1 1.1 mrg /* 2 1.1 mrg Name: imath.c 3 1.1 mrg Purpose: Arbitrary precision integer arithmetic routines. 4 1.1 mrg Author: M. J. Fromberger 5 1.1 mrg 6 1.1 mrg Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. 7 1.1 mrg 8 1.1 mrg Permission is hereby granted, free of charge, to any person obtaining a copy 9 1.1 mrg of this software and associated documentation files (the "Software"), to deal 10 1.1 mrg in the Software without restriction, including without limitation the rights 11 1.1 mrg to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 1.1 mrg copies of the Software, and to permit persons to whom the Software is 13 1.1 mrg furnished to do so, subject to the following conditions: 14 1.1 mrg 15 1.1 mrg The above copyright notice and this permission notice shall be included in 16 1.1 mrg all copies or substantial portions of the Software. 17 1.1 mrg 18 1.1 mrg THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 1.1 mrg IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 1.1 mrg FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 1.1 mrg AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 1.1 mrg LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 1.1 mrg OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 24 1.1 mrg SOFTWARE. 25 1.1 mrg */ 26 1.1 mrg 27 1.1 mrg #include "imath.h" 28 1.1 mrg 29 1.1 mrg #include <assert.h> 30 1.1 mrg #include <ctype.h> 31 1.1 mrg #include <stdlib.h> 32 1.1 mrg #include <string.h> 33 1.1 mrg 34 1.1 mrg const mp_result MP_OK = 0; /* no error, all is well */ 35 1.1 mrg const mp_result MP_FALSE = 0; /* boolean false */ 36 1.1 mrg const mp_result MP_TRUE = -1; /* boolean true */ 37 1.1 mrg const mp_result MP_MEMORY = -2; /* out of memory */ 38 1.1 mrg const mp_result MP_RANGE = -3; /* argument out of range */ 39 1.1 mrg const mp_result MP_UNDEF = -4; /* result undefined */ 40 1.1 mrg const mp_result MP_TRUNC = -5; /* output truncated */ 41 1.1 mrg const mp_result MP_BADARG = -6; /* invalid null argument */ 42 1.1 mrg const mp_result MP_MINERR = -6; 43 1.1 mrg 44 1.1 mrg const mp_sign MP_NEG = 1; /* value is strictly negative */ 45 1.1 mrg const mp_sign MP_ZPOS = 0; /* value is non-negative */ 46 1.1 mrg 47 1.1 mrg static const char *s_unknown_err = "unknown result code"; 48 1.1 mrg static const char *s_error_msg[] = {"error code 0", "boolean true", 49 1.1 mrg "out of memory", "argument out of range", 50 1.1 mrg "result undefined", "output truncated", 51 1.1 mrg "invalid argument", NULL}; 52 1.1 mrg 53 1.1 mrg /* The ith entry of this table gives the value of log_i(2). 54 1.1 mrg 55 1.1 mrg An integer value n requires ceil(log_i(n)) digits to be represented 56 1.1 mrg in base i. Since it is easy to compute lg(n), by counting bits, we 57 1.1 mrg can compute log_i(n) = lg(n) * log_i(2). 58 1.1 mrg 59 1.1 mrg The use of this table eliminates a dependency upon linkage against 60 1.1 mrg the standard math libraries. 61 1.1 mrg 62 1.1 mrg If MP_MAX_RADIX is increased, this table should be expanded too. 63 1.1 mrg */ 64 1.1 mrg static const double s_log2[] = { 65 1.1 mrg 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* (D)(D) 2 3 */ 66 1.1 mrg 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */ 67 1.1 mrg 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */ 68 1.1 mrg 0.278942946, 0.270238154, 0.262649535, 0.255958025, /* 12 13 14 15 */ 69 1.1 mrg 0.250000000, 0.244650542, 0.239812467, 0.235408913, /* 16 17 18 19 */ 70 1.1 mrg 0.231378213, 0.227670249, 0.224243824, 0.221064729, /* 20 21 22 23 */ 71 1.1 mrg 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ 72 1.1 mrg 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ 73 1.1 mrg 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ 74 1.1 mrg 0.193426404, /* 36 */ 75 1.1 mrg }; 76 1.1 mrg 77 1.1 mrg /* Return the number of digits needed to represent a static value */ 78 1.1 mrg #define MP_VALUE_DIGITS(V) \ 79 1.1 mrg ((sizeof(V) + (sizeof(mp_digit) - 1)) / sizeof(mp_digit)) 80 1.1 mrg 81 1.1 mrg /* Round precision P to nearest word boundary */ 82 1.1 mrg static inline mp_size s_round_prec(mp_size P) { return 2 * ((P + 1) / 2); } 83 1.1 mrg 84 1.1 mrg /* Set array P of S digits to zero */ 85 1.1 mrg static inline void ZERO(mp_digit *P, mp_size S) { 86 1.1 mrg mp_size i__ = S * sizeof(mp_digit); 87 1.1 mrg mp_digit *p__ = P; 88 1.1 mrg memset(p__, 0, i__); 89 1.1 mrg } 90 1.1 mrg 91 1.1 mrg /* Copy S digits from array P to array Q */ 92 1.1 mrg static inline void COPY(mp_digit *P, mp_digit *Q, mp_size S) { 93 1.1 mrg mp_size i__ = S * sizeof(mp_digit); 94 1.1 mrg mp_digit *p__ = P; 95 1.1 mrg mp_digit *q__ = Q; 96 1.1 mrg memcpy(q__, p__, i__); 97 1.1 mrg } 98 1.1 mrg 99 1.1 mrg /* Reverse N elements of unsigned char in A. */ 100 1.1 mrg static inline void REV(unsigned char *A, int N) { 101 1.1 mrg unsigned char *u_ = A; 102 1.1 mrg unsigned char *v_ = u_ + N - 1; 103 1.1 mrg while (u_ < v_) { 104 1.1 mrg unsigned char xch = *u_; 105 1.1 mrg *u_++ = *v_; 106 1.1 mrg *v_-- = xch; 107 1.1 mrg } 108 1.1 mrg } 109 1.1 mrg 110 1.1 mrg /* Strip leading zeroes from z_ in-place. */ 111 1.1 mrg static inline void CLAMP(mp_int z_) { 112 1.1 mrg mp_size uz_ = MP_USED(z_); 113 1.1 mrg mp_digit *dz_ = MP_DIGITS(z_) + uz_ - 1; 114 1.1 mrg while (uz_ > 1 && (*dz_-- == 0)) --uz_; 115 1.1 mrg z_->used = uz_; 116 1.1 mrg } 117 1.1 mrg 118 1.1 mrg /* Select min/max. */ 119 1.1 mrg static inline int MIN(int A, int B) { return (B < A ? B : A); } 120 1.1 mrg static inline mp_size MAX(mp_size A, mp_size B) { return (B > A ? B : A); } 121 1.1 mrg 122 1.1 mrg /* Exchange lvalues A and B of type T, e.g. 123 1.1 mrg SWAP(int, x, y) where x and y are variables of type int. */ 124 1.1 mrg #define SWAP(T, A, B) \ 125 1.1 mrg do { \ 126 1.1 mrg T t_ = (A); \ 127 1.1 mrg A = (B); \ 128 1.1 mrg B = t_; \ 129 1.1 mrg } while (0) 130 1.1 mrg 131 1.1 mrg /* Declare a block of N temporary mpz_t values. 132 1.1 mrg These values are initialized to zero. 133 1.1 mrg You must add CLEANUP_TEMP() at the end of the function. 134 1.1 mrg Use TEMP(i) to access a pointer to the ith value. 135 1.1 mrg */ 136 1.1 mrg #define DECLARE_TEMP(N) \ 137 1.1 mrg struct { \ 138 1.1 mrg mpz_t value[(N)]; \ 139 1.1 mrg int len; \ 140 1.1 mrg mp_result err; \ 141 1.1 mrg } temp_ = { \ 142 1.1 mrg .len = (N), \ 143 1.1 mrg .err = MP_OK, \ 144 1.1 mrg }; \ 145 1.1 mrg do { \ 146 1.1 mrg for (int i = 0; i < temp_.len; i++) { \ 147 1.1 mrg mp_int_init(TEMP(i)); \ 148 1.1 mrg } \ 149 1.1 mrg } while (0) 150 1.1 mrg 151 1.1 mrg /* Clear all allocated temp values. */ 152 1.1 mrg #define CLEANUP_TEMP() \ 153 1.1 mrg CLEANUP: \ 154 1.1 mrg do { \ 155 1.1 mrg for (int i = 0; i < temp_.len; i++) { \ 156 1.1 mrg mp_int_clear(TEMP(i)); \ 157 1.1 mrg } \ 158 1.1 mrg if (temp_.err != MP_OK) { \ 159 1.1 mrg return temp_.err; \ 160 1.1 mrg } \ 161 1.1 mrg } while (0) 162 1.1 mrg 163 1.1 mrg /* A pointer to the kth temp value. */ 164 1.1 mrg #define TEMP(K) (temp_.value + (K)) 165 1.1 mrg 166 1.1 mrg /* Evaluate E, an expression of type mp_result expected to return MP_OK. If 167 1.1 mrg the value is not MP_OK, the error is cached and control resumes at the 168 1.1 mrg cleanup handler, which returns it. 169 1.1 mrg */ 170 1.1 mrg #define REQUIRE(E) \ 171 1.1 mrg do { \ 172 1.1 mrg temp_.err = (E); \ 173 1.1 mrg if (temp_.err != MP_OK) goto CLEANUP; \ 174 1.1 mrg } while (0) 175 1.1 mrg 176 1.1 mrg /* Compare value to zero. */ 177 1.1 mrg static inline int CMPZ(mp_int Z) { 178 1.1 mrg if (Z->used == 1 && Z->digits[0] == 0) return 0; 179 1.1 mrg return (Z->sign == MP_NEG) ? -1 : 1; 180 1.1 mrg } 181 1.1 mrg 182 1.1 mrg static inline mp_word UPPER_HALF(mp_word W) { return (W >> MP_DIGIT_BIT); } 183 1.1 mrg static inline mp_digit LOWER_HALF(mp_word W) { return (mp_digit)(W); } 184 1.1 mrg 185 1.1 mrg /* Report whether the highest-order bit of W is 1. */ 186 1.1 mrg static inline bool HIGH_BIT_SET(mp_word W) { 187 1.1 mrg return (W >> (MP_WORD_BIT - 1)) != 0; 188 1.1 mrg } 189 1.1 mrg 190 1.1 mrg /* Report whether adding W + V will carry out. */ 191 1.1 mrg static inline bool ADD_WILL_OVERFLOW(mp_word W, mp_word V) { 192 1.1 mrg return ((MP_WORD_MAX - V) < W); 193 1.1 mrg } 194 1.1 mrg 195 1.1 mrg /* Default number of digits allocated to a new mp_int */ 196 1.1 mrg static mp_size default_precision = 8; 197 1.1 mrg 198 1.1 mrg void mp_int_default_precision(mp_size size) { 199 1.1 mrg assert(size > 0); 200 1.1 mrg default_precision = size; 201 1.1 mrg } 202 1.1 mrg 203 1.1 mrg /* Minimum number of digits to invoke recursive multiply */ 204 1.1 mrg static mp_size multiply_threshold = 32; 205 1.1 mrg 206 1.1 mrg void mp_int_multiply_threshold(mp_size thresh) { 207 1.1 mrg assert(thresh >= sizeof(mp_word)); 208 1.1 mrg multiply_threshold = thresh; 209 1.1 mrg } 210 1.1 mrg 211 1.1 mrg /* Allocate a buffer of (at least) num digits, or return 212 1.1 mrg NULL if that couldn't be done. */ 213 1.1 mrg static mp_digit *s_alloc(mp_size num); 214 1.1 mrg 215 1.1 mrg /* Release a buffer of digits allocated by s_alloc(). */ 216 1.1 mrg static void s_free(void *ptr); 217 1.1 mrg 218 1.1 mrg /* Insure that z has at least min digits allocated, resizing if 219 1.1 mrg necessary. Returns true if successful, false if out of memory. */ 220 1.1 mrg static bool s_pad(mp_int z, mp_size min); 221 1.1 mrg 222 1.1 mrg /* Ensure Z has at least N digits allocated. */ 223 1.1 mrg static inline mp_result GROW(mp_int Z, mp_size N) { 224 1.1 mrg return s_pad(Z, N) ? MP_OK : MP_MEMORY; 225 1.1 mrg } 226 1.1 mrg 227 1.1 mrg /* Fill in a "fake" mp_int on the stack with a given value */ 228 1.1 mrg static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]); 229 1.1 mrg static void s_ufake(mp_int z, mp_usmall value, mp_digit vbuf[]); 230 1.1 mrg 231 1.1 mrg /* Compare two runs of digits of given length, returns <0, 0, >0 */ 232 1.1 mrg static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); 233 1.1 mrg 234 1.1 mrg /* Pack the unsigned digits of v into array t */ 235 1.1 mrg static int s_uvpack(mp_usmall v, mp_digit t[]); 236 1.1 mrg 237 1.1 mrg /* Compare magnitudes of a and b, returns <0, 0, >0 */ 238 1.1 mrg static int s_ucmp(mp_int a, mp_int b); 239 1.1 mrg 240 1.1 mrg /* Compare magnitudes of a and v, returns <0, 0, >0 */ 241 1.1 mrg static int s_vcmp(mp_int a, mp_small v); 242 1.1 mrg static int s_uvcmp(mp_int a, mp_usmall uv); 243 1.1 mrg 244 1.1 mrg /* Unsigned magnitude addition; assumes dc is big enough. 245 1.1 mrg Carry out is returned (no memory allocated). */ 246 1.1 mrg static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 247 1.1 mrg mp_size size_b); 248 1.1 mrg 249 1.1 mrg /* Unsigned magnitude subtraction. Assumes dc is big enough. */ 250 1.1 mrg static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 251 1.1 mrg mp_size size_b); 252 1.1 mrg 253 1.1 mrg /* Unsigned recursive multiplication. Assumes dc is big enough. */ 254 1.1 mrg static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 255 1.1 mrg mp_size size_b); 256 1.1 mrg 257 1.1 mrg /* Unsigned magnitude multiplication. Assumes dc is big enough. */ 258 1.1 mrg static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 259 1.1 mrg mp_size size_b); 260 1.1 mrg 261 1.1 mrg /* Unsigned recursive squaring. Assumes dc is big enough. */ 262 1.1 mrg static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a); 263 1.1 mrg 264 1.1 mrg /* Unsigned magnitude squaring. Assumes dc is big enough. */ 265 1.1 mrg static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a); 266 1.1 mrg 267 1.1 mrg /* Single digit addition. Assumes a is big enough. */ 268 1.1 mrg static void s_dadd(mp_int a, mp_digit b); 269 1.1 mrg 270 1.1 mrg /* Single digit multiplication. Assumes a is big enough. */ 271 1.1 mrg static void s_dmul(mp_int a, mp_digit b); 272 1.1 mrg 273 1.1 mrg /* Single digit multiplication on buffers; assumes dc is big enough. */ 274 1.1 mrg static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a); 275 1.1 mrg 276 1.1 mrg /* Single digit division. Replaces a with the quotient, 277 1.1 mrg returns the remainder. */ 278 1.1 mrg static mp_digit s_ddiv(mp_int a, mp_digit b); 279 1.1 mrg 280 1.1 mrg /* Quick division by a power of 2, replaces z (no allocation) */ 281 1.1 mrg static void s_qdiv(mp_int z, mp_size p2); 282 1.1 mrg 283 1.1 mrg /* Quick remainder by a