| blob | 2fcde382816502aa3c3feaeaca024db5bd915972 |
1 /*
2 * mpi.c
3 *
4 * Arbitrary precision integer arithmetic library
5 *
6 * ***** BEGIN LICENSE BLOCK *****
7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
8 *
9 * The contents of this file are subject to the Mozilla Public License Version
10 * 1.1 (the "License"); you may not use this file except in compliance with
11 * the License. You may obtain a copy of the License at
12 * http://www.mozilla.org/MPL/
13 *
14 * Software distributed under the License is distributed on an "AS IS" basis,
15 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
16 * for the specific language governing rights and limitations under the
17 * License.
18 *
19 * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
20 *
21 * The Initial Developer of the Original Code is
22 * Michael J. Fromberger.
23 * Portions created by the Initial Developer are Copyright (C) 1998
24 * the Initial Developer. All Rights Reserved.
25 *
26 * Contributor(s):
27 * Netscape Communications Corporation
28 * Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
29 *
30 * Alternatively, the contents of this file may be used under the terms of
31 * either the GNU General Public License Version 2 or later (the "GPL"), or
32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
33 * in which case the provisions of the GPL or the LGPL are applicable instead
34 * of those above. If you wish to allow use of your version of this file only
35 * under the terms of either the GPL or the LGPL, and not to allow others to
36 * use your version of this file under the terms of the MPL, indicate your
37 * decision by deleting the provisions above and replace them with the notice
38 * and other provisions required by the GPL or the LGPL. If you do not delete
39 * the provisions above, a recipient may use your version of this file under
40 * the terms of any one of the MPL, the GPL or the LGPL.
41 *
42 * ***** END LICENSE BLOCK ***** */
43 /* $Id: mpi.c,v 1.45 2006/09/29 20:12:21 alexei.volkov.bugs%sun.com Exp $ */
46 #if defined(OSF1)
47 #include <c_asm.h>
48 #endif
50 #if MP_LOGTAB
51 /*
52 A table of the logs of 2 for various bases (the 0 and 1 entries of
53 this table are meaningless and should not be referenced).
55 This table is used to compute output lengths for the mp_toradix()
56 function. Since a number n in radix r takes up about log_r(n)
57 digits, we estimate the output size by taking the least integer
58 greater than log_r(n), where:
60 log_r(n) = log_2(n) * log_r(2)
62 This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
63 which are the output bases supported.
64 */
66 #endif
68 /* {{{ Constant strings */
70 /* Constant strings returned by mp_strerror() */
79 };
81 /* Value to digit maps for radix conversion */
83 /* s_dmap_1 - standard digits and letters */
87 /* }}} */
93 /* {{{ Default precision manipulation */
95 /* Default precision for newly created mp_int's */
99 {
105 {
108 else
113 /* }}} */
115 /*------------------------------------------------------------------------*/
116 /* {{{ mp_init(mp) */
118 /*
119 mp_init(mp)
121 Initialize a new zero-valued mp_int. Returns MP_OKAY if successful,
122 MP_MEM if memory could not be allocated for the structure.
123 */
126 {
131 /* }}} */
133 /* {{{ mp_init_size(mp, prec) */
135 /*
136 mp_init_size(mp, prec)
138 Initialize a new zero-valued mp_int with at least the given
139 precision; returns MP_OKAY if successful, or MP_MEM if memory could
140 not be allocated for the structure.
141 */
144 {
159 /* }}} */
161 /* {{{ mp_init_copy(mp, from) */
163 /*
164 mp_init_copy(mp, from)
166 Initialize mp as an exact copy of from. Returns MP_OKAY if
167 successful, MP_MEM if memory could not be allocated for the new
168 structure.
169 */
172 {
190 /* }}} */
192 /* {{{ mp_copy(from, to) */
194 /*
195 mp_copy(from, to)
197 Copies the mp_int 'from' to the mp_int 'to'. It is presumed that
198 'to' has already been initialized (if not, use mp_init_copy()
199 instead). If 'from' and 'to' are identical, nothing happens.
200 */
203 {
213 /*
214 If the allocated buffer in 'to' already has enough space to hold
215 all the used digits of 'from', we'll re-use it to avoid hitting
216 the memory allocater more than necessary; otherwise, we'd have
217 to grow anyway, so we just allocate a hunk and make the copy as
218 usual
219 */
231 #if MP_CRYPTO
233 #endif
235 }
239 }
241 /* Copy the precision and sign from the original */
250 /* }}} */
252 /* {{{ mp_exch(mp1, mp2) */
254 /*
255 mp_exch(mp1, mp2)
257 Exchange mp1 and mp2 without allocating any intermediate memory
258 (well, unless you count the stack space needed for this call and the
259 locals it creates...). This cannot fail.
260 */
263 {
264 #if MP_ARGCHK == 2
266 #else
269 #endif
275 /* }}} */
277 /* {{{ mp_clear(mp) */
279 /*
280 mp_clear(mp)
282 Release the storage used by an mp_int, and void its fields so that
283 if someone calls mp_clear() again for the same int later, we won't
284 get tollchocked.
285 */
288 {
293 #if MP_CRYPTO
295 #endif
298 }
305 /* }}} */
307 /* {{{ mp_zero(mp) */
309 /*
310 mp_zero(mp)
312 Set mp to zero. Does not change the allocated size of the structure,
313 and therefore cannot fail (except on a bad argument, which we ignore)
314 */
316 {
326 /* }}} */
328 /* {{{ mp_set(mp, d) */
331 {
340 /* }}} */
342 /* {{{ mp_set_int(mp, z) */
345 {
348 mp_err res;
366 }
367 }
375 /* }}} */
377 /* {{{ mp_set_ulong(mp, z) */
380 {
382 mp_err res;
400 }
401 }
405 /* }}} */
407 /*------------------------------------------------------------------------*/
408 /* {{{ Digit arithmetic */
410 /* {{{ mp_add_d(a, d, b) */
412 /*
413 mp_add_d(a, d, b)
415 Compute the sum b = a + d, for a single digit d. Respects the sign of
416 its primary addend (single digits are unsigned anyway).
417 */
420 {
421 mp_int tmp;
422 mp_err res;
439 }
446 CLEANUP:
452 /* }}} */
454 /* {{{ mp_sub_d(a, d, b) */
456 /*
457 mp_sub_d(a, d, b)
459 Compute the difference b = a - d, for a single digit d. Respects the
460 sign of its subtrahend (single digits are unsigned anyway).
