4 by Michael J. Fromberger <sting@linguist.dartmouth.edu>
5 Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved
7 Arbitrary precision integer arithmetic library
9 $Id: mpi.c,v 1.2 2005/05/05 14:38:47 tom Exp $
20 #define DIAG(T,V) {fprintf(stderr,T);mp_print(V,stderr);fputc('\n',stderr);}
26 If MP_LOGTAB is not defined, use the math library to compute the
27 logarithms on the fly. Otherwise, use the static table below.
28 Pick which works best for your system.
32 /* {{{ s_logv_2[] - log table for 2 in various bases */
35 A table of the logs of 2 for various bases (the 0 and 1 entries of
36 this table are meaningless and should not be referenced).
38 This table is used to compute output lengths for the mp_toradix()
39 function. Since a number n in radix r takes up about log_r(n)
40 digits, we estimate the output size by taking the least integer
41 greater than log_r(n), where:
43 log_r(n) = log_2(n) * log_r(2)
45 This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
46 which are the output bases supported.
52 #define LOG_V_2(R) s_logv_2[(R)]
57 #define LOG_V_2(R) (log(2.0)/log(R))
61 /* Default precision for newly created mp_int's */
62 static unsigned int s_mp_defprec
= MP_DEFPREC
;
64 /* {{{ Digit arithmetic macros */
67 When adding and multiplying digits, the results can be larger than
68 can be contained in an mp_digit. Thus, an mp_word is used. These
69 macros mask off the upper and lower digits of the mp_word (the
70 mp_word may be more than 2 mp_digits wide, but we only concern
71 ourselves with the low-order 2 mp_digits)
73 If your mp_word DOES have more than 2 mp_digits, you need to
74 uncomment the first line, and comment out the second.
77 /* #define CARRYOUT(W) (((W)>>DIGIT_BIT)&MP_DIGIT_MAX) */
78 #define CARRYOUT(W) ((W)>>DIGIT_BIT)
79 #define ACCUM(W) ((W)&MP_DIGIT_MAX)
83 /* {{{ Comparison constants */
91 /* {{{ Constant strings */
93 /* Constant strings returned by mp_strerror() */
94 static const char *mp_err_string
[] = {
95 "unknown result code", /* say what? */
96 "boolean true", /* MP_OKAY, MP_YES */
97 "boolean false", /* MP_NO */
98 "out of memory", /* MP_MEM */
99 "argument out of range", /* MP_RANGE */
100 "invalid input parameter", /* MP_BADARG */
101 "result is undefined" /* MP_UNDEF */
104 /* Value to digit maps for radix conversion */
106 /* s_dmap_1 - standard digits and letters */
107 static const char *s_dmap_1
=
108 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
111 /* s_dmap_2 - base64 ordering for digits */
112 static const char *s_dmap_2
=
113 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
118 /* {{{ Static function declarations */
121 If MP_MACRO is false, these will be defined as actual functions;
122 otherwise, suitable macro definitions will be used. This works
123 around the fact that ANSI C89 doesn't support an 'inline' keyword
124 (although I hear C9x will ... about bloody time). At present, the
125 macro definitions are identical to the function bodies, but they'll
126 expand in place, instead of generating a function call.
128 I chose these particular functions to be made into macros because
129 some profiling showed they are called a lot on a typical workload,
130 and yet they are primarily housekeeping.
133 void s_mp_setz(mp_digit
*dp
, mp_size count
); /* zero digits */
134 void s_mp_copy(mp_digit
*sp
, mp_digit
*dp
, mp_size count
); /* copy */
135 void *s_mp_alloc(size_t nb
, size_t ni
); /* general allocator */
136 void s_mp_free(void *ptr
); /* general free function */
139 /* Even if these are defined as macros, we need to respect the settings
140 of the MP_MEMSET and MP_MEMCPY configuration options...
