptr, (BNWORD32 *)mod->ptr, s)))
  687. {
  688. bnSizeCheck(dest, s + (m==s));
  689. if (dest != src)
  690. lbnCopy_32((BNWORD32 *)dest->ptr,
  691. (BNWORD32 *)src->ptr, s);
  692. /* Pre-reduce modulo the modulus */
  693. (void)lbnDiv_32((BNWORD32 *)dest->ptr BIGLITTLE(-m,+m),
  694. (BNWORD32 *)dest->ptr, s,
  695. (BNWORD32 *)mod->ptr, m);
  696. s = lbnNorm_32((BNWORD32 *)dest->ptr, m);
  697. MALLOCDB;
  698. } else {
  699. bnSizeCheck(dest, m+1);
  700. if (dest != src)
  701. lbnCopy_32((BNWORD32 *)dest->ptr,
  702. (BNWORD32 *)src->ptr, s);
  703. }
  704. i = lbnInv_32((BNWORD32 *)dest->ptr, s, (BNWORD32 *)mod->ptr, m);
  705. if (i == 0)
  706. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, m);
  707. MALLOCDB;
  708. return i;
  709. }
  710. /*
  711. * Shift a bignum left the appropriate number of bits,
  712. * multiplying by 2^amt.
  713. */
  714. int
  715. bnLShift_32(struct BigNum *dest, unsigned amt)
  716. {
  717. unsigned s = dest->size;
  718. BNWORD32 carry;
  719. if (amt % 32) {
  720. carry = lbnLshift_32((BNWORD32 *)dest->ptr, s, amt % 32);
  721. if (carry) {
  722. s++;
  723. bnSizeCheck(dest, s);
  724. ((BNWORD32 *)dest->ptr)[BIGLITTLE(-s,s-1)] = carry;
  725. }
  726. }
  727. amt /= 32;
  728. if (amt) {
  729. bnSizeCheck(dest, s+amt);
  730. memmove((BNWORD32 *)dest->ptr BIGLITTLE(-s-amt, +amt),
  731. (BNWORD32 *)dest->ptr BIG(-s),
  732. s * sizeof(BNWORD32));
  733. lbnZero_32((BNWORD32 *)dest->ptr, amt);
  734. s += amt;
  735. }
  736. dest->size = s;
  737. MALLOCDB;
  738. return 0;
  739. }
  740. /*
  741. * Shift a bignum right the appropriate number of bits,
  742. * dividing by 2^amt.
  743. */
  744. void
  745. bnRShift_32(struct BigNum *dest, unsigned amt)
  746. {
  747. unsigned s = dest->size;
  748. if (amt >= 32) {
  749. memmove(
  750. (BNWORD32 *)dest->ptr BIG(-s+amt/32),
  751. (BNWORD32 *)dest->ptr BIGLITTLE(-s, +amt/32),
  752. (s-amt/32) * sizeof(BNWORD32));
  753. s -= amt/32;
  754. amt %= 32;
  755. }
  756. if (amt)
  757. (void)lbnRshift_32((BNWORD32 *)dest->ptr, s, amt);
  758. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s);
  759. MALLOCDB;
  760. }
  761. /*
  762. * Shift a bignum right until it is odd, and return the number of
  763. * bits shifted. n = d * 2^s. Replaces n with d and returns s.
  764. * Returns 0 when given 0. (Another valid answer is infinity.)
  765. */
  766. unsigned
  767. bnMakeOdd_32(struct BigNum *n)
  768. {
  769. unsigned size;
  770. unsigned s; /* shift amount */
  771. BNWORD32 *p;
  772. BNWORD32 t;
  773. p = (BNWORD32 *)n->ptr;
  774. size = lbnNorm_32(p, n->size);
  775. if (!size)
  776. return 0;
  777. t = BIGLITTLE(p[-1],p[0]);
  778. s = 0;
  779. /* See how many words we have to shift */
  780. if (!t) {
  781. /* Shift by words */
  782. do {
  783. s++;
  784. BIGLITTLE(--p,p++);
  785. } while ((t = BIGLITTLE(p[-1],p[0])) == 0);
  786. size -= s;
  787. s *= 32;
  788. memmove((BNWORD32 *)n->ptr BIG(-size), p BIG(-size),
  789. size * sizeof(BNWORD32));
  790. p = (BNWORD32 *)n->ptr;
  791. MALLOCDB;
  792. }
  793. assert(t);
  794. if (!(t & 1)) {
  795. /* Now count the bits */
  796. do {
  797. t >>= 1;
  798. s++;
  799. } while ((t & 1) == 0);
  800. /* Shift the bits */
  801. lbnRshift_32(p, size, s & (32-1));
  802. /* Renormalize */
  803. if (BIGLITTLE(*(p-size),*(p+(size-1))) == 0)
  804. --size;
  805. }
  806. n->size = size;
  807. MALLOCDB;
  808. return s;
  809. }
  810. /*
  811. * Do base- and modulus-dependent precomputation for rapid computation of
  812. * base^exp (mod mod) with various exponents.