461 */
464 {
465 mp_int tmp;
466 mp_err res;
484 }
491 CLEANUP:
497 /* }}} */
499 /* {{{ mp_mul_d(a, d, b) */
501 /*
502 mp_mul_d(a, d, b)
504 Compute the product b = a * d, for a single digit d. Respects the sign
505 of its multiplicand (single digits are unsigned anyway)
506 */
509 {
510 mp_err res;
517 }
528 /* }}} */
530 /* {{{ mp_mul_2(a, c) */
533 {
534 mp_err res;
545 /* }}} */
547 /* {{{ mp_div_d(a, d, q, r) */
549 /*
550 mp_div_d(a, d, q, r)
552 Compute the quotient q = a / d and remainder r = a mod d, for a
553 single digit d. Respects the sign of its divisor (single digits are
554 unsigned anyway).
555 */
558 {
559 mp_err res;
560 mp_int qp;
561 mp_digit rem;
569 /* Shortcut for powers of two ... */
571 mp_digit mask;
579 }
585 }
606 /* }}} */
608 /* {{{ mp_div_2(a, c) */
610 /*
611 mp_div_2(a, c)
613 Compute c = a / 2, disregarding the remainder.
614 */
617 {
618 mp_err res;
631 /* }}} */
633 /* {{{ mp_expt_d(a, d, b) */
636 {
638 mp_err res;
653 }
659 }
663 CLEANUP:
665 X:
672 /* }}} */
674 /* }}} */
676 /*------------------------------------------------------------------------*/
677 /* {{{ Full arithmetic */
679 /* {{{ mp_abs(a, b) */
681 /*
682 mp_abs(a, b)
684 Compute b = |a|. 'a' and 'b' may be identical.
685 */
688 {
689 mp_err res;
702 /* }}} */
704 /* {{{ mp_neg(a, b) */
706 /*
707 mp_neg(a, b)
709 Compute b = -a. 'a' and 'b' may be identical.
710 */
713 {
714 mp_err res;
723 else
730 /* }}} */
732 /* {{{ mp_add(a, b, c) */
734 /*
735 mp_add(a, b, c)
737 Compute c = a + b. All parameters may be identical.
738 */
741 {
742 mp_err res;
752 }
757 CLEANUP:
762 /* }}} */
764 /* {{{ mp_sub(a, b, c) */
766 /*
767 mp_sub(a, b, c)
769 Compute c = a - b. All parameters may be identical.
770 */
773 {
774 mp_err res;
782 }
794 }
799 CLEANUP:
804 /* }}} */
806 /* {{{ mp_mul(a, b, c) */
808 /*
809 mp_mul(a, b, c)
811 Compute c = a * b. All parameters may be identical.
812 */
814 {
816 mp_int tmp;
817 mp_err res;
818 mp_size ib;
835 }
841 }
847 #ifdef NSS_USE_COMBA
852 }
856 }
860 }
864 }
865 }
866 #endif
871 /* Outer loop: Digits of b */
877 /* Inner product: Digits of a */
880 else
882 }
888 else
891 CLEANUP:
896 /* }}} */
898 /* {{{ mp_sqr(a, sqr) */
900 #if MP_SQUARE
901 /*
902 Computes the square of a. This can be done more
903 efficiently than a general multiplication, because many of the
904 computation steps are redundant when squaring. The inner product
905 step is a bit more complicated, but we save a fair number of
906 iterations of the multiplication loop.
907 */
909 /* sqr = a^2; Caller provides both a and tmp; */
911 {
913 mp_digit d;
914 mp_err res;
915 mp_size ix;
916 mp_int tmp;
928 }
934 }
938 #ifdef NSS_USE_COMBA
943 }
947 }
951 }
955 }
956 }
957 #endif
970 /* now sqr *= 2 */
974 }
976 /* now add the squares of the digits of a to sqr. */
982 CLEANUP:
987 #endif
989 /* }}} */
991 /* {{{ mp_div(a, b, q, r) */
993 /*
994 mp_div(a, b, q, r)
996 Compute q = a / b and r = a mod b. Input parameters may be re-used
997 as output parameters. If q or r is NULL, that portion of the
998 computation will be discarded (although it will still be computed)
999 */
1001 {
1002 mp_err res;
1006 mp_sign signA;
1007 mp_sign signB;
1021 /* Set up some temporaries... */
1028 }
1037 }
1039 /*
1040 If |a| <= |b|, we can compute the solution without division;
1041 otherwise, we actually do the work required.
1042 */
1045 /* r was set to a above. */
1050 }
1054 }
1056 /* Compute the signs for the output */
1066 /* Copy output, if it is needed */
1073 CLEANUP:
1082 /* }}} */
1084 /* {{{ mp_div_2d(a, d, q, r) */
1087 {
1088 mp_err res;
1095 }
1099 }
1102 }
1105 }
1111 /* }}} */
1113 /* {{{ mp_expt(a, b, c) */
1115 /*
1116 mp_expt(a, b, c)
1118 Compute c = a ** b, that is, raise a to the b power. Uses a
1119 standard iterative square-and-multiply technique.
1120 */
1123 {
1125 mp_err res;
1126 mp_digit d;
1142 /* Loop over low-order digits in ascending order */
1146 /* Loop over bits of each non-maximal digit */
1151 }
1157 }
1158 }
1160 /* Consider now the last digit... */
1167 }
1173 }
1180 CLEANUP:
1182 X:
1189 /* }}} */
1191 /* {{{ mp_2expt(a, k) */
1193 /* Compute a = 2^k */
1196 {
1203 /* }}} */
1205 /* {{{ mp_mod(a, m, c) */
1207 /*
1208 mp_mod(a, m, c)
1210 Compute c = a (mod m). Result will always be 0 <= c < m.
1211 */
1214 {
1215 mp_err res;
1223 /*
1224 If |a| > m, we need to divide to get the remainder and take the
1225 absolute value.
1227 If |a| < m, we don't need to do any division, just copy and adjust
1228 the sign (if a is negative).
1230 If |a| == m, we can simply set the result to zero.
1232 This order is intended to minimize the average path length of the
1233 comparison chain on common workloads -- the most frequent cases are
1234 that |a| != m, so we do those first.