power of 2, replaces z (no allocation) */ 284 1.1 mrg static void s_qmod(mp_int z, mp_size p2); 285 1.1 mrg 286 1.1 mrg /* Quick multiplication by a power of 2, replaces z. 287 1.1 mrg Allocates if necessary; returns false in case this fails. */ 288 1.1 mrg static int s_qmul(mp_int z, mp_size p2); 289 1.1 mrg 290 1.1 mrg /* Quick subtraction from a power of 2, replaces z. 291 1.1 mrg Allocates if necessary; returns false in case this fails. */ 292 1.1 mrg static int s_qsub(mp_int z, mp_size p2); 293 1.1 mrg 294 1.1 mrg /* Return maximum k such that 2^k divides z. */ 295 1.1 mrg static int s_dp2k(mp_int z); 296 1.1 mrg 297 1.1 mrg /* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */ 298 1.1 mrg static int s_isp2(mp_int z); 299 1.1 mrg 300 1.1 mrg /* Set z to 2^k. May allocate; returns false in case this fails. */ 301 1.1 mrg static int s_2expt(mp_int z, mp_small k); 302 1.1 mrg 303 1.1 mrg /* Normalize a and b for division, returns normalization constant */ 304 1.1 mrg static int s_norm(mp_int a, mp_int b); 305 1.1 mrg 306 1.1 mrg /* Compute constant mu for Barrett reduction, given modulus m, result 307 1.1 mrg replaces z, m is untouched. */ 308 1.1 mrg static mp_result s_brmu(mp_int z, mp_int m); 309 1.1 mrg 310 1.1 mrg /* Reduce a modulo m, using Barrett's algorithm. */ 311 1.1 mrg static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2); 312 1.1 mrg 313 1.1 mrg /* Modular exponentiation, using Barrett reduction */ 314 1.1 mrg static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); 315 1.1 mrg 316 1.1 mrg /* Unsigned magnitude division. Assumes |a| > |b|. Allocates temporaries; 317 1.1 mrg overwrites a with quotient, b with remainder. */ 318 1.1 mrg static mp_result s_udiv_knuth(mp_int a, mp_int b); 319 1.1 mrg 320 1.1 mrg /* Compute the number of digits in radix r required to represent the given 321 1.1 mrg value. Does not account for sign flags, terminators, etc. */ 322 1.1 mrg static int s_outlen(mp_int z, mp_size r); 323 1.1 mrg 324 1.1 mrg /* Guess how many digits of precision will be needed to represent a radix r 325 1.1 mrg value of the specified number of digits. Returns a value guaranteed to be 326 1.1 mrg no smaller than the actual number required. */ 327 1.1 mrg static mp_size s_inlen(int len, mp_size r); 328 1.1 mrg 329 1.1 mrg /* Convert a character to a digit value in radix r, or 330 1.1 mrg -1 if out of range */ 331 1.1 mrg static int s_ch2val(char c, int r); 332 1.1 mrg 333 1.1 mrg /* Convert a digit value to a character */ 334 1.1 mrg static char s_val2ch(int v, int caps); 335 1.1 mrg 336 1.1 mrg /* Take 2's complement of a buffer in place */ 337 1.1 mrg static void s_2comp(unsigned char *buf, int len); 338 1.1 mrg 339 1.1 mrg /* Convert a value to binary, ignoring sign. On input, *limpos is the bound on 340 1.1 mrg how many bytes should be written to buf; on output, *limpos is set to the 341 1.1 mrg number of bytes actually written. */ 342 1.1 mrg static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad); 343 1.1 mrg 344 1.1 mrg /* Multiply X by Y into Z, ignoring signs. Requires that Z have enough storage 345 1.1 mrg preallocated to hold the result. */ 346 1.1 mrg static inline void UMUL(mp_int X, mp_int Y, mp_int Z) { 347 1.1 mrg mp_size ua_ = MP_USED(X); 348 1.1 mrg mp_size ub_ = MP_USED(Y); 349 1.1 mrg mp_size o_ = ua_ + ub_; 350 1.1 mrg ZERO(MP_DIGITS(Z), o_); 351 1.1 mrg (void)s_kmul(MP_DIGITS(X), MP_DIGITS(Y), MP_DIGITS(Z), ua_, ub_); 352 1.1 mrg Z->used = o_; 353 1.1 mrg CLAMP(Z); 354 1.1 mrg } 355 1.1 mrg 356 1.1 mrg /* Square X into Z. Requires that Z have enough storage to hold the result. */ 357 1.1 mrg static inline void USQR(mp_int X, mp_int Z) { 358 1.1 mrg mp_size ua_ = MP_USED(X); 359 1.1 mrg mp_size o_ = ua_ + ua_; 360 1.1 mrg ZERO(MP_DIGITS(Z), o_); 361 1.1 mrg (void)s_ksqr(MP_DIGITS(X), MP_DIGITS(Z), ua_); 362 1.1 mrg Z->used = o_; 363 1.1 mrg CLAMP(Z); 364 1.1 mrg } 365 1.1 mrg 366 1.1 mrg mp_result mp_int_init(mp_int z) { 367 1.1 mrg if (z == NULL) return MP_BADARG; 368 1.1 mrg 369 1.1 mrg z->single = 0; 370 1.1 mrg z->digits = &(z->single); 371 1.1 mrg z->alloc = 1; 372 1.1 mrg z->used = 1; 373 1.1 mrg z->sign = MP_ZPOS; 374 1.1 mrg 375 1.1 mrg return MP_OK; 376 1.1 mrg } 377 1.1 mrg 378 1.1 mrg mp_int mp_int_alloc(void) { 379 1.1 mrg mp_int out = malloc(sizeof(mpz_t)); 380 1.1 mrg 381 1.1 mrg if (out != NULL) mp_int_init(out); 382 1.1 mrg 383 1.1 mrg return out; 384 1.1 mrg } 385 1.1 mrg 386 1.1 mrg mp_result mp_int_init_size(mp_int z, mp_size prec) { 387 1.1 mrg assert(z != NULL); 388 1.1 mrg 389 1.1 mrg if (prec == 0) { 390 1.1 mrg prec = default_precision; 391 1.1 mrg } else if (prec == 1) { 392 1.1 mrg return mp_int_init(z); 393 1.1 mrg } else { 394 1.1 mrg prec = s_round_prec(prec); 395 1.1 mrg } 396 1.1 mrg 397 1.1 mrg z->digits = s_alloc(prec); 398 1.1 mrg if (MP_DIGITS(z) == NULL) return MP_MEMORY; 399 1.1 mrg 400 1.1 mrg z->digits[0] = 0; 401 1.1 mrg z->used = 1; 402 1.1 mrg z->alloc = prec; 403 1.1 mrg z->sign = MP_ZPOS; 404 1.1 mrg 405 1.1 mrg return MP_OK; 406 1.1 mrg } 407 1.1 mrg 408 1.1 mrg mp_result mp_int_init_copy(mp_int z, mp_int old) { 409 1.1 mrg assert(z != NULL && old != NULL); 410 1.1 mrg 411 1.1 mrg mp_size uold = MP_USED(old); 412 1.1 mrg if (uold == 1) { 413 1.1 mrg mp_int_init(z); 414 1.1 mrg } else { 415 1.1 mrg mp_size target = MAX(uold, default_precision); 416 1.1 mrg mp_result res = mp_int_init_size(z, target); 417 1.1 mrg if (res != MP_OK) return res; 418 1.1 mrg } 419 1.1 mrg 420 1.1 mrg z->used = uold; 421 1.1 mrg z->sign = old->sign; 422 1.1 mrg COPY(MP_DIGITS(old), MP_DIGITS(z), uold); 423 1.1 mrg 424 1.1 mrg return MP_OK; 425 1.1 mrg } 426 1.1 mrg 427 1.1 mrg mp_result mp_int_init_value(mp_int z, mp_small value) { 428 1.1 mrg mpz_t vtmp; 429 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 430 1.1 mrg 431 1.1 mrg s_fake(&vtmp, value, vbuf); 432 1.1 mrg return mp_int_init_copy(z, &vtmp); 433 1.1 mrg } 434 1.1 mrg 435 1.1 mrg mp_result mp_int_init_uvalue(mp_int z, mp_usmall uvalue) { 436 1.1 mrg mpz_t vtmp; 437 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(uvalue)]; 438 1.1 mrg 439 1.1 mrg s_ufake(&vtmp, uvalue, vbuf); 440 1.1 mrg return mp_int_init_copy(z, &vtmp); 441 1.1 mrg } 442 1.1 mrg 443 1.1 mrg mp_result mp_int_set_value(mp_int z, mp_small value) { 444 1.1 mrg mpz_t vtmp; 445 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 446 1.1 mrg 447 1.1 mrg s_fake(&vtmp, value, vbuf); 448 1.1 mrg return mp_int_copy(&vtmp, z); 449 1.1 mrg } 450 1.1 mrg 451 1.1 mrg mp_result mp_int_set_uvalue(mp_int z, mp_usmall uvalue) { 452 1.1 mrg mpz_t vtmp; 453 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(uvalue)]; 454 1.1 mrg 455 1.1 mrg s_ufake(&vtmp, uvalue, vbuf); 456 1.1 mrg return mp_int_copy(&vtmp, z); 457 1.1 mrg } 458 1.1 mrg 459 1.1 mrg void mp_int_clear(mp_int z) { 460 1.1 mrg if (z == NULL) return; 461 1.1 mrg 462 1.1 mrg if (MP_DIGITS(z) != NULL) { 463 1.1 mrg if (MP_DIGITS(z) != &(z->single)) s_free(MP_DIGITS(z)); 464 1.1 mrg 465 1.1 mrg z->digits = NULL; 466 1.1 mrg } 467 1.1 mrg } 468 1.1 mrg 469 1.1 mrg void mp_int_free(mp_int z) { 470 1.1 mrg assert(z != NULL); 471 1.1 mrg 472 1.1 mrg mp_int_clear(z); 473 1.1 mrg free(z); /* note: NOT s_free() */ 474 1.1 mrg } 475 1.1 mrg 476 1.1 mrg mp_result mp_int_copy(mp_int a, mp_int c) { 477 1.1 mrg assert(a != NULL && c != NULL); 478 1.1 mrg 479 1.1 mrg if (a != c) { 480 1.1 mrg mp_size ua = MP_USED(a); 481 1.1 mrg mp_digit *da, *dc; 482 1.1 mrg 483 1.1 mrg if (!s_pad(c, ua)) return MP_MEMORY; 484 1.1 mrg 485 1.1 mrg da = MP_DIGITS(a); 486 1.1 mrg dc = MP_DIGITS(c); 487 1.1 mrg COPY(da, dc, ua); 488 1.1 mrg 489 1.1 mrg c->used = ua; 490 1.1 mrg c->sign = a->sign; 491 1.1 mrg } 492 1.1 mrg 493 1.1 mrg return MP_OK; 494 1.1 mrg } 495 1.1 mrg 496 1.1 mrg void mp_int_swap(mp_int a, mp_int c) { 497 1.1 mrg if (a != c) { 498 1.1 mrg mpz_t tmp = *a; 499 1.1 mrg 500 1.1 mrg *a = *c; 501 1.1 mrg *c = tmp; 502 1.1 mrg 503 1.1 mrg if (MP_DIGITS(a) == &(c->single)) a->digits = &(a->single); 504 1.1 mrg if (MP_DIGITS(c) == &(a->single)) c->digits = &(c->single); 505 1.1 mrg } 506 1.1 mrg } 507 1.1 mrg 508 1.1 mrg void mp_int_zero(mp_int z) { 509 1.1 mrg assert(z != NULL); 510 1.1 mrg 511 1.1 mrg z->digits[0] = 0; 512 1.1 mrg z->used = 1; 513 1.1 mrg z->sign = MP_ZPOS; 514 1.1 mrg } 515 1.1 mrg 516 1.1 mrg mp_result mp_int_abs(mp_int a, mp_int c) { 517 1.1 mrg assert(a != NULL && c != NULL); 518 1.1 mrg 519 1.1 mrg mp_result res; 520 1.1 mrg if ((res = mp_int_copy(a, c)) != MP_OK) return res; 521 1.1 mrg 522 1.1 mrg c->sign = MP_ZPOS; 523 1.1 mrg return MP_OK; 524 1.1 mrg } 525 1.1 mrg 526 1.1 mrg mp_result mp_int_neg(mp_int a, mp_int c) { 527 1.1 mrg assert(a != NULL && c != NULL); 528 1.1 mrg 529 1.1 mrg mp_result res; 530 1.1 mrg if ((res = mp_int_copy(a, c)) != MP_OK) return res; 531 1.1 mrg 532 1.1 mrg if (CMPZ(c) != 0) c->sign = 1 - MP_SIGN(a); 533 1.1 mrg 534 1.1 mrg return MP_OK; 535 1.1 mrg } 536 1.1 mrg 537 1.1 mrg mp_result mp_int_add(mp_int a, mp_int b, mp_int c) { 538 1.1 mrg assert(a != NULL && b != NULL && c != NULL); 539 1.1 mrg 540 1.1 mrg mp_size ua = MP_USED(a); 541 1.1 mrg mp_size ub = MP_USED(b); 542 1.1 mrg mp_size max = MAX(ua, ub); 543 1.1 mrg 544 1.1 mrg if (MP_SIGN(a) == MP_SIGN(b)) { 545 1.1 mrg /* Same sign -- add magnitudes, preserve sign of addends */ 546 1.1 mrg if (!s_pad(c, max)) return MP_MEMORY; 547 1.1 mrg 548 1.1 mrg mp_digit carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); 549 1.1 mrg mp_size uc = max; 550 1.1 mrg 551 1.1 mrg if (carry) { 552 1.1 mrg if (!s_pad(c, max + 1)) return MP_MEMORY; 553 1.1 mrg 554 1.1 mrg c->digits[max] = carry; 555 1.1 mrg ++uc; 556 1.1 mrg } 557 1.1 mrg 558 1.1 mrg c->used = uc; 559 1.1 mrg c->sign = a->sign; 560 1.1 mrg 561 1.1 mrg } else { 562 1.1 mrg /* Different signs -- subtract magnitudes, preserve sign of greater */ 563 1.1 mrg int cmp = s_ucmp(a, b); /* magnitude comparison, sign ignored */ 564 1.1 mrg 565 1.1 mrg /* Set x to max(a, b), y to min(a, b) to simplify later code. 566 1.1 mrg A special case yields zero for equal magnitudes. 567 1.1 mrg */ 568 1.1 mrg mp_int x, y; 569 1.1 mrg if (cmp == 0) { 570 1.1 mrg mp_int_zero(c); 571 1.1 mrg return MP_OK; 572 1.1 mrg } else if (cmp < 0) { 573 1.1 mrg x = b; 574 1.1 mrg y = a; 575 1.1 mrg } else { 576 1.1 mrg x = a; 577 1.1 mrg y = b; 578 1.1 mrg } 579 1.1 mrg 580 1.1 mrg if (!s_pad(c, MP_USED(x))) return MP_MEMORY; 581 1.1 mrg 582 1.1 mrg /* Subtract smaller from larger */ 583 1.1 mrg s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); 584 1.1 mrg c->used = x->used; 585 1.1 mrg CLAMP(c); 586 1.1 mrg 587 1.1 mrg /* Give result the sign of the larger */ 588 1.1 mrg c->sign = x->sign; 589 1.1 mrg } 590 1.1 mrg 591 1.1 mrg return MP_OK; 592 1.1 mrg } 593 1.1 mrg 594 1.1 mrg mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c) { 595 1.1 mrg mpz_t vtmp; 596 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 597 1.1 mrg 598 1.1 mrg s_fake(&vtmp, value, vbuf); 599 1.1 mrg 600 1.1 mrg return mp_int_add(a, &vtmp, c); 601 1.1 mrg } 602 1.1 mrg 603 1.1 mrg mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) { 604 1.1 mrg assert(a != NULL && b != NULL && c != NULL); 605 1.1 mrg 606 1.1 mrg mp_size ua = MP_USED(a); 607 1.1 mrg mp_size ub = MP_USED(b); 608 1.1 mrg mp_size max = MAX(ua, ub); 609 1.1 mrg 610 1.1 mrg if (MP_SIGN(a) != MP_SIGN(b)) { 611 1.1 mrg /* Different signs -- add magnitudes and keep sign of a */ 612 1.1 mrg if (!s_pad(c, max)) return MP_MEMORY; 613 1.1 mrg 614 1.1 mrg mp_digit carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); 615 1.1 mrg mp_size uc = max; 616 1.1 mrg 617 1.1 mrg if (carry) { 618 1.1 mrg if (!s_pad(c, max + 1)) return MP_MEMORY; 619 1.1 mrg 620 1.1 mrg c->digits[max] = carry; 621 1.1 mrg ++uc; 622 1.1 mrg } 623 1.1 mrg 624 1.1 mrg c->used = uc; 625 1.1 mrg c->sign = a->sign; 626 1.1 mrg 627 1.1 mrg } else { 628 1.1 mrg /* Same signs -- subtract magnitudes */ 629 1.1 mrg if (!s_pad(c, max)) return MP_MEMORY; 630 1.1 mrg mp_int x, y; 631 1.1 mrg mp_sign osign; 632 1.1 mrg 633 1.1 mrg int cmp = s_ucmp(a, b); 634 1.1 mrg if (cmp >= 0) { 635 1.1 mrg x = a; 636 1.1 mrg y = b; 637 1.1 mrg osign = MP_ZPOS; 638 1.1 mrg } else { 639 1.1 mrg x = b; 640 1.1 mrg y = a; 641 1.1 mrg osign = MP_NEG; 642 1.1 mrg } 643 1.1 mrg 644 