Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / dropbear / libtommath / mtest / mpi.c
blob7c712dd62dc27566dff3ed72ce9f9d28a5448fe0
1 /*
2 mpi.c
4 by Michael J. Fromberger <sting@linguist.dartmouth.edu>
5 Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved
7 Arbitrary precision integer arithmetic library
9 $Id: mpi.c,v 1.2 2005/05/05 14:38:47 tom Exp $
12 #include "mpi.h"
13 #include <stdlib.h>
14 #include <string.h>
15 #include <ctype.h>
17 #if MP_DEBUG
18 #include <stdio.h>
20 #define DIAG(T,V) {fprintf(stderr,T);mp_print(V,stderr);fputc('\n',stderr);}
21 #else
22 #define DIAG(T,V)
23 #endif
25 /*
26 If MP_LOGTAB is not defined, use the math library to compute the
27 logarithms on the fly. Otherwise, use the static table below.
28 Pick which works best for your system.
30 #if MP_LOGTAB
32 /* {{{ s_logv_2[] - log table for 2 in various bases */
35 A table of the logs of 2 for various bases (the 0 and 1 entries of
36 this table are meaningless and should not be referenced).
38 This table is used to compute output lengths for the mp_toradix()
39 function. Since a number n in radix r takes up about log_r(n)
40 digits, we estimate the output size by taking the least integer
41 greater than log_r(n), where:
43 log_r(n) = log_2(n) * log_r(2)
45 This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
46 which are the output bases supported.
49 #include "logtab.h"
51 /* }}} */
52 #define LOG_V_2(R) s_logv_2[(R)]
54 #else
56 #include <math.h>
57 #define LOG_V_2(R) (log(2.0)/log(R))
59 #endif
61 /* Default precision for newly created mp_int's */
62 static unsigned int s_mp_defprec = MP_DEFPREC;
64 /* {{{ Digit arithmetic macros */
67 When adding and multiplying digits, the results can be larger than
68 can be contained in an mp_digit. Thus, an mp_word is used. These
69 macros mask off the upper and lower digits of the mp_word (the
70 mp_word may be more than 2 mp_digits wide, but we only concern
71 ourselves with the low-order 2 mp_digits)
73 If your mp_word DOES have more than 2 mp_digits, you need to
74 uncomment the first line, and comment out the second.
77 /* #define CARRYOUT(W) (((W)>>DIGIT_BIT)&MP_DIGIT_MAX) */
78 #define CARRYOUT(W) ((W)>>DIGIT_BIT)
79 #define ACCUM(W) ((W)&MP_DIGIT_MAX)
81 /* }}} */
83 /* {{{ Comparison constants */
85 #define MP_LT -1
86 #define MP_EQ 0
87 #define MP_GT 1
89 /* }}} */
91 /* {{{ Constant strings */
93 /* Constant strings returned by mp_strerror() */
94 static const char *mp_err_string[] = {
95 "unknown result code", /* say what? */
96 "boolean true", /* MP_OKAY, MP_YES */
97 "boolean false", /* MP_NO */
98 "out of memory", /* MP_MEM */
99 "argument out of range", /* MP_RANGE */
100 "invalid input parameter", /* MP_BADARG */
101 "result is undefined" /* MP_UNDEF */
104 /* Value to digit maps for radix conversion */
106 /* s_dmap_1 - standard digits and letters */
107 static const char *s_dmap_1 =
108 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
110 #if 0
111 /* s_dmap_2 - base64 ordering for digits */
112 static const char *s_dmap_2 =
113 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
114 #endif
116 /* }}} */
118 /* {{{ Static function declarations */
121 If MP_MACRO is false, these will be defined as actual functions;
122 otherwise, suitable macro definitions will be used. This works
123 around the fact that ANSI C89 doesn't support an 'inline' keyword
124 (although I hear C9x will ... about bloody time). At present, the
125 macro definitions are identical to the function bodies, but they'll
126 expand in place, instead of generating a function call.
128 I chose these particular functions to be made into macros because
129 some profiling showed they are called a lot on a typical workload,
130 and yet they are primarily housekeeping.
132 #if MP_MACRO == 0
133 void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */
134 void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count); /* copy */
135 void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */
136 void s_mp_free(void *ptr); /* general free function */
137 #else
139 /* Even if these are defined as macros, we need to respect the settings
140 of the MP_MEMSET and MP_MEMCPY configuration options...
142 #if MP_MEMSET == 0
143 #define s_mp_setz(dp, count) \
144 {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=0;}
145 #else
146 #define s_mp_setz(dp, count) memset(dp, 0, (count) * sizeof(mp_digit))
147 #endif /* MP_MEMSET */
149 #if MP_MEMCPY == 0
150 #define s_mp_copy(sp, dp, count) \
151 {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=(sp)[ix];}
152 #else
153 #define s_mp_copy(sp, dp, count) memcpy(dp, sp, (count) * sizeof(mp_digit))
154 #endif /* MP_MEMCPY */
156 #define s_mp_alloc(nb, ni) calloc(nb, ni)
157 #define s_mp_free(ptr) {if(ptr) free(ptr);}
158 #endif /* MP_MACRO */
160 mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */
161 mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */
163 void s_mp_clamp(mp_int *mp); /* clip leading zeroes */
165 void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */
167 mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */
168 void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */
169 void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */
170 void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */
171 mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place*/
172 void s_mp_div_2(mp_int *mp); /* divide by 2 in place */
173 mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */
174 mp_digit s_mp_norm(mp_int *a, mp_int *b); /* normalize for division */
175 mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */
176 mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */
177 mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */
178 mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r);
179 /* unsigned digit divide */
180 mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu);
181 /* Barrett reduction */
182 mp_err s_mp_add(mp_int *a, mp_int *b); /* magnitude addition */
183 mp_err s_mp_sub(mp_int *a, mp_int *b); /* magnitude subtract */
184 mp_err s_mp_mul(mp_int *a, mp_int *b); /* magnitude multiply */
185 #if 0
186 void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len);
187 /* multiply buffers in place */
188 #endif
189 #if MP_SQUARE
190 mp_err s_mp_sqr(mp_int *a); /* magnitude square */
191 #else
192 #define s_mp_sqr(a) s_mp_mul(a, a)
193 #endif
194 mp_err s_mp_div(mp_int *a, mp_int *b); /* magnitude divide */
195 mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */
196 int s_mp_cmp(mp_int *a, mp_int *b); /* magnitude comparison */
197 int s_mp_cmp_d(mp_int *a, mp_digit d); /* magnitude digit compare */
198 int s_mp_ispow2(mp_int *v); /* is v a power of 2? */
199 int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */
201 int s_mp_tovalue(char ch, int r); /* convert ch to value */
202 char s_mp_todigit(int val, int r, int low); /* convert val to digit */
203 int s_mp_outlen(int bits, int r); /* output length in bytes */
205 /* }}} */
207 /* {{{ Default precision manipulation */
209 unsigned int mp_get_prec(void)
211 return s_mp_defprec;
213 } /* end mp_get_prec() */
215 void mp_set_prec(unsigned int prec)
217 if(prec == 0)
218 s_mp_defprec = MP_DEFPREC;
219 else
220 s_mp_defprec = prec;
222 } /* end mp_set_prec() */
224 /* }}} */
226 /*------------------------------------------------------------------------*/
227 /* {{{ mp_init(mp) */
230 mp_init(mp)
232 Initialize a new zero-valued mp_int. Returns MP_OKAY if successful,
233 MP_MEM if memory could not be allocated for the structure.
236 mp_err mp_init(mp_int *mp)
238 return mp_init_size(mp, s_mp_defprec);
240 } /* end mp_init() */
242 /* }}} */
244 /* {{{ mp_init_array(mp[], count) */
246 mp_err mp_init_array(mp_int mp[], int count)
248 mp_err res;
249 int pos;
251 ARGCHK(mp !=NULL && count > 0, MP_BADARG);
253 for(pos = 0; pos < count; ++pos) {
254 if((res = mp_init(&mp[pos])) != MP_OKAY)
255 goto CLEANUP;
258 return MP_OKAY;
260 CLEANUP:
261 while(--pos >= 0)
262 mp_clear(&mp[pos]);
264 return res;
266 } /* end mp_init_array() */
268 /* }}} */
270 /* {{{ mp_init_size(mp, prec) */
273 mp_init_size(mp, prec)
275 Initialize a new zero-valued mp_int with at least the given
276 precision; returns MP_OKAY if successful, or MP_MEM if memory could
277 not be allocated for the structure.
280 mp_err mp_init_size(mp_int *mp, mp_size prec)
282 ARGCHK(mp != NULL && prec > 0, MP_BADARG);
284 if((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL)
285 return MP_MEM;
287 SIGN(mp) = MP_ZPOS;
288 USED(mp) = 1;
289 ALLOC(mp) = prec;
291 return MP_OKAY;
293 } /* end mp_init_size() */
295 /* }}} */
297 /* {{{ mp_init_copy(mp, from) */
300 mp_init_copy(mp, from)
302 Initialize mp as an exact copy of from. Returns MP_OKAY if
303 successful, MP_MEM if memory could not be allocated for the new
304 structure.
307 mp_err mp_init_copy(mp_int *mp, mp_int *from)
309 ARGCHK(mp != NULL && from != NULL, MP_BADARG);
311 if(mp == from)
312 return MP_OKAY;
314 if((DIGITS(mp) = s_mp_alloc(USED(from), sizeof(mp_digit))) == NULL)
315 return MP_MEM;
317 s_mp_copy(DIGITS(from), DIGITS(mp), USED(from));
318 USED(mp) = USED(from);
319 ALLOC(mp) = USED(from);
320 SIGN(mp) = SIGN(from);
322 return MP_OKAY;
324 } /* end mp_init_copy() */
326 /* }}} */
328 /* {{{ mp_copy(from, to) */
331 mp_copy(from, to)
333 Copies the mp_int 'from' to the mp_int 'to'. It is presumed that
334 'to' has already been initialized (if not, use mp_init_copy()
335 instead). If 'from' and 'to' are identical, nothing happens.
338 mp_err mp_copy(mp_int *from, mp_int *to)
340 ARGCHK(from != NULL && to != NULL, MP_BADARG);
342 if(from == to)
343 return MP_OKAY;
345 { /* copy */
346 mp_digit *tmp;
349 If the allocated buffer in 'to' already has enough space to hold
350 all the used digits of 'from', we'll re-use it to avoid hitting
351 the memory allocater more than necessary; otherwise, we'd have
352 to grow anyway, so we just allocate a hunk and make the copy as
353 usual
355 if(ALLOC(to) >= USED(from)) {
356 s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
357 s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
359 } else {
360 if((tmp = s_mp_alloc(USED(from), sizeof(mp_digit))) == NULL)
361 return MP_MEM;
363 s_mp_copy(DIGITS(from), tmp, USED(from));
365 if(DIGITS(to) != NULL) {
366 #if MP_CRYPTO
367 s_mp_setz(DIGITS(to), ALLOC(to));
368 #endif
369 s_mp_free(DIGITS(to));
372 DIGITS(to) = tmp;
373 ALLOC(to) = USED(from);
376 /* Copy the precision and sign from the original */
377 USED(to) = USED(from);
378 SIGN(to) = SIGN(from);
379 } /* end copy */
381 return MP_OKAY;
383 } /* end mp_copy() */
385 /* }}} */
387 /* {{{ mp_exch(mp1, mp2) */
390 mp_exch(mp1, mp2)
392 Exchange mp1 and mp2 without allocating any intermediate memory
393 (well, unless you count the stack space needed for this call and the
394 locals it creates...). This cannot fail.
397 void mp_exch(mp_int *mp1, mp_int *mp2)
399 #if MP_ARGCHK == 2
400 assert(mp1 != NULL && mp2 != NULL);
401 #else
402 if(mp1 == NULL || mp2 == NULL)
403 return;
404 #endif
406 s_mp_exch(mp1, mp2);
408 } /* end mp_exch() */
410 /* }}} */
412 /* {{{ mp_clear(mp) */
415 mp_clear(mp)
417 Release the storage used by an mp_int, and void its fields so that
418 if someone calls mp_clear() again for the same int later, we won't
419 get tollchocked.
422 void mp_clear(mp_int *mp)
424 if(mp == NULL)
425 return;
427 if(DIGITS(mp) != NULL) {
428 #if MP_CRYPTO
429 s_mp_setz(DIGITS(mp), ALLOC(mp));
430 #endif
431 s_mp_free(DIGITS(mp));
432 DIGITS(mp) = NULL;
435 USED(mp) = 0;
436 ALLOC(mp) = 0;
438 } /* end mp_clear() */
440 /* }}} */
442 /* {{{ mp_clear_array(mp[], count) */
444 void mp_clear_array(mp_int mp[], int count)
446 ARGCHK(mp != NULL && count > 0, MP_BADARG);
448 while(--count >= 0)
449 mp_clear(&mp[count]);
451 } /* end mp_clear_array() */
453 /* }}} */
455 /* {{{ mp_zero(mp) */
458 mp_zero(mp)
460 Set mp to zero. Does not change the allocated size of the structure,
461 and therefore cannot fail (except on a bad argument, which we ignore)
463 void mp_zero(mp_int *mp)
465 if(mp == NULL)
466 return;
468 s_mp_setz(DIGITS(mp), ALLOC(mp));
469 USED(mp) = 1;
470 SIGN(mp) = MP_ZPOS;
472 } /* end mp_zero() */
474 /* }}} */
476 /* {{{ mp_set(mp, d) */
478 void mp_set(mp_int *mp, mp_digit d)
480 if(mp == NULL)
481 return;
483 mp_zero(mp);
484 DIGIT(mp, 0) = d;
486 } /* end mp_set() */
488 /* }}} */
490 /* {{{ mp_set_int(mp, z) */
492 mp_err mp_set_int(mp_int *mp, long z)
494 int ix;
495 unsigned long v = abs(z);
496 mp_err res;
498 ARGCHK(mp != NULL, MP_BADARG);
500 mp_zero(mp);
501 if(z == 0)
502 return MP_OKAY; /* shortcut for zero */
504 for(ix = sizeof(long) - 1; ix >= 0; ix--) {
506 if((res = s_mp_mul_2d(mp, CHAR_BIT)) != MP_OKAY)
507 return res;
509 res = s_mp_add_d(mp,
510 (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
511 if(res != MP_OKAY)
512 return res;
516 if(z < 0)
517 SIGN(mp) = MP_NEG;
519 return MP_OKAY;
521 } /* end mp_set_int() */
523 /* }}} */
525 /*------------------------------------------------------------------------*/
526 /* {{{ Digit arithmetic */
528 /* {{{ mp_add_d(a, d, b) */
531 mp_add_d(a, d, b)
533 Compute the sum b = a + d, for a single digit d. Respects the sign of
534 its primary addend (single digits are unsigned anyway).