1235 */
1243 }
1253 }
1258 }
1264 /* }}} */
1266 /* {{{ mp_mod_d(a, d, c) */
1268 /*
1269 mp_mod_d(a, d, c)
1271 Compute c = a (mod d). Result will always be 0 <= c < d
1272 */
1274 {
1275 mp_err res;
1276 mp_digit rem;
1287 else
1289 }
1298 /* }}} */
1300 /* {{{ mp_sqrt(a, b) */
1302 /*
1303 mp_sqrt(a, b)
1305 Compute the integer square root of a, and store the result in b.
1306 Uses an integer-arithmetic version of Newton's iterative linear
1307 approximation technique to determine this value; the result has the
1308 following two properties:
1310 b^2 <= a
1311 (b+1)^2 >= a
1313 It is a range error to pass a negative value.
1314 */
1316 {
1318 mp_err res;
1319 mp_size used;
1323 /* Cannot take square root of a negative value */
1327 /* Special cases for zero and one, trivial */
1331 /* Initialize the temporaries we'll use below */
1335 /* Compute an initial guess for the iteration as a itself */
1342 }
1345 /* t = (x * x) - a */
1351 /* t = t / 2x */
1357 /* Terminate the loop, if the quotient is zero */
1361 /* x = x - t */
1365 }
1367 /* Copy result to output parameter */
1371 CLEANUP:
1373 X:
1380 /* }}} */
1382 /* }}} */
1384 /*------------------------------------------------------------------------*/
1385 /* {{{ Modular arithmetic */
1387 #if MP_MODARITH
1388 /* {{{ mp_addmod(a, b, m, c) */
1390 /*
1391 mp_addmod(a, b, m, c)
1393 Compute c = (a + b) mod m
1394 */
1397 {
1398 mp_err res;
1409 }
1411 /* }}} */
1413 /* {{{ mp_submod(a, b, m, c) */
1415 /*
1416 mp_submod(a, b, m, c)
1418 Compute c = (a - b) mod m
1419 */
1422 {
1423 mp_err res;
1434 }
1436 /* }}} */
1438 /* {{{ mp_mulmod(a, b, m, c) */
1440 /*
1441 mp_mulmod(a, b, m, c)
1443 Compute c = (a * b) mod m
1444 */
1447 {
1448 mp_err res;
1459 }
1461 /* }}} */
1463 /* {{{ mp_sqrmod(a, m, c) */
1465 #if MP_SQUARE
1467 {
1468 mp_err res;
1480 #endif
1482 /* }}} */
1484 /* {{{ s_mp_exptmod(a, b, m, c) */
1486 /*
1487 s_mp_exptmod(a, b, m, c)
1489 Compute c = (a ** b) mod m. Uses a standard square-and-multiply
1490 method with modular reductions at each step. (This is basically the
1491 same code as mp_expt(), except for the addition of the reductions)
1493 The modular reductions are done using Barrett's algorithm (see
1494 s_mp_reduce() below for details)
1495 */
1498 {
1500 mp_err res;
1501 mp_digit d;
1519 /* mu = b^2k / m */
1525 /* Loop over digits of b in ascending order, except highest order */
1529 /* Loop over the bits of the lower-order digits */
1536 }
1544 }
1545 }
1547 /* Now do the last digit... */
1556 }
1564 }
1568 CLEANUP:
1570 MU:
1572 X:
1579 /* }}} */
1581 /* {{{ mp_exptmod_d(a, d, m, c) */
1584 {
1586 mp_err res;
1602 }
1609 }
1613 CLEANUP:
1615 X:
1622 /* }}} */
1625 /* }}} */
1627 /*------------------------------------------------------------------------*/
1628 /* {{{ Comparison functions */
1630 /* {{{ mp_cmp_z(a) */
1632 /*
1633 mp_cmp_z(a)
1635 Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0.
1636 */
1639 {
1644 else
1649 /* }}} */
1651 /* {{{ mp_cmp_d(a, d) */
1653 /*
1654 mp_cmp_d(a, d)
1656 Compare a <=> d. Returns <0 if a<d, 0 if a=d, >0 if a>d
1657 */
1660 {
1670 /* }}} */
1672 /* {{{ mp_cmp(a, b) */
1675 {
1686 else
1693 }
1697 /* }}} */
1699 /* {{{ mp_cmp_mag(a, b) */
1701 /*
1702 mp_cmp_mag(a, b)
1704 Compares |a| <=> |b|, and returns an appropriate comparison result
1705 */
1708 {
1715 /* }}} */
1717 /* {{{ mp_cmp_int(a, z) */
1719 /*
1720 This just converts z to an mp_int, and uses the existing comparison
1721 routines. This is sort of inefficient, but it's not clear to me how
1722 frequently this wil get used anyway. For small positive constants,
1723 you can always use mp_cmp_d(), and for zero, there is mp_cmp_z().
1724 */
1726 {
1727 mp_int tmp;
1740 /* }}} */
1742 /* {{{ mp_isodd(a) */
1744 /*
1745 mp_isodd(a)
1747 Returns a true (non-zero) value if a is odd, false (zero) otherwise.
1748 */
1750 {
1757 /* }}} */
1759 /* {{{ mp_iseven(a) */
1762 {
1767 /* }}} */
1769 /* }}} */
1771 /*------------------------------------------------------------------------*/
1772 /* {{{ Number theoretic functions */
1774 #if MP_NUMTH
1775 /* {{{ mp_gcd(a, b, c) */
1777 /*
1778 Like the old mp_gcd() function, except computes the GCD using the
1779 binary algorithm due to Josef Stein in 1961 (via Knuth).
1780 */
1782 {
1783 mp_err res;
1795 }
1807 /* Divide out common factors of 2 until at least 1 of a, b is even */
1812 }
1814 /* Initialize t */
1819 /* t = -v */
1822 else
1829 }
1834 }
1844 /* v = -t */
1847 else
1849 }
1856 }
1861 CLEANUP:
1863 V:
1865 U:
1872 /* }}} */
1874 /* {{{ mp_lcm(a, b, c) */
1876 /* We compute the least common multiple using the rule:
1878 ab = [a, b](a, b)
1880 ... by computing the product, and dividing out the gcd.