1.1 mrg if (MP_SIGN(a) == MP_NEG && cmp != 0) osign = 1 - osign; 645 1.1 mrg 646 1.1 mrg s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); 647 1.1 mrg c->used = x->used; 648 1.1 mrg CLAMP(c); 649 1.1 mrg 650 1.1 mrg c->sign = osign; 651 1.1 mrg } 652 1.1 mrg 653 1.1 mrg return MP_OK; 654 1.1 mrg } 655 1.1 mrg 656 1.1 mrg mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c) { 657 1.1 mrg mpz_t vtmp; 658 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 659 1.1 mrg 660 1.1 mrg s_fake(&vtmp, value, vbuf); 661 1.1 mrg 662 1.1 mrg return mp_int_sub(a, &vtmp, c); 663 1.1 mrg } 664 1.1 mrg 665 1.1 mrg mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) { 666 1.1 mrg assert(a != NULL && b != NULL && c != NULL); 667 1.1 mrg 668 1.1 mrg /* If either input is zero, we can shortcut multiplication */ 669 1.1 mrg if (mp_int_compare_zero(a) == 0 || mp_int_compare_zero(b) == 0) { 670 1.1 mrg mp_int_zero(c); 671 1.1 mrg return MP_OK; 672 1.1 mrg } 673 1.1 mrg 674 1.1 mrg /* Output is positive if inputs have same sign, otherwise negative */ 675 1.1 mrg mp_sign osign = (MP_SIGN(a) == MP_SIGN(b)) ? MP_ZPOS : MP_NEG; 676 1.1 mrg 677 1.1 mrg /* If the output is not identical to any of the inputs, we'll write the 678 1.1 mrg results directly; otherwise, allocate a temporary space. */ 679 1.1 mrg mp_size ua = MP_USED(a); 680 1.1 mrg mp_size ub = MP_USED(b); 681 1.1 mrg mp_size osize = MAX(ua, ub); 682 1.1 mrg osize = 4 * ((osize + 1) / 2); 683 1.1 mrg 684 1.1 mrg mp_digit *out; 685 1.1 mrg mp_size p = 0; 686 1.1 mrg if (c == a || c == b) { 687 1.1 mrg p = MAX(s_round_prec(osize), default_precision); 688 1.1 mrg 689 1.1 mrg if ((out = s_alloc(p)) == NULL) return MP_MEMORY; 690 1.1 mrg } else { 691 1.1 mrg if (!s_pad(c, osize)) return MP_MEMORY; 692 1.1 mrg 693 1.1 mrg out = MP_DIGITS(c); 694 1.1 mrg } 695 1.1 mrg ZERO(out, osize); 696 1.1 mrg 697 1.1 mrg if (!s_kmul(MP_DIGITS(a), MP_DIGITS(b), out, ua, ub)) return MP_MEMORY; 698 1.1 mrg 699 1.1 mrg /* If we allocated a new buffer, get rid of whatever memory c was already 700 1.1 mrg using, and fix up its fields to reflect that. 701 1.1 mrg */ 702 1.1 mrg if (out != MP_DIGITS(c)) { 703 1.1 mrg if ((void *)MP_DIGITS(c) != (void *)c) s_free(MP_DIGITS(c)); 704 1.1 mrg c->digits = out; 705 1.1 mrg c->alloc = p; 706 1.1 mrg } 707 1.1 mrg 708 1.1 mrg c->used = osize; /* might not be true, but we'll fix it ... */ 709 1.1 mrg CLAMP(c); /* ... right here */ 710 1.1 mrg c->sign = osign; 711 1.1 mrg 712 1.1 mrg return MP_OK; 713 1.1 mrg } 714 1.1 mrg 715 1.1 mrg mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c) { 716 1.1 mrg mpz_t vtmp; 717 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 718 1.1 mrg 719 1.1 mrg s_fake(&vtmp, value, vbuf); 720 1.1 mrg 721 1.1 mrg return mp_int_mul(a, &vtmp, c); 722 1.1 mrg } 723 1.1 mrg 724 1.1 mrg mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c) { 725 1.1 mrg assert(a != NULL && c != NULL && p2 >= 0); 726 1.1 mrg 727 1.1 mrg mp_result res = mp_int_copy(a, c); 728 1.1 mrg if (res != MP_OK) return res; 729 1.1 mrg 730 1.1 mrg if (s_qmul(c, (mp_size)p2)) { 731 1.1 mrg return MP_OK; 732 1.1 mrg } else { 733 1.1 mrg return MP_MEMORY; 734 1.1 mrg } 735 1.1 mrg } 736 1.1 mrg 737 1.1 mrg mp_result mp_int_sqr(mp_int a, mp_int c) { 738 1.1 mrg assert(a != NULL && c != NULL); 739 1.1 mrg 740 1.1 mrg /* Get a temporary buffer big enough to hold the result */ 741 1.1 mrg mp_size osize = (mp_size)4 * ((MP_USED(a) + 1) / 2); 742 1.1 mrg mp_size p = 0; 743 1.1 mrg mp_digit *out; 744 1.1 mrg if (a == c) { 745 1.1 mrg p = s_round_prec(osize); 746 1.1 mrg p = MAX(p, default_precision); 747 1.1 mrg 748 1.1 mrg if ((out = s_alloc(p)) == NULL) return MP_MEMORY; 749 1.1 mrg } else { 750 1.1 mrg if (!s_pad(c, osize)) return MP_MEMORY; 751 1.1 mrg 752 1.1 mrg out = MP_DIGITS(c); 753 1.1 mrg } 754 1.1 mrg ZERO(out, osize); 755 1.1 mrg 756 1.1 mrg s_ksqr(MP_DIGITS(a), out, MP_USED(a)); 757 1.1 mrg 758 1.1 mrg /* Get rid of whatever memory c was already using, and fix up its fields to 759 1.1 mrg reflect the new digit array it's using 760 1.1 mrg */ 761 1.1 mrg if (out != MP_DIGITS(c)) { 762 1.1 mrg if ((void *)MP_DIGITS(c) != (void *)c) s_free(MP_DIGITS(c)); 763 1.1 mrg c->digits = out; 764 1.1 mrg c->alloc = p; 765 1.1 mrg } 766 1.1 mrg 767 1.1 mrg c->used = osize; /* might not be true, but we'll fix it ... */ 768 1.1 mrg CLAMP(c); /* ... right here */ 769 1.1 mrg c->sign = MP_ZPOS; 770 1.1 mrg 771 1.1 mrg return MP_OK; 772 1.1 mrg } 773 1.1 mrg 774 1.1 mrg mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) { 775 1.1 mrg assert(a != NULL && b != NULL && q != r); 776 1.1 mrg 777 1.1 mrg int cmp; 778 1.1 mrg mp_result res = MP_OK; 779 1.1 mrg mp_int qout, rout; 780 1.1 mrg mp_sign sa = MP_SIGN(a); 781 1.1 mrg mp_sign sb = MP_SIGN(b); 782 1.1 mrg if (CMPZ(b) == 0) { 783 1.1 mrg return MP_UNDEF; 784 1.1 mrg } else if ((cmp = s_ucmp(a, b)) < 0) { 785 1.1 mrg /* If |a| < |b|, no division is required: 786 1.1 mrg q = 0, r = a 787 1.1 mrg */ 788 1.1 mrg if (r && (res = mp_int_copy(a, r)) != MP_OK) return res; 789 1.1 mrg 790 1.1 mrg if (q) mp_int_zero(q); 791 1.1 mrg 792 1.1 mrg return MP_OK; 793 1.1 mrg } else if (cmp == 0) { 794 1.1 mrg /* If |a| = |b|, no division is required: 795 1.1 mrg q = 1 or -1, r = 0 796 1.1 mrg */ 797 1.1 mrg if (r) mp_int_zero(r); 798 1.1 mrg 799 1.1 mrg if (q) { 800 1.1 mrg mp_int_zero(q); 801 1.1 mrg q->digits[0] = 1; 802 1.1 mrg 803 1.1 mrg if (sa != sb) q->sign = MP_NEG; 804 1.1 mrg } 805 1.1 mrg 806 1.1 mrg return MP_OK; 807 1.1 mrg } 808 1.1 mrg 809 1.1 mrg /* When |a| > |b|, real division is required. We need someplace to store 810 1.1 mrg quotient and remainder, but q and r are allowed to be NULL or to overlap 811 1.1 mrg with the inputs. 812 1.1 mrg */ 813 1.1 mrg DECLARE_TEMP(2); 814 1.1 mrg int lg; 815 1.1 mrg if ((lg = s_isp2(b)) < 0) { 816 1.1 mrg if (q && b != q) { 817 1.1 mrg REQUIRE(mp_int_copy(a, q)); 818 1.1 mrg qout = q; 819 1.1 mrg } else { 820 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(0))); 821 1.1 mrg qout = TEMP(0); 822 1.1 mrg } 823 1.1 mrg 824 1.1 mrg if (r && a != r) { 825 1.1 mrg REQUIRE(mp_int_copy(b, r)); 826 1.1 mrg rout = r; 827 1.1 mrg } else { 828 1.1 mrg REQUIRE(mp_int_copy(b, TEMP(1))); 829 1.1 mrg rout = TEMP(1); 830 1.1 mrg } 831 1.1 mrg 832 1.1 mrg REQUIRE(s_udiv_knuth(qout, rout)); 833 1.1 mrg } else { 834 1.1 mrg if (q) REQUIRE(mp_int_copy(a, q)); 835 1.1 mrg if (r) REQUIRE(mp_int_copy(a, r)); 836 1.1 mrg 837 1.1 mrg if (q) s_qdiv(q, (mp_size)lg); 838 1.1 mrg qout = q; 839 1.1 mrg if (r) s_qmod(r, (mp_size)lg); 840 1.1 mrg rout = r; 841 1.1 mrg } 842 1.1 mrg 843 1.1 mrg /* Recompute signs for output */ 844 1.1 mrg if (rout) { 845 1.1 mrg rout->sign = sa; 846 1.1 mrg if (CMPZ(rout) == 0) rout->sign = MP_ZPOS; 847 1.1 mrg } 848 1.1 mrg if (qout) { 849 1.1 mrg qout->sign = (sa == sb) ? MP_ZPOS : MP_NEG; 850 1.1 mrg if (CMPZ(qout) == 0) qout->sign = MP_ZPOS; 851 1.1 mrg } 852 1.1 mrg 853 1.1 mrg if (q) REQUIRE(mp_int_copy(qout, q)); 854 1.1 mrg if (r) REQUIRE(mp_int_copy(rout, r)); 855 1.1 mrg CLEANUP_TEMP(); 856 1.1 mrg return res; 857 1.1 mrg } 858 1.1 mrg 859 1.1 mrg mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) { 860 1.1 mrg DECLARE_TEMP(1); 861 1.1 mrg mp_int out = (m == c) ? TEMP(0) : c; 862 1.1 mrg REQUIRE(mp_int_div(a, m, NULL, out)); 863 1.1 mrg if (CMPZ(out) < 0) { 864 1.1 mrg REQUIRE(mp_int_add(out, m, c)); 865 1.1 mrg } else { 866 1.1 mrg REQUIRE(mp_int_copy(out, c)); 867 1.1 mrg } 868 1.1 mrg CLEANUP_TEMP(); 869 1.1 mrg return MP_OK; 870 1.1 mrg } 871 1.1 mrg 872 1.1 mrg mp_result mp_int_div_value(mp_int a, mp_small value, mp_int q, mp_small *r) { 873 1.1 mrg mpz_t vtmp; 874 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 875 1.1 mrg s_fake(&vtmp, value, vbuf); 876 1.1 mrg 877 1.1 mrg DECLARE_TEMP(1); 878 1.1 mrg REQUIRE(mp_int_div(a, &vtmp, q, TEMP(0))); 879 1.1 mrg 880 1.1 mrg if (r) (void)mp_int_to_int(TEMP(0), r); /* can't fail */ 881 1.1 mrg 882 1.1 mrg CLEANUP_TEMP(); 883 1.1 mrg return MP_OK; 884 1.1 mrg } 885 1.1 mrg 886 1.1 mrg mp_result mp_int_div_pow2(mp_int a, mp_small p2, mp_int q, mp_int r) { 887 1.1 mrg assert(a != NULL && p2 >= 0 && q != r); 888 1.1 mrg 889 1.1 mrg mp_result res = MP_OK; 890 1.1 mrg if (q != NULL && (res = mp_int_copy(a, q)) == MP_OK) { 891 1.1 mrg s_qdiv(q, (mp_size)p2); 892 1.1 mrg } 893 1.1 mrg 894 1.1 mrg if (res == MP_OK && r != NULL && (res = mp_int_copy(a, r)) == MP_OK) { 895 1.1 mrg s_qmod(r, (mp_size)p2); 896 1.1 mrg } 897 1.1 mrg 898 1.1 mrg return res; 899 1.1 mrg } 900 1.1 mrg 901 1.1 mrg mp_result mp_int_expt(mp_int a, mp_small b, mp_int c) { 902 1.1 mrg assert(c != NULL); 903 1.1 mrg if (b < 0) return MP_RANGE; 904 1.1 mrg 905 1.1 mrg DECLARE_TEMP(1); 906 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(0))); 907 1.1 mrg 908 1.1 mrg (void)mp_int_set_value(c, 1); 909 1.1 mrg unsigned int v = labs(b); 910 1.1 mrg while (v != 0) { 911 1.1 mrg if (v & 1) { 912 1.1 mrg REQUIRE(mp_int_mul(c, TEMP(0), c)); 913 1.1 mrg } 914 1.1 mrg 915 1.1 mrg v >>= 1; 916 1.1 mrg if (v == 0) break; 917 1.1 mrg 918 1.1 mrg REQUIRE(mp_int_sqr(TEMP(0), TEMP(0))); 919 1.1 mrg } 920 1.1 mrg 921 1.1 mrg CLEANUP_TEMP(); 922 1.1 mrg return MP_OK; 923 1.1 mrg } 924 1.1 mrg 925 1.1 mrg mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c) { 926 1.1 mrg assert(c != NULL); 927 1.1 mrg if (b < 0) return MP_RANGE; 928 1.1 mrg 929 1.1 mrg DECLARE_TEMP(1); 930 1.1 mrg REQUIRE(mp_int_set_value(TEMP(0), a)); 931 1.1 mrg 932 1.1 mrg (void)mp_int_set_value(c, 1); 933 1.1 mrg unsigned int v = labs(b); 934 1.1 mrg while (v != 0) { 935 1.1 mrg if (v & 1) { 936 1.1 mrg REQUIRE(mp_int_mul(c, TEMP(0), c)); 937 1.1 mrg } 938 1.1 mrg 939 1.1 mrg v >>= 1; 940 1.1 mrg if (v == 0) break; 941 1.1 mrg 942 1.1 mrg REQUIRE(mp_int_sqr(TEMP(0), TEMP(0))); 943 1.1 mrg } 944 1.1 mrg 945 1.1 mrg CLEANUP_TEMP(); 946 1.1 mrg return MP_OK; 947 1.1 mrg } 948 1.1 mrg 949 1.1 mrg mp_result mp_int_expt_full(mp_int a, mp_int b, mp_int c) { 950 1.1 mrg assert(a != NULL && b != NULL && c != NULL); 951 1.1 mrg if (MP_SIGN(b) == MP_NEG) return MP_RANGE; 952 1.1 mrg 953 1.1 mrg DECLARE_TEMP(1); 954 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(0))); 955 1.1 mrg 956 1.1 mrg (void)mp_int_set_value(c, 1); 957 1.1 mrg for (unsigned ix = 0; ix < MP_USED(b); ++ix) { 958 1.1 mrg mp_digit d = b->digits[ix]; 959 1.1 mrg 960 1.1 mrg for (unsigned jx = 0; jx < MP_DIGIT_BIT; ++jx) { 961 1.1 mrg if (d & 1) { 962 1.1 mrg REQUIRE(mp_int_mul(c, TEMP(0), c)); 963 1.1 mrg } 964 1.1 mrg 965 1.1 mrg d >>= 1; 966 1.1 mrg if (d == 0 && ix + 1 == MP_USED(b)) break; 967 1.1 mrg REQUIRE(mp_int_sqr(TEMP(0), TEMP(0))); 968 1.1 mrg } 969 1.1 mrg } 970 1.1 mrg 971 1.1 mrg CLEANUP_TEMP(); 972 1.1 mrg return MP_OK; 973 1.1 mrg } 974 1.1 mrg 975 1.1 mrg int mp_int_compare(mp_int a, mp_int b) { 976 1.1 mrg assert(a != NULL && b != NULL); 977 1.1 mrg 978 1.1 mrg mp_sign sa = MP_SIGN(a); 979 1.1 mrg if (sa == MP_SIGN(b)) { 980 1.1 mrg int cmp = s_ucmp(a, b); 981 1.1 mrg 982 1.1 mrg /* If they're both zero or positive, the normal comparison applies; if both 983 1.1 mrg negative, the sense is reversed. */ 984 1.1 mrg if (sa == MP_ZPOS) { 985 1.1 mrg return cmp; 986 1.1 mrg } else { 987 1.1 mrg return -cmp; 988 1.1 mrg } 989 1.1 mrg } else if (sa == MP_ZPOS) { 990 1.1 mrg return 1; 991 1.1 mrg } else { 992 1.1 mrg return -1; 993 1.1 mrg } 994 1.1 mrg } 995 1.1 mrg 996 1.1 mrg int mp_int_compare_unsigned(mp_int a, mp_int b) { 997 1.1 mrg assert(a != NULL && b != NULL); 998 1.1 mrg 999 1.1 mrg return s_ucmp(a, b); 1000 1.1 mrg } 1001 1.1 mrg 1002 1.1 mrg int mp_int_compare_zero(mp_int z) { 1003 1.1 mrg assert(z != NULL); 1004 1.1 mrg 1005 1.1 mrg if (MP_USED(z) == 1 && z->digits[0] == 0) { 1006 1.1 mrg return 0; 1007 1.1 mrg } else if (MP_SIGN(z) == MP_ZPOS) { 1008 1.1 mrg return 1; 1009 1.1 mrg } else { 1010 1.1 mrg return -1; 1011 1.1 mrg } 1012 1.1 mrg } 1013 1.1 mrg 1014 1.1 mrg int mp_int_compare_value(mp_int z, mp_small value) { 1015 1.1 mrg assert(z != NULL); 1016 1.1 mrg 1017 1.1 mrg mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS; 1018 1.1 mrg if (vsign == MP_SIGN(z)) { 1019 1.1 mrg int cmp = s_vcmp(z, value); 1020 1.1 mrg 1021 1.1 mrg return (vsign == MP_ZPOS) ? cmp : -cmp; 1022 1.1 mrg } else { 1023 1.1 mrg return (value < 0) ? 