143 #define s_mp_setz(dp, count) \
144 {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=0;}
146 #define s_mp_setz(dp, count) memset(dp, 0, (count) * sizeof(mp_digit))
147 #endif /* MP_MEMSET */
150 #define s_mp_copy(sp, dp, count) \
151 {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=(sp)[ix];}
153 #define s_mp_copy(sp, dp, count) memcpy(dp, sp, (count) * sizeof(mp_digit))
154 #endif /* MP_MEMCPY */
156 #define s_mp_alloc(nb, ni) calloc(nb, ni)
157 #define s_mp_free(ptr) {if(ptr) free(ptr);}
158 #endif /* MP_MACRO */
160 mp_err
s_mp_grow(mp_int
*mp
, mp_size min
); /* increase allocated size */
161 mp_err
s_mp_pad(mp_int
*mp
, mp_size min
); /* left pad with zeroes */
163 void s_mp_clamp(mp_int
*mp
); /* clip leading zeroes */
165 void s_mp_exch(mp_int
*a
, mp_int
*b
); /* swap a and b in place */
167 mp_err
s_mp_lshd(mp_int
*mp
, mp_size p
); /* left-shift by p digits */
168 void s_mp_rshd(mp_int
*mp
, mp_size p
); /* right-shift by p digits */
169 void s_mp_div_2d(mp_int
*mp
, mp_digit d
); /* divide by 2^d in place */
170 void s_mp_mod_2d(mp_int
*mp
, mp_digit d
); /* modulo 2^d in place */
171 mp_err
s_mp_mul_2d(mp_int
*mp
, mp_digit d
); /* multiply by 2^d in place*/
172 void s_mp_div_2(mp_int
*mp
); /* divide by 2 in place */
173 mp_err
s_mp_mul_2(mp_int
*mp
); /* multiply by 2 in place */
174 mp_digit
s_mp_norm(mp_int
*a
, mp_int
*b
); /* normalize for division */
175 mp_err
s_mp_add_d(mp_int
*mp
, mp_digit d
); /* unsigned digit addition */
176 mp_err
s_mp_sub_d(mp_int
*mp
, mp_digit d
); /* unsigned digit subtract */
177 mp_err
s_mp_mul_d(mp_int
*mp
, mp_digit d
); /* unsigned digit multiply */
178 mp_err
s_mp_div_d(mp_int
*mp
, mp_digit d
, mp_digit
*r
);
179 /* unsigned digit divide */
180 mp_err
s_mp_reduce(mp_int
*x
, mp_int
*m
, mp_int
*mu
);
181 /* Barrett reduction */
182 mp_err
s_mp_add(mp_int
*a
, mp_int
*b
); /* magnitude addition */
183 mp_err
s_mp_sub(mp_int
*a
, mp_int
*b
); /* magnitude subtract */
184 mp_err
s_mp_mul(mp_int
*a
, mp_int
*b
); /* magnitude multiply */
186 void s_mp_kmul(mp_digit
*a
, mp_digit
*b
, mp_digit
*out
, mp_size len
);
187 /* multiply buffers in place */
190 mp_err
s_mp_sqr(mp_int
*a
); /* magnitude square */
192 #define s_mp_sqr(a) s_mp_mul(a, a)
194 mp_err
s_mp_div(mp_int
*a
, mp_int
*b
); /* magnitude divide */
195 mp_err
s_mp_2expt(mp_int
*a
, mp_digit k
); /* a = 2^k */
196 int s_mp_cmp(mp_int
*a
, mp_int
*b
); /* magnitude comparison */
197 int s_mp_cmp_d(mp_int
*a
, mp_digit d
); /* magnitude digit compare */
198 int s_mp_ispow2(mp_int
*v
); /* is v a power of 2? */
199 int s_mp_ispow2d(mp_digit d
); /* is d a power of 2? */
201 int s_mp_tovalue(char ch
, int r
); /* convert ch to value */
202 char s_mp_todigit(int val
, int r
, int low
); /* convert val to digit */
203 int s_mp_outlen(int bits
, int r
); /* output length in bytes */
207 /* {{{ Default precision manipulation */
209 unsigned int mp_get_prec(void)
213 } /* end mp_get_prec() */
215 void mp_set_prec(unsigned int prec
)
218 s_mp_defprec
= MP_DEFPREC
;
222 } /* end mp_set_prec() */
226 /*------------------------------------------------------------------------*/
227 /* {{{ mp_init(mp) */
232 Initialize a new zero-valued mp_int. Returns MP_OKAY if successful,
233 MP_MEM if memory could not be allocated for the structure.
236 mp_err
mp_init(mp_int
*mp
)
238 return mp_init_size(mp
, s_mp_defprec
);
240 } /* end mp_init() */
244 /* {{{ mp_init_array(mp[], count) */
246 mp_err
mp_init_array(mp_int mp
[], int count
)
251 ARGCHK(mp
!=NULL
&& count
> 0, MP_BADARG
);
253 for(pos
= 0; pos
< count
; ++pos
) {
254 if((res
= mp_init(&mp
[pos
])) != MP_OKAY
)
266 } /* end mp_init_array() */
270 /* {{{ mp_init_size(mp, prec) */
273 mp_init_size(mp, prec)
275 Initialize a new zero-valued mp_int with at least the given
276 precision; returns MP_OKAY if successful, or MP_MEM if memory could
277 not be allocated for the structure.