1881 */
1884 {
1886 mp_err res;
1890 /* Set up temporaries */
1903 CLEANUP:
1905 GCD:
1912 /* }}} */
1914 /* {{{ mp_xgcd(a, b, g, x, y) */
1916 /*
1917 mp_xgcd(a, b, g, x, y)
1919 Compute g = (a, b) and values x and y satisfying Bezout's identity
1920 (that is, ax + by = g). This uses the binary extended GCD algorithm
1921 based on the Stein algorithm used for mp_gcd()
1922 See algorithm 14.61 in Handbook of Applied Cryptogrpahy.
1923 */
1926 {
1929 mp_err res;
1935 /* Initialize all these variables we need */
1959 /* Divide by two until at least one of them is odd */
1967 }
1973 /* Loop through binary GCD algorithm */
1985 }
1986 }
1998 }
1999 }
2009 }
2012 /* copy results to output */
2022 CLEANUP:
2030 /* }}} */
2033 {
2034 mp_digit d;
2045 #if !defined(MP_USE_UINT_DIGIT)
2049 }
2050 #endif
2054 }
2058 }
2062 }
2066 }
2070 }
2071 #if MP_ARGCHK == 2
2073 #endif
2075 }
2077 /* Given a and prime p, computes c and k such that a*c == 2**k (mod p).
2078 ** Returns k (positive) or error (negative).
2079 ** This technique from the paper "Fast Modular Reciprocals" (unpublished)
2080 ** by Richard Schroeppel (a.k.a. Captain Nemo).
2081 */
2083 {
2084 mp_err res;
2110 }
2114 }
2118 }
2126 }
2133 }
2134 }
2138 }
2140 }
2142 CLEANUP:
2147 }
2149 /* Compute T = (P ** -1) mod MP_RADIX. Also works for 16-bit mp_digits.
2150 ** This technique from the paper "Fast Modular Reciprocals" (unpublished)
2151 ** by Richard Schroeppel (a.k.a. Captain Nemo).
2152 */
2154 {
2160 #if !defined(MP_USE_UINT_DIGIT)
2163 #endif
2165 }
2167 /* Given c, k, and prime p, where a*c == 2**k (mod p),
2168 ** Compute x = (a ** -1) mod p. This is similar to Montgomery reduction.
2169 ** This technique from the paper "Fast Modular Reciprocals" (unpublished)
2170 ** by Richard Schroeppel (a.k.a. Captain Nemo).
2171 */
2173 {
2175 mp_digit r;
2176 mp_size ix;
2177 mp_err res;
2183 }
2185 /* make sure x is large enough */
2197 }
2200 }
2205 CLEANUP:
2207 }
2209 /* compute mod inverse using Schroeppel's method, only if m is odd */
2211 {
2213 mp_err res;
2214 mp_int x;
2237 }
2242 CLEANUP:
2245 }
2247 /* Known good algorithm for computing modular inverse. But slow. */
2249 {
2251 mp_err res;
2268 }
2273 CLEANUP:
2278 }
2280 /* modular inverse where modulus is 2**k. */
2281 /* c = a**-1 mod 2**k */
2283 {
2284 mp_err res;
2299 }
2319 }
2328 }
2330 CLEANUP:
2337 }
2340 {
2341 mp_err res;
2342 mp_size k;
2347 /*static const mp_digit d1 = 1; */
2348 /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */
2353 }
2374 /* compute a**-1 mod oddFactor. */
2376 /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */
2379 /* Use Chinese Remainer theorem to compute a**-1 mod m. */
2380 /* let m1 = oddFactor, v1 = oddPart,
2381 * let m2 = evenFactor, v2 = evenPart.
2382 */
2384 /* Compute C2 = m1**-1 mod m2. */
2387 /* compute u = (v2 - v1)*C2 mod m2 */
2393 }
2395 /* compute answer = v1 + u*m1 */
2398 /* not sure this is necessary, but it's low cost if not. */
2401 CLEANUP:
2410 }
2413 /* {{{ mp_invmod(a, m, c) */
2415 /*
2416 mp_invmod(a, m, c)
2418 Compute c = a^-1 (mod m), if there is an inverse for a (mod m).
2419 This is equivalent to the question of whether (a, m) = 1. If not,
2420 MP_UNDEF is returned, and there is no inverse.
2421 */
2424 {
2433 }
2441 /* }}} */
2444 /* }}} */
2446 /*------------------------------------------------------------------------*/
2447 /* {{{ mp_print(mp, ofp) */
2449 #if MP_IOFUNC
2450 /*
2451 mp_print(mp, ofp)
2453 Print a textual representation of the given mp_int on the output
2454 stream 'ofp'. Output is generated using the internal radix.
2455 */
2458 {
2468 }
2474 /* }}} */
2476 /*------------------------------------------------------------------------*/
2477 /* {{{ More I/O Functions */
2479 /* {{{ mp_read_raw(mp, str, len) */
2481 /*
2482 mp_read_raw(mp, str, len)
2484 Read in a raw value (base 256) into the given mp_int
2485 */
2488 {
2490 mp_err res;
2497 /* Get sign from first byte */
2500 else
2503 /* Read the rest of the digits */
2509 }
2515 /* }}} */
2517 /* {{{ mp_raw_size(mp) */
2520 {
2527 /* }}} */
2529 /* {{{ mp_toraw(mp, str) */
2532 {
2539 /* Iterate over each digit... */
2543 /* Unpack digit bytes, high order first */
2546 }
2547 }
2553 /* }}} */
2555 /* {{{ mp_read_radix(mp, str, radix) */
2557 /*
2558 mp_read_radix(mp, str, radix)
2560 Read an integer from the given string, and set mp to the resulting
2561 value. The input is presumed to be in base 10. Leading non-digit
2562 characters are ignored, and the function reads until a non-digit
2563 character or the end of the string.