  813. *
  814. * See lbn32.c for the details on how the algorithm works. Basically,
  815. * it involves precomputing a table of powers of base, base^(order^k),
  816. * for a suitable range 0 <= k < n detemined by the maximum exponent size
  817. * desired. To do eht exponentiation, the exponent is expressed in base
  818. * "order" (sorry for the confusing terminology) and the precomputed powers
  819. * are combined.
  820. *
  821. * This implementation allows only power-of-2 values for "order". Using
  822. * other numbers can be more efficient, but it's more work and for the
  823. * popular exponent size of 320 bits, an order of 8 is optimal, so it
  824. * hasn't seemed worth it to implement.
  825. *
  826. * Here's a table of the optimal power-of-2 order for various exponent
  827. * sizes and the associated (average) cost for an exponentiation.
  828. * Note that *higher* orders are more memory-efficient; the number
  829. * of precomputed values required is ceil(ebits/order). (Ignore the
  830. * underscores in the middle of numbers; they're harmless.)
  831. *
  832. * At 2 bits, order 2 uses 0.000000 multiplies
  833. * At 4 bits, order 2 uses 1.000000 multiplies
  834. * At 8 bits, order 2 uses 3.000000 multiplies
  835. * At 1_6 bits, order 2 uses 7.000000 multiplies
  836. * At 3_2 bits, order 2 uses 15.000000 multiplies
  837. * At 34 bits, 15.750000 (order 4) < 1_6.000000 (order 2)
  838. * At 6_4 bits, order 4 uses 27.000000 multiplies
  839. * At 99 bits, 39.875000 (order 8) < 40.250000 (order 4)
  840. * At 128 bits, order 8 uses 48.500000 multiplies
  841. * At 256 bits, order 8 uses 85.875000 multiplies
  842. * At 280 bits, 92.625000 (order 1_6) < 92.875000 (order 8)
  843. * At 512 bits, order 1_6 uses 147.000000 multiplies
  844. * At 785 bits, 211.093750 (order 3_2) < 211.250000 (order 1_6)
  845. * At 1024 bits, order 3_2 uses 257.562500 multiplies
  846. * At 2048 bits, order 3_2 uses 456.093750 multiplies
  847. * At 2148 bits, 475.406250 (order 6_4) < 475.468750 (order 3_2)
  848. * At 4096 bits, order 6_4 uses 795.281250 multiplies
  849. * At 5726 bits, 1062.609375 (order 128) < 1062.843750 (order 6_4)
  850. * At 8192 bits, order 128 uses 1412.609375 multiplies
  851. * At 14848 bits, 2355.750000 (order 256) < 2355.929688 (order 128)
  852. * At 37593 bits, 5187.841797 (order 512) < 5188.144531 (order 256)
  853. */
  854. int
  855. bnBasePrecompBegin_32(struct BnBasePrecomp *pre, struct BigNum const *base,
  856. struct BigNum const *mod, unsigned maxebits)
  857. {
  858. int i;
  859. BNWORD32 **array; /* Array of precomputed powers of base */
  860. unsigned n; /* Number of entries in array (needed) */
  861. unsigned m; /* Number of entries in array (non-NULL) */
  862. unsigned arraysize; /* Number of entries in array (allocated) */
  863. unsigned bits; /* log2(order) */
  864. unsigned msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  865. static unsigned const bnBasePrecompThreshTable[] = {
  866. 33, 98, 279, 784, 2147, 5725, 14847, 37592, (unsigned)-1
  867. };
  868. /* Clear pre in case of failure */
  869. pre->array = 0;
  870. pre->msize = 0;
  871. pre->bits = 0;
  872. pre->maxebits = 0;
  873. pre->arraysize = 0;
  874. pre->entries = 0;
  875. /* Find the correct bit-window size */
  876. bits = 0;
  877. do
  878. bits++;
  879. while (maxebits > bnBasePrecompThreshTable[bits]);
  880. /* Now the number of precomputed values we need */
  881. n = (maxebits+bits-1)/bits;
  882. assert(n*bits >= maxebits);
  883. arraysize = n+1; /* Add one trailing NULL for safety */
  884. array = lbnMemAlloc(arraysize * sizeof(*array));
  885. if (!array)
  886. return -1; /* Out of memory */
  887. /* Now allocate the entries (precomputed powers of base) */
  888. for (m = 0; m < n; m++) {
  889. BNWORD32 *entry;
  890. LBNALLOC(entry, BNWORD32, msize);
  891. if (!entry)
  892. break;
  893. array[m] = entry;
  894. }
  895. /* "m" is the number of successfully allocated entries */
  896. if (m < n) {
  897. /* Ran out of memory; see if we can use a smaller array */
  898. BNWORD32 **newarray;
  899. if (m < 2) {
  900. n = 0; /* Forget it */
  901. } else {
  902. /* How few bits can we use with what's allocated? */
  903. bits = (maxebits + m - 1) / m;
  904. retry:
  905. n = (maxebits + bits - 1) / bits;
  906. if (! (n >> bits) )
  907. n = 0; /* Not enough to amount to anything */
  908. }
  909. /* Free excess allocated array entries */
  910. while (m > n) {
  911. BNWORD32 *entry = array[--m];
  912. LBNFREE(entry, msize);
  913. }
  914. if (!n) {
  915. /* Give it up */
  916. lbnMemFree(array, arraysize * sizeof(*array));
  917. return -1;
  918. }
  919. /*
  920. * Try to shrink the pointer array. This might fail, but
  921. * it's not critical. lbnMemRealloc isn't guarnateed to
  922. * exist, so we may have to allocate, copy, and free.