280 mp_err
mp_init_size(mp_int
*mp
, mp_size prec
)
282 ARGCHK(mp
!= NULL
&& prec
> 0, MP_BADARG
);
284 if((DIGITS(mp
) = s_mp_alloc(prec
, sizeof(mp_digit
))) == NULL
)
293 } /* end mp_init_size() */
297 /* {{{ mp_init_copy(mp, from) */
300 mp_init_copy(mp, from)
302 Initialize mp as an exact copy of from. Returns MP_OKAY if
303 successful, MP_MEM if memory could not be allocated for the new
307 mp_err
mp_init_copy(mp_int
*mp
, mp_int
*from
)
309 ARGCHK(mp
!= NULL
&& from
!= NULL
, MP_BADARG
);
314 if((DIGITS(mp
) = s_mp_alloc(USED(from
), sizeof(mp_digit
))) == NULL
)
317 s_mp_copy(DIGITS(from
), DIGITS(mp
), USED(from
));
318 USED(mp
) = USED(from
);
319 ALLOC(mp
) = USED(from
);
320 SIGN(mp
) = SIGN(from
);
324 } /* end mp_init_copy() */
328 /* {{{ mp_copy(from, to) */
333 Copies the mp_int 'from' to the mp_int 'to'. It is presumed that
334 'to' has already been initialized (if not, use mp_init_copy()
335 instead). If 'from' and 'to' are identical, nothing happens.
338 mp_err
mp_copy(mp_int
*from
, mp_int
*to
)
340 ARGCHK(from
!= NULL
&& to
!= NULL
, MP_BADARG
);
349 If the allocated buffer in 'to' already has enough space to hold
350 all the used digits of 'from', we'll re-use it to avoid hitting
351 the memory allocater more than necessary; otherwise, we'd have
352 to grow anyway, so we just allocate a hunk and make the copy as
355 if(ALLOC(to
) >= USED(from
)) {
356 s_mp_setz(DIGITS(to
) + USED(from
), ALLOC(to
) - USED(from
));
357 s_mp_copy(DIGITS(from
), DIGITS(to
), USED(from
));
360 if((tmp
= s_mp_alloc(USED(from
), sizeof(mp_digit
))) == NULL
)
363 s_mp_copy(DIGITS(from
), tmp
, USED(from
));
365 if(DIGITS(to
) != NULL
) {
367 s_mp_setz(DIGITS(to
), ALLOC(to
));
369 s_mp_free(DIGITS(to
));
373 ALLOC(to
) = USED(from
);
376 /* Copy the precision and sign from the original */
377 USED(to
) = USED(from
);
378 SIGN(to
) = SIGN(from
);
383 } /* end mp_copy() */
387 /* {{{ mp_exch(mp1, mp2) */
392 Exchange mp1 and mp2 without allocating any intermediate memory
393 (well, unless you count the stack space needed for this call and the
394 locals it creates...). This cannot fail.
397 void mp_exch(mp_int
*mp1
, mp_int
*mp2
)
400 assert(mp1
!= NULL
&& mp2
!= NULL
);
402 if(mp1
== NULL
|| mp2
== NULL
)
408 } /* end mp_exch() */
412 /* {{{ mp_clear(mp) */
417 Release the storage used by an mp_int, and void its fields so that
418 if someone calls mp_clear() again for the same int later, we won't
422 void mp_clear(mp_int
*mp
)
427 if(DIGITS(mp
) != NULL
) {
429 s_mp_setz(DIGITS(mp
), ALLOC(mp
));
431 s_mp_free(DIGITS(mp
));
438 } /* end mp_clear() */
442 /* {{{ mp_clear_array(mp[], count) */
444 void mp_clear_array(mp_int mp
[], int count
)
446 ARGCHK(mp
!= NULL
&& count
> 0, MP_BADARG
);
449 mp_clear(&mp
[count
]);
451 } /* end mp_clear_array() */
455 /* {{{ mp_zero(mp) */
460 Set mp to zero. Does not change the allocated size of the structure,
461 and therefore cannot fail (except on a bad argument, which we ignore)
463 void mp_zero(mp_int
*mp
)
468 s_mp_setz(DIGITS(mp
), ALLOC(mp
));
472 } /* end mp_zero() */
476 /* {{{ mp_set(mp, d) */
478 void mp_set(mp_int
*mp
, mp_digit d
)
490 /* {{{ mp_set_int(mp, z) */
492 mp_err
mp_set_int(mp_int
*mp
, long z
)
495 unsigned long v
= abs(z
);
498 ARGCHK(mp
!= NULL
, MP_BADARG
);
502 return MP_OKAY
; /* shortcut for zero */
504 for(ix
= sizeof(long) - 1; ix
>= 0; ix
--) {
506 if((res
= s_mp_mul_2d(mp
, CHAR_BIT
)) != MP_OKAY
)
510 (mp_digit
)((v
>> (ix
* CHAR_BIT
)) & UCHAR_MAX
));
521 } /* end mp_set_int() */
525 /*------------------------------------------------------------------------*/
526 /* {{{ Digit arithmetic */
528 /* {{{ mp_add_d(a, d, b) */
533 Compute the sum b = a + d, for a single digit d. Respects the sign of
534 its primary addend (single digits are unsigned anyway).