2564 */
2567 {
2569 mp_err res;
2573 MP_BADARG);
2577 /* Skip leading non-digit characters until a digit or '-' or '+' */
2583 }
2591 }
2599 }
2603 else
2611 {
2615 mp_err res;
2617 /* Skip leading non-digit characters until a digit or '-' or '+' */
2623 }
2631 }
2639 str++;
2640 }
2641 }
2645 }
2647 }
2649 /* }}} */
2651 /* {{{ mp_radix_size(mp, radix) */
2654 {
2666 /* }}} */
2668 /* {{{ mp_toradix(mp, str, radix) */
2671 {
2681 mp_err res;
2682 mp_int tmp;
2683 mp_sign sgn;
2690 /* Save sign for later, and take absolute value */
2693 /* Generate output digits in reverse order */
2698 }
2700 /* Generate digits, use capital letters */
2704 }
2706 /* Add - sign if original value was negative */
2710 /* Add trailing NUL to end the string */
2713 /* Reverse the digits and sign indicator */
2722 }
2725 }
2731 /* }}} */
2733 /* {{{ mp_tovalue(ch, r) */
2736 {
2741 /* }}} */
2743 /* }}} */
2745 /* {{{ mp_strerror(ec) */
2747 /*
2748 mp_strerror(ec)
2750 Return a string describing the meaning of error code 'ec'. The
2751 string returned is allocated in static memory, so the caller should
2752 not attempt to modify or free the memory associated with this
2753 string.
2754 */
2756 {
2759 /* Code values are negative, so the senses of these comparisons
2760 are accurate */
2765 }
2769 /* }}} */
2771 /*========================================================================*/
2772 /*------------------------------------------------------------------------*/
2773 /* Static function definitions (internal use only) */
2775 /* {{{ Memory management */
2777 /* {{{ s_mp_grow(mp, min) */
2779 /* Make sure there are at least 'min' digits allocated to mp */
2781 {
2785 /* Set min to next nearest default precision block size */
2793 #if MP_CRYPTO
2795 #endif
2799 }
2805 /* }}} */
2807 /* {{{ s_mp_pad(mp, min) */
2809 /* Make sure the used size of mp is at least 'min', growing if needed */
2811 {
2813 mp_err res;
2815 /* Make sure there is room to increase precision */
2821 }
2823 /* Increase precision; should already be 0-filled */
2825 }
2831 /* }}} */
2833 /* {{{ s_mp_setz(dp, count) */
2835 #if MP_MACRO == 0
2836 /* Set 'count' digits pointed to by dp to be zeroes */
2838 {
2839 #if MP_MEMSET == 0
2844 #else
2846 #endif
2849 #endif
2851 /* }}} */
2853 /* {{{ s_mp_copy(sp, dp, count) */
2855 #if MP_MACRO == 0
2856 /* Copy 'count' digits from sp to dp */
2858 {
2859 #if MP_MEMCPY == 0
2864 #else
2866 #endif
2869 #endif
2871 /* }}} */
2873 /* {{{ s_mp_alloc(nb, ni) */
2875 #if MP_MACRO == 0
2876 /* Allocate ni records of nb bytes each, and return a pointer to that */
2878 {
2883 #endif
2885 /* }}} */
2887 /* {{{ s_mp_free(ptr) */
2889 #if MP_MACRO == 0
2890 /* Free the memory pointed to by ptr */
2892 {
2896 }
2898 #endif
2900 /* }}} */
2902 /* {{{ s_mp_clamp(mp) */
2904 #if MP_MACRO == 0
2905 /* Remove leading zeroes from the given value */
2907 {
2913 #endif
2915 /* }}} */
2917 /* {{{ s_mp_exch(a, b) */
2919 /* Exchange the data for a and b; (b, a) = (a, b) */
2921 {
2922 mp_int tmp;
2930 /* }}} */
2932 /* }}} */
2934 /* {{{ Arithmetic helpers */
2936 /* {{{ s_mp_lshd(mp, p) */
2938 /*
2939 Shift mp leftward by p digits, growing if needed, and zero-filling
2940 the in-shifted digits at the right end. This is a convenient
2941 alternative to multiplication by powers of the radix
2942 The value of USED(mp) must already have been set to the value for
2943 the shifted result.
2944 */
2947 {
2948 mp_err res;
2949 mp_size pos;
2963 /* Shift all the significant figures over as needed */
2967 /* Fill the bottom digits with zeroes */
2975 /* }}} */
2977 /* {{{ s_mp_mul_2d(mp, d) */
2979 /*
2980 Multiply the integer by 2^d, where d is a number of bits. This
2981 amounts to a bitwise shift of the value.
2982 */
2984 {
2985 mp_err res;
2987 mp_digit mask;
2993 /* bits to be shifted out of the top word */
3012 }
3013 }
3019 /* {{{ s_mp_rshd(mp, p) */
3021 /*
3022 Shift mp rightward by p digits. Maintains the invariant that
3023 digits above the precision are all zero. Digits shifted off the
3024 end are lost. Cannot fail.
3025 */
3028 {
3029 mp_size ix;
3035 /* Shortcut when all digits are to be shifted off */
3041 }
3043 /* Shift all the significant figures over as needed */
3050 /* Fill the top digits with zeroes */
3054 #if 0
3055 /* Strip off any leading zeroes */
3057 #endif
3061 /* }}} */
3063 /* {{{ s_mp_div_2(mp) */
3065 /* Divide by two -- take advantage of radix properties to do it fast */
3067 {
3072 /* }}} */
3074 /* {{{ s_mp_mul_2(mp) */
3077 {
3082 /* Shift digits leftward by 1 bit */
3089 }
3091 /* Deal with rollover from last digit */
3094 mp_err res;
3097 }
3101 }
3107 /* }}} */
3109 /* {{{ s_mp_mod_2d(mp, d) */
3111 /*
3112 Remainder the integer by 2^d, where d is a number of bits. This
3113 amounts to a bitwise AND of the value, and does not require the full
3114 division code
3115 */
3117 {
3119 mp_size ix;
3120 mp_digit dmask;
3125 /* Flush all the bits above 2^d in its digit */
3129 /* Flush all digits above the one with 2^d in it */
3137 /* }}} */
3139 /* {{{ s_mp_div_2d(mp, d) */
3141 /*
3142 Divide the integer by 2^d, where d is a number of bits. This
3143 amounts to a bitwise shift of the value, and does not require the
3144 full division code (used in Barrett reduction, see below)
3145 */
3147 {
3160 }
3161 }
3166 /* }}} */
3168 /* {{{ s_mp_norm(a, b, *d) */
3170 /*
3171 s_mp_norm(a, b, *d)
3173 Normalize a and b for division, where b is the divisor. In order
3174 that we might make good guesses for quotient digits, we want the
3175 leading digit of b to be at least half the radix, which we
3176 accomplish by multiplying a and b by a power of 2. The exponent
3177 (shift count) is placed in *pd, so that the remainder can be shifted
3178 back at the end of the division process.