1 : -1; 1024 1.1 mrg } 1025 1.1 mrg } 1026 1.1 mrg 1027 1.1 mrg int mp_int_compare_uvalue(mp_int z, mp_usmall uv) { 1028 1.1 mrg assert(z != NULL); 1029 1.1 mrg 1030 1.1 mrg if (MP_SIGN(z) == MP_NEG) { 1031 1.1 mrg return -1; 1032 1.1 mrg } else { 1033 1.1 mrg return s_uvcmp(z, uv); 1034 1.1 mrg } 1035 1.1 mrg } 1036 1.1 mrg 1037 1.1 mrg mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) { 1038 1.1 mrg assert(a != NULL && b != NULL && c != NULL && m != NULL); 1039 1.1 mrg 1040 1.1 mrg /* Zero moduli and negative exponents are not considered. */ 1041 1.1 mrg if (CMPZ(m) == 0) return MP_UNDEF; 1042 1.1 mrg if (CMPZ(b) < 0) return MP_RANGE; 1043 1.1 mrg 1044 1.1 mrg mp_size um = MP_USED(m); 1045 1.1 mrg DECLARE_TEMP(3); 1046 1.1 mrg REQUIRE(GROW(TEMP(0), 2 * um)); 1047 1.1 mrg REQUIRE(GROW(TEMP(1), 2 * um)); 1048 1.1 mrg 1049 1.1 mrg mp_int s; 1050 1.1 mrg if (c == b || c == m) { 1051 1.1 mrg REQUIRE(GROW(TEMP(2), 2 * um)); 1052 1.1 mrg s = TEMP(2); 1053 1.1 mrg } else { 1054 1.1 mrg s = c; 1055 1.1 mrg } 1056 1.1 mrg 1057 1.1 mrg REQUIRE(mp_int_mod(a, m, TEMP(0))); 1058 1.1 mrg REQUIRE(s_brmu(TEMP(1), m)); 1059 1.1 mrg REQUIRE(s_embar(TEMP(0), b, m, TEMP(1), s)); 1060 1.1 mrg REQUIRE(mp_int_copy(s, c)); 1061 1.1 mrg 1062 1.1 mrg CLEANUP_TEMP(); 1063 1.1 mrg return MP_OK; 1064 1.1 mrg } 1065 1.1 mrg 1066 1.1 mrg mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c) { 1067 1.1 mrg mpz_t vtmp; 1068 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 1069 1.1 mrg 1070 1.1 mrg s_fake(&vtmp, value, vbuf); 1071 1.1 mrg 1072 1.1 mrg return mp_int_exptmod(a, &vtmp, m, c); 1073 1.1 mrg } 1074 1.1 mrg 1075 1.1 mrg mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b, mp_int m, mp_int c) { 1076 1.1 mrg mpz_t vtmp; 1077 1.1 mrg mp_digit vbuf[MP_VALUE_DIGITS(value)]; 1078 1.1 mrg 1079 1.1 mrg s_fake(&vtmp, value, vbuf); 1080 1.1 mrg 1081 1.1 mrg return mp_int_exptmod(&vtmp, b, m, c); 1082 1.1 mrg } 1083 1.1 mrg 1084 1.1 mrg mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, 1085 1.1 mrg mp_int c) { 1086 1.1 mrg assert(a && b && m && c); 1087 1.1 mrg 1088 1.1 mrg /* Zero moduli and negative exponents are not considered. */ 1089 1.1 mrg if (CMPZ(m) == 0) return MP_UNDEF; 1090 1.1 mrg if (CMPZ(b) < 0) return MP_RANGE; 1091 1.1 mrg 1092 1.1 mrg DECLARE_TEMP(2); 1093 1.1 mrg mp_size um = MP_USED(m); 1094 1.1 mrg REQUIRE(GROW(TEMP(0), 2 * um)); 1095 1.1 mrg 1096 1.1 mrg mp_int s; 1097 1.1 mrg if (c == b || c == m) { 1098 1.1 mrg REQUIRE(GROW(TEMP(1), 2 * um)); 1099 1.1 mrg s = TEMP(1); 1100 1.1 mrg } else { 1101 1.1 mrg s = c; 1102 1.1 mrg } 1103 1.1 mrg 1104 1.1 mrg REQUIRE(mp_int_mod(a, m, TEMP(0))); 1105 1.1 mrg REQUIRE(s_embar(TEMP(0), b, m, mu, s)); 1106 1.1 mrg REQUIRE(mp_int_copy(s, c)); 1107 1.1 mrg 1108 1.1 mrg CLEANUP_TEMP(); 1109 1.1 mrg return MP_OK; 1110 1.1 mrg } 1111 1.1 mrg 1112 1.1 mrg mp_result mp_int_redux_const(mp_int m, mp_int c) { 1113 1.1 mrg assert(m != NULL && c != NULL && m != c); 1114 1.1 mrg 1115 1.1 mrg return s_brmu(c, m); 1116 1.1 mrg } 1117 1.1 mrg 1118 1.1 mrg mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c) { 1119 1.1 mrg assert(a != NULL && m != NULL && c != NULL); 1120 1.1 mrg 1121 1.1 mrg if (CMPZ(a) == 0 || CMPZ(m) <= 0) return MP_RANGE; 1122 1.1 mrg 1123 1.1 mrg DECLARE_TEMP(2); 1124 1.1 mrg 1125 1.1 mrg REQUIRE(mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)); 1126 1.1 mrg 1127 1.1 mrg if (mp_int_compare_value(TEMP(0), 1) != 0) { 1128 1.1 mrg REQUIRE(MP_UNDEF); 1129 1.1 mrg } 1130 1.1 mrg 1131 1.1 mrg /* It is first necessary to constrain the value to the proper range */ 1132 1.1 mrg REQUIRE(mp_int_mod(TEMP(1), m, TEMP(1))); 1133 1.1 mrg 1134 1.1 mrg /* Now, if 'a' was originally negative, the value we have is actually the 1135 1.1 mrg magnitude of the negative representative; to get the positive value we 1136 1.1 mrg have to subtract from the modulus. Otherwise, the value is okay as it 1137 1.1 mrg stands. 1138 1.1 mrg */ 1139 1.1 mrg if (MP_SIGN(a) == MP_NEG) { 1140 1.1 mrg REQUIRE(mp_int_sub(m, TEMP(1), c)); 1141 1.1 mrg } else { 1142 1.1 mrg REQUIRE(mp_int_copy(TEMP(1), c)); 1143 1.1 mrg } 1144 1.1 mrg 1145 1.1 mrg CLEANUP_TEMP(); 1146 1.1 mrg return MP_OK; 1147 1.1 mrg } 1148 1.1 mrg 1149 1.1 mrg /* Binary GCD algorithm due to Josef Stein, 1961 */ 1150 1.1 mrg mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) { 1151 1.1 mrg assert(a != NULL && b != NULL && c != NULL); 1152 1.1 mrg 1153 1.1 mrg int ca = CMPZ(a); 1154 1.1 mrg int cb = CMPZ(b); 1155 1.1 mrg if (ca == 0 && cb == 0) { 1156 1.1 mrg return MP_UNDEF; 1157 1.1 mrg } else if (ca == 0) { 1158 1.1 mrg return mp_int_abs(b, c); 1159 1.1 mrg } else if (cb == 0) { 1160 1.1 mrg return mp_int_abs(a, c); 1161 1.1 mrg } 1162 1.1 mrg 1163 1.1 mrg DECLARE_TEMP(3); 1164 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(0))); 1165 1.1 mrg REQUIRE(mp_int_copy(b, TEMP(1))); 1166 1.1 mrg 1167 1.1 mrg TEMP(0)->sign = MP_ZPOS; 1168 1.1 mrg TEMP(1)->sign = MP_ZPOS; 1169 1.1 mrg 1170 1.1 mrg int k = 0; 1171 1.1 mrg { /* Divide out common factors of 2 from u and v */ 1172 1.1 mrg int div2_u = s_dp2k(TEMP(0)); 1173 1.1 mrg int div2_v = s_dp2k(TEMP(1)); 1174 1.1 mrg 1175 1.1 mrg k = MIN(div2_u, div2_v); 1176 1.1 mrg s_qdiv(TEMP(0), (mp_size)k); 1177 1.1 mrg s_qdiv(TEMP(1), (mp_size)k); 1178 1.1 mrg } 1179 1.1 mrg 1180 1.1 mrg if (mp_int_is_odd(TEMP(0))) { 1181 1.1 mrg REQUIRE(mp_int_neg(TEMP(1), TEMP(2))); 1182 1.1 mrg } else { 1183 1.1 mrg REQUIRE(mp_int_copy(TEMP(0), TEMP(2))); 1184 1.1 mrg } 1185 1.1 mrg 1186 1.1 mrg for (;;) { 1187 1.1 mrg s_qdiv(TEMP(2), s_dp2k(TEMP(2))); 1188 1.1 mrg 1189 1.1 mrg if (CMPZ(TEMP(2)) > 0) { 1190 1.1 mrg REQUIRE(mp_int_copy(TEMP(2), TEMP(0))); 1191 1.1 mrg } else { 1192 1.1 mrg REQUIRE(mp_int_neg(TEMP(2), TEMP(1))); 1193 1.1 mrg } 1194 1.1 mrg 1195 1.1 mrg REQUIRE(mp_int_sub(TEMP(0), TEMP(1), TEMP(2))); 1196 1.1 mrg 1197 1.1 mrg if (CMPZ(TEMP(2)) == 0) break; 1198 1.1 mrg } 1199 1.1 mrg 1200 1.1 mrg REQUIRE(mp_int_abs(TEMP(0), c)); 1201 1.1 mrg if (!s_qmul(c, (mp_size)k)) REQUIRE(MP_MEMORY); 1202 1.1 mrg 1203 1.1 mrg CLEANUP_TEMP(); 1204 1.1 mrg return MP_OK; 1205 1.1 mrg } 1206 1.1 mrg 1207 1.1 mrg /* This is the binary GCD algorithm again, but this time we keep track of the 1208 1.1 mrg elementary matrix operations as we go, so we can get values x and y 1209 1.1 mrg satisfying c = ax + by. 1210 1.1 mrg */ 1211 1.1 mrg mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, mp_int x, mp_int y) { 1212 1.1 mrg assert(a != NULL && b != NULL && c != NULL && (x != NULL || y != NULL)); 1213 1.1 mrg 1214 1.1 mrg mp_result res = MP_OK; 1215 1.1 mrg int ca = CMPZ(a); 1216 1.1 mrg int cb = CMPZ(b); 1217 1.1 mrg if (ca == 0 && cb == 0) { 1218 1.1 mrg return MP_UNDEF; 1219 1.1 mrg } else if (ca == 0) { 1220 1.1 mrg if ((res = mp_int_abs(b, c)) != MP_OK) return res; 1221 1.1 mrg mp_int_zero(x); 1222 1.1 mrg (void)mp_int_set_value(y, 1); 1223 1.1 mrg return MP_OK; 1224 1.1 mrg } else if (cb == 0) { 1225 1.1 mrg if ((res = mp_int_abs(a, c)) != MP_OK) return res; 1226 1.1 mrg (void)mp_int_set_value(x, 1); 1227 1.1 mrg mp_int_zero(y); 1228 1.1 mrg return MP_OK; 1229 1.1 mrg } 1230 1.1 mrg 1231 1.1 mrg /* Initialize temporaries: 1232 1.1 mrg A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */ 1233 1.1 mrg DECLARE_TEMP(8); 1234 1.1 mrg REQUIRE(mp_int_set_value(TEMP(0), 1)); 1235 1.1 mrg REQUIRE(mp_int_set_value(TEMP(3), 1)); 1236 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(4))); 1237 1.1 mrg REQUIRE(mp_int_copy(b, TEMP(5))); 1238 1.1 mrg 1239 1.1 mrg /* We will work with absolute values here */ 1240 1.1 mrg TEMP(4)->sign = MP_ZPOS; 1241 1.1 mrg TEMP(5)->sign = MP_ZPOS; 1242 1.1 mrg 1243 1.1 mrg int k = 0; 1244 1.1 mrg { /* Divide out common factors of 2 from u and v */ 1245 1.1 mrg int div2_u = s_dp2k(TEMP(4)), div2_v = s_dp2k(TEMP(5)); 1246 1.1 mrg 1247 1.1 mrg k = MIN(div2_u, div2_v); 1248 1.1 mrg s_qdiv(TEMP(4), k); 1249 1.1 mrg s_qdiv(TEMP(5), k); 1250 1.1 mrg } 1251 1.1 mrg 1252 1.1 mrg REQUIRE(mp_int_copy(TEMP(4), TEMP(6))); 1253 1.1 mrg REQUIRE(mp_int_copy(TEMP(5), TEMP(7))); 1254 1.1 mrg 1255 1.1 mrg for (;;) { 1256 1.1 mrg while (mp_int_is_even(TEMP(4))) { 1257 1.1 mrg s_qdiv(TEMP(4), 1); 1258 1.1 mrg 1259 1.1 mrg if (mp_int_is_odd(TEMP(0)) || mp_int_is_odd(TEMP(1))) { 1260 1.1 mrg REQUIRE(mp_int_add(TEMP(0), TEMP(7), TEMP(0))); 1261 1.1 mrg REQUIRE(mp_int_sub(TEMP(1), TEMP(6), TEMP(1))); 1262 1.1 mrg } 1263 1.1 mrg 1264 1.1 mrg s_qdiv(TEMP(0), 1); 1265 1.1 mrg s_qdiv(TEMP(1), 1); 1266 1.1 mrg } 1267 1.1 mrg 1268 1.1 mrg while (mp_int_is_even(TEMP(5))) { 1269 1.1 mrg s_qdiv(TEMP(5), 1); 1270 1.1 mrg 1271 1.1 mrg if (mp_int_is_odd(TEMP(2)) || mp_int_is_odd(TEMP(3))) { 1272 1.1 mrg REQUIRE(mp_int_add(TEMP(2), TEMP(7), TEMP(2))); 1273 1.1 mrg REQUIRE(mp_int_sub(TEMP(3), TEMP(6), TEMP(3))); 1274 1.1 mrg } 1275 1.1 mrg 1276 1.1 mrg s_qdiv(TEMP(2), 1); 1277 1.1 mrg s_qdiv(TEMP(3), 1); 1278 1.1 mrg } 1279 1.1 mrg 1280 1.1 mrg if (mp_int_compare(TEMP(4), TEMP(5)) >= 0) { 1281 1.1 mrg REQUIRE(mp_int_sub(TEMP(4), TEMP(5), TEMP(4))); 1282 1.1 mrg REQUIRE(mp_int_sub(TEMP(0), TEMP(2), TEMP(0))); 1283 1.1 mrg REQUIRE(mp_int_sub(TEMP(1), TEMP(3), TEMP(1))); 1284 1.1 mrg } else { 1285 1.1 mrg REQUIRE(mp_int_sub(TEMP(5), TEMP(4), TEMP(5))); 1286 1.1 mrg REQUIRE(mp_int_sub(TEMP(2), TEMP(0), TEMP(2))); 1287 1.1 mrg REQUIRE(mp_int_sub(TEMP(3), TEMP(1), TEMP(3))); 1288 1.1 mrg } 1289 1.1 mrg 1290 1.1 mrg if (CMPZ(TEMP(4)) == 0) { 1291 1.1 mrg if (x) REQUIRE(mp_int_copy(TEMP(2), x)); 1292 1.1 mrg if (y) REQUIRE(mp_int_copy(TEMP(3), y)); 1293 1.1 mrg if (c) { 1294 1.1 mrg if (!s_qmul(TEMP(5), k)) { 1295 1.1 mrg REQUIRE(MP_MEMORY); 1296 1.1 mrg } 1297 1.1 mrg REQUIRE(mp_int_copy(TEMP(5), c)); 1298 1.1 mrg } 1299 1.1 mrg 1300 1.1 mrg break; 1301 1.1 mrg } 1302 1.1 mrg } 1303 1.1 mrg 1304 1.1 mrg CLEANUP_TEMP(); 1305 1.1 mrg return MP_OK; 1306 1.1 mrg } 1307 1.1 mrg 1308 1.1 mrg mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c) { 1309 1.1 mrg assert(a != NULL && b != NULL && c != NULL); 1310 1.1 mrg 1311 1.1 mrg /* Since a * b = gcd(a, b) * lcm(a, b), we can compute 1312 1.1 mrg lcm(a, b) = (a / gcd(a, b)) * b. 1313 1.1 mrg 1314 1.1 mrg This formulation insures everything works even if the input 1315 1.1 mrg variables share space. 1316 1.1 mrg */ 1317 1.1 mrg DECLARE_TEMP(1); 1318 1.1 mrg REQUIRE(mp_int_gcd(a, b, TEMP(0))); 1319 1.1 mrg REQUIRE(mp_int_div(a, TEMP(0), TEMP(0), NULL)); 1320 1.1 mrg REQUIRE(mp_int_mul(TEMP(0), b, TEMP(0))); 1321 1.1 mrg REQUIRE(mp_int_copy(TEMP(0), c)); 1322 1.1 mrg 1323 1.1 mrg CLEANUP_TEMP(); 1324 1.1 mrg return MP_OK; 1325 1.1 mrg } 1326 1.1 mrg 1327 1.1 mrg bool mp_int_divisible_value(mp_int a, mp_small v) { 1328 1.1 mrg mp_small rem = 0; 1329 1.1 mrg 1330 1.1 mrg if (mp_int_div_value(a, v, NULL, &rem) != MP_OK) { 1331 1.1 mrg return false; 1332 1.1 mrg } 1333 1.1 mrg return rem == 0; 1334 1.1 mrg } 1335 1.1 mrg 1336 1.1 mrg int mp_int_is_pow2(mp_int z) { 1337 1.1 mrg assert(z != NULL); 1338 1.1 mrg 1339 1.1 mrg return s_isp2(z); 1340 1.1 mrg } 1341 1.1 mrg 1342 1.1 mrg /* Implementation of Newton's root finding method, based loosely on a patch 1343 1.1 mrg contributed by Hal Finkel <half (at) halssoftware.com> 1344 1.1 mrg modified by M. J. Fromberger. 