537 mp_err mp_add_d(mp_int *a, mp_digit d, mp_int *b)
539 mp_err res = MP_OKAY;
541 ARGCHK(a != NULL && b != NULL, MP_BADARG);
543 if((res = mp_copy(a, b)) != MP_OKAY)
544 return res;
546 if(SIGN(b) == MP_ZPOS) {
547 res = s_mp_add_d(b, d);
548 } else if(s_mp_cmp_d(b, d) >= 0) {
549 res = s_mp_sub_d(b, d);
550 } else {
551 SIGN(b) = MP_ZPOS;
553 DIGIT(b, 0) = d - DIGIT(b, 0);
556 return res;
558 } /* end mp_add_d() */
560 /* }}} */
562 /* {{{ mp_sub_d(a, d, b) */
565 mp_sub_d(a, d, b)
567 Compute the difference b = a - d, for a single digit d. Respects the
568 sign of its subtrahend (single digits are unsigned anyway).
571 mp_err mp_sub_d(mp_int *a, mp_digit d, mp_int *b)
573 mp_err res;
575 ARGCHK(a != NULL && b != NULL, MP_BADARG);
577 if((res = mp_copy(a, b)) != MP_OKAY)
578 return res;
580 if(SIGN(b) == MP_NEG) {
581 if((res = s_mp_add_d(b, d)) != MP_OKAY)
582 return res;
584 } else if(s_mp_cmp_d(b, d) >= 0) {
585 if((res = s_mp_sub_d(b, d)) != MP_OKAY)
586 return res;
588 } else {
589 mp_neg(b, b);
591 DIGIT(b, 0) = d - DIGIT(b, 0);
592 SIGN(b) = MP_NEG;
595 if(s_mp_cmp_d(b, 0) == 0)
596 SIGN(b) = MP_ZPOS;
598 return MP_OKAY;
600 } /* end mp_sub_d() */
602 /* }}} */
604 /* {{{ mp_mul_d(a, d, b) */
607 mp_mul_d(a, d, b)
609 Compute the product b = a * d, for a single digit d. Respects the sign
610 of its multiplicand (single digits are unsigned anyway)
613 mp_err mp_mul_d(mp_int *a, mp_digit d, mp_int *b)
615 mp_err res;
617 ARGCHK(a != NULL && b != NULL, MP_BADARG);
619 if(d == 0) {
620 mp_zero(b);
621 return MP_OKAY;
624 if((res = mp_copy(a, b)) != MP_OKAY)
625 return res;
627 res = s_mp_mul_d(b, d);
629 return res;
631 } /* end mp_mul_d() */
633 /* }}} */
635 /* {{{ mp_mul_2(a, c) */
637 mp_err mp_mul_2(mp_int *a, mp_int *c)
639 mp_err res;
641 ARGCHK(a != NULL && c != NULL, MP_BADARG);
643 if((res = mp_copy(a, c)) != MP_OKAY)
644 return res;
646 return s_mp_mul_2(c);
648 } /* end mp_mul_2() */
650 /* }}} */
652 /* {{{ mp_div_d(a, d, q, r) */
655 mp_div_d(a, d, q, r)
657 Compute the quotient q = a / d and remainder r = a mod d, for a
658 single digit d. Respects the sign of its divisor (single digits are
659 unsigned anyway).
662 mp_err mp_div_d(mp_int *a, mp_digit d, mp_int *q, mp_digit *r)
664 mp_err res;
665 mp_digit rem;
666 int pow;
668 ARGCHK(a != NULL, MP_BADARG);
670 if(d == 0)
671 return MP_RANGE;
673 /* Shortcut for powers of two ... */
674 if((pow = s_mp_ispow2d(d)) >= 0) {
675 mp_digit mask;
677 mask = (1 << pow) - 1;
678 rem = DIGIT(a, 0) & mask;
680 if(q) {
681 mp_copy(a, q);
682 s_mp_div_2d(q, pow);
685 if(r)
686 *r = rem;
688 return MP_OKAY;
692 If the quotient is actually going to be returned, we'll try to
693 avoid hitting the memory allocator by copying the dividend into it
694 and doing the division there. This can't be any _worse_ than
695 always copying, and will sometimes be better (since it won't make
696 another copy)
698 If it's not going to be returned, we need to allocate a temporary
699 to hold the quotient, which will just be discarded.
701 if(q) {
702 if((res = mp_copy(a, q)) != MP_OKAY)
703 return res;
705 res = s_mp_div_d(q, d, &rem);
706 if(s_mp_cmp_d(q, 0) == MP_EQ)
707 SIGN(q) = MP_ZPOS;
709 } else {
710 mp_int qp;
712 if((res = mp_init_copy(&qp, a)) != MP_OKAY)
713 return res;
715 res = s_mp_div_d(&qp, d, &rem);
716 if(s_mp_cmp_d(&qp, 0) == 0)
717 SIGN(&qp) = MP_ZPOS;
719 mp_clear(&qp);
722 if(r)
723 *r = rem;
725 return res;
727 } /* end mp_div_d() */
729 /* }}} */
731 /* {{{ mp_div_2(a, c) */
734 mp_div_2(a, c)
736 Compute c = a / 2, disregarding the remainder.
739 mp_err mp_div_2(mp_int *a, mp_int *c)
741 mp_err res;
743 ARGCHK(a != NULL && c != NULL, MP_BADARG);
745 if((res = mp_copy(a, c)) != MP_OKAY)
746 return res;
748 s_mp_div_2(c);
750 return MP_OKAY;
752 } /* end mp_div_2() */
754 /* }}} */
756 /* {{{ mp_expt_d(a, d, b) */
758 mp_err mp_expt_d(mp_int *a, mp_digit d, mp_int *c)
760 mp_int s, x;
761 mp_err res;
763 ARGCHK(a != NULL && c != NULL, MP_BADARG);
765 if((res = mp_init(&s)) != MP_OKAY)
766 return res;
767 if((res = mp_init_copy(&x, a)) != MP_OKAY)
768 goto X;
770 DIGIT(&s, 0) = 1;
772 while(d != 0) {
773 if(d & 1) {
774 if((res = s_mp_mul(&s, &x)) != MP_OKAY)
775 goto CLEANUP;
778 d >>= 1;
780 if((res = s_mp_sqr(&x)) != MP_OKAY)
781 goto CLEANUP;
784 s_mp_exch(&s, c);
786 CLEANUP:
787 mp_clear(&x);
789 mp_clear(&s);
791 return res;
793 } /* end mp_expt_d() */
795 /* }}} */
797 /* }}} */
799 /*------------------------------------------------------------------------*/
800 /* {{{ Full arithmetic */
802 /* {{{ mp_abs(a, b) */
805 mp_abs(a, b)
807 Compute b = |a|. 'a' and 'b' may be identical.
810 mp_err mp_abs(mp_int *a, mp_int *b)
812 mp_err res;
814 ARGCHK(a != NULL && b != NULL, MP_BADARG);
816 if((res = mp_copy(a, b)) != MP_OKAY)
817 return res;
819 SIGN(b) = MP_ZPOS;
821 return MP_OKAY;
823 } /* end mp_abs() */
825 /* }}} */
827 /* {{{ mp_neg(a, b) */
830 mp_neg(a, b)
832 Compute b = -a. 'a' and 'b' may be identical.
835 mp_err mp_neg(mp_int *a, mp_int *b)
837 mp_err res;
839 ARGCHK(a != NULL && b != NULL, MP_BADARG);
841 if((res = mp_copy(a, b)) != MP_OKAY)
842 return res;
844 if(s_mp_cmp_d(b, 0) == MP_EQ)
845 SIGN(b) = MP_ZPOS;
846 else
847 SIGN(b) = (SIGN(b) == MP_NEG) ? MP_ZPOS : MP_NEG;
849 return MP_OKAY;
851 } /* end mp_neg() */
853 /* }}} */
855 /* {{{ mp_add(a, b, c) */
858 mp_add(a, b, c)
860 Compute c = a + b. All parameters may be identical.
863 mp_err mp_add(mp_int *a, mp_int *b, mp_int *c)
865 mp_err res;
866 int cmp;
868 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
870 if(SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */
872 /* Commutativity of addition lets us do this in either order,
873 so we avoid having to use a temporary even if the result
874 is supposed to replace the output
876 if(c == b) {
877 if((res = s_mp_add(c, a)) != MP_OKAY)
878 return res;
879 } else {
880 if(c != a && (res = mp_copy(a, c)) != MP_OKAY)
881 return res;
883 if((res = s_mp_add(c, b)) != MP_OKAY)
884 return res;
887 } else if((cmp = s_mp_cmp(a, b)) > 0) { /* different sign: a > b */
889 /* If the output is going to be clobbered, we will use a temporary
890 variable; otherwise, we'll do it without touching the memory
891 allocator at all, if possible
893 if(c == b) {
894 mp_int tmp;
896 if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
897 return res;
898 if((res = s_mp_sub(&tmp, b)) != MP_OKAY) {
899 mp_clear(&tmp);
900 return res;
903 s_mp_exch(&tmp, c);
904 mp_clear(&tmp);
906 } else {
908 if(c != a && (res = mp_copy(a, c)) != MP_OKAY)
909 return res;
910 if((res = s_mp_sub(c, b)) != MP_OKAY)
911 return res;
915 } else if(cmp == 0) { /* different sign, a == b */
917 mp_zero(c);
918 return MP_OKAY;
920 } else { /* different sign: a < b */
922 /* See above... */
923 if(c == a) {
924 mp_int tmp;
926 if((res = mp_init_copy(&tmp, b)) != MP_OKAY)
927 return res;
928 if((res = s_mp_sub(&tmp, a)) != MP_OKAY) {
929 mp_clear(&tmp);
930 return res;
933 s_mp_exch(&tmp, c);
934 mp_clear(&tmp);
936 } else {
938 if(c != b && (res = mp_copy(b, c)) != MP_OKAY)
939 return res;
940 if((res = s_mp_sub(c, a)) != MP_OKAY)
941 return res;
946 if(USED(c) == 1 && DIGIT(c, 0) == 0)
947 SIGN(c) = MP_ZPOS;
949 return MP_OKAY;
951 } /* end mp_add() */
953 /* }}} */
955 /* {{{ mp_sub(a, b, c) */
958 mp_sub(a, b, c)
960 Compute c = a - b. All parameters may be identical.
963 mp_err mp_sub(mp_int *a, mp_int *b, mp_int *c)
965 mp_err res;
966 int cmp;
968 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
970 if(SIGN(a) != SIGN(b)) {
971 if(c == a) {
972 if((res = s_mp_add(c, b)) != MP_OKAY)
973 return res;
974 } else {
975 if(c != b && ((res = mp_copy(b, c)) != MP_OKAY))
976 return res;
977 if((res = s_mp_add(c, a)) != MP_OKAY)
978 return res;
979 SIGN(c) = SIGN(a);
982 } else if((cmp = s_mp_cmp(a, b)) > 0) { /* Same sign, a > b */
983 if(c == b) {
984 mp_int tmp;
986 if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
987 return res;
988 if((res = s_mp_sub(&tmp, b)) != MP_OKAY) {
989 mp_clear(&tmp);
990 return res;
992 s_mp_exch(&tmp, c);
993 mp_clear(&tmp);
995 } else {
996 if(c != a && ((res = mp_copy(a, c)) != MP_OKAY))
997 return res;
999 if((res = s_mp_sub(c, b)) != MP_OKAY)
1000 return res;
1003 } else if(cmp == 0) { /* Same sign, equal magnitude */
1004 mp_zero(c);
1005 return MP_OKAY;
1007 } else { /* Same sign, b > a */
1008 if(c == a) {
1009 mp_int tmp;
1011 if((res = mp_init_copy(&tmp, b)) != MP_OKAY)
1012 return res;
1014 if((res = s_mp_sub(&tmp, a)) != MP_OKAY) {
1015 mp_clear(&tmp);
1016 return res;
1018 s_mp_exch(&tmp, c);
1019 mp_clear(&tmp);
1021 } else {
1022 if(c != b && ((res = mp_copy(b, c)) != MP_OKAY))
1023 return res;
1025 if((res = s_mp_sub(c, a)) != MP_OKAY)
1026 return res;
1029 SIGN(c) = !SIGN(b);
1032 if(USED(c) == 1 && DIGIT(c, 0) == 0)
1033 SIGN(c) = MP_ZPOS;
1035 return MP_OKAY;
1037 } /* end mp_sub() */
1039 /* }}} */
1041 /* {{{ mp_mul(a, b, c) */
1044 mp_mul(a, b, c)