3179 */
3182 {
3183 mp_digit d;
3184 mp_digit mask;
3185 mp_digit b_msd;
3194 }
3199 }
3202 CLEANUP:
3207 /* }}} */
3209 /* }}} */
3211 /* {{{ Primitive digit arithmetic */
3213 /* {{{ s_mp_add_d(mp, d) */
3215 /* Add d to |mp| in place */
3217 {
3218 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3231 }
3234 mp_err res;
3240 }
3243 #else
3256 }
3258 /* mp is growing */
3262 }
3263 CLEANUP:
3265 #endif
3268 /* }}} */
3270 /* {{{ s_mp_sub_d(mp, d) */
3272 /* Subtract d from |mp| in place, assumes |mp| > d */
3274 {
3275 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3279 /* Compute initial subtraction */
3284 /* Propagate borrows leftward */
3290 }
3292 /* Remove leading zeroes */
3295 /* If we have a borrow out, it's a violation of the input invariant */
3298 else
3300 #else
3312 }
3315 #endif
3318 /* }}} */
3320 /* {{{ s_mp_mul_d(a, d) */
3322 /* Compute a = a * d, single digit multiplication */
3324 {
3325 mp_err res;
3326 mp_size used;
3332 }
3337 }
3346 CLEANUP:
3351 /* }}} */
3353 /* {{{ s_mp_div_d(mp, d, r) */
3355 /*
3356 s_mp_div_d(mp, d, r)
3358 Compute the quotient mp = mp / d and remainder r = mp mod d, for a
3359 single digit d. If r is null, the remainder will be discarded.
3360 */
3363 {
3364 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
3366 #else
3368 #endif
3370 mp_err res;
3371 mp_int quot;
3372 mp_int rem;
3380 }
3381 /* could check for power of 2 here, but mp_div_d does that. */
3384 mp_digit rem;
3392 }
3396 /* Make room for the quotient */
3399 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
3408 }
3412 }
3413 #else
3414 {
3415 mp_digit p;
3416 #if !defined(MP_ASSEMBLY_DIV_2DX1D)
3417 mp_digit norm;
3418 #endif
3422 #if !defined(MP_ASSEMBLY_DIV_2DX1D)
3428 #endif
3441 }
3446 }
3447 #if !defined(MP_ASSEMBLY_DIV_2DX1D)
3450 #endif
3451 }
3452 #endif
3454 /* Deliver the remainder, if desired */
3460 CLEANUP:
3467 /* }}} */
3470 /* }}} */
3472 /* {{{ Primitive full arithmetic */
3474 /* {{{ s_mp_add(a, b) */
3476 /* Compute a = |a| + |b| */
3478 {
3479 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3481 #else
3483 #endif
3485 mp_size ix;
3486 mp_size used;
3487 mp_err res;
3489 /* Make sure a has enough precision for the output value */
3493 /*
3494 Add up all digits up to the precision of b. If b had initially
3495 the same precision as a, or greater, we took care of it by the
3496 padding step above, so there is no problem. If b had initially
3497 less precision, we'll have to make sure the carry out is duly
3498 propagated upward among the higher-order digits of the sum.
3499 */
3504 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3508 #else
3514 #endif
3515 }
3517 /* If we run out of 'b' digits before we're actually done, make
3518 sure the carries get propagated upward...
3519 */
3521 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3527 }
3528 #else
3534 }
3535 #endif
3537 /* If there's an overall carry out, increase precision and include
3538 it. We could have done this initially, but why touch the memory
3539 allocator unless we're sure we have to?
3540 */
3541 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3547 }
3548 #else
3554 }
3555 #endif
3560 /* }}} */
3564 {
3566 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3568 #else
3570 #endif
3571 mp_size ix;
3572 mp_size used;
3573 mp_err res;
3580 }
3582 /* Make sure a has enough precision for the output value */
3586 /*
3587 Add up all digits up to the precision of b. If b had initially
3588 the same precision as a, or greater, we took care of it by the
3589 exchange step above, so there is no problem. If b had initially
3590 less precision, we'll have to make sure the carry out is duly
3591 propagated upward among the higher-order digits of the sum.
3592 */
3598 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3602 #else
3608 #endif
3609 }
3611 /* If we run out of 'b' digits before we're actually done, make
3612 sure the carries get propagated upward...
3613 */
3615 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3619 #else
3622 #endif
3623 }
3625 /* If there's an overall carry out, increase precision and include
3626 it. We could have done this initially, but why touch the memory
3627 allocator unless we're sure we have to?
3628 */
3629 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3636 }
3637 #else
3644 }
3645 #endif
3648 }
3649 /* {{{ s_mp_add_offset(a, b, offset) */
3651 /* Compute a = |a| + ( |b| * (RADIX ** offset) ) */
3653 {
3654 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3656 #else
3658 #endif
3659 mp_size ib;
3660 mp_size ia;
3661 mp_size lim;
3662 mp_err res;
3664 /* Make sure a has enough precision for the output value */
3669 /*
3670 Add up all digits up to the precision of b. If b had initially
3671 the same precision as a, or greater, we took care of it by the
3672 padding step above, so there is no problem. If b had initially
3673 less precision, we'll have to make sure the carry out is duly
3674 propagated upward among the higher-order digits of the sum.
3675 */
3678 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3682 #else
3688 #endif
3689 }
3691 /* If we run out of 'b' digits before we're actually done, make
3692 sure the carries get propagated upward...
3693 */
3694 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3699 }
3700 #else
3705 }
3706 #endif
3708 /* If there's an overall carry out, increase precision and include
3709 it. We could have done this initially, but why touch the memory
3710 allocator unless we're sure we have to?
3711 */
3712 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
3718 }
3719 #else
3725 }
3726 #endif
3733 /* }}} */
3735 /* {{{ s_mp_sub(a, b) */
3737 /* Compute a = |a| - |b|, assumes |a| >= |b| */
3739 {
3741 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3743 #else
3745 #endif
3747 /*
3748 Subtract and propagate borrow. Up to the precision of b, this
3749 accounts for the digits of b; after that, we just make sure the
3750 carries get to the right place. This saves having to pad b out to
3751 the precision of a just to make the loops work right...