1345 1.1 mrg */ 1346 1.1 mrg mp_result mp_int_root(mp_int a, mp_small b, mp_int c) { 1347 1.1 mrg assert(a != NULL && c != NULL && b > 0); 1348 1.1 mrg 1349 1.1 mrg if (b == 1) { 1350 1.1 mrg return mp_int_copy(a, c); 1351 1.1 mrg } 1352 1.1 mrg bool flips = false; 1353 1.1 mrg if (MP_SIGN(a) == MP_NEG) { 1354 1.1 mrg if (b % 2 == 0) { 1355 1.1 mrg return MP_UNDEF; /* root does not exist for negative a with even b */ 1356 1.1 mrg } else { 1357 1.1 mrg flips = true; 1358 1.1 mrg } 1359 1.1 mrg } 1360 1.1 mrg 1361 1.1 mrg DECLARE_TEMP(5); 1362 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(0))); 1363 1.1 mrg REQUIRE(mp_int_copy(a, TEMP(1))); 1364 1.1 mrg TEMP(0)->sign = MP_ZPOS; 1365 1.1 mrg TEMP(1)->sign = MP_ZPOS; 1366 1.1 mrg 1367 1.1 mrg for (;;) { 1368 1.1 mrg REQUIRE(mp_int_expt(TEMP(1), b, TEMP(2))); 1369 1.1 mrg 1370 1.1 mrg if (mp_int_compare_unsigned(TEMP(2), TEMP(0)) <= 0) break; 1371 1.1 mrg 1372 1.1 mrg REQUIRE(mp_int_sub(TEMP(2), TEMP(0), TEMP(2))); 1373 1.1 mrg REQUIRE(mp_int_expt(TEMP(1), b - 1, TEMP(3))); 1374 1.1 mrg REQUIRE(mp_int_mul_value(TEMP(3), b, TEMP(3))); 1375 1.1 mrg REQUIRE(mp_int_div(TEMP(2), TEMP(3), TEMP(4), NULL)); 1376 1.1 mrg REQUIRE(mp_int_sub(TEMP(1), TEMP(4), TEMP(4))); 1377 1.1 mrg 1378 1.1 mrg if (mp_int_compare_unsigned(TEMP(1), TEMP(4)) == 0) { 1379 1.1 mrg REQUIRE(mp_int_sub_value(TEMP(4), 1, TEMP(4))); 1380 1.1 mrg } 1381 1.1 mrg REQUIRE(mp_int_copy(TEMP(4), TEMP(1))); 1382 1.1 mrg } 1383 1.1 mrg 1384 1.1 mrg REQUIRE(mp_int_copy(TEMP(1), c)); 1385 1.1 mrg 1386 1.1 mrg /* If the original value of a was negative, flip the output sign. */ 1387 1.1 mrg if (flips) (void)mp_int_neg(c, c); /* cannot fail */ 1388 1.1 mrg 1389 1.1 mrg CLEANUP_TEMP(); 1390 1.1 mrg return MP_OK; 1391 1.1 mrg } 1392 1.1 mrg 1393 1.1 mrg mp_result mp_int_to_int(mp_int z, mp_small *out) { 1394 1.1 mrg assert(z != NULL); 1395 1.1 mrg 1396 1.1 mrg /* Make sure the value is representable as a small integer */ 1397 1.1 mrg mp_sign sz = MP_SIGN(z); 1398 1.1 mrg if ((sz == MP_ZPOS && mp_int_compare_value(z, MP_SMALL_MAX) > 0) || 1399 1.1 mrg mp_int_compare_value(z, MP_SMALL_MIN) < 0) { 1400 1.1 mrg return MP_RANGE; 1401 1.1 mrg } 1402 1.1 mrg 1403 1.1 mrg mp_usmall uz = MP_USED(z); 1404 1.1 mrg mp_digit *dz = MP_DIGITS(z) + uz - 1; 1405 1.1 mrg mp_small uv = 0; 1406 1.1 mrg while (uz > 0) { 1407 1.1 mrg uv <<= MP_DIGIT_BIT / 2; 1408 1.1 mrg uv = (uv << (MP_DIGIT_BIT / 2)) | *dz--; 1409 1.1 mrg --uz; 1410 1.1 mrg } 1411 1.1 mrg 1412 1.1 mrg if (out) *out = (mp_small)((sz == MP_NEG) ? -uv : uv); 1413 1.1 mrg 1414 1.1 mrg return MP_OK; 1415 1.1 mrg } 1416 1.1 mrg 1417 1.1 mrg mp_result mp_int_to_uint(mp_int z, mp_usmall *out) { 1418 1.1 mrg assert(z != NULL); 1419 1.1 mrg 1420 1.1 mrg /* Make sure the value is representable as an unsigned small integer */ 1421 1.1 mrg mp_size sz = MP_SIGN(z); 1422 1.1 mrg if (sz == MP_NEG || mp_int_compare_uvalue(z, MP_USMALL_MAX) > 0) { 1423 1.1 mrg return MP_RANGE; 1424 1.1 mrg } 1425 1.1 mrg 1426 1.1 mrg mp_size uz = MP_USED(z); 1427 1.1 mrg mp_digit *dz = MP_DIGITS(z) + uz - 1; 1428 1.1 mrg mp_usmall uv = 0; 1429 1.1 mrg 1430 1.1 mrg while (uz > 0) { 1431 1.1 mrg uv <<= MP_DIGIT_BIT / 2; 1432 1.1 mrg uv = (uv << (MP_DIGIT_BIT / 2)) | *dz--; 1433 1.1 mrg --uz; 1434 1.1 mrg } 1435 1.1 mrg 1436 1.1 mrg if (out) *out = uv; 1437 1.1 mrg 1438 1.1 mrg return MP_OK; 1439 1.1 mrg } 1440 1.1 mrg 1441 1.1 mrg mp_result mp_int_to_string(mp_int z, mp_size radix, char *str, int limit) { 1442 1.1 mrg assert(z != NULL && str != NULL && limit >= 2); 1443 1.1 mrg assert(radix >= MP_MIN_RADIX && radix <= MP_MAX_RADIX); 1444 1.1 mrg 1445 1.1 mrg int cmp = 0; 1446 1.1 mrg if (CMPZ(z) == 0) { 1447 1.1 mrg *str++ = s_val2ch(0, 1); 1448 1.1 mrg } else { 1449 1.1 mrg mp_result res; 1450 1.1 mrg mpz_t tmp; 1451 1.1 mrg char *h, *t; 1452 1.1 mrg 1453 1.1 mrg if ((res = mp_int_init_copy(&tmp, z)) != MP_OK) return res; 1454 1.1 mrg 1455 1.1 mrg if (MP_SIGN(z) == MP_NEG) { 1456 1.1 mrg *str++ = '-'; 1457 1.1 mrg --limit; 1458 1.1 mrg } 1459 1.1 mrg h = str; 1460 1.1 mrg 1461 1.1 mrg /* Generate digits in reverse order until finished or limit reached */ 1462 1.1 mrg for (/* */; limit > 0; --limit) { 1463 1.1 mrg mp_digit d; 1464 1.1 mrg 1465 1.1 mrg if ((cmp = CMPZ(&tmp)) == 0) break; 1466 1.1 mrg 1467 1.1 mrg d = s_ddiv(&tmp, (mp_digit)radix); 1468 1.1 mrg *str++ = s_val2ch(d, 1); 1469 1.1 mrg } 1470 1.1 mrg t = str - 1; 1471 1.1 mrg 1472 1.1 mrg /* Put digits back in correct output order */ 1473 1.1 mrg while (h < t) { 1474 1.1 mrg char tc = *h; 1475 1.1 mrg *h++ = *t; 1476 1.1 mrg *t-- = tc; 1477 1.1 mrg } 1478 1.1 mrg 1479 1.1 mrg mp_int_clear(&tmp); 1480 1.1 mrg } 1481 1.1 mrg 1482 1.1 mrg *str = '\0'; 1483 1.1 mrg if (cmp == 0) { 1484 1.1 mrg return MP_OK; 1485 1.1 mrg } else { 1486 1.1 mrg return MP_TRUNC; 1487 1.1 mrg } 1488 1.1 mrg } 1489 1.1 mrg 1490 1.1 mrg mp_result mp_int_string_len(mp_int z, mp_size radix) { 1491 1.1 mrg assert(z != NULL); 1492 1.1 mrg assert(radix >= MP_MIN_RADIX && radix <= MP_MAX_RADIX); 1493 1.1 mrg 1494 1.1 mrg int len = s_outlen(z, radix) + 1; /* for terminator */ 1495 1.1 mrg 1496 1.1 mrg /* Allow for sign marker on negatives */ 1497 1.1 mrg if (MP_SIGN(z) == MP_NEG) len += 1; 1498 1.1 mrg 1499 1.1 mrg return len; 1500 1.1 mrg } 1501 1.1 mrg 1502 1.1 mrg /* Read zero-terminated string into z */ 1503 1.1 mrg mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str) { 1504 1.1 mrg return mp_int_read_cstring(z, radix, str, NULL); 1505 1.1 mrg } 1506 1.1 mrg 1507 1.1 mrg mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, 1508 1.1 mrg char **end) { 1509 1.1 mrg assert(z != NULL && str != NULL); 1510 1.1 mrg assert(radix >= MP_MIN_RADIX && radix <= MP_MAX_RADIX); 1511 1.1 mrg 1512 1.1 mrg /* Skip leading whitespace */ 1513 1.1 mrg while (isspace((unsigned char)*str)) ++str; 1514 1.1 mrg 1515 1.1 mrg /* Handle leading sign tag (+/-, positive default) */ 1516 1.1 mrg switch (*str) { 1517 1.1 mrg case '-': 1518 1.1 mrg z->sign = MP_NEG; 1519 1.1 mrg ++str; 1520 1.1 mrg break; 1521 1.1 mrg case '+': 1522 1.1 mrg ++str; /* fallthrough */ 1523 1.1 mrg default: 1524 1.1 mrg z->sign = MP_ZPOS; 1525 1.1 mrg break; 1526 1.1 mrg } 1527 1.1 mrg 1528 1.1 mrg /* Skip leading zeroes */ 1529 1.1 mrg int ch; 1530 1.1 mrg while ((ch = s_ch2val(*str, radix)) == 0) ++str; 1531 1.1 mrg 1532 1.1 mrg /* Make sure there is enough space for the value */ 1533 1.1 mrg if (!s_pad(z, s_inlen(strlen(str), radix))) return MP_MEMORY; 1534 1.1 mrg 1535 1.1 mrg z->used = 1; 1536 1.1 mrg z->digits[0] = 0; 1537 1.1 mrg 1538 1.1 mrg while (*str != '\0' && ((ch = s_ch2val(*str, radix)) >= 0)) { 1539 1.1 mrg s_dmul(z, (mp_digit)radix); 1540 1.1 mrg s_dadd(z, (mp_digit)ch); 1541 1.1 mrg ++str; 1542 1.1 mrg } 1543 1.1 mrg 1544 1.1 mrg CLAMP(z); 1545 1.1 mrg 1546 1.1 mrg /* Override sign for zero, even if negative specified. */ 1547 1.1 mrg if (CMPZ(z) == 0) z->sign = MP_ZPOS; 1548 1.1 mrg 1549 1.1 mrg if (end != NULL) *end = (char *)str; 1550 1.1 mrg 1551 1.1 mrg /* Return a truncation error if the string has unprocessed characters 1552 1.1 mrg remaining, so the caller can tell if the whole string was done */ 1553 1.1 mrg if (*str != '\0') { 1554 1.1 mrg return MP_TRUNC; 1555 1.1 mrg } else { 1556 1.1 mrg return MP_OK; 1557 1.1 mrg } 1558 1.1 mrg } 1559 1.1 mrg 1560 1.1 mrg mp_result mp_int_count_bits(mp_int z) { 1561 1.1 mrg assert(z != NULL); 1562 1.1 mrg 1563 1.1 mrg mp_size uz = MP_USED(z); 1564 1.1 mrg if (uz == 1 && z->digits[0] == 0) return 1; 1565 1.1 mrg 1566 1.1 mrg --uz; 1567 1.1 mrg mp_size nbits = uz * MP_DIGIT_BIT; 1568 1.1 mrg mp_digit d = z->digits[uz]; 1569 1.1 mrg 1570 1.1 mrg while (d != 0) { 1571 1.1 mrg d >>= 1; 1572 1.1 mrg ++nbits; 1573 1.1 mrg } 1574 1.1 mrg 1575 1.1 mrg return nbits; 1576 1.1 mrg } 1577 1.1 mrg 1578 1.1 mrg mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit) { 1579 1.1 mrg static const int PAD_FOR_2C = 1; 1580 1.1 mrg 1581 1.1 mrg assert(z != NULL && buf != NULL); 1582 1.1 mrg 1583 1.1 mrg int limpos = limit; 1584 1.1 mrg mp_result res = s_tobin(z, buf, &limpos, PAD_FOR_2C); 1585 1.1 mrg 1586 1.1 mrg if (MP_SIGN(z) == MP_NEG) s_2comp(buf, limpos); 1587 1.1 mrg 1588 1.1 mrg return res; 1589 1.1 mrg } 1590 1.1 mrg 1591 1.1 mrg mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len) { 1592 1.1 mrg assert(z != NULL && buf != NULL && len > 0); 1593 1.1 mrg 1594 1.1 mrg /* Figure out how many digits are needed to represent this value */ 1595 1.1 mrg mp_size need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; 1596 1.1 mrg if (!s_pad(z, need)) return MP_MEMORY; 1597 1.1 mrg 1598 1.1 mrg mp_int_zero(z); 1599 1.1 mrg 1600 1.1 mrg /* If the high-order bit is set, take the 2's complement before reading the 1601 1.1 mrg value (it will be restored afterward) */ 1602 1.1 mrg if (buf[0] >> (CHAR_BIT - 1)) { 1603 1.1 mrg z->sign = MP_NEG; 1604 1.1 mrg s_2comp(buf, len); 1605 1.1 mrg } 1606 1.1 mrg 1607 1.1 mrg mp_digit *dz = MP_DIGITS(z); 1608 1.1 mrg unsigned char *tmp = buf; 1609 1.1 mrg for (int i = len; i > 0; --i, ++tmp) { 1610 1.1 mrg s_qmul(z, (mp_size)CHAR_BIT); 1611 1.1 mrg *dz |= *tmp; 1612 1.1 mrg } 1613 1.1 mrg 1614 1.1 mrg /* Restore 2's complement if we took it before */ 1615 1.1 mrg if (MP_SIGN(z) == MP_NEG) s_2comp(buf, len); 1616 1.1 mrg 1617 1.1 mrg return MP_OK; 1618 1.1 mrg } 1619 1.1 mrg 1620 1.1 mrg mp_result mp_int_binary_len(mp_int z) { 1621 1.1 mrg mp_result res = mp_int_count_bits(z); 1622 1.1 mrg if (res <= 0) return res; 1623 1.1 mrg 1624 1.1 mrg int bytes = mp_int_unsigned_len(z); 1625 1.1 mrg 1626 1.1 mrg /* If the highest-order bit falls exactly on a byte boundary, we need to pad 1627 1.1 mrg with an extra byte so that the sign will be read correctly when reading it 1628 1.1 mrg back in. */ 1629 1.1 mrg if (bytes * CHAR_BIT == res) ++bytes; 1630 1.1 mrg 1631 1.1 mrg return bytes; 1632 1.1 mrg } 1633 1.1 mrg 1634 1.1 mrg mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit) { 1635 1.1 mrg static const int NO_PADDING = 0; 1636 1.1 mrg 1637 1.1 mrg assert(z != NULL && buf != NULL); 1638 1.1 mrg 1639 1.1 mrg return s_tobin(z, buf, &limit, NO_PADDING); 1640 1.1 mrg } 1641 1.1 mrg 1642 1.1 mrg mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len) { 1643 1.1 mrg assert(z != NULL && buf != NULL && len > 0); 1644 1.1 mrg 1645 1.1 mrg /* Figure out how many digits are needed to represent this value */ 1646 1.1 mrg mp_size need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; 1647 1.1 mrg if (!s_pad(z, need)) return MP_MEMORY; 1648 1.1 mrg 1649 1.1 mrg mp_int_zero(z); 1650 1.1 mrg 1651 1.1 mrg unsigned char *tmp = buf; 1652 1.1 mrg for (int i = len; i > 0; --i, ++tmp) { 1653 1.1 mrg (void)s_qmul(z, CHAR_BIT); 1654 1.1 mrg *MP_DIGITS(z) |= *tmp; 1655 1.1 mrg } 1656 1.1 mrg 1657 1.1 mrg return MP_OK; 1658 1.1 mrg } 1659 1.1 mrg 1660 1.1 mrg mp_result mp_int_unsigned_len(mp_int z) { 1661 1.1 mrg mp_result res = mp_int_count_bits(z); 1662 1.1 mrg if (res <= 0) return res; 1663 1.1 mrg 1664 1.1 mrg int bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; 1665 1.1 mrg return bytes; 1666 1.1 mrg } 1667 1.1 mrg 1668 1.1 mrg const char *mp_error_string(mp_result res) { 1669 1.1 mrg if (res > 0) return s_unknown_err; 1670 1.1 mrg 1671 1.1 mrg res = -res; 1672 1.1 mrg int ix; 1673 1.1 mrg for (ix = 0; ix < res && s_error_msg[ix] != NULL; ++ix) 1674 1.1 mrg ; 1675 1.1 mrg 1676 1.1 mrg if (s_error_msg[ix] != NULL) { 1677 1.1 mrg return s_error_msg[ix]; 1678 1.1 mrg } else { 1679 1.1 mrg return s_unknown_err; 1680 1.1 mrg } 1681 1.1 mrg } 1682 1.1 mrg 1683 1.1 mrg /*------------------------------------------------------------------------*/ 1684 1.1 mrg /* Private functions for internal use. These make assumptions. */ 1685 1.1 mrg 1686 1.1 mrg #if DEBUG 1687 1.1 mrg static const mp_digit fill = (mp_digit)0xdeadbeefabad1dea; 1688 1.1 mrg #endif 1689 1.1 mrg 1690 1.1 mrg static mp_digit *s_alloc(mp_size num) { 1691 1.1 mrg mp_digit *out = malloc(num * sizeof(mp_digit)); 1692 1.1 mrg assert(out != NULL); 1693 1.1 mrg 1694 1.1 mrg #if DEBUG 1695 1.1 mrg for (mp_size ix = 0; ix < num; ++ix) out[ix] = fill; 1696 1.1 mrg #endif 1697 1.1 mrg return out; 1698 1.1 mrg } 1699 1.1 mrg 1700 1.1 mrg static mp_digit *s_realloc(mp_digit *old, mp_size osize, mp_size nsize) { 1701 1.1 mrg #if DEBUG 1702 1.1 mrg mp_digit *new = s_alloc(nsize); 1703 1.1 mrg assert(new != NULL); 1704 1.1 mrg 1705 1.1 mrg for (mp_size ix = 0; ix < nsize; ++ix) new[ix] = fill; 1706 1.1 mrg memcpy(new, old, osize * sizeof(mp_digit)); 1707 1.1 mrg #else 1708 1.1 mrg mp_digit *new = realloc(old, nsize * sizeof(mp_digit)); 1709 1.1 mrg assert(new != NULL); 1710 1.1 mrg #endif 1711 1.1 mrg 1712 1.1 mrg return new; 1713 1.1 mrg } 1714 1.1 mrg 1715 1.1 mrg static void s_free(void *ptr) { free(ptr); } 1716 1.1 mrg 1717 1.1 mrg static bool s_pad(mp_int z, mp_size min) { 1718 1.1 mrg if (MP_ALLOC(z) < min) { 1719 1.1 mrg mp_size nsize = s_round_prec(min); 1720 1.1 mrg mp_digit *tmp; 1721 1.1 mrg 1722 1.1 mrg if (z->digits == &(z->single)) { 1723 1.1 mrg if ((tmp = s_alloc(nsize)) == NULL) return false; 1724 1.1 mrg tmp[0] = z->single; 1725 1.1 mrg } else if ((tmp = s_realloc(MP_DIGITS(z), MP_ALLOC(z), nsize)) == NULL) { 1726 1.1 mrg return false; 1727 1.1 mrg } 1728 1.1 mrg 1729 1.1 mrg z->digits = tmp; 1730 1.1 mrg z->alloc = nsize; 