1046 Compute c = a * b. All parameters may be identical.
1049 mp_err mp_mul(mp_int *a, mp_int *b, mp_int *c)
1051 mp_err res;
1052 mp_sign sgn;
1054 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
1056 sgn = (SIGN(a) == SIGN(b)) ? MP_ZPOS : MP_NEG;
1058 if(c == b) {
1059 if((res = s_mp_mul(c, a)) != MP_OKAY)
1060 return res;
1062 } else {
1063 if((res = mp_copy(a, c)) != MP_OKAY)
1064 return res;
1066 if((res = s_mp_mul(c, b)) != MP_OKAY)
1067 return res;
1070 if(sgn == MP_ZPOS || s_mp_cmp_d(c, 0) == MP_EQ)
1071 SIGN(c) = MP_ZPOS;
1072 else
1073 SIGN(c) = sgn;
1075 return MP_OKAY;
1077 } /* end mp_mul() */
1079 /* }}} */
1081 /* {{{ mp_mul_2d(a, d, c) */
1084 mp_mul_2d(a, d, c)
1086 Compute c = a * 2^d. a may be the same as c.
1089 mp_err mp_mul_2d(mp_int *a, mp_digit d, mp_int *c)
1091 mp_err res;
1093 ARGCHK(a != NULL && c != NULL, MP_BADARG);
1095 if((res = mp_copy(a, c)) != MP_OKAY)
1096 return res;
1098 if(d == 0)
1099 return MP_OKAY;
1101 return s_mp_mul_2d(c, d);
1103 } /* end mp_mul() */
1105 /* }}} */
1107 /* {{{ mp_sqr(a, b) */
1109 #if MP_SQUARE
1110 mp_err mp_sqr(mp_int *a, mp_int *b)
1112 mp_err res;
1114 ARGCHK(a != NULL && b != NULL, MP_BADARG);
1116 if((res = mp_copy(a, b)) != MP_OKAY)
1117 return res;
1119 if((res = s_mp_sqr(b)) != MP_OKAY)
1120 return res;
1122 SIGN(b) = MP_ZPOS;
1124 return MP_OKAY;
1126 } /* end mp_sqr() */
1127 #endif
1129 /* }}} */
1131 /* {{{ mp_div(a, b, q, r) */
1134 mp_div(a, b, q, r)
1136 Compute q = a / b and r = a mod b. Input parameters may be re-used
1137 as output parameters. If q or r is NULL, that portion of the
1138 computation will be discarded (although it will still be computed)
1140 Pay no attention to the hacker behind the curtain.
1143 mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r)
1145 mp_err res;
1146 mp_int qtmp, rtmp;
1147 int cmp;
1149 ARGCHK(a != NULL && b != NULL, MP_BADARG);
1151 if(mp_cmp_z(b) == MP_EQ)
1152 return MP_RANGE;
1154 /* If a <= b, we can compute the solution without division, and
1155 avoid any memory allocation
1157 if((cmp = s_mp_cmp(a, b)) < 0) {
1158 if(r) {
1159 if((res = mp_copy(a, r)) != MP_OKAY)
1160 return res;
1163 if(q)
1164 mp_zero(q);
1166 return MP_OKAY;
1168 } else if(cmp == 0) {
1170 /* Set quotient to 1, with appropriate sign */
1171 if(q) {
1172 int qneg = (SIGN(a) != SIGN(b));
1174 mp_set(q, 1);
1175 if(qneg)
1176 SIGN(q) = MP_NEG;
1179 if(r)
1180 mp_zero(r);
1182 return MP_OKAY;
1185 /* If we get here, it means we actually have to do some division */
1187 /* Set up some temporaries... */
1188 if((res = mp_init_copy(&qtmp, a)) != MP_OKAY)
1189 return res;
1190 if((res = mp_init_copy(&rtmp, b)) != MP_OKAY)
1191 goto CLEANUP;
1193 if((res = s_mp_div(&qtmp, &rtmp)) != MP_OKAY)
1194 goto CLEANUP;
1196 /* Compute the signs for the output */
1197 SIGN(&rtmp) = SIGN(a); /* Sr = Sa */
1198 if(SIGN(a) == SIGN(b))
1199 SIGN(&qtmp) = MP_ZPOS; /* Sq = MP_ZPOS if Sa = Sb */
1200 else
1201 SIGN(&qtmp) = MP_NEG; /* Sq = MP_NEG if Sa != Sb */
1203 if(s_mp_cmp_d(&qtmp, 0) == MP_EQ)
1204 SIGN(&qtmp) = MP_ZPOS;
1205 if(s_mp_cmp_d(&rtmp, 0) == MP_EQ)
1206 SIGN(&rtmp) = MP_ZPOS;
1208 /* Copy output, if it is needed */
1209 if(q)
1210 s_mp_exch(&qtmp, q);
1212 if(r)
1213 s_mp_exch(&rtmp, r);
1215 CLEANUP:
1216 mp_clear(&rtmp);
1217 mp_clear(&qtmp);
1219 return res;
1221 } /* end mp_div() */
1223 /* }}} */
1225 /* {{{ mp_div_2d(a, d, q, r) */
1227 mp_err mp_div_2d(mp_int *a, mp_digit d, mp_int *q, mp_int *r)
1229 mp_err res;
1231 ARGCHK(a != NULL, MP_BADARG);
1233 if(q) {
1234 if((res = mp_copy(a, q)) != MP_OKAY)
1235 return res;
1237 s_mp_div_2d(q, d);
1240 if(r) {
1241 if((res = mp_copy(a, r)) != MP_OKAY)
1242 return res;
1244 s_mp_mod_2d(r, d);
1247 return MP_OKAY;
1249 } /* end mp_div_2d() */
1251 /* }}} */
1253 /* {{{ mp_expt(a, b, c) */
1256 mp_expt(a, b, c)
1258 Compute c = a ** b, that is, raise a to the b power. Uses a
1259 standard iterative square-and-multiply technique.
1262 mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
1264 mp_int s, x;
1265 mp_err res;
1266 mp_digit d;
1267 int dig, bit;
1269 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
1271 if(mp_cmp_z(b) < 0)
1272 return MP_RANGE;
1274 if((res = mp_init(&s)) != MP_OKAY)
1275 return res;
1277 mp_set(&s, 1);
1279 if((res = mp_init_copy(&x, a)) != MP_OKAY)
1280 goto X;
1282 /* Loop over low-order digits in ascending order */
1283 for(dig = 0; dig < (USED(b) - 1); dig++) {
1284 d = DIGIT(b, dig);
1286 /* Loop over bits of each non-maximal digit */
1287 for(bit = 0; bit < DIGIT_BIT; bit++) {
1288 if(d & 1) {
1289 if((res = s_mp_mul(&s, &x)) != MP_OKAY)
1290 goto CLEANUP;
1293 d >>= 1;
1295 if((res = s_mp_sqr(&x)) != MP_OKAY)
1296 goto CLEANUP;
1300 /* Consider now the last digit... */
1301 d = DIGIT(b, dig);
1303 while(d) {
1304 if(d & 1) {
1305 if((res = s_mp_mul(&s, &x)) != MP_OKAY)
1306 goto CLEANUP;
1309 d >>= 1;
1311 if((res = s_mp_sqr(&x)) != MP_OKAY)
1312 goto CLEANUP;
1315 if(mp_iseven(b))
1316 SIGN(&s) = SIGN(a);
1318 res = mp_copy(&s, c);
1320 CLEANUP:
1321 mp_clear(&x);
1323 mp_clear(&s);
1325 return res;
1327 } /* end mp_expt() */
1329 /* }}} */
1331 /* {{{ mp_2expt(a, k) */
1333 /* Compute a = 2^k */
1335 mp_err mp_2expt(mp_int *a, mp_digit k)
1337 ARGCHK(a != NULL, MP_BADARG);
1339 return s_mp_2expt(a, k);
1341 } /* end mp_2expt() */
1343 /* }}} */
1345 /* {{{ mp_mod(a, m, c) */
1348 mp_mod(a, m, c)
1350 Compute c = a (mod m). Result will always be 0 <= c < m.
1353 mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c)
1355 mp_err res;
1356 int mag;
1358 ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
1360 if(SIGN(m) == MP_NEG)
1361 return MP_RANGE;
1364 If |a| > m, we need to divide to get the remainder and take the
1365 absolute value.
1367 If |a| < m, we don't need to do any division, just copy and adjust
1368 the sign (if a is negative).
1370 If |a| == m, we can simply set the result to zero.
1372 This order is intended to minimize the average path length of the
1373 comparison chain on common workloads -- the most frequent cases are
1374 that |a| != m, so we do those first.
1376 if((mag = s_mp_cmp(a, m)) > 0) {
1377 if((res = mp_div(a, m, NULL, c)) != MP_OKAY)
1378 return res;
1380 if(SIGN(c) == MP_NEG) {
1381 if((res = mp_add(c, m, c)) != MP_OKAY)
1382 return res;
1385 } else if(mag < 0) {
1386 if((res = mp_copy(a, c)) != MP_OKAY)
1387 return res;
1389 if(mp_cmp_z(a) < 0) {
1390 if((res = mp_add(c, m, c)) != MP_OKAY)
1391 return res;
1395 } else {
1396 mp_zero(c);
1400 return MP_OKAY;
1402 } /* end mp_mod() */
1404 /* }}} */
1406 /* {{{ mp_mod_d(a, d, c) */
1409 mp_mod_d(a, d, c)
1411 Compute c = a (mod d). Result will always be 0 <= c < d
1413 mp_err mp_mod_d(mp_int *a, mp_digit d, mp_digit *c)
1415 mp_err res;
1416 mp_digit rem;
1418 ARGCHK(a != NULL && c != NULL, MP_BADARG);
1420 if(s_mp_cmp_d(a, d) > 0) {
1421 if((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY)
1422 return res;
1424 } else {
1425 if(SIGN(a) == MP_NEG)
1426 rem = d - DIGIT(a, 0);
1427 else
1428 rem = DIGIT(a, 0);
1431 if(c)
1432 *c = rem;
1434 return MP_OKAY;
1436 } /* end mp_mod_d() */
1438 /* }}} */
1440 /* {{{ mp_sqrt(a, b) */
1443 mp_sqrt(a, b)
1445 Compute the integer square root of a, and store the result in b.
1446 Uses an integer-arithmetic version of Newton's iterative linear
1447 approximation technique to determine this value; the result has the
1448 following two properties:
1450 b^2 <= a
1451 (b+1)^2 >= a
1453 It is a range error to pass a negative value.
1455 mp_err mp_sqrt(mp_int *a, mp_int *b)
1457 mp_int x, t;
1458 mp_err res;
1460 ARGCHK(a != NULL && b != NULL, MP_BADARG);
1462 /* Cannot take square root of a negative value */
1463 if(SIGN(a) == MP_NEG)
1464 return MP_RANGE;
1466 /* Special cases for zero and one, trivial */
1467 if(mp_cmp_d(a, 0) == MP_EQ || mp_cmp_d(a, 1) == MP_EQ)
1468 return mp_copy(a, b);
1470 /* Initialize the temporaries we'll use below */
1471 if((res = mp_init_size(&t, USED(a))) != MP_OKAY)
1472 return res;
1474 /* Compute an initial guess for the iteration as a itself */
1475 if((res = mp_init_copy(&x, a)) != MP_OKAY)
1476 goto X;
1478 s_mp_rshd(&x, (USED(&x)/2)+1);
1479 mp_add_d(&x, 1, &x);
1481 for(;;) {
1482 /* t = (x * x) - a */
1483 mp_copy(&x, &t); /* can't fail, t is big enough for original x */
1484 if((res = mp_sqr(&t, &t)) != MP_OKAY ||
1485 (res = mp_sub(&t, a, &t)) != MP_OKAY)
1486 goto CLEANUP;
1488 /* t = t / 2x */
1489 s_mp_mul_2(&x);
1490 if((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY)
1491 goto CLEANUP;
1492 s_mp_div_2(&x);
1494 /* Terminate the loop, if the quotient is zero */
1495 if(mp_cmp_z(&t) == MP_EQ)
1496 break;
1498 /* x = x - t */
1499 if((res = mp_sub(&x, &t, &x)) != MP_OKAY)
1500 goto CLEANUP;
1504 /* Copy result to output parameter */
1505 mp_sub_d(&x, 1, &x);
1506 s_mp_exch(&x, b);
1508 CLEANUP:
1509 mp_clear(&x);
1511 mp_clear(&t);
1513 return res;
1515 } /* end mp_sqrt() */
1517 /* }}} */
1519 /* }}} */
1521 /*------------------------------------------------------------------------*/
1522 /* {{{ Modular arithmetic */
1524 #if MP_MODARITH
1525 /* {{{ mp_addmod(a, b, m, c) */
1528 mp_addmod(a, b, m, c)
1530 Compute c = (a + b) mod m
1533 mp_err mp_addmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c)
1535 mp_err res;
1537 ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
1539 if((res = mp_add(a, b, c)) != MP_OKAY)
1540 return res;
1541 if((res = mp_mod(c, m, c)) != MP_OKAY)
1542 return res;
1544 return MP_OKAY;
1548 /* }}} */
1550 /* {{{ mp_submod(a, b, m, c) */
1553 mp_submod(a, b, m, c)
1555 Compute c = (a - b) mod m
1558 mp_err mp_submod(mp_int *a, mp_int *b, mp_int *m, mp_int *c)
1560 mp_err res;
1562 ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
1564 if((res = mp_sub(a, b, c)) != MP_OKAY)
1565 return res;
1566 if((res = mp_mod(c, m, c)) != MP_OKAY)
1567 return res;
1569 return MP_OKAY;
1573 /* }}} */
1575 /* {{{ mp_mulmod(a, b, m, c) */
1578 mp_mulmod(a, b, m, c)
1580 Compute c = (a * b) mod m
1583 mp_err mp_mulmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c)
1585 mp_err res;
1587 ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
1589 if((res = mp_mul(a, b, c)) != MP_OKAY)
1590 return res;
1591 if((res = mp_mod(c, m, c)) != MP_OKAY)
1592 return res;
1594 return MP_OKAY;
1598 /* }}} */
1600 /* {{{ mp_sqrmod(a, m, c) */
1602 #if MP_SQUARE
1603 mp_err mp_sqrmod(mp_int *a, mp_int *m, mp_int *c)
1605 mp_err res;
1607 ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
1609 if((res = mp_sqr(a, c)) != MP_OKAY)
1610 return res;
1611 if((res = mp_mod(c, m, c)) != MP_OKAY)
1612 return res;
1614 return MP_OKAY;
1616 } /* end mp_sqrmod() */
1617 #endif
1619 /* }}} */
1621 /* {{{ mp_exptmod(a, b, m, c) */
1624 mp_exptmod(a, b, m, c)
1626 Compute c = (a ** b) mod m. Uses a standard square-and-multiply
1627 method with modular reductions at each step. (This is basically the
1628 same code as mp_expt(), except for the addition of the reductions)
1630 The modular reductions are done using Barrett's algorithm (see
1631 s_mp_reduce() below for details)
1634 mp_err mp_exptmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c)
1636 mp_int s, x, mu;
1637 mp_err res;
1638 mp_digit d, *db = DIGITS(b);
1639 mp_size ub = USED(b);
1640 int dig, bit;
1642 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
1644 if(mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
1645 return MP_RANGE;
1647 if((res = mp_init(&s)) != MP_OKAY)
1648 return res;
1649 if((res = mp_init_copy(&x, a)) != MP_OKAY)
1650 goto X;
1651 if((res = mp_mod(&x, m, &x)) != MP_OKAY ||
1652 (res = mp_init(&mu)) != MP_OKAY)
1653 goto MU;
1655 mp_set(&s, 1);
1657 /* mu = b^2k / m */
1658 s_mp_add_d(&mu, 1);
1659 s_mp_lshd(&mu, 2 * USED(m));
1660 if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
1661 goto CLEANUP;
1663 /* Loop over digits of b in ascending order, except highest order */
1664 for(dig = 0; dig < (ub - 1); dig++) {
1665 d = *db++;
1667 /* Loop over the bits of the lower-order digits */
1668 for(bit = 0; bit < DIGIT_BIT; bit++) {
1669 if(d & 1) {
1670 if((res = s_mp_mul(&s, &x)) != MP_OKAY)
1671 goto CLEANUP;
1672 if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
1673 goto CLEANUP;
1676 d >>= 1;
1678 if((res = s_mp_sqr(&x)) != MP_OKAY)
1679 goto CLEANUP;
1680 if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
1681 goto CLEANUP;
1685 /* Now do the last digit... */
1686 d = *db;
1688 while(d) {
1689 if(d & 1) {
1690 if((res = s_mp_mul(&s, &x)) != MP_OKAY)
1691 goto CLEANUP;
1692 if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
1693 goto CLEANUP;
1696 d >>= 1;
1698 if((res = s_mp_sqr(&x)) != MP_OKAY)
1699 goto CLEANUP;
1700 if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
1701 goto CLEANUP;
1704 s_mp_exch(&s, c);
1706 CLEANUP:
1707 mp_clear(&mu);
1709 mp_clear(&x);
1711 mp_clear(&s);
1713 return res;
1715 } /* end mp_exptmod() */
1717 /* }}} */
1719 /* {{{ mp_exptmod_d(a, d, m, c) */
1721 mp_err mp_exptmod_d(mp_int *a, mp_digit d, mp_int *m, mp_int *c)
1723 mp_int s, x;
1724 mp_err res;
1726 ARGCHK(a != NULL && c != NULL, MP_BADARG);
1728 if((res = mp_init(&s)) != MP_OKAY)
1729 return res;
1730 if((res = mp_init_copy(&x, a)) != MP_OKAY)
1731 goto X;
1733 mp_set(&s, 1);
1735 while(d != 0) {
1736 if(d & 1) {
1737 if((res = s_mp_mul(&s, &x)) != MP_OKAY ||
1738 (res = mp_mod(&s, m, &s)) != MP_OKAY)
1739 goto CLEANUP;
1742 d /= 2;
1744 if((res = s_mp_sqr(&x)) != MP_OKAY ||
1745 (res = mp_mod(&x, m, &x)) != MP_OKAY)
1746 goto CLEANUP;
1749 s_mp_exch(&s, c);
1751 CLEANUP:
1752 mp_clear(&x);
1754 mp_clear(&s);
1756 return res;
1758 } /* end mp_exptmod_d() */
1760 /* }}} */
1761 #endif /* if MP_MODARITH */
1763 /* }}} */
1765 /*------------------------------------------------------------------------*/
1766 /* {{{ Comparison functions */
1768 /* {{{ mp_cmp_z(a) */
1771 mp_cmp_z(a)
1773 Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0.
1776 int mp_cmp_z(mp_int *a)
1778 if(SIGN(a) == MP_NEG)
1779 return MP_LT;
1780 else if(USED(a) == 1 && DIGIT(a, 0) == 0)
1781 return MP_EQ;
1782 else
1783 return MP_GT;
1785 } /* end mp_cmp_z() */
1787 /* }}} */
1789 /* {{{ mp_cmp_d(a, d) */
1792 mp_cmp_d(a, d)
1794 Compare a <=> d. Returns <0 if a<d, 0 if a=d, >0 if a>d
1797 int mp_cmp_d(mp_int *a, mp_digit d)
1799 ARGCHK(a != NULL, MP_EQ);
1801 if(SIGN(a) == MP_NEG)
1802 return MP_LT;
1804 return s_mp_cmp_d(a, d);
1806 } /* end mp_cmp_d() */
1808 /* }}} */
1810 /* {{{ mp_cmp(a, b) */
1812 int mp_cmp(mp_int *a, mp_int *b)
1814 ARGCHK(a != NULL && b != NULL, MP_EQ);
1816 if(SIGN(a) == SIGN(b)) {
1817 int mag;
1819 if((mag = s_mp_cmp(a, b)) == MP_EQ)
1820 return MP_EQ;
1822 if(SIGN(a) == MP_ZPOS)
1823 return mag;
1824 else
1825 return -mag;
1827 } else if(SIGN(a) == MP_ZPOS) {
1828 return MP_GT;
1829 } else {
1830 return MP_LT;
1833 } /* end mp_cmp() */
1835 /* }}} */
1837 /* {{{ mp_cmp_mag(a, b) */
1840 mp_cmp_mag(a, b)
1842 Compares |a| <=> |b|, and returns an appropriate comparison result
1845 int mp_cmp_mag(mp_int *a, mp_int *b)
1847 ARGCHK(a != NULL && b != NULL, MP_EQ);
1849 return s_mp_cmp(a, b);
1851 } /* end mp_cmp_mag() */
1853 /* }}} */
1855 /* {{{ mp_cmp_int(a, z) */
1858 This just converts z to an mp_int, and uses the existing comparison
1859 routines. This is sort of inefficient, but it's not clear to me how
1860 frequently this wil get used anyway. For small positive constants,
1861 you can always use mp_cmp_d(), and for zero, there is mp_cmp_z().
1863 int mp_cmp_int(mp_int *a, long z)
1865 mp_int tmp;
1866 int out;
1868 ARGCHK(a != NULL, MP_EQ);
1870 mp_init(&tmp); mp_set_int(&tmp, z);
1871 out = mp_cmp(a, &tmp);
1872 mp_clear(&tmp);
1874 return out;
1876 } /* end mp_cmp_int() */
1878 /* }}} */
1880 /* {{{ mp_isodd(a) */
1883 mp_isodd(a)
1885 Returns a true (non-zero) value if a is odd, false (zero) otherwise.
1887 int mp_isodd(mp_int *a)
1889 ARGCHK(a != NULL, 0);
1891 return (DIGIT(a, 0) & 1);
1893 } /* end mp_isodd() */
1895 /* }}} */
1897 /* {{{ mp_iseven(a) */
1899 int mp_iseven(mp_int *a)
1901 return !mp_isodd(a);
1903 } /* end mp_iseven() */
1905 /* }}} */
1907 /* }}} */
1909 /*------------------------------------------------------------------------*/
1910 /* {{{ Number theoretic functions */
1912 #if MP_NUMTH
1913 /* {{{ mp_gcd(a, b, c) */
1916 Like the old mp_gcd() function, except computes the GCD using the
1917 binary algorithm due to Josef Stein in 1961 (via Knuth).
1919 mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c)
1921 mp_err res;
1922 mp_int u, v, t;
1923 mp_size k = 0;
1925 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
1927 if(mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ)
1928 return MP_RANGE;
1929 if(mp_cmp_z(a) == MP_EQ) {
1930 return mp_copy(b, c);
1931 } else if(mp_cmp_z(b) == MP_EQ) {
1932 return mp_copy(a, c);
1935 if((res = mp_init(&t)) != MP_OKAY)
1936 return res;
1937 if((res = mp_init_copy(&u, a)) != MP_OKAY)
1938 goto U;
1939 if((res = mp_init_copy(&v, b)) != MP_OKAY)
1940 goto V;
1942 SIGN(&u) = MP_ZPOS;
1943 SIGN(&v) = MP_ZPOS;
1945 /* Divide out common factors of 2 until at least 1 of a, b is even */
1946 while(mp_iseven(&u) && mp_iseven(&v)) {
1947 s_mp_div_2(&u);
1948 s_mp_div_2(&v);
1949 ++k;
1952 /* Initialize t */
1953 if(mp_isodd(&u)) {
1954 if((res = mp_copy(&v, &t)) != MP_OKAY)
1955 goto CLEANUP;
1957 /* t = -v */
1958 if(SIGN(&v) == MP_ZPOS)
1959 SIGN(&t) = MP_NEG;
1960 else
1961 SIGN(&t) = MP_ZPOS;
1963 } else {
1964 if((res = mp_copy(&u, &t)) != MP_OKAY)
1965 goto CLEANUP;
1969 for(;;) {
1970 while(mp_iseven(&t)) {
1971 s_mp_div_2(&t);
1974 if(mp_cmp_z(&t) == MP_GT) {
1975 if((res = mp_copy(&t, &u)) != MP_OKAY)
1976 goto CLEANUP;
1978 } else {
1979 if((res = mp_copy(&t, &v)) != MP_OKAY)
1980 goto CLEANUP;
1982 /* v = -t */
1983 if(SIGN(&t) == MP_ZPOS)
1984 SIGN(&v) = MP_NEG;
1985 else
1986 SIGN(&v) = MP_ZPOS;
1989 if((res = mp_sub(&u, &v, &t)) != MP_OKAY)
1990 goto CLEANUP;
1992 if(s_mp_cmp_d(&t, 0) == MP_EQ)
1993 break;
1996 s_mp_2expt(&v, k); /* v = 2^k */
1997 res = mp_mul(&u, &v, c); /* c = u * v */
1999 CLEANUP:
2000 mp_clear(&v);
2002 mp_clear(&u);
2004 mp_clear(&t);
2006 return res;
2008 } /* end mp_bgcd() */
2010 /* }}} */
2012 /* {{{ mp_lcm(a, b, c) */
2014 /* We compute the least common multiple using the rule:
2016 ab = [a, b](a, b)
2018 ... by computing the product, and dividing out the gcd.