537 mp_err
mp_add_d(mp_int
*a
, mp_digit d
, mp_int
*b
)
539 mp_err res
= MP_OKAY
;
541 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
543 if((res
= mp_copy(a
, b
)) != MP_OKAY
)
546 if(SIGN(b
) == MP_ZPOS
) {
547 res
= s_mp_add_d(b
, d
);
548 } else if(s_mp_cmp_d(b
, d
) >= 0) {
549 res
= s_mp_sub_d(b
, d
);
553 DIGIT(b
, 0) = d
- DIGIT(b
, 0);
558 } /* end mp_add_d() */
562 /* {{{ mp_sub_d(a, d, b) */
567 Compute the difference b = a - d, for a single digit d. Respects the
568 sign of its subtrahend (single digits are unsigned anyway).
571 mp_err
mp_sub_d(mp_int
*a
, mp_digit d
, mp_int
*b
)
575 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
577 if((res
= mp_copy(a
, b
)) != MP_OKAY
)
580 if(SIGN(b
) == MP_NEG
) {
581 if((res
= s_mp_add_d(b
, d
)) != MP_OKAY
)
584 } else if(s_mp_cmp_d(b
, d
) >= 0) {
585 if((res
= s_mp_sub_d(b
, d
)) != MP_OKAY
)
591 DIGIT(b
, 0) = d
- DIGIT(b
, 0);
595 if(s_mp_cmp_d(b
, 0) == 0)
600 } /* end mp_sub_d() */
604 /* {{{ mp_mul_d(a, d, b) */
609 Compute the product b = a * d, for a single digit d. Respects the sign
610 of its multiplicand (single digits are unsigned anyway)
613 mp_err
mp_mul_d(mp_int
*a
, mp_digit d
, mp_int
*b
)
617 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
624 if((res
= mp_copy(a
, b
)) != MP_OKAY
)
627 res
= s_mp_mul_d(b
, d
);
631 } /* end mp_mul_d() */
635 /* {{{ mp_mul_2(a, c) */
637 mp_err
mp_mul_2(mp_int
*a
, mp_int
*c
)
641 ARGCHK(a
!= NULL
&& c
!= NULL
, MP_BADARG
);
643 if((res
= mp_copy(a
, c
)) != MP_OKAY
)
646 return s_mp_mul_2(c
);
648 } /* end mp_mul_2() */
652 /* {{{ mp_div_d(a, d, q, r) */
657 Compute the quotient q = a / d and remainder r = a mod d, for a
658 single digit d. Respects the sign of its divisor (single digits are
662 mp_err
mp_div_d(mp_int
*a
, mp_digit d
, mp_int
*q
, mp_digit
*r
)
668 ARGCHK(a
!= NULL
, MP_BADARG
);
673 /* Shortcut for powers of two ... */
674 if((pow
= s_mp_ispow2d(d
)) >= 0) {
677 mask
= (1 << pow
) - 1;
678 rem
= DIGIT(a
, 0) & mask
;
692 If the quotient is actually going to be returned, we'll try to
693 avoid hitting the memory allocator by copying the dividend into it
694 and doing the division there. This can't be any _worse_ than
695 always copying, and will sometimes be better (since it won't make
698 If it's not going to be returned, we need to allocate a temporary
699 to hold the quotient, which will just be discarded.