1731 1.1 mrg } 1732 1.1 mrg 1733 1.1 mrg return true; 1734 1.1 mrg } 1735 1.1 mrg 1736 1.1 mrg /* Note: This will not work correctly when value == MP_SMALL_MIN */ 1737 1.1 mrg static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]) { 1738 1.1 mrg mp_usmall uv = (mp_usmall)(value < 0) ? -value : value; 1739 1.1 mrg s_ufake(z, uv, vbuf); 1740 1.1 mrg if (value < 0) z->sign = MP_NEG; 1741 1.1 mrg } 1742 1.1 mrg 1743 1.1 mrg static void s_ufake(mp_int z, mp_usmall value, mp_digit vbuf[]) { 1744 1.1 mrg mp_size ndig = (mp_size)s_uvpack(value, vbuf); 1745 1.1 mrg 1746 1.1 mrg z->used = ndig; 1747 1.1 mrg z->alloc = MP_VALUE_DIGITS(value); 1748 1.1 mrg z->sign = MP_ZPOS; 1749 1.1 mrg z->digits = vbuf; 1750 1.1 mrg } 1751 1.1 mrg 1752 1.1 mrg static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) { 1753 1.1 mrg mp_digit *dat = da + len - 1, *dbt = db + len - 1; 1754 1.1 mrg 1755 1.1 mrg for (/* */; len != 0; --len, --dat, --dbt) { 1756 1.1 mrg if (*dat > *dbt) { 1757 1.1 mrg return 1; 1758 1.1 mrg } else if (*dat < *dbt) { 1759 1.1 mrg return -1; 1760 1.1 mrg } 1761 1.1 mrg } 1762 1.1 mrg 1763 1.1 mrg return 0; 1764 1.1 mrg } 1765 1.1 mrg 1766 1.1 mrg static int s_uvpack(mp_usmall uv, mp_digit t[]) { 1767 1.1 mrg int ndig = 0; 1768 1.1 mrg 1769 1.1 mrg if (uv == 0) 1770 1.1 mrg t[ndig++] = 0; 1771 1.1 mrg else { 1772 1.1 mrg while (uv != 0) { 1773 1.1 mrg t[ndig++] = (mp_digit)uv; 1774 1.1 mrg uv >>= MP_DIGIT_BIT / 2; 1775 1.1 mrg uv >>= MP_DIGIT_BIT / 2; 1776 1.1 mrg } 1777 1.1 mrg } 1778 1.1 mrg 1779 1.1 mrg return ndig; 1780 1.1 mrg } 1781 1.1 mrg 1782 1.1 mrg static int s_ucmp(mp_int a, mp_int b) { 1783 1.1 mrg mp_size ua = MP_USED(a), ub = MP_USED(b); 1784 1.1 mrg 1785 1.1 mrg if (ua > ub) { 1786 1.1 mrg return 1; 1787 1.1 mrg } else if (ub > ua) { 1788 1.1 mrg return -1; 1789 1.1 mrg } else { 1790 1.1 mrg return s_cdig(MP_DIGITS(a), MP_DIGITS(b), ua); 1791 1.1 mrg } 1792 1.1 mrg } 1793 1.1 mrg 1794 1.1 mrg static int s_vcmp(mp_int a, mp_small v) { 1795 1.1 mrg mp_usmall uv = (v < 0) ? -(mp_usmall)v : (mp_usmall)v; 1796 1.1 mrg return s_uvcmp(a, uv); 1797 1.1 mrg } 1798 1.1 mrg 1799 1.1 mrg static int s_uvcmp(mp_int a, mp_usmall uv) { 1800 1.1 mrg mpz_t vtmp; 1801 1.1 mrg mp_digit vdig[MP_VALUE_DIGITS(uv)]; 1802 1.1 mrg 1803 1.1 mrg s_ufake(&vtmp, uv, vdig); 1804 1.1 mrg return s_ucmp(a, &vtmp); 1805 1.1 mrg } 1806 1.1 mrg 1807 1.1 mrg static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 1808 1.1 mrg mp_size size_b) { 1809 1.1 mrg mp_size pos; 1810 1.1 mrg mp_word w = 0; 1811 1.1 mrg 1812 1.1 mrg /* Insure that da is the longer of the two to simplify later code */ 1813 1.1 mrg if (size_b > size_a) { 1814 1.1 mrg SWAP(mp_digit *, da, db); 1815 1.1 mrg SWAP(mp_size, size_a, size_b); 1816 1.1 mrg } 1817 1.1 mrg 1818 1.1 mrg /* Add corresponding digits until the shorter number runs out */ 1819 1.1 mrg for (pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { 1820 1.1 mrg w = w + (mp_word)*da + (mp_word)*db; 1821 1.1 mrg *dc = LOWER_HALF(w); 1822 1.1 mrg w = UPPER_HALF(w); 1823 1.1 mrg } 1824 1.1 mrg 1825 1.1 mrg /* Propagate carries as far as necessary */ 1826 1.1 mrg for (/* */; pos < size_a; ++pos, ++da, ++dc) { 1827 1.1 mrg w = w + *da; 1828 1.1 mrg 1829 1.1 mrg *dc = LOWER_HALF(w); 1830 1.1 mrg w = UPPER_HALF(w); 1831 1.1 mrg } 1832 1.1 mrg 1833 1.1 mrg /* Return carry out */ 1834 1.1 mrg return (mp_digit)w; 1835 1.1 mrg } 1836 1.1 mrg 1837 1.1 mrg static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 1838 1.1 mrg mp_size size_b) { 1839 1.1 mrg mp_size pos; 1840 1.1 mrg mp_word w = 0; 1841 1.1 mrg 1842 1.1 mrg /* We assume that |a| >= |b| so this should definitely hold */ 1843 1.1 mrg assert(size_a >= size_b); 1844 1.1 mrg 1845 1.1 mrg /* Subtract corresponding digits and propagate borrow */ 1846 1.1 mrg for (pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { 1847 1.1 mrg w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ 1848 1.1 mrg (mp_word)*da) - 1849 1.1 mrg w - (mp_word)*db; 1850 1.1 mrg 1851 1.1 mrg *dc = LOWER_HALF(w); 1852 1.1 mrg w = (UPPER_HALF(w) == 0); 1853 1.1 mrg } 1854 1.1 mrg 1855 1.1 mrg /* Finish the subtraction for remaining upper digits of da */ 1856 1.1 mrg for (/* */; pos < size_a; ++pos, ++da, ++dc) { 1857 1.1 mrg w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ 1858 1.1 mrg (mp_word)*da) - 1859 1.1 mrg w; 1860 1.1 mrg 1861 1.1 mrg *dc = LOWER_HALF(w); 1862 1.1 mrg w = (UPPER_HALF(w) == 0); 1863 1.1 mrg } 1864 1.1 mrg 1865 1.1 mrg /* If there is a borrow out at the end, it violates the precondition */ 1866 1.1 mrg assert(w == 0); 1867 1.1 mrg } 1868 1.1 mrg 1869 1.1 mrg static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 1870 1.1 mrg mp_size size_b) { 1871 1.1 mrg mp_size bot_size; 1872 1.1 mrg 1873 1.1 mrg /* Make sure b is the smaller of the two input values */ 1874 1.1 mrg if (size_b > size_a) { 1875 1.1 mrg SWAP(mp_digit *, da, db); 1876 1.1 mrg SWAP(mp_size, size_a, size_b); 1877 1.1 mrg } 1878 1.1 mrg 1879 1.1 mrg /* Insure that the bottom is the larger half in an odd-length split; the code 1880 1.1 mrg below relies on this being true. 1881 1.1 mrg */ 1882 1.1 mrg bot_size = (size_a + 1) / 2; 1883 1.1 mrg 1884 1.1 mrg /* If the values are big enough to bother with recursion, use the Karatsuba 1885 1.1 mrg algorithm to compute the product; otherwise use the normal multiplication 1886 1.1 mrg algorithm 1887 1.1 mrg */ 1888 1.1 mrg if (multiply_threshold && size_a >= multiply_threshold && size_b > bot_size) { 1889 1.1 mrg mp_digit *t1, *t2, *t3, carry; 1890 1.1 mrg 1891 1.1 mrg mp_digit *a_top = da + bot_size; 1892 1.1 mrg mp_digit *b_top = db + bot_size; 1893 1.1 mrg 1894 1.1 mrg mp_size at_size = size_a - bot_size; 1895 1.1 mrg mp_size bt_size = size_b - bot_size; 1896 1.1 mrg mp_size buf_size = 2 * bot_size; 1897 1.1 mrg 1898 1.1 mrg /* Do a single allocation for all three temporary buffers needed; each 1899 1.1 mrg buffer must be big enough to hold the product of two bottom halves, and 1900 1.1 mrg one buffer needs space for the completed product; twice the space is 1901 1.1 mrg plenty. 1902 1.1 mrg */ 1903 1.1 mrg if ((t1 = s_alloc(4 * buf_size)) == NULL) return 0; 1904 1.1 mrg t2 = t1 + buf_size; 1905 1.1 mrg t3 = t2 + buf_size; 1906 1.1 mrg ZERO(t1, 4 * buf_size); 1907 1.1 mrg 1908 1.1 mrg /* t1 and t2 are initially used as temporaries to compute the inner product 1909 1.1 mrg (a1 + a0)(b1 + b0) = a1b1 + a1b0 + a0b1 + a0b0 1910 1.1 mrg */ 1911 1.1 mrg carry = s_uadd(da, a_top, t1, bot_size, at_size); /* t1 = a1 + a0 */ 1912 1.1 mrg t1[bot_size] = carry; 1913 1.1 mrg 1914 1.1 mrg carry = s_uadd(db, b_top, t2, bot_size, bt_size); /* t2 = b1 + b0 */ 1915 1.1 mrg t2[bot_size] = carry; 1916 1.1 mrg 1917 1.1 mrg (void)s_kmul(t1, t2, t3, bot_size + 1, bot_size + 1); /* t3 = t1 * t2 */ 1918 1.1 mrg 1919 1.1 mrg /* Now we'll get t1 = a0b0 and t2 = a1b1, and subtract them out so that 1920 1.1 mrg we're left with only the pieces we want: t3 = a1b0 + a0b1 1921 1.1 mrg */ 1922 1.1 mrg ZERO(t1, buf_size); 1923 1.1 mrg ZERO(t2, buf_size); 1924 1.1 mrg (void)s_kmul(da, db, t1, bot_size, bot_size); /* t1 = a0 * b0 */ 1925 1.1 mrg (void)s_kmul(a_top, b_top, t2, at_size, bt_size); /* t2 = a1 * b1 */ 1926 1.1 mrg 1927 1.1 mrg /* Subtract out t1 and t2 to get the inner product */ 1928 1.1 mrg s_usub(t3, t1, t3, buf_size + 2, buf_size); 1929 1.1 mrg s_usub(t3, t2, t3, buf_size + 2, buf_size); 1930 1.1 mrg 1931 1.1 mrg /* Assemble the output value */ 1932 1.1 mrg COPY(t1, dc, buf_size); 1933 1.1 mrg carry = s_uadd(t3, dc + bot_size, dc + bot_size, buf_size + 1, buf_size); 1934 1.1 mrg assert(carry == 0); 1935 1.1 mrg 1936 1.1 mrg carry = 1937 1.1 mrg s_uadd(t2, dc + 2 * bot_size, dc + 2 * bot_size, buf_size, buf_size); 1938 1.1 mrg assert(carry == 0); 1939 1.1 mrg 1940 1.1 mrg s_free(t1); /* note t2 and t3 are just internal pointers to t1 */ 1941 1.1 mrg } else { 1942 1.1 mrg s_umul(da, db, dc, size_a, size_b); 1943 1.1 mrg } 1944 1.1 mrg 1945 1.1 mrg return 1; 1946 1.1 mrg } 1947 1.1 mrg 1948 1.1 mrg static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, 1949 1.1 mrg mp_size size_b) { 1950 1.1 mrg mp_size a, b; 1951 1.1 mrg mp_word w; 1952 1.1 mrg 1953 1.1 mrg for (a = 0; a < size_a; ++a, ++dc, ++da) { 1954 1.1 mrg mp_digit *dct = dc; 1955 1.1 mrg mp_digit *dbt = db; 1956 1.1 mrg 1957 1.1 mrg if (*da == 0) continue; 1958 1.1 mrg 1959 1.1 mrg w = 0; 1960 1.1 mrg for (b = 0; b < size_b; ++b, ++dbt, ++dct) { 1961 1.1 mrg w = (mp_word)*da * (mp_word)*dbt + w + (mp_word)*dct; 1962 1.1 mrg 1963 1.1 mrg *dct = LOWER_HALF(w); 1964 1.1 mrg w = UPPER_HALF(w); 1965 1.1 mrg } 1966 1.1 mrg 1967 1.1 mrg *dct = (mp_digit)w; 1968 1.1 mrg } 1969 1.1 mrg } 1970 1.1 mrg 1971 1.1 mrg static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) { 1972 1.1 mrg if (multiply_threshold && size_a > multiply_threshold) { 1973 1.1 mrg mp_size bot_size = (size_a + 1) / 2; 1974 1.1 mrg mp_digit *a_top = da + bot_size; 1975 1.1 mrg mp_digit *t1, *t2, *t3, carry; 1976 1.1 mrg mp_size at_size = size_a - bot_size; 1977 1.1 mrg mp_size buf_size = 2 * bot_size; 1978 1.1 mrg 1979 1.1 mrg if ((t1 = s_alloc(4 * buf_size)) == NULL) return 0; 1980 1.1 mrg t2 = t1 + buf_size; 1981 1.1 mrg t3 = t2 + buf_size; 1982 1.1 mrg ZERO(t1, 4 * buf_size); 1983 1.1 mrg 1984 1.1 mrg (void)s_ksqr(da, t1, bot_size); /* t1 = a0 ^ 2 */ 1985 1.1 mrg (void)s_ksqr(a_top, t2, at_size); /* t2 = a1 ^ 2 */ 1986 1.1 mrg 1987 1.1 mrg (void)s_kmul(da, a_top, t3, bot_size, at_size); /* t3 = a0 * a1 */ 1988 1.1 mrg 1989 1.1 mrg /* Quick multiply t3 by 2, shifting left (can't overflow) */ 1990 1.1 mrg { 1991 1.1 mrg int i, top = bot_size + at_size; 1992 1.1 mrg mp_word w, save = 0; 1993 1.1 mrg 1994 1.1 mrg for (i = 0; i < top; ++i) { 1995 1.1 mrg w = t3[i]; 1996 1.1 mrg w = (w << 1) | save; 1997 1.1 mrg t3[i] = LOWER_HALF(w); 1998 1.1 mrg save = UPPER_HALF(w); 1999 1.1 mrg } 2000 1.1 mrg t3[i] = LOWER_HALF(save); 2001 1.1 mrg } 2002 1.1 mrg 2003 1.1 mrg /* Assemble the output value */ 2004 1.1 mrg COPY(t1, dc, 2 * bot_size); 2005 1.1 mrg carry = s_uadd(t3, dc + bot_size, dc + bot_size, buf_size + 1, buf_size); 2006 1.1 mrg assert(carry == 0); 2007 1.1 mrg 2008 1.1 mrg carry = 2009 1.1 mrg s_uadd(t2, dc + 2 * bot_size, dc + 2 * bot_size, buf_size, buf_size); 2010 1.1 mrg assert(carry == 0); 2011 1.1 mrg 2012 1.1 mrg s_free(t1); /* note that t2 and t2 are internal pointers only */ 2013 1.1 mrg 2014 1.1 mrg } else { 2015 1.1 mrg s_usqr(da, dc, size_a); 2016 1.1 mrg } 2017 1.1 mrg 2018 1.1 mrg return 1; 2019 1.1 mrg } 2020 1.1 mrg 2021 1.1 mrg static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) { 2022 1.1 mrg mp_size i, j; 2023 1.1 mrg mp_word w; 2024 1.1 mrg 2025 1.1 mrg for (i = 0; i < size_a; ++i, dc += 2, ++da) { 2026 1.1 mrg mp_digit *dct = dc, *dat = da; 2027 1.1 mrg 2028 1.1 mrg if (*da == 0) continue; 2029 1.1 mrg 2030 1.1 mrg /* Take care of the first digit, no rollover */ 2031 1.1 mrg w = (mp_word)*dat * (mp_word)*dat + (mp_word)*dct; 2032 1.1 mrg *dct = LOWER_HALF(w); 2033 1.1 mrg w = UPPER_HALF(w); 2034 1.1 mrg ++dat; 2035 1.1 mrg ++dct; 2036 1.1 mrg 2037 1.1 mrg for (j = i + 1; j < size_a; ++j, ++dat, ++dct) { 2038 1.1 mrg mp_word t = (mp_word)*da * (mp_word)*dat; 2039 1.1 mrg mp_word u = w + (mp_word)*dct, ov = 0; 2040 1.1 mrg 2041 1.1 mrg /* Check if doubling t will overflow a word */ 2042 1.1 mrg if (HIGH_BIT_SET(t)) ov = 1; 2043 1.1 mrg 2044 1.1 mrg w = t + t; 2045 1.1 mrg 2046 1.1 mrg /* Check if adding u to w will overflow a word */ 2047 1.1 mrg if (ADD_WILL_OVERFLOW(w, u)) ov = 1; 2048 1.1 mrg 2049 1.1 mrg w += u; 2050 1.1 mrg 2051 1.1 mrg *dct = LOWER_HALF(w); 2052 1.1 mrg w = UPPER_HALF(w); 2053 1.1 mrg if (ov) { 2054 1.1 mrg w += MP_DIGIT_MAX; /* MP_RADIX */ 2055 1.1 mrg ++w; 2056 1.1 mrg } 2057 1.1 mrg } 2058 1.1 mrg 2059 1.1 mrg w = w + *dct; 2060 1.1 mrg *dct = (mp_digit)w; 2061 1.1 mrg while ((w = UPPER_HALF(w)) != 0) { 2062 1.1 mrg ++dct; 2063 1.1 mrg w = w + *dct; 2064 1.1 mrg *dct = LOWER_HALF(w); 2065 1.1 mrg } 2066 1.1 mrg 2067 1.1 mrg assert(w == 0); 2068 1.1 mrg } 2069 1.1 mrg } 2070 1.1 mrg 2071 1.1 mrg static void s_dadd(mp_int a, mp_digit b) { 2072 1.1 mrg mp_word w = 0; 2073 1.1 mrg mp_digit *da = MP_DIGITS(a); 2074 1.1 mrg mp_size ua = MP_USED(a); 2075 1.1 mrg 2076 1.1 mrg w = (mp_word)*da + b; 2077 1.1 