2021 mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c)
2023 mp_int gcd, prod;
2024 mp_err res;
2026 ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
2028 /* Set up temporaries */
2029 if((res = mp_init(&gcd)) != MP_OKAY)
2030 return res;
2031 if((res = mp_init(&prod)) != MP_OKAY)
2032 goto GCD;
2034 if((res = mp_mul(a, b, &prod)) != MP_OKAY)
2035 goto CLEANUP;
2036 if((res = mp_gcd(a, b, &gcd)) != MP_OKAY)
2037 goto CLEANUP;
2039 res = mp_div(&prod, &gcd, c, NULL);
2041 CLEANUP:
2042 mp_clear(&prod);
2043 GCD:
2044 mp_clear(&gcd);
2046 return res;
2048 } /* end mp_lcm() */
2050 /* }}} */
2052 /* {{{ mp_xgcd(a, b, g, x, y) */
2055 mp_xgcd(a, b, g, x, y)
2057 Compute g = (a, b) and values x and y satisfying Bezout's identity
2058 (that is, ax + by = g). This uses the extended binary GCD algorithm
2059 based on the Stein algorithm used for mp_gcd()
2062 mp_err mp_xgcd(mp_int *a, mp_int *b, mp_int *g, mp_int *x, mp_int *y)
2064 mp_int gx, xc, yc, u, v, A, B, C, D;
2065 mp_int *clean[9];
2066 mp_err res;
2067 int last = -1;
2069 if(mp_cmp_z(b) == 0)
2070 return MP_RANGE;
2072 /* Initialize all these variables we need */
2073 if((res = mp_init(&u)) != MP_OKAY) goto CLEANUP;
2074 clean[++last] = &u;
2075 if((res = mp_init(&v)) != MP_OKAY) goto CLEANUP;
2076 clean[++last] = &v;
2077 if((res = mp_init(&gx)) != MP_OKAY) goto CLEANUP;
2078 clean[++last] = &gx;
2079 if((res = mp_init(&A)) != MP_OKAY) goto CLEANUP;
2080 clean[++last] = &A;
2081 if((res = mp_init(&B)) != MP_OKAY) goto CLEANUP;
2082 clean[++last] = &B;
2083 if((res = mp_init(&C)) != MP_OKAY) goto CLEANUP;
2084 clean[++last] = &C;
2085 if((res = mp_init(&D)) != MP_OKAY) goto CLEANUP;
2086 clean[++last] = &D;
2087 if((res = mp_init_copy(&xc, a)) != MP_OKAY) goto CLEANUP;
2088 clean[++last] = &xc;
2089 mp_abs(&xc, &xc);
2090 if((res = mp_init_copy(&yc, b)) != MP_OKAY) goto CLEANUP;
2091 clean[++last] = &yc;
2092 mp_abs(&yc, &yc);
2094 mp_set(&gx, 1);
2096 /* Divide by two until at least one of them is even */
2097 while(mp_iseven(&xc) && mp_iseven(&yc)) {
2098 s_mp_div_2(&xc);
2099 s_mp_div_2(&yc);
2100 if((res = s_mp_mul_2(&gx)) != MP_OKAY)
2101 goto CLEANUP;
2104 mp_copy(&xc, &u);
2105 mp_copy(&yc, &v);
2106 mp_set(&A, 1); mp_set(&D, 1);
2108 /* Loop through binary GCD algorithm */
2109 for(;;) {
2110 while(mp_iseven(&u)) {
2111 s_mp_div_2(&u);
2113 if(mp_iseven(&A) && mp_iseven(&B)) {
2114 s_mp_div_2(&A); s_mp_div_2(&B);
2115 } else {
2116 if((res = mp_add(&A, &yc, &A)) != MP_OKAY) goto CLEANUP;
2117 s_mp_div_2(&A);
2118 if((res = mp_sub(&B, &xc, &B)) != MP_OKAY) goto CLEANUP;
2119 s_mp_div_2(&B);
2123 while(mp_iseven(&v)) {
2124 s_mp_div_2(&v);
2126 if(mp_iseven(&C) && mp_iseven(&D)) {
2127 s_mp_div_2(&C); s_mp_div_2(&D);
2128 } else {
2129 if((res = mp_add(&C, &yc, &C)) != MP_OKAY) goto CLEANUP;
2130 s_mp_div_2(&C);
2131 if((res = mp_sub(&D, &xc, &D)) != MP_OKAY) goto CLEANUP;
2132 s_mp_div_2(&D);
2136 if(mp_cmp(&u, &v) >= 0) {
2137 if((res = mp_sub(&u, &v, &u)) != MP_OKAY) goto CLEANUP;
2138 if((res = mp_sub(&A, &C, &A)) != MP_OKAY) goto CLEANUP;
2139 if((res = mp_sub(&B, &D, &B)) != MP_OKAY) goto CLEANUP;
2141 } else {
2142 if((res = mp_sub(&v, &u, &v)) != MP_OKAY) goto CLEANUP;
2143 if((res = mp_sub(&C, &A, &C)) != MP_OKAY) goto CLEANUP;
2144 if((res = mp_sub(&D, &B, &D)) != MP_OKAY) goto CLEANUP;
2148 /* If we're done, copy results to output */
2149 if(mp_cmp_z(&u) == 0) {
2150 if(x)
2151 if((res = mp_copy(&C, x)) != MP_OKAY) goto CLEANUP;
2153 if(y)
2154 if((res = mp_copy(&D, y)) != MP_OKAY) goto CLEANUP;
2156 if(g)
2157 if((res = mp_mul(&gx, &v, g)) != MP_OKAY) goto CLEANUP;
2159 break;
2163 CLEANUP:
2164 while(last >= 0)
2165 mp_clear(clean[last--]);
2167 return res;
2169 } /* end mp_xgcd() */
2171 /* }}} */
2173 /* {{{ mp_invmod(a, m, c) */
2176 mp_invmod(a, m, c)
2178 Compute c = a^-1 (mod m), if there is an inverse for a (mod m).
2179 This is equivalent to the question of whether (a, m) = 1. If not,
2180 MP_UNDEF is returned, and there is no inverse.
2183 mp_err mp_invmod(mp_int *a, mp_int *m, mp_int *c)
2185 mp_int g, x;
2186 mp_err res;
2188 ARGCHK(a && m && c, MP_BADARG);
2190 if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
2191 return MP_RANGE;
2193 if((res = mp_init(&g)) != MP_OKAY)
2194 return res;
2195 if((res = mp_init(&x)) != MP_OKAY)
2196 goto X;
2198 if((res = mp_xgcd(a, m, &g, &x, NULL)) != MP_OKAY)
2199 goto CLEANUP;
2201 if(mp_cmp_d(&g, 1) != MP_EQ) {
2202 res = MP_UNDEF;
2203 goto CLEANUP;
2206 res = mp_mod(&x, m, c);
2207 SIGN(c) = SIGN(a);
2209 CLEANUP:
2210 mp_clear(&x);
2212 mp_clear(&g);
2214 return res;
2216 } /* end mp_invmod() */
2218 /* }}} */
2219 #endif /* if MP_NUMTH */
2221 /* }}} */
2223 /*------------------------------------------------------------------------*/
2224 /* {{{ mp_print(mp, ofp) */
2226 #if MP_IOFUNC
2228 mp_print(mp, ofp)
2230 Print a textual representation of the given mp_int on the output
2231 stream 'ofp'. Output is generated using the internal radix.
2234 void mp_print(mp_int *mp, FILE *ofp)
2236 int ix;
2238 if(mp == NULL || ofp == NULL)
2239 return;
2241 fputc((SIGN(mp) == MP_NEG) ? '-' : '+', ofp);
2243 for(ix = USED(mp) - 1; ix >= 0; ix--) {
2244 fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix));
2247 } /* end mp_print() */
2249 #endif /* if MP_IOFUNC */
2251 /* }}} */
2253 /*------------------------------------------------------------------------*/
2254 /* {{{ More I/O Functions */
2256 /* {{{ mp_read_signed_bin(mp, str, len) */
2259 mp_read_signed_bin(mp, str, len)
2261 Read in a raw value (base 256) into the given mp_int
2264 mp_err mp_read_signed_bin(mp_int *mp, unsigned char *str, int len)
2266 mp_err res;
2268 ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
2270 if((res = mp_read_unsigned_bin(mp, str + 1, len - 1)) == MP_OKAY) {
2271 /* Get sign from first byte */
2272 if(str[0])
2273 SIGN(mp) = MP_NEG;
2274 else
2275 SIGN(mp) = MP_ZPOS;
2278 return res;
2280 } /* end mp_read_signed_bin() */
2282 /* }}} */
2284 /* {{{ mp_signed_bin_size(mp) */
2286 int mp_signed_bin_size(mp_int *mp)
2288 ARGCHK(mp != NULL, 0);
2290 return mp_unsigned_bin_size(mp) + 1;
2292 } /* end mp_signed_bin_size() */
2294 /* }}} */
2296 /* {{{ mp_to_signed_bin(mp, str) */
2298 mp_err mp_to_signed_bin(mp_int *mp, unsigned char *str)
2300 ARGCHK(mp != NULL && str != NULL, MP_BADARG);
2302 /* Caller responsible for allocating enough memory (use mp_raw_size(mp)) */
2303 str[0] = (char)SIGN(mp);
2305 return mp_to_unsigned_bin(mp, str + 1);
2307 } /* end mp_to_signed_bin() */
2309 /* }}} */
2311 /* {{{ mp_read_unsigned_bin(mp, str, len) */
2314 mp_read_unsigned_bin(mp, str, len)
2316 Read in an unsigned value (base 256) into the given mp_int
2319 mp_err mp_read_unsigned_bin(mp_int *mp, unsigned char *str, int len)
2321 int ix;
2322 mp_err res;
2324 ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
2326 mp_zero(mp);
2328 for(ix = 0; ix < len; ix++) {
2329 if((res = s_mp_mul_2d(mp, CHAR_BIT)) != MP_OKAY)
2330 return res;
2332 if((res = mp_add_d(mp, str[ix], mp)) != MP_OKAY)
2333 return res;
2336 return MP_OKAY;
2338 } /* end mp_read_unsigned_bin() */
2340 /* }}} */
2342 /* {{{ mp_unsigned_bin_size(mp) */
2344 int mp_unsigned_bin_size(mp_int *mp)
2346 mp_digit topdig;
2347 int count;
2349 ARGCHK(mp != NULL, 0);
2351 /* Special case for the value zero */
2352 if(USED(mp) == 1 && DIGIT(mp, 0) == 0)
2353 return 1;
2355 count = (USED(mp) - 1) * sizeof(mp_digit);
2356 topdig = DIGIT(mp, USED(mp) - 1);
2358 while(topdig != 0) {
2359 ++count;
2360 topdig >>= CHAR_BIT;
2363 return count;
2365 } /* end mp_unsigned_bin_size() */
2367 /* }}} */
2369 /* {{{ mp_to_unsigned_bin(mp, str) */
2371 mp_err mp_to_unsigned_bin(mp_int *mp, unsigned char *str)
2373 mp_digit *dp, *end, d;
2374 unsigned char *spos;
2376 ARGCHK(mp != NULL && str != NULL, MP_BADARG);
2378 dp = DIGITS(mp);
2379 end = dp + USED(mp) - 1;
2380 spos = str;
2382 /* Special case for zero, quick test */
2383 if(dp == end && *dp == 0) {
2384 *str = '\0';
2385 return MP_OKAY;
2388 /* Generate digits in reverse order */
2389 while(dp < end) {
2390 int ix;
2392 d = *dp;
2393 for(ix = 0; ix < sizeof(mp_digit); ++ix) {
2394 *spos = d & UCHAR_MAX;
2395 d >>= CHAR_BIT;
2396 ++spos;
2399 ++dp;
2402 /* Now handle last digit specially, high order zeroes are not written */
2403 d = *end;
2404 while(d != 0) {
2405 *spos = d & UCHAR_MAX;
2406 d >>= CHAR_BIT;
2407 ++spos;
2410 /* Reverse everything to get digits in the correct order */
2411 while(--spos > str) {
2412 unsigned char t = *str;
2413 *str = *spos;
2414 *spos = t;
2416 ++str;
2419 return MP_OKAY;
2421 } /* end mp_to_unsigned_bin() */
2423 /* }}} */
2425 /* {{{ mp_count_bits(mp) */
2427 int mp_count_bits(mp_int *mp)
2429 int len;
2430 mp_digit d;
2432 ARGCHK(mp != NULL, MP_BADARG);
2434 len = DIGIT_BIT * (USED(mp) - 1);
2435 d = DIGIT(mp, USED(mp) - 1);
2437 while(d != 0) {
2438 ++len;
2439 d >>= 1;
2442 return len;
2444 } /* end mp_count_bits() */
2446 /* }}} */
2448 /* {{{ mp_read_radix(mp, str, radix) */
2451 mp_read_radix(mp, str, radix)
2453 Read an integer from the given string, and set mp to the resulting
2454 value. The input is presumed to be in base 10. Leading non-digit
2455 characters are ignored, and the function reads until a non-digit
2456 character or the end of the string.
2459 mp_err mp_read_radix(mp_int *mp, unsigned char *str, int radix)
2461 int ix = 0, val = 0;
2462 mp_err res;
2463 mp_sign sig = MP_ZPOS;
2465 ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
2466 MP_BADARG);
2468 mp_zero(mp);
2470 /* Skip leading non-digit characters until a digit or '-' or '+' */
2471 while(str[ix] &&
2472 (s_mp_tovalue(str[ix], radix) < 0) &&
2473 str[ix] != '-' &&
2474 str[ix] != '+') {
2475 ++ix;
2478 if(str[ix] == '-') {
2479 sig = MP_NEG;
2480 ++ix;
2481 } else if(str[ix] == '+') {
2482 sig = MP_ZPOS; /* this is the default anyway... */
2483 ++ix;
2486 while((val = s_mp_tovalue(str[ix], radix)) >= 0) {
2487 if((res = s_mp_mul_d(mp, radix)) != MP_OKAY)
2488 return res;
2489 if((res = s_mp_add_d(mp, val)) != MP_OKAY)
2490 return res;
2491 ++ix;
2494 if(s_mp_cmp_d(mp, 0) == MP_EQ)
2495 SIGN(mp) = MP_ZPOS;
2496 else
2497 SIGN(mp) = sig;
2499 return MP_OKAY;
2501 } /* end mp_read_radix() */
2503 /* }}} */
2505 /* {{{ mp_radix_size(mp, radix) */
2507 int mp_radix_size(mp_int *mp, int radix)
2509 int len;
2510 ARGCHK(mp != NULL, 0);
2512 len = s_mp_outlen(mp_count_bits(mp), radix) + 1; /* for NUL terminator */
2514 if(mp_cmp_z(mp) < 0)
2515 ++len; /* for sign */
2517 return len;
2519 } /* end mp_radix_size() */
2521 /* }}} */
2523 /* {{{ mp_value_radix_size(num, qty, radix) */
2525 /* num = number of digits
2526 qty = number of bits per digit
2527 radix = target base
2529 Return the number of digits in the specified radix that would be
2530 needed to express 'num' digits of 'qty' bits each.