3752 */
3757 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3761 #else
3769 #endif
3770 }
3772 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3777 }
3778 #else
3783 }
3784 #endif
3786 /* Clobber any leading zeroes we created */
3789 /*
3790 If there was a borrow out, then |b| > |a| in violation
3791 of our input invariant. We've already done the work,
3792 but we'll at least complain about it...
3793 */
3794 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3796 #else
3798 #endif
3801 /* }}} */
3805 {
3807 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3809 #else
3811 #endif
3813 mp_err res;
3817 /* Make sure a has enough precision for the output value */
3821 /*
3822 Subtract and propagate borrow. Up to the precision of b, this
3823 accounts for the digits of b; after that, we just make sure the
3824 carries get to the right place. This saves having to pad b out to
3825 the precision of a just to make the loops work right...
3826 */
3832 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3836 #else
3844 #endif
3845 }
3847 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3851 #else
3855 #endif
3856 }
3858 /* Clobber any leading zeroes we created */
3862 /*
3863 If there was a borrow out, then |b| > |a| in violation
3864 of our input invariant. We've already done the work,
3865 but we'll at least complain about it...
3866 */
3867 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
3869 #else
3871 #endif
3872 }
3873 /* {{{ s_mp_mul(a, b) */
3875 /* Compute a = |a| * |b| */
3877 {
3881 /* }}} */
3883 #if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
3884 /* This trick works on Sparc V8 CPUs with the Workshop compilers. */
3885 #define MP_MUL_DxD(a, b, Phi, Plo) \
3886 { unsigned long long product = (unsigned long long)a * b; \
3887 Plo = (mp_digit)product; \
3888 Phi = (mp_digit)(product >> MP_DIGIT_BIT); }
3889 #elif defined(OSF1)
3890 #define MP_MUL_DxD(a, b, Phi, Plo) \
3893 #else
3894 #define MP_MUL_DxD(a, b, Phi, Plo) \
3895 { mp_digit a0b1, a1b0; \
3896 Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX); \
3897 Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \
3898 a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \
3899 a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \
3900 a1b0 += a0b1; \
3901 Phi += a1b0 >> MP_HALF_DIGIT_BIT; \
3902 if (a1b0 < a0b1) \
3903 Phi += MP_HALF_RADIX; \
3904 a1b0 <<= MP_HALF_DIGIT_BIT; \
3905 Plo += a1b0; \
3906 if (Plo < a1b0) \
3907 ++Phi; \
3908 }
3909 #endif
3911 #if !defined(MP_ASSEMBLY_MULTIPLY)
3912 /* c = a * b */
3914 {
3915 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
3918 /* Inner product: Digits of a */
3923 }
3925 #else
3938 }
3940 #endif
3941 }
3943 /* c += a * b */
3946 {
3947 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
3950 /* Inner product: Digits of a */
3955 }
3957 #else
3973 }
3975 #endif
3976 }
3978 /* Presently, this is only used by the Montgomery arithmetic code. */
3979 /* c += a * b */
3981 {
3982 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
3985 /* Inner product: Digits of a */
3990 }
3996 }
3997 #else
4015 }
4021 }
4022 #endif
4023 }
4024 #endif
4026 #if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
4027 /* This trick works on Sparc V8 CPUs with the Workshop compilers. */
4028 #define MP_SQR_D(a, Phi, Plo) \
4029 { unsigned long long square = (unsigned long long)a * a; \
4030 Plo = (mp_digit)square; \
4031 Phi = (mp_digit)(square >> MP_DIGIT_BIT); }
4032 #elif defined(OSF1)
4033 #define MP_SQR_D(a, Phi, Plo) \
4036 #else
4037 #define MP_SQR_D(a, Phi, Plo) \
4038 { mp_digit Pmid; \
4039 Plo = (a & MP_HALF_DIGIT_MAX) * (a & MP_HALF_DIGIT_MAX); \
4040 Phi = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \
4041 Pmid = (a & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \
4042 Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1); \
4043 Pmid <<= (MP_HALF_DIGIT_BIT + 1); \
4044 Plo += Pmid; \
4045 if (Plo < Pmid) \
4046 ++Phi; \
4047 }
4048 #endif
4050 #if !defined(MP_ASSEMBLY_SQUARE)
4051 /* Add the squares of the digits of a to the digits of b. */
4053 {
4054 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
4055 mp_word w;
4056 mp_digit d;
4057 mp_size ix;
4060 #define ADD_SQUARE(n) \
4061 d = pa[n]; \
4062 w += (d * (mp_word)d) + ps[2*n]; \
4063 ps[2*n] = ACCUM(w); \
4064 w = (w >> DIGIT_BIT) + ps[2*n+1]; \
4065 ps[2*n+1] = ACCUM(w); \
4066 w = (w >> DIGIT_BIT)
4075 }
4084 }
4085 }
4090 }
4091 #else
4099 /* here a1a1 and a0a0 constitute a_i ** 2 */
4104 /* now add to ps */
4112 }
4118 }
4119 #endif
4120 }
4121 #endif
4123 #if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) \
4124 && !defined(MP_ASSEMBLY_DIV_2DX1D)
4125 /*
4126 ** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
4127 ** so its high bit is 1. This code is from NSPR.
4128 */
4131 {
4145 }
4146 }
4156 }
4157 }
4163 }
4164 #endif
4166 #if MP_SQUARE
4167 /* {{{ s_mp_sqr(a) */
4170 {
4171 mp_err res;
4172 mp_int tmp;
4179 }
4182 }
4184 /* }}} */
4185 #endif
4187 /* {{{ s_mp_div(a, b) */
4189 /*
4190 s_mp_div(a, b)
4192 Compute a = a / b and b = a mod b. Assumes b > a.
4193 */
4198 {
4200 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
4201 mp_word q_msd;
4202 #else
4203 mp_digit q_msd;
4204 #endif
4205 mp_err res;
4206 mp_digit d;
4207 mp_digit div_msd;
4213 /* Shortcut if divisor is power of two */
4220 }
4226 /* A working temporary for division */
4229 /* Normalize to optimize guessing */
4234 /* Perform the division itself...woo! */
4237 /* Find a partial substring of rem which is at least div */
4238 /* If we didn't find one, we're finished dividing */
4249 #if MP_ARGCHK == 2
4251 #endif
4255 }
4257 /* Compute a guess for the next quotient digit */
4263 #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
4268 #else
4269 mp_digit r;
4272 #endif
4275 }
4276 #if MP_ARGCHK == 2
4278 #endif
4282 /* See what that multiplies out to */
4286 /*
4287 If it's too big, back it off. We should not have to do this
4288 more than once, or, in rare cases, twice. Knuth describes a
4289 method by which this could be reduced to a maximum of once, but
4290 I didn't implement that here.
4291 * When using s_mpv_div_2dx1d, we may have to do this 3 times.