mrg *da++ = LOWER_HALF(w); 2078 1.1 mrg w = UPPER_HALF(w); 2079 1.1 mrg 2080 1.1 mrg for (ua -= 1; ua > 0; --ua, ++da) { 2081 1.1 mrg w = (mp_word)*da + w; 2082 1.1 mrg 2083 1.1 mrg *da = LOWER_HALF(w); 2084 1.1 mrg w = UPPER_HALF(w); 2085 1.1 mrg } 2086 1.1 mrg 2087 1.1 mrg if (w) { 2088 1.1 mrg *da = (mp_digit)w; 2089 1.1 mrg a->used += 1; 2090 1.1 mrg } 2091 1.1 mrg } 2092 1.1 mrg 2093 1.1 mrg static void s_dmul(mp_int a, mp_digit b) { 2094 1.1 mrg mp_word w = 0; 2095 1.1 mrg mp_digit *da = MP_DIGITS(a); 2096 1.1 mrg mp_size ua = MP_USED(a); 2097 1.1 mrg 2098 1.1 mrg while (ua > 0) { 2099 1.1 mrg w = (mp_word)*da * b + w; 2100 1.1 mrg *da++ = LOWER_HALF(w); 2101 1.1 mrg w = UPPER_HALF(w); 2102 1.1 mrg --ua; 2103 1.1 mrg } 2104 1.1 mrg 2105 1.1 mrg if (w) { 2106 1.1 mrg *da = (mp_digit)w; 2107 1.1 mrg a->used += 1; 2108 1.1 mrg } 2109 1.1 mrg } 2110 1.1 mrg 2111 1.1 mrg static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) { 2112 1.1 mrg mp_word w = 0; 2113 1.1 mrg 2114 1.1 mrg while (size_a > 0) { 2115 1.1 mrg w = (mp_word)*da++ * (mp_word)b + w; 2116 1.1 mrg 2117 1.1 mrg *dc++ = LOWER_HALF(w); 2118 1.1 mrg w = UPPER_HALF(w); 2119 1.1 mrg --size_a; 2120 1.1 mrg } 2121 1.1 mrg 2122 1.1 mrg if (w) *dc = LOWER_HALF(w); 2123 1.1 mrg } 2124 1.1 mrg 2125 1.1 mrg static mp_digit s_ddiv(mp_int a, mp_digit b) { 2126 1.1 mrg mp_word w = 0, qdigit; 2127 1.1 mrg mp_size ua = MP_USED(a); 2128 1.1 mrg mp_digit *da = MP_DIGITS(a) + ua - 1; 2129 1.1 mrg 2130 1.1 mrg for (/* */; ua > 0; --ua, --da) { 2131 1.1 mrg w = (w << MP_DIGIT_BIT) | *da; 2132 1.1 mrg 2133 1.1 mrg if (w >= b) { 2134 1.1 mrg qdigit = w / b; 2135 1.1 mrg w = w % b; 2136 1.1 mrg } else { 2137 1.1 mrg qdigit = 0; 2138 1.1 mrg } 2139 1.1 mrg 2140 1.1 mrg *da = (mp_digit)qdigit; 2141 1.1 mrg } 2142 1.1 mrg 2143 1.1 mrg CLAMP(a); 2144 1.1 mrg return (mp_digit)w; 2145 1.1 mrg } 2146 1.1 mrg 2147 1.1 mrg static void s_qdiv(mp_int z, mp_size p2) { 2148 1.1 mrg mp_size ndig = p2 / MP_DIGIT_BIT, nbits = p2 % MP_DIGIT_BIT; 2149 1.1 mrg mp_size uz = MP_USED(z); 2150 1.1 mrg 2151 1.1 mrg if (ndig) { 2152 1.1 mrg mp_size mark; 2153 1.1 mrg mp_digit *to, *from; 2154 1.1 mrg 2155 1.1 mrg if (ndig >= uz) { 2156 1.1 mrg mp_int_zero(z); 2157 1.1 mrg return; 2158 1.1 mrg } 2159 1.1 mrg 2160 1.1 mrg to = MP_DIGITS(z); 2161 1.1 mrg from = to + ndig; 2162 1.1 mrg 2163 1.1 mrg for (mark = ndig; mark < uz; ++mark) { 2164 1.1 mrg *to++ = *from++; 2165 1.1 mrg } 2166 1.1 mrg 2167 1.1 mrg z->used = uz - ndig; 2168 1.1 mrg } 2169 1.1 mrg 2170 1.1 mrg if (nbits) { 2171 1.1 mrg mp_digit d = 0, *dz, save; 2172 1.1 mrg mp_size up = MP_DIGIT_BIT - nbits; 2173 1.1 mrg 2174 1.1 mrg uz = MP_USED(z); 2175 1.1 mrg dz = MP_DIGITS(z) + uz - 1; 2176 1.1 mrg 2177 1.1 mrg for (/* */; uz > 0; --uz, --dz) { 2178 1.1 mrg save = *dz; 2179 1.1 mrg 2180 1.1 mrg *dz = (*dz >> nbits) | (d << up); 2181 1.1 mrg d = save; 2182 1.1 mrg } 2183 1.1 mrg 2184 1.1 mrg CLAMP(z); 2185 1.1 mrg } 2186 1.1 mrg 2187 1.1 mrg if (MP_USED(z) == 1 && z->digits[0] == 0) z->sign = MP_ZPOS; 2188 1.1 mrg } 2189 1.1 mrg 2190 1.1 mrg static void s_qmod(mp_int z, mp_size p2) { 2191 1.1 mrg mp_size start = p2 / MP_DIGIT_BIT + 1, rest = p2 % MP_DIGIT_BIT; 2192 1.1 mrg mp_size uz = MP_USED(z); 2193 1.1 mrg mp_digit mask = (1u << rest) - 1; 2194 1.1 mrg 2195 1.1 mrg if (start <= uz) { 2196 1.1 mrg z->used = start; 2197 1.1 mrg z->digits[start - 1] &= mask; 2198 1.1 mrg CLAMP(z); 2199 1.1 mrg } 2200 1.1 mrg } 2201 1.1 mrg 2202 1.1 mrg static int s_qmul(mp_int z, mp_size p2) { 2203 1.1 mrg mp_size uz, need, rest, extra, i; 2204 1.1 mrg mp_digit *from, *to, d; 2205 1.1 mrg 2206 1.1 mrg if (p2 == 0) return 1; 2207 1.1 mrg 2208 1.1 mrg uz = MP_USED(z); 2209 1.1 mrg need = p2 / MP_DIGIT_BIT; 2210 1.1 mrg rest = p2 % MP_DIGIT_BIT; 2211 1.1 mrg 2212 1.1 mrg /* Figure out if we need an extra digit at the top end; this occurs if the 2213 1.1 mrg topmost `rest' bits of the high-order digit of z are not zero, meaning 2214 1.1 mrg they will be shifted off the end if not preserved */ 2215 1.1 mrg extra = 0; 2216 1.1 mrg if (rest != 0) { 2217 1.1 mrg mp_digit *dz = MP_DIGITS(z) + uz - 1; 2218 1.1 mrg 2219 1.1 mrg if ((*dz >> (MP_DIGIT_BIT - rest)) != 0) extra = 1; 2220 1.1 mrg } 2221 1.1 mrg 2222 1.1 mrg if (!s_pad(z, uz + need + extra)) return 0; 2223 1.1 mrg 2224 1.1 mrg /* If we need to shift by whole digits, do that in one pass, then 2225 1.1 mrg to back and shift by partial digits. 2226 1.1 mrg */ 2227 1.1 mrg if (need > 0) { 2228 1.1 mrg from = MP_DIGITS(z) + uz - 1; 2229 1.1 mrg to = from + need; 2230 1.1 mrg 2231 1.1 mrg for (i = 0; i < uz; ++i) *to-- = *from--; 2232 1.1 mrg 2233 1.1 mrg ZERO(MP_DIGITS(z), need); 2234 1.1 mrg uz += need; 2235 1.1 mrg } 2236 1.1 mrg 2237 1.1 mrg if (rest) { 2238 1.1 mrg d = 0; 2239 1.1 mrg for (i = need, from = MP_DIGITS(z) + need; i < uz; ++i, ++from) { 2240 1.1 mrg mp_digit save = *from; 2241 1.1 mrg 2242 1.1 mrg *from = (*from << rest) | (d >> (MP_DIGIT_BIT - rest)); 2243 1.1 mrg d = save; 2244 1.1 mrg } 2245 1.1 mrg 2246 1.1 mrg d >>= (MP_DIGIT_BIT - rest); 2247 1.1 mrg if (d != 0) { 2248 1.1 mrg *from = d; 2249 1.1 mrg uz += extra; 2250 1.1 mrg } 2251 1.1 mrg } 2252 1.1 mrg 2253 1.1 mrg z->used = uz; 2254 1.1 mrg CLAMP(z); 2255 1.1 mrg 2256 1.1 mrg return 1; 2257 1.1 mrg } 2258 1.1 mrg 2259 1.1 mrg /* Compute z = 2^p2 - |z|; requires that 2^p2 >= |z| 2260 1.1 mrg The sign of the result is always zero/positive. 2261 1.1 mrg */ 2262 1.1 mrg static int s_qsub(mp_int z, mp_size p2) { 2263 1.1 mrg mp_digit hi = (1u << (p2 % MP_DIGIT_BIT)), *zp; 2264 1.1 mrg mp_size tdig = (p2 / MP_DIGIT_BIT), pos; 2265 1.1 mrg mp_word w = 0; 2266 1.1 mrg 2267 1.1 mrg if (!s_pad(z, tdig + 1)) return 0; 2268 1.1 mrg 2269 1.1 mrg for (pos = 0, zp = MP_DIGITS(z); pos < tdig; ++pos, ++zp) { 2270 1.1 mrg w = ((mp_word)MP_DIGIT_MAX + 1) - w - (mp_word)*zp; 2271 1.1 mrg 2272 1.1 mrg *zp = LOWER_HALF(w); 2273 1.1 mrg w = UPPER_HALF(w) ? 0 : 1; 2274 1.1 mrg } 2275 1.1 mrg 2276 1.1 mrg w = ((mp_word)MP_DIGIT_MAX + 1 + hi) - w - (mp_word)*zp; 2277 1.1 mrg *zp = LOWER_HALF(w); 2278 1.1 mrg 2279 1.1 mrg assert(UPPER_HALF(w) != 0); /* no borrow out should be possible */ 2280 1.1 mrg 2281 1.1 mrg z->sign = MP_ZPOS; 2282 1.1 mrg CLAMP(z); 2283 1.1 mrg 2284 1.1 mrg return 1; 2285 1.1 mrg } 2286 1.1 mrg 2287 1.1 mrg static int s_dp2k(mp_int z) { 2288 1.1 mrg int k = 0; 2289 1.1 mrg mp_digit *dp = MP_DIGITS(z), d; 2290 1.1 mrg 2291 1.1 mrg if (MP_USED(z) == 1 && *dp == 0) return 1; 2292 1.1 mrg 2293 1.1 mrg while (*dp == 0) { 2294 1.1 mrg k += MP_DIGIT_BIT; 2295 1.1 mrg ++dp; 2296 1.1 mrg } 2297 1.1 mrg 2298 1.1 mrg d = *dp; 2299 1.1 mrg while ((d & 1) == 0) { 2300 1.1 mrg d >>= 1; 2301 1.1 mrg ++k; 2302 1.1 mrg } 2303 1.1 mrg 2304 1.1 mrg return k; 2305 1.1 mrg } 2306 1.1 mrg 2307 1.1 mrg static int s_isp2(mp_int z) { 2308 1.1 mrg mp_size uz = MP_USED(z), k = 0; 2309 1.1 mrg mp_digit *dz = MP_DIGITS(z), d; 2310 1.1 mrg 2311 1.1 mrg while (uz > 1) { 2312 1.1 mrg if (*dz++ != 0) return -1; 2313 1.1 mrg k += MP_DIGIT_BIT; 2314 1.1 mrg --uz; 2315 1.1 mrg } 2316 1.1 mrg 2317 1.1 mrg d = *dz; 2318 1.1 mrg while (d > 1) { 2319 1.1 mrg if (d & 1) return -1; 2320 1.1 mrg ++k; 2321 1.1 mrg d >>= 1; 2322 1.1 mrg } 2323 1.1 mrg 2324 1.1 mrg return (int)k; 2325 1.1 mrg } 2326 1.1 mrg 2327 1.1 mrg static int s_2expt(mp_int z, mp_small k) { 2328 1.1 mrg mp_size ndig, rest; 2329 1.1 mrg mp_digit *dz; 2330 1.1 mrg 2331 1.1 mrg ndig = (k + MP_DIGIT_BIT) / MP_DIGIT_BIT; 2332 1.1 mrg rest = k % MP_DIGIT_BIT; 2333 1.1 mrg 2334 1.1 mrg if (!s_pad(z, ndig)) return 0; 2335 1.1 mrg 2336 1.1 mrg dz = MP_DIGITS(z); 2337 1.1 mrg ZERO(dz, ndig); 2338 1.1 mrg *(dz + ndig - 1) = (1u << rest); 2339 1.1 mrg z->used = ndig; 2340 1.1 mrg 2341 1.1 mrg return 1; 2342 1.1 mrg } 2343 1.1 mrg 2344 1.1 mrg static int s_norm(mp_int a, mp_int b) { 2345 1.1 mrg mp_digit d = b->digits[MP_USED(b) - 1]; 2346 1.1 mrg int k = 0; 2347 1.1 mrg 2348 1.1 mrg while (d < (1u << (mp_digit)(MP_DIGIT_BIT - 1))) { /* d < (MP_RADIX / 2) */ 2349 1.1 mrg d <<= 1; 2350 1.1 mrg ++k; 2351 1.1 mrg } 2352 1.1 mrg 2353 1.1 mrg /* These multiplications can't fail */ 2354 1.1 mrg if (k != 0) { 2355 1.1 mrg (void)s_qmul(a, (mp_size)k); 2356 1.1 mrg (void)s_qmul(b, (mp_size)k); 2357 1.1 mrg } 2358 1.1 mrg 2359 1.1 mrg return k; 2360 1.1 mrg } 2361 1.1 mrg 2362 1.1 mrg static mp_result s_brmu(mp_int z, mp_int m) { 2363 1.1 mrg mp_size um = MP_USED(m) * 2; 2364 1.1 mrg 2365 1.1 mrg if (!s_pad(z, um)) return MP_MEMORY; 2366 1.1 mrg 2367 1.1 mrg s_2expt(z, MP_DIGIT_BIT * um); 2368 1.1 mrg return mp_int_div(z, m, z, NULL); 2369 1.1 mrg } 2370 1.1 mrg 2371 1.1 mrg static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) { 2372 1.1 mrg mp_size um = MP_USED(m), umb_p1, umb_m1; 2373 1.1 mrg 2374 1.1 mrg umb_p1 = (um + 1) * MP_DIGIT_BIT; 2375 1.1 mrg umb_m1 = (um - 1) * MP_DIGIT_BIT; 2376 1.1 mrg 2377 1.1 mrg if (mp_int_copy(x, q1) != MP_OK) return 0; 2378 1.1 mrg 2379 1.1 mrg /* Compute q2 = floor((floor(x / b^(k-1)) * mu) / b^(k+1)) */ 2380 1.1 mrg s_qdiv(q1, umb_m1); 2381 1.1 mrg UMUL(q1, mu, q2); 2382 1.1 mrg s_qdiv(q2, umb_p1); 2383 1.1 mrg 2384 1.1 mrg /* Set x = x mod b^(k+1) */ 2385 1.1 mrg s_qmod(x, umb_p1); 2386 1.1 mrg 2387 1.1 mrg /* Now, q is a guess for the quotient a / m. 2388 1.1 mrg Compute x - q * m mod b^(k+1), replacing x. This may be off 2389 1.1 mrg by a factor of 2m, but no more than that. 2390 1.1 mrg */ 2391 1.1 mrg UMUL(q2, m, q1); 2392 1.1 mrg s_qmod(q1, umb_p1); 2393 1.1 mrg (void)mp_int_sub(x, q1, x); /* can't fail */ 2394 1.1 mrg 2395 1.1 mrg /* The result may be < 0; if it is, add b^(k+1) to pin it in the proper 2396 1.1 mrg range. */ 2397 1.1 mrg if ((CMPZ(x) < 0) && !s_qsub(x, umb_p1)) return 0; 2398 1.1 mrg 2399 1.1 mrg /* If x > m, we need to back it off until it is in range. This will be 2400 1.1 mrg required at most twice. */ 2401 1.1 mrg if (mp_int_compare(x, m) >= 0) { 2402 1.1 mrg (void)mp_int_sub(x, m, x); 2403 1.1 mrg if (mp_int_compare(x, m) >= 0) { 2404 1.1 mrg (void)mp_int_sub(x, m, x); 2405 1.1 mrg } 2406 1.1 mrg } 2407 1.1 mrg 2408 1.1 mrg /* At this point, x has been properly reduced. */ 2409 1.1 mrg return 1; 2410 1.1 mrg } 2411 1.1 mrg 2412 1.1 mrg /* Perform modular exponentiation using Barrett's method, where mu is the 2413 1.1 mrg reduction constant for m. Assumes a < m, b > 0. */ 2414 1.1 mrg static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) { 2415 1.1 mrg mp_digit umu = MP_USED(mu); 2416 1.1 mrg mp_digit *db = MP_DIGITS(b); 2417 1.1 mrg mp_digit *dbt = db + MP_USED(b) - 1; 2418 1.1 mrg 2419 1.1 mrg DECLARE_TEMP(3); 2420 1.1 mrg REQUIRE(GROW(TEMP(0), 4 * umu)); 2421 1.1 mrg REQUIRE(GROW(TEMP(1), 4 * umu)); 2422 1.1 mrg REQUIRE(GROW(TEMP(2), 4 * umu)); 2423 1.1 mrg ZERO(TEMP(0)->digits, TEMP(0)->alloc); 2424 1.1 mrg ZERO(TEMP(1)->digits, TEMP(1)->alloc); 2425 1.1 mrg ZERO(TEMP(2)->digits, TEMP(2)->alloc); 2426 1.1 mrg 2427 1.1 mrg (void)mp_int_set_value(c, 1); 2428 1.1 mrg 2429 1.1 mrg /* Take care of low-order digits */ 2430 1.1 mrg while (db < dbt) { 2431 1.1 mrg mp_digit d = *db; 2432 1.1 mrg 2433 1.1 mrg for (int i = MP_DIGIT_BIT; i > 0; --i, d >>= 1) { 2434 1.1 mrg if (d & 1) { 2435 1.1 mrg /* The use of a second temporary avoids allocation */ 2436 1.1 mrg UMUL(c, a, TEMP(0)); 2437 1.1 mrg if (!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { 2438 1.1 mrg REQUIRE(MP_MEMORY); 2439 1.1 mrg } 2440 1.1 mrg mp_int_copy(TEMP(0), c); 2441 1.1 mrg } 2442 1.1 mrg 2443 1.1 mrg USQR(a, TEMP(0)); 2444 1.1 mrg assert(MP_SIGN(TEMP(0)) == MP_ZPOS); 2445 1.1 mrg if (!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { 2446 1.1 mrg REQUIRE(MP_MEMORY); 2447 1.1 mrg } 2448 1.1 mrg assert(MP_SIGN(TEMP(0)) == MP_ZPOS); 2449 1.1 mrg mp_int_copy(TEMP(0), a); 2450 1.1 mrg } 2451 1.1 mrg 2452 1.1 mrg ++db; 2453 1.1 mrg } 2454 1.1 mrg 2455 1.1 mrg /* Take care of highest-order digit */ 2456 1.1 mrg mp_digit d = *dbt; 2457 1.1 mrg for (;;) { 2458 1.1 mrg if (d & 1) { 2459 1.1 mrg UMUL(c, a, TEMP(0)); 2460 1.1 mrg if (!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { 2461 1.1 mrg REQUIRE(MP_MEMORY); 2462 1.1 mrg } 2463 1.1 mrg mp_int_copy(TEMP(0), c); 2464 1.1 mrg } 2465 1.1 mrg 2466 1.1 mrg d >>= 1; 2467 1.1 mrg if (!d) break; 2468 1.1 mrg 2469 1.1 mrg USQR(a, TEMP(0)); 2470 1.1 mrg if (!