2532 int mp_value_radix_size(int num, int qty, int radix)
2534 ARGCHK(num >= 0 && qty > 0 && radix >= 2 && radix <= MAX_RADIX, 0);
2536 return s_mp_outlen(num * qty, radix);
2538 } /* end mp_value_radix_size() */
2540 /* }}} */
2542 /* {{{ mp_toradix(mp, str, radix) */
2544 mp_err mp_toradix(mp_int *mp, unsigned char *str, int radix)
2546 int ix, pos = 0;
2548 ARGCHK(mp != NULL && str != NULL, MP_BADARG);
2549 ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE);
2551 if(mp_cmp_z(mp) == MP_EQ) {
2552 str[0] = '0';
2553 str[1] = '\0';
2554 } else {
2555 mp_err res;
2556 mp_int tmp;
2557 mp_sign sgn;
2558 mp_digit rem, rdx = (mp_digit)radix;
2559 char ch;
2561 if((res = mp_init_copy(&tmp, mp)) != MP_OKAY)
2562 return res;
2564 /* Save sign for later, and take absolute value */
2565 sgn = SIGN(&tmp); SIGN(&tmp) = MP_ZPOS;
2567 /* Generate output digits in reverse order */
2568 while(mp_cmp_z(&tmp) != 0) {
2569 if((res = s_mp_div_d(&tmp, rdx, &rem)) != MP_OKAY) {
2570 mp_clear(&tmp);
2571 return res;
2574 /* Generate digits, use capital letters */
2575 ch = s_mp_todigit(rem, radix, 0);
2577 str[pos++] = ch;
2580 /* Add - sign if original value was negative */
2581 if(sgn == MP_NEG)
2582 str[pos++] = '-';
2584 /* Add trailing NUL to end the string */
2585 str[pos--] = '\0';
2587 /* Reverse the digits and sign indicator */
2588 ix = 0;
2589 while(ix < pos) {
2590 char tmp = str[ix];
2592 str[ix] = str[pos];
2593 str[pos] = tmp;
2594 ++ix;
2595 --pos;
2598 mp_clear(&tmp);
2601 return MP_OKAY;
2603 } /* end mp_toradix() */
2605 /* }}} */
2607 /* {{{ mp_char2value(ch, r) */
2609 int mp_char2value(char ch, int r)
2611 return s_mp_tovalue(ch, r);
2613 } /* end mp_tovalue() */
2615 /* }}} */
2617 /* }}} */
2619 /* {{{ mp_strerror(ec) */
2622 mp_strerror(ec)
2624 Return a string describing the meaning of error code 'ec'. The
2625 string returned is allocated in static memory, so the caller should
2626 not attempt to modify or free the memory associated with this
2627 string.
2629 const char *mp_strerror(mp_err ec)
2631 int aec = (ec < 0) ? -ec : ec;
2633 /* Code values are negative, so the senses of these comparisons
2634 are accurate */
2635 if(ec < MP_LAST_CODE || ec > MP_OKAY) {
2636 return mp_err_string[0]; /* unknown error code */
2637 } else {
2638 return mp_err_string[aec + 1];
2641 } /* end mp_strerror() */
2643 /* }}} */
2645 /*========================================================================*/
2646 /*------------------------------------------------------------------------*/
2647 /* Static function definitions (internal use only) */
2649 /* {{{ Memory management */
2651 /* {{{ s_mp_grow(mp, min) */
2653 /* Make sure there are at least 'min' digits allocated to mp */
2654 mp_err s_mp_grow(mp_int *mp, mp_size min)
2656 if(min > ALLOC(mp)) {
2657 mp_digit *tmp;
2659 /* Set min to next nearest default precision block size */
2660 min = ((min + (s_mp_defprec - 1)) / s_mp_defprec) * s_mp_defprec;
2662 if((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL)
2663 return MP_MEM;
2665 s_mp_copy(DIGITS(mp), tmp, USED(mp));
2667 #if MP_CRYPTO
2668 s_mp_setz(DIGITS(mp), ALLOC(mp));
2669 #endif
2670 s_mp_free(DIGITS(mp));
2671 DIGITS(mp) = tmp;
2672 ALLOC(mp) = min;
2675 return MP_OKAY;
2677 } /* end s_mp_grow() */
2679 /* }}} */
2681 /* {{{ s_mp_pad(mp, min) */
2683 /* Make sure the used size of mp is at least 'min', growing if needed */
2684 mp_err s_mp_pad(mp_int *mp, mp_size min)
2686 if(min > USED(mp)) {
2687 mp_err res;
2689 /* Make sure there is room to increase precision */
2690 if(min > ALLOC(mp) && (res = s_mp_grow(mp, min)) != MP_OKAY)
2691 return res;
2693 /* Increase precision; should already be 0-filled */
2694 USED(mp) = min;
2697 return MP_OKAY;
2699 } /* end s_mp_pad() */
2701 /* }}} */
2703 /* {{{ s_mp_setz(dp, count) */
2705 #if MP_MACRO == 0
2706 /* Set 'count' digits pointed to by dp to be zeroes */
2707 void s_mp_setz(mp_digit *dp, mp_size count)
2709 #if MP_MEMSET == 0
2710 int ix;
2712 for(ix = 0; ix < count; ix++)
2713 dp[ix] = 0;
2714 #else
2715 memset(dp, 0, count * sizeof(mp_digit));
2716 #endif
2718 } /* end s_mp_setz() */
2719 #endif
2721 /* }}} */
2723 /* {{{ s_mp_copy(sp, dp, count) */
2725 #if MP_MACRO == 0
2726 /* Copy 'count' digits from sp to dp */
2727 void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count)
2729 #if MP_MEMCPY == 0
2730 int ix;
2732 for(ix = 0; ix < count; ix++)
2733 dp[ix] = sp[ix];
2734 #else
2735 memcpy(dp, sp, count * sizeof(mp_digit));
2736 #endif
2738 } /* end s_mp_copy() */
2739 #endif
2741 /* }}} */
2743 /* {{{ s_mp_alloc(nb, ni) */
2745 #if MP_MACRO == 0
2746 /* Allocate ni records of nb bytes each, and return a pointer to that */
2747 void *s_mp_alloc(size_t nb, size_t ni)
2749 return calloc(nb, ni);
2751 } /* end s_mp_alloc() */
2752 #endif
2754 /* }}} */
2756 /* {{{ s_mp_free(ptr) */
2758 #if MP_MACRO == 0
2759 /* Free the memory pointed to by ptr */
2760 void s_mp_free(void *ptr)
2762 if(ptr)
2763 free(ptr);
2765 } /* end s_mp_free() */
2766 #endif
2768 /* }}} */
2770 /* {{{ s_mp_clamp(mp) */
2772 /* Remove leading zeroes from the given value */
2773 void s_mp_clamp(mp_int *mp)
2775 mp_size du = USED(mp);
2776 mp_digit *zp = DIGITS(mp) + du - 1;
2778 while(du > 1 && !*zp--)
2779 --du;
2781 USED(mp) = du;
2783 } /* end s_mp_clamp() */
2786 /* }}} */
2788 /* {{{ s_mp_exch(a, b) */
2790 /* Exchange the data for a and b; (b, a) = (a, b) */
2791 void s_mp_exch(mp_int *a, mp_int *b)
2793 mp_int tmp;
2795 tmp = *a;
2796 *a = *b;
2797 *b = tmp;
2799 } /* end s_mp_exch() */
2801 /* }}} */
2803 /* }}} */
2805 /* {{{ Arithmetic helpers */
2807 /* {{{ s_mp_lshd(mp, p) */
2810 Shift mp leftward by p digits, growing if needed, and zero-filling
2811 the in-shifted digits at the right end. This is a convenient
2812 alternative to multiplication by powers of the radix
2815 mp_err s_mp_lshd(mp_int *mp, mp_size p)
2817 mp_err res;
2818 mp_size pos;
2819 mp_digit *dp;
2820 int ix;
2822 if(p == 0)
2823 return MP_OKAY;
2825 if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
2826 return res;
2828 pos = USED(mp) - 1;
2829 dp = DIGITS(mp);
2831 /* Shift all the significant figures over as needed */
2832 for(ix = pos - p; ix >= 0; ix--)
2833 dp[ix + p] = dp[ix];
2835 /* Fill the bottom digits with zeroes */
2836 for(ix = 0; ix < p; ix++)
2837 dp[ix] = 0;
2839 return MP_OKAY;
2841 } /* end s_mp_lshd() */
2843 /* }}} */
2845 /* {{{ s_mp_rshd(mp, p) */
2848 Shift mp rightward by p digits. Maintains the invariant that
2849 digits above the precision are all zero. Digits shifted off the
2850 end are lost. Cannot fail.
2853 void s_mp_rshd(mp_int *mp, mp_size p)
2855 mp_size ix;
2856 mp_digit *dp;
2858 if(p == 0)
2859 return;
2861 /* Shortcut when all digits are to be shifted off */
2862 if(p >= USED(mp)) {
2863 s_mp_setz(DIGITS(mp), ALLOC(mp));
2864 USED(mp) = 1;
2865 SIGN(mp) = MP_ZPOS;
2866 return;
2869 /* Shift all the significant figures over as needed */
2870 dp = DIGITS(mp);
2871 for(ix = p; ix < USED(mp); ix++)
2872 dp[ix - p] = dp[ix];
2874 /* Fill the top digits with zeroes */
2875 ix -= p;
2876 while(ix < USED(mp))
2877 dp[ix++] = 0;
2879 /* Strip off any leading zeroes */
2880 s_mp_clamp(mp);
2882 } /* end s_mp_rshd() */
2884 /* }}} */
2886 /* {{{ s_mp_div_2(mp) */
2888 /* Divide by two -- take advantage of radix properties to do it fast */
2889 void s_mp_div_2(mp_int *mp)
2891 s_mp_div_2d(mp, 1);
2893 } /* end s_mp_div_2() */
2895 /* }}} */
2897 /* {{{ s_mp_mul_2(mp) */
2899 mp_err s_mp_mul_2(mp_int *mp)
2901 int ix;
2902 mp_digit kin = 0, kout, *dp = DIGITS(mp);
2903 mp_err res;
2905 /* Shift digits leftward by 1 bit */
2906 for(ix = 0; ix < USED(mp); ix++) {
2907 kout = (dp[ix] >> (DIGIT_BIT - 1)) & 1;
2908 dp[ix] = (dp[ix] << 1) | kin;
2910 kin = kout;
2913 /* Deal with rollover from last digit */
2914 if(kin) {
2915 if(ix >= ALLOC(mp)) {
2916 if((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY)
2917 return res;
2918 dp = DIGITS(mp);
2921 dp[ix] = kin;
2922 USED(mp) += 1;
2925 return MP_OKAY;
2927 } /* end s_mp_mul_2() */
2929 /* }}} */
2931 /* {{{ s_mp_mod_2d(mp, d) */
2934 Remainder the integer by 2^d, where d is a number of bits. This
2935 amounts to a bitwise AND of the value, and does not require the full
2936 division code
2938 void s_mp_mod_2d(mp_int *mp, mp_digit d)
2940 unsigned int ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT);
2941 unsigned int ix;
2942 mp_digit dmask, *dp = DIGITS(mp);
2944 if(ndig >= USED(mp))
2945 return;
2947 /* Flush all the bits above 2^d in its digit */
2948 dmask = (1 << nbit) - 1;
2949 dp[ndig] &= dmask;
2951 /* Flush all digits above the one with 2^d in it */
2952 for(ix = ndig + 1; ix < USED(mp); ix++)
2953 dp[ix] = 0;
2955 s_mp_clamp(mp);
2957 } /* end s_mp_mod_2d() */
2959 /* }}} */
2961 /* {{{ s_mp_mul_2d(mp, d) */
2964 Multiply by the integer 2^d, where d is a number of bits. This
2965 amounts to a bitwise shift of the value, and does not require the
2966 full multiplication code.
2968 mp_err s_mp_mul_2d(mp_int *mp, mp_digit d)
2970 mp_err res;
2971 mp_digit save, next, mask, *dp;
2972 mp_size used;
2973 int ix;
2975 if((res = s_mp_lshd(mp, d / DIGIT_BIT)) != MP_OKAY)
2976 return res;
2978 dp = DIGITS(mp); used = USED(mp);
2979 d %= DIGIT_BIT;
2981 mask = (1 << d) - 1;
2983 /* If the shift requires another digit, make sure we've got one to
2984 work with */
2985 if((dp[used - 1] >> (DIGIT_BIT - d)) & mask) {
2986 if((res = s_mp_grow(mp, used + 1)) != MP_OKAY)
2987 return res;
2988 dp = DIGITS(mp);
2991 /* Do the shifting... */
2992 save = 0;
2993 for(ix = 0; ix < used; ix++) {
2994 next = (dp[ix] >> (DIGIT_BIT - d)) & mask;
2995 dp[ix] = (dp[ix] << d) | save;
2996 save = next;
2999 /* If, at this point, we have a nonzero carryout into the next
3000 digit, we'll increase the size by one digit, and store it...
3002 if(save) {
3003 dp[used] = save;
3004 USED(mp) += 1;
3007 s_mp_clamp(mp);
3008 return MP_OKAY;
3010 } /* end s_mp_mul_2d() */
3012 /* }}} */
3014 /* {{{ s_mp_div_2d(mp, d) */
3017 Divide the integer by 2^d, where d is a number of bits. This
3018 amounts to a bitwise shift of the value, and does not require the
3019 full division code (used in Barrett reduction, see below)
3021 void s_mp_div_2d(mp_int *mp, mp_digit d)
3023 int ix;
3024 mp_digit save, next, mask, *dp = DIGITS(mp);
3026 s_mp_rshd(mp, d / DIGIT_BIT);
3027 d %= DIGIT_BIT;
3029 mask = (1 << d) - 1;
3031 save = 0;
3032 for(ix = USED(mp) - 1; ix >= 0; ix--) {
3033 next = dp[ix] & mask;
3034 dp[ix] = (dp[ix] >> d) | (save << (DIGIT_BIT - d));
3035 save = next;
3038 s_mp_clamp(mp);
3040 } /* end s_mp_div_2d() */
3042 /* }}} */
3044 /* {{{ s_mp_norm(a, b) */
3047 s_mp_norm(a, b)
3049 Normalize a and b for division, where b is the divisor. In order
3050 that we might make good guesses for quotient digits, we want the
3051 leading digit of b to be at least half the radix, which we
3052 accomplish by multiplying a and b by a constant. This constant is
3053 returned (so that it can be divided back out of the remainder at the
3054 end of the division process).