  923. */
  924. #ifdef lbnMemRealloc
  925. newarray = lbnMemRealloc(array, arraysize * sizeof(*array),
  926. (n+1) * sizeof(*array));
  927. if (newarray) {
  928. array = newarray;
  929. arraysize = n+1;
  930. }
  931. #else
  932. newarray = lbnMemAlloc((n+1) * sizeof(*array));
  933. if (newarray) {
  934. memcpy(newarray, array, n * sizeof(*array));
  935. lbnMemFree(array, arraysize * sizeof(*array));
  936. array = newarray;
  937. arraysize = n+1;
  938. }
  939. #endif
  940. }
  941. /* Pad with null pointers */
  942. while (m < arraysize)
  943. array[m++] = 0;
  944. /* Okay, we have our array, now initialize it */
  945. i = lbnBasePrecompBegin_32(array, n, bits,
  946. (BNWORD32 *)base->ptr, base->size,
  947. (BNWORD32 *)mod->ptr, msize);
  948. if (i < 0) {
  949. /* Ack, still out of memory */
  950. bits++;
  951. m = n;
  952. goto retry;
  953. }
  954. /* Finally, totoal success */
  955. pre->array = array;
  956. pre->bits = bits;
  957. pre->msize = msize;
  958. pre->maxebits = n * bits;
  959. pre->arraysize = arraysize;
  960. pre->entries = n;
  961. return 0;
  962. }
  963. /* Free everything preallocated */
  964. void
  965. bnBasePrecompEnd_32(struct BnBasePrecomp *pre)
  966. {
  967. BNWORD32 **array = pre->array;
  968. if (array) {
  969. unsigned entries = pre->entries;
  970. unsigned msize = pre->msize;
  971. unsigned m;
  972. for (m = 0; m < entries; m++) {
  973. BNWORD32 *entry = array[m];
  974. if (entry)
  975. LBNFREE(entry, msize);
  976. }
  977. lbnMemFree(array, pre->arraysize * sizeof(array));
  978. }
  979. pre->array = 0;
  980. pre->bits = 0;
  981. pre->msize = 0;
  982. pre->maxebits = 0;
  983. pre->arraysize = 0;
  984. pre->entries = 0;
  985. }
  986. int
  987. bnBasePrecompExpMod_32(struct BigNum *dest, struct BnBasePrecomp const *pre,
  988. struct BigNum const *exp, struct BigNum const *mod)
  989. {
  990. unsigned msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  991. unsigned esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
  992. BNWORD32 const * const *array = pre->array;
  993. int i;
  994. assert(msize == pre->msize);
  995. assert(((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
  996. assert(lbnBits_32((BNWORD32 *)exp->ptr, esize) <= pre->maxebits);
  997. bnSizeCheck(dest, msize);
  998. i = lbnBasePrecompExp_32(dest->ptr, array, pre->bits,
  999. exp->ptr, esize, mod->ptr, msize);
  1000. if (i == 0)
  1001. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
  1002. return i;
  1003. }
  1004. int
  1005. bnDoubleBasePrecompExpMod_32(struct BigNum *dest,
  1006. struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
  1007. struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
  1008. struct BigNum const *mod)
  1009. {
  1010. unsigned msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
  1011. unsigned e1size = lbnNorm_32((BNWORD32 *)exp1->ptr, exp1->size);
  1012. unsigned e2size = lbnNorm_32((BNWORD32 *)exp1->ptr, exp2->size);
  1013. BNWORD32 const * const *array1 = pre1->array;
  1014. BNWORD32 const * const *array2 = pre2->array;
  1015. int i;
  1016. assert(msize == pre1->msize);
  1017. assert(msize == pre2->msize);
  1018. assert(((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
  1019. assert(lbnBits_32((BNWORD32 *)exp1->ptr, e1size) <= pre1->maxebits);
  1020. assert(lbnBits_32((BNWORD32 *)exp2->ptr, e2size) <= pre2->maxebits);
  1021. assert(pre1->bits == pre2->bits);
  1022. bnSizeCheck(dest, msize);
  1023. i = lbnDoubleBasePrecompExp_32(dest->ptr, pre1->bits, array1,
  1024. exp1->ptr, e1size, array2, exp2->ptr, e2size,
  1025. mod->ptr, msize);
  1026. if (i == 0)
  1027. dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
  1028. return i;
  1029. }