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { 2471 1.1 mrg REQUIRE(MP_MEMORY); 2472 1.1 mrg } 2473 1.1 mrg (void)mp_int_copy(TEMP(0), a); 2474 1.1 mrg } 2475 1.1 mrg 2476 1.1 mrg CLEANUP_TEMP(); 2477 1.1 mrg return MP_OK; 2478 1.1 mrg } 2479 1.1 mrg 2480 1.1 mrg /* Division of nonnegative integers 2481 1.1 mrg 2482 1.1 mrg This function implements division algorithm for unsigned multi-precision 2483 1.1 mrg integers. The algorithm is based on Algorithm D from Knuth's "The Art of 2484 1.1 mrg Computer Programming", 3rd ed. 1998, pg 272-273. 2485 1.1 mrg 2486 1.1 mrg We diverge from Knuth's algorithm in that we do not perform the subtraction 2487 1.1 mrg from the remainder until we have determined that we have the correct 2488 1.1 mrg quotient digit. This makes our algorithm less efficient that Knuth because 2489 1.1 mrg we might have to perform multiple multiplication and comparison steps before 2490 1.1 mrg the subtraction. The advantage is that it is easy to implement and ensure 2491 1.1 mrg correctness without worrying about underflow from the subtraction. 2492 1.1 mrg 2493 1.1 mrg inputs: u a n+m digit integer in base b (b is 2^MP_DIGIT_BIT) 2494 1.1 mrg v a n digit integer in base b (b is 2^MP_DIGIT_BIT) 2495 1.1 mrg n >= 1 2496 1.1 mrg m >= 0 2497 1.1 mrg outputs: u / v stored in u 2498 1.1 mrg u % v stored in v 2499 1.1 mrg */ 2500 1.1 mrg static mp_result s_udiv_knuth(mp_int u, mp_int v) { 2501 1.1 mrg /* Force signs to positive */ 2502 1.1 mrg u->sign = MP_ZPOS; 2503 1.1 mrg v->sign = MP_ZPOS; 2504 1.1 mrg 2505 1.1 mrg /* Use simple division algorithm when v is only one digit long */ 2506 1.1 mrg if (MP_USED(v) == 1) { 2507 1.1 mrg mp_digit d, rem; 2508 1.1 mrg d = v->digits[0]; 2509 1.1 mrg rem = s_ddiv(u, d); 2510 1.1 mrg mp_int_set_value(v, rem); 2511 1.1 mrg return MP_OK; 2512 1.1 mrg } 2513 1.1 mrg 2514 1.1 mrg /* Algorithm D 2515 1.1 mrg 2516 1.1 mrg The n and m variables are defined as used by Knuth. 2517 1.1 mrg u is an n digit number with digits u_{n-1}..u_0. 2518 1.1 mrg v is an n+m digit number with digits from v_{m+n-1}..v_0. 2519 1.1 mrg We require that n > 1 and m >= 0 2520 1.1 mrg */ 2521 1.1 mrg mp_size n = MP_USED(v); 2522 1.1 mrg mp_size m = MP_USED(u) - n; 2523 1.1 mrg assert(n > 1); 2524 1.1 mrg /* assert(m >= 0) follows because m is unsigned. */ 2525 1.1 mrg 2526 1.1 mrg /* D1: Normalize. 2527 1.1 mrg The normalization step provides the necessary condition for Theorem B, 2528 1.1 mrg which states that the quotient estimate for q_j, call it qhat 2529 1.1 mrg 2530 1.1 mrg qhat = u_{j+n}u_{j+n-1} / v_{n-1} 2531 1.1 mrg 2532 1.1 mrg is bounded by 2533 1.1 mrg 2534 1.1 mrg qhat - 2 <= q_j <= qhat. 2535 1.1 mrg 2536 1.1 mrg That is, qhat is always greater than the actual quotient digit q, 2537 1.1 mrg and it is never more than two larger than the actual quotient digit. 2538 1.1 mrg */ 2539 1.1 mrg int k = s_norm(u, v); 2540 1.1 mrg 2541 1.1 mrg /* Extend size of u by one if needed. 2542 1.1 mrg 2543 1.1 mrg The algorithm begins with a value of u that has one more digit of input. 2544 1.1 mrg The normalization step sets u_{m+n}..u_0 = 2^k * u_{m+n-1}..u_0. If the 2545 1.1 mrg multiplication did not increase the number of digits of u, we need to add 2546 1.1 mrg a leading zero here. 2547 1.1 mrg */ 2548 1.1 mrg if (k == 0 || MP_USED(u) != m + n + 1) { 2549 1.1 mrg if (!s_pad(u, m + n + 1)) return MP_MEMORY; 2550 1.1 mrg u->digits[m + n] = 0; 2551 1.1 mrg u->used = m + n + 1; 2552 1.1 mrg } 2553 1.1 mrg 2554 1.1 mrg /* Add a leading 0 to v. 2555 1.1 mrg 2556 1.1 mrg The multiplication in step D4 multiplies qhat * 0v_{n-1}..v_0. We need to 2557 1.1 mrg add the leading zero to v here to ensure that the multiplication will 2558 1.1 mrg produce the full n+1 digit result. 2559 1.1 mrg */ 2560 1.1 mrg if (!s_pad(v, n + 1)) return MP_MEMORY; 2561 1.1 mrg v->digits[n] = 0; 2562 1.1 mrg 2563 1.1 mrg /* Initialize temporary variables q and t. 2564 1.1 mrg q allocates space for m+1 digits to store the quotient digits 2565 1.1 mrg t allocates space for n+1 digits to hold the result of q_j*v 2566 1.1 mrg */ 2567 1.1 mrg DECLARE_TEMP(2); 2568 1.1 mrg REQUIRE(GROW(TEMP(0), m + 1)); 2569 1.1 mrg REQUIRE(GROW(TEMP(1), n + 1)); 2570 1.1 mrg 2571 1.1 mrg /* D2: Initialize j */ 2572 1.1 mrg int j = m; 2573 1.1 mrg mpz_t r; 2574 1.1 mrg r.digits = MP_DIGITS(u) + j; /* The contents of r are shared with u */ 2575 1.1 mrg r.used = n + 1; 2576 1.1 mrg r.sign = MP_ZPOS; 2577 1.1 mrg r.alloc = MP_ALLOC(u); 2578 1.1 mrg ZERO(TEMP(1)->digits, TEMP(1)->alloc); 2579 1.1 mrg 2580 1.1 mrg /* Calculate the m+1 digits of the quotient result */ 2581 1.1 mrg for (; j >= 0; j--) { 2582 1.1 mrg /* D3: Calculate q' */ 2583 1.1 mrg /* r->digits is aligned to position j of the number u */ 2584 1.1 mrg mp_word pfx, qhat; 2585 1.1 mrg pfx = r.digits[n]; 2586 1.1 mrg pfx <<= MP_DIGIT_BIT / 2; 2587 1.1 mrg pfx <<= MP_DIGIT_BIT / 2; 2588 1.1 mrg pfx |= r.digits[n - 1]; /* pfx = u_{j+n}{j+n-1} */ 2589 1.1 mrg 2590 1.1 mrg qhat = pfx / v->digits[n - 1]; 2591 1.1 mrg /* Check to see if qhat > b, and decrease qhat if so. 2592 1.1 mrg Theorem B guarantess that qhat is at most 2 larger than the 2593 1.1 mrg actual value, so it is possible that qhat is greater than 2594 1.1 mrg the maximum value that will fit in a digit */ 2595 1.1 mrg if (qhat > MP_DIGIT_MAX) qhat = MP_DIGIT_MAX; 2596 1.1 mrg 2597 1.1 mrg /* D4,D5,D6: Multiply qhat * v and test for a correct value of q 2598 1.1 mrg 2599 1.1 mrg We proceed a bit different than the way described by Knuth. This way is 2600 1.1 mrg simpler but less efficent. Instead of doing the multiply and subtract 2601 1.1 mrg then checking for underflow, we first do the multiply of qhat * v and 2602 1.1 mrg see if it is larger than the current remainder r. If it is larger, we 2603 1.1 mrg decrease qhat by one and try again. We may need to decrease qhat one 2604 1.1 mrg more time before we get a value that is smaller than r. 2605 1.1 mrg 2606 1.1 mrg This way is less efficent than Knuth because we do more multiplies, but 2607 1.1 mrg we do not need to worry about underflow this way. 2608 1.1 mrg */ 2609 1.1 mrg /* t = qhat * v */ 2610 1.1 mrg s_dbmul(MP_DIGITS(v), (mp_digit)qhat, TEMP(1)->digits, n + 1); 2611 1.1 mrg TEMP(1)->used = n + 1; 2612 1.1 mrg CLAMP(TEMP(1)); 2613 1.1 mrg 2614 1.1 mrg /* Clamp r for the comparison. Comparisons do not like leading zeros. */ 2615 1.1 mrg CLAMP(&r); 2616 1.1 mrg if (s_ucmp(TEMP(1), &r) > 0) { /* would the remainder be negative? */ 2617 1.1 mrg qhat -= 1; /* try a smaller q */ 2618 1.1 mrg s_dbmul(MP_DIGITS(v), (mp_digit)qhat, TEMP(1)->digits, n + 1); 2619 1.1 mrg TEMP(1)->used = n + 1; 2620 1.1 mrg CLAMP(TEMP(1)); 2621 1.1 mrg if (s_ucmp(TEMP(1), &r) > 0) { /* would the remainder be negative? */ 2622 1.1 mrg assert(qhat > 0); 2623 1.1 mrg qhat -= 1; /* try a smaller q */ 2624 1.1 mrg s_dbmul(MP_DIGITS(v), (mp_digit)qhat, TEMP(1)->digits, n + 1); 2625 1.1 mrg TEMP(1)->used = n + 1; 2626 1.1 mrg CLAMP(TEMP(1)); 2627 1.1 mrg } 2628 1.1 mrg assert(s_ucmp(TEMP(1), &r) <= 0 && "The mathematics failed us."); 2629 1.1 mrg } 2630 1.1 mrg /* Unclamp r. The D algorithm expects r = u_{j+n}..u_j to always be n+1 2631 1.1 mrg digits long. */ 2632 1.1 mrg r.used = n + 1; 2633 1.1 mrg 2634 1.1 mrg /* D4: Multiply and subtract 2635 1.1 mrg 2636 1.1 mrg Note: The multiply was completed above so we only need to subtract here. 2637 1.1 mrg */ 2638 1.1 mrg s_usub(r.digits, TEMP(1)->digits, r.digits, r.used, TEMP(1)->used); 2639 1.1 mrg 2640 1.1 mrg /* D5: Test remainder 2641 1.1 mrg 2642 1.1 mrg Note: Not needed because we always check that qhat is the correct value 2643 1.1 mrg before performing the subtract. Value cast to mp_digit to prevent 2644 1.1 mrg warning, qhat has been clamped to MP_DIGIT_MAX 2645 1.1 mrg */ 2646 1.1 mrg TEMP(0)->digits[j] = (mp_digit)qhat; 2647 1.1 mrg 2648 1.1 mrg /* D6: Add back 2649 1.1 mrg Note: Not needed because we always check that qhat is the correct value 2650 1.1 mrg before performing the subtract. 2651 1.1 mrg */ 2652 1.1 mrg 2653 1.1 mrg /* D7: Loop on j */ 2654 1.1 mrg r.digits--; 2655 1.1 mrg ZERO(TEMP(1)->digits, TEMP(1)->alloc); 2656 1.1 mrg } 2657 1.1 mrg 2658 1.1 mrg /* Get rid of leading zeros in q */ 2659 1.1 mrg TEMP(0)->used = m + 1; 2660 1.1 mrg CLAMP(TEMP(0)); 2661 1.1 mrg 2662 1.1 mrg /* Denormalize the remainder */ 2663 1.1 mrg CLAMP(u); /* use u here because the r.digits pointer is off-by-one */ 2664 1.1 mrg if (k != 0) s_qdiv(u, k); 2665 1.1 mrg 2666 1.1 mrg mp_int_copy(u, v); /* ok: 0 <= r < v */ 2667 1.1 mrg mp_int_copy(TEMP(0), u); /* ok: q <= u */ 2668 1.1 mrg 2669 1.1 mrg CLEANUP_TEMP(); 2670 1.1 mrg return MP_OK; 2671 1.1 mrg } 2672 1.1 mrg 2673 1.1 mrg static int s_outlen(mp_int z, mp_size r) { 2674 1.1 mrg assert(r >= MP_MIN_RADIX && r <= MP_MAX_RADIX); 2675 1.1 mrg 2676 1.1 mrg mp_result bits = mp_int_count_bits(z); 2677 1.1 mrg double raw = (double)bits * s_log2[r]; 2678 1.1 mrg 2679 1.1 mrg return (int)(raw + 0.999999); 2680 1.1 mrg } 2681 1.1 mrg 2682 1.1 mrg static mp_size s_inlen(int len, mp_size r) { 2683 1.1 mrg double raw = (double)len / s_log2[r]; 2684 1.1 mrg mp_size bits = (mp_size)(raw + 0.5); 2685 1.1 mrg 2686 1.1 mrg return (mp_size)((bits + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT) + 1; 2687 1.1 mrg } 2688 1.1 mrg 2689 1.1 mrg static int s_ch2val(char c, int r) { 2690 1.1 mrg int out; 2691 1.1 mrg 2692 1.1 mrg /* 2693 1.1 mrg * In some locales, isalpha() accepts characters outside the range A-Z, 2694 1.1 mrg * producing out<0 or out>=36. The "out >= r" check will always catch 2695 1.1 mrg * out>=36. Though nothing explicitly catches out<0, our caller reacts the 2696 1.1 mrg * same way to every negative return value. 2697 1.1 mrg */ 2698 1.1 mrg if (isdigit((unsigned char)c)) 2699 1.1 mrg out = c - '0'; 2700 1.1 mrg else if (r > 10 && isalpha((unsigned char)c)) 2701 1.1 mrg out = toupper((unsigned char)c) - 'A' + 10; 2702 1.1 mrg else 2703 1.1 mrg return -1; 2704 1.1 mrg 2705 1.1 mrg return (out >= r) ? -1 : out; 2706 1.1 mrg } 2707 1.1 mrg 2708 1.1 mrg static char s_val2ch(int v, int caps) { 2709 1.1 mrg assert(v >= 0); 2710 1.1 mrg 2711 1.1 mrg if (v < 10) { 2712 1.1 mrg return v + '0'; 2713 1.1 mrg } else { 2714 1.1 mrg char out = (v - 10) + 'a'; 2715 1.1 mrg 2716 1.1 mrg if (caps) { 2717 1.1 mrg return toupper((unsigned char)out); 2718 1.1 mrg } else { 2719 1.1 mrg return out; 2720 1.1 mrg } 2721 1.1 mrg } 2722 1.1 mrg } 2723 1.1 mrg 2724 1.1 mrg static void s_2comp(unsigned char *buf, int len) { 2725 1.1 mrg unsigned short s = 1; 2726 1.1 mrg 2727 1.1 mrg for (int i = len - 1; i >= 0; --i) { 2728 1.1 mrg unsigned char c = ~buf[i]; 2729 1.1 mrg 2730 1.1 mrg s = c + s; 2731 1.1 mrg c = s & UCHAR_MAX; 2732 1.1 mrg s >>= CHAR_BIT; 2733 1.1 mrg 2734 1.1 mrg buf[i] = c; 2735 1.1 mrg } 2736 1.1 mrg 2737 1.1 mrg /* last carry out is ignored */ 2738 1.1 mrg } 2739 1.1 mrg 2740 1.1 mrg static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad) { 2741 1.1 mrg int pos = 0, limit = *limpos; 2742 1.1 mrg mp_size uz = MP_USED(z); 2743 1.1 mrg mp_digit *dz = MP_DIGITS(z); 2744 1.1 mrg 2745 1.1 mrg while (uz > 0 && pos < limit) { 2746 1.1 mrg mp_digit d = *dz++; 2747 1.1 mrg int i; 2748 1.1 mrg 2749 1.1 mrg for (i = sizeof(mp_digit); i > 0 && pos < limit; --i) { 2750 1.1 mrg buf[pos++] = (unsigned char)d; 2751 1.1 mrg d >>= CHAR_BIT; 2752 1.1 mrg 2753 1.1 mrg /* Don't write leading zeroes */ 2754 1.1 mrg if (d == 0 && uz == 1) i = 0; /* exit loop without signaling truncation */ 2755 1.1 mrg } 2756 1.1 mrg 2757 1.1 mrg /* Detect truncation (loop exited with pos >= limit) */ 2758 1.1 mrg if (i > 0) break; 2759 1.1 mrg 2760 1.1 mrg --uz; 2761 1.1 mrg } 2762 1.1 mrg 2763 1.1 mrg if (pad != 0 && (buf[pos - 1] >> (CHAR_BIT - 1))) { 2764 1.1 mrg if (pos < limit) { 2765 1.1 mrg buf[pos++] = 0; 2766 1.1 mrg } else { 2767 1.1 mrg uz = 1; 2768 1.1 mrg } 2769 1.1 mrg } 2770 1.1 mrg 2771 1.1 mrg /* Digits are in reverse order, fix that */ 2772 1.1 mrg REV(buf, pos); 2773 1.1 mrg 2774 1.1 mrg /* Return the number of bytes actually written */ 2775 1.1 mrg *limpos = pos; 2776 1.1 mrg 2777 1.1 mrg return (uz == 0) ? MP_OK : MP_TRUNC; 2778 1.1 mrg } 2779 1.1 mrg 2780 1.1 mrg /* Here there be dragons */ 2781
Indexes created Fri May 08 00:25:09 UTC 2026