3056 We multiply by the smallest power of 2 that gives us a leading digit
3057 at least half the radix. By choosing a power of 2, we simplify the
3058 multiplication and division steps to simple shifts.
3060 mp_digit s_mp_norm(mp_int *a, mp_int *b)
3062 mp_digit t, d = 0;
3064 t = DIGIT(b, USED(b) - 1);
3065 while(t < (RADIX / 2)) {
3066 t <<= 1;
3067 ++d;
3070 if(d != 0) {
3071 s_mp_mul_2d(a, d);
3072 s_mp_mul_2d(b, d);
3075 return d;
3077 } /* end s_mp_norm() */
3079 /* }}} */
3081 /* }}} */
3083 /* {{{ Primitive digit arithmetic */
3085 /* {{{ s_mp_add_d(mp, d) */
3087 /* Add d to |mp| in place */
3088 mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */
3090 mp_word w, k = 0;
3091 mp_size ix = 1, used = USED(mp);
3092 mp_digit *dp = DIGITS(mp);
3094 w = dp[0] + d;
3095 dp[0] = ACCUM(w);
3096 k = CARRYOUT(w);
3098 while(ix < used && k) {
3099 w = dp[ix] + k;
3100 dp[ix] = ACCUM(w);
3101 k = CARRYOUT(w);
3102 ++ix;
3105 if(k != 0) {
3106 mp_err res;
3108 if((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY)
3109 return res;
3111 DIGIT(mp, ix) = k;
3114 return MP_OKAY;
3116 } /* end s_mp_add_d() */
3118 /* }}} */
3120 /* {{{ s_mp_sub_d(mp, d) */
3122 /* Subtract d from |mp| in place, assumes |mp| > d */
3123 mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */
3125 mp_word w, b = 0;
3126 mp_size ix = 1, used = USED(mp);
3127 mp_digit *dp = DIGITS(mp);
3129 /* Compute initial subtraction */
3130 w = (RADIX + dp[0]) - d;
3131 b = CARRYOUT(w) ? 0 : 1;
3132 dp[0] = ACCUM(w);
3134 /* Propagate borrows leftward */
3135 while(b && ix < used) {
3136 w = (RADIX + dp[ix]) - b;
3137 b = CARRYOUT(w) ? 0 : 1;
3138 dp[ix] = ACCUM(w);
3139 ++ix;
3142 /* Remove leading zeroes */
3143 s_mp_clamp(mp);
3145 /* If we have a borrow out, it's a violation of the input invariant */
3146 if(b)
3147 return MP_RANGE;
3148 else
3149 return MP_OKAY;
3151 } /* end s_mp_sub_d() */
3153 /* }}} */
3155 /* {{{ s_mp_mul_d(a, d) */
3157 /* Compute a = a * d, single digit multiplication */
3158 mp_err s_mp_mul_d(mp_int *a, mp_digit d)
3160 mp_word w, k = 0;
3161 mp_size ix, max;
3162 mp_err res;
3163 mp_digit *dp = DIGITS(a);
3166 Single-digit multiplication will increase the precision of the
3167 output by at most one digit. However, we can detect when this
3168 will happen -- if the high-order digit of a, times d, gives a
3169 two-digit result, then the precision of the result will increase;
3170 otherwise it won't. We use this fact to avoid calling s_mp_pad()
3171 unless absolutely necessary.
3173 max = USED(a);
3174 w = dp[max - 1] * d;
3175 if(CARRYOUT(w) != 0) {
3176 if((res = s_mp_pad(a, max + 1)) != MP_OKAY)
3177 return res;
3178 dp = DIGITS(a);
3181 for(ix = 0; ix < max; ix++) {
3182 w = (dp[ix] * d) + k;
3183 dp[ix] = ACCUM(w);
3184 k = CARRYOUT(w);
3187 /* If there is a precision increase, take care of it here; the above
3188 test guarantees we have enough storage to do this safely.
3190 if(k) {
3191 dp[max] = k;
3192 USED(a) = max + 1;
3195 s_mp_clamp(a);
3197 return MP_OKAY;
3199 } /* end s_mp_mul_d() */
3201 /* }}} */
3203 /* {{{ s_mp_div_d(mp, d, r) */
3206 s_mp_div_d(mp, d, r)
3208 Compute the quotient mp = mp / d and remainder r = mp mod d, for a
3209 single digit d. If r is null, the remainder will be discarded.
3212 mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r)
3214 mp_word w = 0, t;
3215 mp_int quot;
3216 mp_err res;
3217 mp_digit *dp = DIGITS(mp), *qp;
3218 int ix;
3220 if(d == 0)
3221 return MP_RANGE;
3223 /* Make room for the quotient */
3224 if((res = mp_init_size(&quot, USED(mp))) != MP_OKAY)
3225 return res;
3227 USED(&quot) = USED(mp); /* so clamping will work below */
3228 qp = DIGITS(&quot);
3230 /* Divide without subtraction */
3231 for(ix = USED(mp) - 1; ix >= 0; ix--) {
3232 w = (w << DIGIT_BIT) | dp[ix];
3234 if(w >= d) {
3235 t = w / d;
3236 w = w % d;
3237 } else {
3238 t = 0;
3241 qp[ix] = t;
3244 /* Deliver the remainder, if desired */
3245 if(r)
3246 *r = w;
3248 s_mp_clamp(&quot);
3249 mp_exch(&quot, mp);
3250 mp_clear(&quot);
3252 return MP_OKAY;
3254 } /* end s_mp_div_d() */
3256 /* }}} */
3258 /* }}} */
3260 /* {{{ Primitive full arithmetic */
3262 /* {{{ s_mp_add(a, b) */
3264 /* Compute a = |a| + |b| */
3265 mp_err s_mp_add(mp_int *a, mp_int *b) /* magnitude addition */
3267 mp_word w = 0;
3268 mp_digit *pa, *pb;
3269 mp_size ix, used = USED(b);
3270 mp_err res;
3272 /* Make sure a has enough precision for the output value */
3273 if((used > USED(a)) && (res = s_mp_pad(a, used)) != MP_OKAY)
3274 return res;
3277 Add up all digits up to the precision of b. If b had initially
3278 the same precision as a, or greater, we took care of it by the
3279 padding step above, so there is no problem. If b had initially
3280 less precision, we'll have to make sure the carry out is duly
3281 propagated upward among the higher-order digits of the sum.
3283 pa = DIGITS(a);
3284 pb = DIGITS(b);
3285 for(ix = 0; ix < used; ++ix) {
3286 w += *pa + *pb++;
3287 *pa++ = ACCUM(w);
3288 w = CARRYOUT(w);
3291 /* If we run out of 'b' digits before we're actually done, make
3292 sure the carries get propagated upward...
3294 used = USED(a);
3295 while(w && ix < used) {
3296 w += *pa;
3297 *pa++ = ACCUM(w);
3298 w = CARRYOUT(w);
3299 ++ix;
3302 /* If there's an overall carry out, increase precision and include
3303 it. We could have done this initially, but why touch the memory
3304 allocator unless we're sure we have to?
3306 if(w) {
3307 if((res = s_mp_pad(a, used + 1)) != MP_OKAY)
3308 return res;
3310 DIGIT(a, ix) = w; /* pa may not be valid after s_mp_pad() call */
3313 return MP_OKAY;
3315 } /* end s_mp_add() */
3317 /* }}} */
3319 /* {{{ s_mp_sub(a, b) */
3321 /* Compute a = |a| - |b|, assumes |a| >= |b| */
3322 mp_err s_mp_sub(mp_int *a, mp_int *b) /* magnitude subtract */
3324 mp_word w = 0;
3325 mp_digit *pa, *pb;
3326 mp_size ix, used = USED(b);
3329 Subtract and propagate borrow. Up to the precision of b, this
3330 accounts for the digits of b; after that, we just make sure the
3331 carries get to the right place. This saves having to pad b out to
3332 the precision of a just to make the loops work right...
3334 pa = DIGITS(a);
3335 pb = DIGITS(b);
3337 for(ix = 0; ix < used; ++ix) {
3338 w = (RADIX + *pa) - w - *pb++;
3339 *pa++ = ACCUM(w);
3340 w = CARRYOUT(w) ? 0 : 1;
3343 used = USED(a);
3344 while(ix < used) {
3345 w = RADIX + *pa - w;
3346 *pa++ = ACCUM(w);
3347 w = CARRYOUT(w) ? 0 : 1;
3348 ++ix;
3351 /* Clobber any leading zeroes we created */
3352 s_mp_clamp(a);
3355 If there was a borrow out, then |b| > |a| in violation
3356 of our input invariant. We've already done the work,
3357 but we'll at least complain about it...
3359 if(w)
3360 return MP_RANGE;
3361 else
3362 return MP_OKAY;
3364 } /* end s_mp_sub() */
3366 /* }}} */
3368 mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu)
3370 mp_int q;
3371 mp_err res;
3372 mp_size um = USED(m);
3374 if((res = mp_init_copy(&q, x)) != MP_OKAY)
3375 return res;
3377 s_mp_rshd(&q, um - 1); /* q1 = x / b^(k-1) */
3378 s_mp_mul(&q, mu); /* q2 = q1 * mu */
3379 s_mp_rshd(&q, um + 1); /* q3 = q2 / b^(k+1) */
3381 /* x = x mod b^(k+1), quick (no division) */
3382 s_mp_mod_2d(x, (mp_digit)(DIGIT_BIT * (um + 1)));
3384 /* q = q * m mod b^(k+1), quick (no division), uses the short multiplier */
3385 #ifndef SHRT_MUL
3386 s_mp_mul(&q, m);
3387 s_mp_mod_2d(&q, (mp_digit)(DIGIT_BIT * (um + 1)));
3388 #else
3389 s_mp_mul_dig(&q, m, um + 1);
3390 #endif
3392 /* x = x - q */
3393 if((res = mp_sub(x, &q, x)) != MP_OKAY)
3394 goto CLEANUP;
3396 /* If x < 0, add b^(k+1) to it */
3397 if(mp_cmp_z(x) < 0) {
3398 mp_set(&q, 1);
3399 if((res = s_mp_lshd(&q, um + 1)) != MP_OKAY)
3400 goto CLEANUP;
3401 if((res = mp_add(x, &q, x)) != MP_OKAY)
3402 goto CLEANUP;
3405 /* Back off if it's too big */
3406 while(mp_cmp(x, m) >= 0) {
3407 if((res = s_mp_sub(x, m)) != MP_OKAY)
3408 break;
3411 CLEANUP:
3412 mp_clear(&q);
3414 return res;
3416 } /* end s_mp_reduce() */
3420 /* {{{ s_mp_mul(a, b) */
3422 /* Compute a = |a| * |b| */
3423 mp_err s_mp_mul(mp_int *a, mp_int *b)
3425 mp_word w, k = 0;
3426 mp_int tmp;
3427 mp_err res;
3428 mp_size ix, jx, ua = USED(a), ub = USED(b);
3429 mp_digit *pa, *pb, *pt, *pbt;
3431 if((res = mp_init_size(&tmp, ua + ub)) != MP_OKAY)
3432 return res;
3434 /* This has the effect of left-padding with zeroes... */
3435 USED(&tmp) = ua + ub;
3437 /* We're going to need the base value each iteration */
3438 pbt = DIGITS(&tmp);
3440 /* Outer loop: Digits of b */
3442 pb = DIGITS(b);
3443 for(ix = 0; ix < ub; ++ix, ++pb) {
3444 if(*pb == 0)
3445 continue;
3447 /* Inner product: Digits of a */
3448 pa = DIGITS(a);
3449 for(jx = 0; jx < ua; ++jx, ++pa) {
3450 pt = pbt + ix + jx;
3451 w = *pb * *pa + k + *pt;
3452 *pt = ACCUM(w);
3453 k = CARRYOUT(w);
3456 pbt[ix + jx] = k;
3457 k = 0;
3460 s_mp_clamp(&tmp);
3461 s_mp_exch(&tmp, a);
3463 mp_clear(&tmp);
3465 return MP_OKAY;
3467 } /* end s_mp_mul() */
3469 /* }}} */
3471 /* {{{ s_mp_kmul(a, b, out, len) */
3473 #if 0
3474 void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len)
3476 mp_word w, k = 0;
3477 mp_size ix, jx;
3478 mp_digit *pa, *pt;
3480 for(ix = 0; ix < len; ++ix, ++b) {
3481 if(*b == 0)
3482 continue;
3484 pa = a;
3485 for(jx = 0; jx < len; ++jx, ++pa) {
3486 pt = out + ix + jx;
3487 w = *b * *pa + k + *pt;
3488 *pt = ACCUM(w);
3489 k = CARRYOUT(w);
3492 out[ix + jx] = k;
3493 k = 0;
3496 } /* end s_mp_kmul() */
3497 #endif
3499 /* }}} */
3501 /* {{{ s_mp_sqr(a) */
3504 Computes the square of a, in place. This can be done more
3505 efficiently than a general multiplication, because many of the
3506 computation steps are redundant when squaring. The inner product
3507 step is a bit more complicated, but we save a fair number of
3508 iterations of the multiplication loop.