4292 */
4296 }
4300 }
4302 /* At this point, q_msd should be the right next digit */
4306 /*
4307 Include the digit in the quotient. We allocated enough memory
4308 for any quotient we could ever possibly get, so we should not
4309 have to check for failures here
4310 */
4312 }
4314 /* Denormalize remainder */
4317 }
4321 CLEANUP:
4329 /* }}} */
4331 /* {{{ s_mp_2expt(a, k) */
4334 {
4335 mp_err res;
4351 /* }}} */
4353 /* {{{ s_mp_reduce(x, m, mu) */
4355 /*
4356 Compute Barrett reduction, x (mod m), given a precomputed value for
4357 mu = b^2k / m, where b = RADIX and k = #digits(m). This should be
4358 faster than straight division, when many reductions by the same
4359 value of m are required (such as in modular exponentiation). This
4360 can nearly halve the time required to do modular exponentiation,
4361 as compared to using the full integer divide to reduce.
4363 This algorithm was derived from the _Handbook of Applied
4364 Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14,
4365 pp. 603-604.
4366 */
4369 {
4370 mp_int q;
4371 mp_err res;
4380 /* x = x mod b^(k+1), quick (no division) */
4383 /* q = q * m mod b^(k+1), quick (no division) */
4387 /* x = x - q */
4391 /* If x < 0, add b^(k+1) to it */
4398 }
4400 /* Back off if it's too big */
4404 }
4406 CLEANUP:
4413 /* }}} */
4415 /* }}} */
4417 /* {{{ Primitive comparisons */
4419 /* {{{ s_mp_cmp(a, b) */
4421 /* Compare |a| <=> |b|, return 0 if equal, <0 if a<b, >0 if a>b */
4423 {
4425 {
4432 }
4433 {
4437 #define CMP_AB(n) if ((da = pa[n]) != (db = pb[n])) goto done
4449 }
4452 done:
4457 }
4459 IS_LT:
4461 IS_GT:
4465 /* }}} */
4467 /* {{{ s_mp_cmp_d(a, d) */
4469 /* Compare |a| <=> d, return 0 if equal, <0 if a<d, >0 if a>d */
4471 {
4479 else
4484 /* }}} */
4486 /* {{{ s_mp_ispow2(v) */
4488 /*
4489 Returns -1 if the value is not a power of two; otherwise, it returns
4490 k such that v = 2^k, i.e. lg(v).
4491 */
4493 {
4494 mp_digit d;
4508 }
4514 /* }}} */
4516 /* {{{ s_mp_ispow2d(d) */
4519 {
4522 #if defined (MP_USE_UINT_DIGIT)
4533 #elif defined(MP_USE_LONG_LONG_DIGIT)
4546 #elif defined(MP_USE_LONG_DIGIT)
4559 #else
4561 #endif
4563 }
4568 /* }}} */
4570 /* }}} */
4572 /* {{{ Primitive I/O helpers */
4574 /* {{{ s_mp_tovalue(ch, r) */
4576 /*
4577 Convert the given character to its digit value, in the given radix.
4578 If the given character is not understood in the given radix, -1 is
4579 returned. Otherwise the digit's numeric value is returned.
4581 The results will be odd if you use a radix < 2 or > 62, you are
4582 expected to know what you're up to.
4583 */
4585 {
4590 else
4603 else
4613 /* }}} */
4615 /* {{{ s_mp_todigit(val, r, low) */
4617 /*
4618 Convert val to a radix-r digit, if possible. If val is out of range
4619 for r, returns zero. Otherwise, returns an ASCII character denoting
4620 the value in the given radix.
4622 The results may be odd if you use a radix < 2 or > 64, you are
4623 expected to know what you're doing.
4624 */
4627 {
4642 /* }}} */
4644 /* {{{ s_mp_outlen(bits, radix) */
4646 /*
4647 Return an estimate for how long a string is needed to hold a radix
4648 r representation of a number with 'bits' significant bits, plus an
4649 extra for a zero terminator (assuming C style strings here)
4650 */
4652 {
4657 /* }}} */
4659 /* }}} */
4661 /* {{{ mp_read_unsigned_octets(mp, str, len) */
4662 /* mp_read_unsigned_octets(mp, str, len)
4663 Read in a raw value (base 256) into the given mp_int
4664 No sign bit, number is positive. Leading zeros ignored.
4665 */
4667 mp_err
4669 {
4671 mp_err res;
4672 mp_digit d;
4682 }
4684 }
4686 /* Read the rest of the digits */
4690 }
4697 }
4699 }
4702 /* }}} */
4704 /* {{{ mp_unsigned_octet_size(mp) */
4705 int
4707 {
4717 /* subtract leading zeros. */
4718 /* Iterate over each digit... */
4724 }
4728 /* Have MSD, check digit bytes, high order first */
4734 }
4737 /* }}} */
4739 /* {{{ mp_to_unsigned_octets(mp, str) */
4740 /* output a buffer of big endian octets no longer than specified. */
4741 mp_err
4743 {
4752 /* Iterate over each digit... */
4757 /* Unpack digit bytes, high order first */
4763 }
4764 }
4769 /* }}} */
4771 /* {{{ mp_to_signed_octets(mp, str) */
4772 /* output a buffer of big endian octets no longer than specified. */
4773 mp_err
4775 {
4784 /* Iterate over each digit... */
4789 /* Unpack digit bytes, high order first */
4800 }
4801 }
4803 }
4804 }
4809 /* }}} */
4811 /* {{{ mp_to_fixlen_octets(mp, str) */
4812 /* output a buffer of big endian octets exactly as long as requested. */
4813 mp_err
4815 {
4824 /* place any needed leading zeros */
4827 }
4829 /* Iterate over each digit... */
4834 /* Unpack digit bytes, high order first */
4840 }
4841 }
4846 /* }}} */
4849 /*------------------------------------------------------------------------*/
4850 /* HERE THERE BE DRAGONS */