3510 #if MP_SQUARE
3511 mp_err s_mp_sqr(mp_int *a)
3513 mp_word w, k = 0;
3514 mp_int tmp;
3515 mp_err res;
3516 mp_size ix, jx, kx, used = USED(a);
3517 mp_digit *pa1, *pa2, *pt, *pbt;
3519 if((res = mp_init_size(&tmp, 2 * used)) != MP_OKAY)
3520 return res;
3522 /* Left-pad with zeroes */
3523 USED(&tmp) = 2 * used;
3525 /* We need the base value each time through the loop */
3526 pbt = DIGITS(&tmp);
3528 pa1 = DIGITS(a);
3529 for(ix = 0; ix < used; ++ix, ++pa1) {
3530 if(*pa1 == 0)
3531 continue;
3533 w = DIGIT(&tmp, ix + ix) + (*pa1 * *pa1);
3535 pbt[ix + ix] = ACCUM(w);
3536 k = CARRYOUT(w);
3539 The inner product is computed as:
3541 (C, S) = t[i,j] + 2 a[i] a[j] + C
3543 This can overflow what can be represented in an mp_word, and
3544 since C arithmetic does not provide any way to check for
3545 overflow, we have to check explicitly for overflow conditions
3546 before they happen.
3548 for(jx = ix + 1, pa2 = DIGITS(a) + jx; jx < used; ++jx, ++pa2) {
3549 mp_word u = 0, v;
3551 /* Store this in a temporary to avoid indirections later */
3552 pt = pbt + ix + jx;
3554 /* Compute the multiplicative step */
3555 w = *pa1 * *pa2;
3557 /* If w is more than half MP_WORD_MAX, the doubling will
3558 overflow, and we need to record a carry out into the next
3559 word */
3560 u = (w >> (MP_WORD_BIT - 1)) & 1;
3562 /* Double what we've got, overflow will be ignored as defined
3563 for C arithmetic (we've already noted if it is to occur)
3565 w *= 2;
3567 /* Compute the additive step */
3568 v = *pt + k;
3570 /* If we do not already have an overflow carry, check to see
3571 if the addition will cause one, and set the carry out if so
3573 u |= ((MP_WORD_MAX - v) < w);
3575 /* Add in the rest, again ignoring overflow */
3576 w += v;
3578 /* Set the i,j digit of the output */
3579 *pt = ACCUM(w);
3581 /* Save carry information for the next iteration of the loop.
3582 This is why k must be an mp_word, instead of an mp_digit */
3583 k = CARRYOUT(w) | (u << DIGIT_BIT);
3585 } /* for(jx ...) */
3587 /* Set the last digit in the cycle and reset the carry */
3588 k = DIGIT(&tmp, ix + jx) + k;
3589 pbt[ix + jx] = ACCUM(k);
3590 k = CARRYOUT(k);
3592 /* If we are carrying out, propagate the carry to the next digit
3593 in the output. This may cascade, so we have to be somewhat
3594 circumspect -- but we will have enough precision in the output
3595 that we won't overflow
3597 kx = 1;
3598 while(k) {
3599 k = pbt[ix + jx + kx] + 1;
3600 pbt[ix + jx + kx] = ACCUM(k);
3601 k = CARRYOUT(k);
3602 ++kx;
3604 } /* for(ix ...) */
3606 s_mp_clamp(&tmp);
3607 s_mp_exch(&tmp, a);
3609 mp_clear(&tmp);
3611 return MP_OKAY;
3613 } /* end s_mp_sqr() */
3614 #endif
3616 /* }}} */
3618 /* {{{ s_mp_div(a, b) */
3621 s_mp_div(a, b)
3623 Compute a = a / b and b = a mod b. Assumes b > a.
3626 mp_err s_mp_div(mp_int *a, mp_int *b)
3628 mp_int quot, rem, t;
3629 mp_word q;
3630 mp_err res;
3631 mp_digit d;
3632 int ix;
3634 if(mp_cmp_z(b) == 0)
3635 return MP_RANGE;
3637 /* Shortcut if b is power of two */
3638 if((ix = s_mp_ispow2(b)) >= 0) {
3639 mp_copy(a, b); /* need this for remainder */
3640 s_mp_div_2d(a, (mp_digit)ix);
3641 s_mp_mod_2d(b, (mp_digit)ix);
3643 return MP_OKAY;
3646 /* Allocate space to store the quotient */
3647 if((res = mp_init_size(&quot, USED(a))) != MP_OKAY)
3648 return res;
3650 /* A working temporary for division */
3651 if((res = mp_init_size(&t, USED(a))) != MP_OKAY)
3652 goto T;
3654 /* Allocate space for the remainder */
3655 if((res = mp_init_size(&rem, USED(a))) != MP_OKAY)
3656 goto REM;
3658 /* Normalize to optimize guessing */
3659 d = s_mp_norm(a, b);
3661 /* Perform the division itself...woo! */
3662 ix = USED(a) - 1;
3664 while(ix >= 0) {
3665 /* Find a partial substring of a which is at least b */
3666 while(s_mp_cmp(&rem, b) < 0 && ix >= 0) {
3667 if((res = s_mp_lshd(&rem, 1)) != MP_OKAY)
3668 goto CLEANUP;
3670 if((res = s_mp_lshd(&quot, 1)) != MP_OKAY)
3671 goto CLEANUP;
3673 DIGIT(&rem, 0) = DIGIT(a, ix);
3674 s_mp_clamp(&rem);
3675 --ix;
3678 /* If we didn't find one, we're finished dividing */
3679 if(s_mp_cmp(&rem, b) < 0)
3680 break;
3682 /* Compute a guess for the next quotient digit */
3683 q = DIGIT(&rem, USED(&rem) - 1);
3684 if(q <= DIGIT(b, USED(b) - 1) && USED(&rem) > 1)
3685 q = (q << DIGIT_BIT) | DIGIT(&rem, USED(&rem) - 2);
3687 q /= DIGIT(b, USED(b) - 1);
3689 /* The guess can be as much as RADIX + 1 */
3690 if(q >= RADIX)
3691 q = RADIX - 1;
3693 /* See what that multiplies out to */
3694 mp_copy(b, &t);
3695 if((res = s_mp_mul_d(&t, q)) != MP_OKAY)
3696 goto CLEANUP;
3699 If it's too big, back it off. We should not have to do this
3700 more than once, or, in rare cases, twice. Knuth describes a
3701 method by which this could be reduced to a maximum of once, but
3702 I didn't implement that here.
3704 while(s_mp_cmp(&t, &rem) > 0) {
3705 --q;
3706 s_mp_sub(&t, b);
3709 /* At this point, q should be the right next digit */
3710 if((res = s_mp_sub(&rem, &t)) != MP_OKAY)
3711 goto CLEANUP;
3714 Include the digit in the quotient. We allocated enough memory
3715 for any quotient we could ever possibly get, so we should not
3716 have to check for failures here
3718 DIGIT(&quot, 0) = q;
3721 /* Denormalize remainder */
3722 if(d != 0)
3723 s_mp_div_2d(&rem, d);
3725 s_mp_clamp(&quot);
3726 s_mp_clamp(&rem);
3728 /* Copy quotient back to output */
3729 s_mp_exch(&quot, a);
3731 /* Copy remainder back to output */
3732 s_mp_exch(&rem, b);
3734 CLEANUP:
3735 mp_clear(&rem);
3736 REM:
3737 mp_clear(&t);
3739 mp_clear(&quot);
3741 return res;
3743 } /* end s_mp_div() */
3745 /* }}} */
3747 /* {{{ s_mp_2expt(a, k) */
3749 mp_err s_mp_2expt(mp_int *a, mp_digit k)
3751 mp_err res;
3752 mp_size dig, bit;
3754 dig = k / DIGIT_BIT;
3755 bit = k % DIGIT_BIT;
3757 mp_zero(a);
3758 if((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
3759 return res;
3761 DIGIT(a, dig) |= (1 << bit);
3763 return MP_OKAY;
3765 } /* end s_mp_2expt() */
3767 /* }}} */
3770 /* }}} */
3772 /* }}} */
3774 /* {{{ Primitive comparisons */
3776 /* {{{ s_mp_cmp(a, b) */
3778 /* Compare |a| <=> |b|, return 0 if equal, <0 if a<b, >0 if a>b */
3779 int s_mp_cmp(mp_int *a, mp_int *b)
3781 mp_size ua = USED(a), ub = USED(b);
3783 if(ua > ub)
3784 return MP_GT;
3785 else if(ua < ub)
3786 return MP_LT;
3787 else {
3788 int ix = ua - 1;
3789 mp_digit *ap = DIGITS(a) + ix, *bp = DIGITS(b) + ix;
3791 while(ix >= 0) {
3792 if(*ap > *bp)
3793 return MP_GT;
3794 else if(*ap < *bp)
3795 return MP_LT;
3797 --ap; --bp; --ix;
3800 return MP_EQ;
3803 } /* end s_mp_cmp() */
3805 /* }}} */
3807 /* {{{ s_mp_cmp_d(a, d) */
3809 /* Compare |a| <=> d, return 0 if equal, <0 if a<d, >0 if a>d */
3810 int s_mp_cmp_d(mp_int *a, mp_digit d)
3812 mp_size ua = USED(a);
3813 mp_digit *ap = DIGITS(a);
3815 if(ua > 1)
3816 return MP_GT;
3818 if(*ap < d)
3819 return MP_LT;
3820 else if(*ap > d)
3821 return MP_GT;
3822 else
3823 return MP_EQ;
3825 } /* end s_mp_cmp_d() */
3827 /* }}} */
3829 /* {{{ s_mp_ispow2(v) */
3832 Returns -1 if the value is not a power of two; otherwise, it returns
3833 k such that v = 2^k, i.e. lg(v).
3835 int s_mp_ispow2(mp_int *v)
3837 mp_digit d, *dp;
3838 mp_size uv = USED(v);
3839 int extra = 0, ix;
3841 d = DIGIT(v, uv - 1); /* most significant digit of v */
3843 while(d && ((d & 1) == 0)) {
3844 d >>= 1;
3845 ++extra;
3848 if(d == 1) {
3849 ix = uv - 2;
3850 dp = DIGITS(v) + ix;
3852 while(ix >= 0) {
3853 if(*dp)
3854 return -1; /* not a power of two */
3856 --dp; --ix;
3859 return ((uv - 1) * DIGIT_BIT) + extra;
3862 return -1;
3864 } /* end s_mp_ispow2() */
3866 /* }}} */
3868 /* {{{ s_mp_ispow2d(d) */
3870 int s_mp_ispow2d(mp_digit d)
3872 int pow = 0;
3874 while((d & 1) == 0) {
3875 ++pow; d >>= 1;
3878 if(d == 1)
3879 return pow;
3881 return -1;
3883 } /* end s_mp_ispow2d() */
3885 /* }}} */
3887 /* }}} */
3889 /* {{{ Primitive I/O helpers */
3891 /* {{{ s_mp_tovalue(ch, r) */
3894 Convert the given character to its digit value, in the given radix.
3895 If the given character is not understood in the given radix, -1 is
3896 returned. Otherwise the digit's numeric value is returned.
3898 The results will be odd if you use a radix < 2 or > 62, you are
3899 expected to know what you're up to.
3901 int s_mp_tovalue(char ch, int r)
3903 int val, xch;
3905 if(r > 36)
3906 xch = ch;
3907 else
3908 xch = toupper(ch);
3910 if(isdigit(xch))
3911 val = xch - '0';
3912 else if(isupper(xch))
3913 val = xch - 'A' + 10;
3914 else if(islower(xch))
3915 val = xch - 'a' + 36;
3916 else if(xch == '+')
3917 val = 62;
3918 else if(xch == '/')
3919 val = 63;
3920 else
3921 return -1;
3923 if(val < 0 || val >= r)
3924 return -1;
3926 return val;
3928 } /* end s_mp_tovalue() */
3930 /* }}} */
3932 /* {{{ s_mp_todigit(val, r, low) */
3935 Convert val to a radix-r digit, if possible. If val is out of range
3936 for r, returns zero. Otherwise, returns an ASCII character denoting
3937 the value in the given radix.
3939 The results may be odd if you use a radix < 2 or > 64, you are
3940 expected to know what you're doing.
3943 char s_mp_todigit(int val, int r, int low)
3945 char ch;
3947 if(val < 0 || val >= r)
3948 return 0;
3950 ch = s_dmap_1[val];
3952 if(r <= 36 && low)
3953 ch = tolower(ch);
3955 return ch;
3957 } /* end s_mp_todigit() */
3959 /* }}} */
3961 /* {{{ s_mp_outlen(bits, radix) */
3964 Return an estimate for how long a string is needed to hold a radix
3965 r representation of a number with 'bits' significant bits.
3967 Does not include space for a sign or a NUL terminator.
3969 int s_mp_outlen(int bits, int r)
3971 return (int)((double)bits * LOG_V_2(r));
3973 } /* end s_mp_outlen() */
3975 /* }}} */
3977 /* }}} */
3979 /*------------------------------------------------------------------------*/
3980 /* HERE THERE BE DRAGONS */
3981 /* crc==4242132123, version==2, Sat Feb 02 06:43:52 2002 */
3983 /* $Source: /cvs/libtom/libtommath/mtest/mpi.c,v $ */
3984 /* $Revision: 1.2 $ */
3985 /* $Date: 2005/05/05 14:38:47 $ */