702 if((res
= mp_copy(a
, q
)) != MP_OKAY
)
705 res
= s_mp_div_d(q
, d
, &rem
);
706 if(s_mp_cmp_d(q
, 0) == MP_EQ
)
712 if((res
= mp_init_copy(&qp
, a
)) != MP_OKAY
)
715 res
= s_mp_div_d(&qp
, d
, &rem
);
716 if(s_mp_cmp_d(&qp
, 0) == 0)
727 } /* end mp_div_d() */
731 /* {{{ mp_div_2(a, c) */
736 Compute c = a / 2, disregarding the remainder.
739 mp_err
mp_div_2(mp_int
*a
, mp_int
*c
)
743 ARGCHK(a
!= NULL
&& c
!= NULL
, MP_BADARG
);
745 if((res
= mp_copy(a
, c
)) != MP_OKAY
)
752 } /* end mp_div_2() */
756 /* {{{ mp_expt_d(a, d, b) */
758 mp_err
mp_expt_d(mp_int
*a
, mp_digit d
, mp_int
*c
)
763 ARGCHK(a
!= NULL
&& c
!= NULL
, MP_BADARG
);
765 if((res
= mp_init(&s
)) != MP_OKAY
)
767 if((res
= mp_init_copy(&x
, a
)) != MP_OKAY
)
774 if((res
= s_mp_mul(&s
, &x
)) != MP_OKAY
)
780 if((res
= s_mp_sqr(&x
)) != MP_OKAY
)
793 } /* end mp_expt_d() */
799 /*------------------------------------------------------------------------*/
800 /* {{{ Full arithmetic */
802 /* {{{ mp_abs(a, b) */
807 Compute b = |a|. 'a' and 'b' may be identical.
810 mp_err
mp_abs(mp_int
*a
, mp_int
*b
)
814 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
816 if((res
= mp_copy(a
, b
)) != MP_OKAY
)
827 /* {{{ mp_neg(a, b) */
832 Compute b = -a. 'a' and 'b' may be identical.
835 mp_err
mp_neg(mp_int
*a
, mp_int
*b
)
839 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
841 if((res
= mp_copy(a
, b
)) != MP_OKAY
)
844 if(s_mp_cmp_d(b
, 0) == MP_EQ
)
847 SIGN(b
) = (SIGN(b
) == MP_NEG
) ? MP_ZPOS
: MP_NEG
;
855 /* {{{ mp_add(a, b, c) */
860 Compute c = a + b. All parameters may be identical.
863 mp_err
mp_add(mp_int
*a
, mp_int
*b
, mp_int
*c
)
868 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
870 if(SIGN(a
) == SIGN(b
)) { /* same sign: add values, keep sign */
872 /* Commutativity of addition lets us do this in either order,
873 so we avoid having to use a temporary even if the result
874 is supposed to replace the output
877 if((res
= s_mp_add(c
, a
)) != MP_OKAY
)
880 if(c
!= a
&& (res
= mp_copy(a
, c
)) != MP_OKAY
)
883 if((res
= s_mp_add(c
, b
)) != MP_OKAY
)
887 } else if((cmp
= s_mp_cmp(a
, b
)) > 0) { /* different sign: a > b */
889 /* If the output is going to be clobbered, we will use a temporary
890 variable; otherwise, we'll do it without touching the memory
891 allocator at all, if possible
896 if((res
= mp_init_copy(&tmp
, a
)) != MP_OKAY
)
898 if((res
= s_mp_sub(&tmp
, b
)) != MP_OKAY
) {
908 if(c
!= a
&& (res
= mp_copy(a
, c
)) != MP_OKAY
)
910 if((res
= s_mp_sub(c
, b
)) != MP_OKAY
)
915 } else if(cmp
== 0) { /* different sign, a == b */
920 } else { /* different sign: a < b */
926 if((res
= mp_init_copy(&tmp
, b
)) != MP_OKAY
)
928 if((res
= s_mp_sub(&tmp
, a
)) != MP_OKAY
) {
938 if(c
!= b
&& (res
= mp_copy(b
, c
)) != MP_OKAY
)
940 if((res
= s_mp_sub(c
, a
)) != MP_OKAY
)
946 if(USED(c
) == 1 && DIGIT(c
, 0) == 0)
955 /* {{{ mp_sub(a, b, c) */
960 Compute c = a - b. All parameters may be identical.
963 mp_err
mp_sub(mp_int
*a
, mp_int
*b
, mp_int
*c
)
968 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
970 if(SIGN(a
) != SIGN(b
)) {
972 if((res
= s_mp_add(c
, b
)) != MP_OKAY
)
975 if(c
!= b
&& ((res
= mp_copy(b
, c
)) != MP_OKAY
))
977 if((res
= s_mp_add(c
, a
)) != MP_OKAY
)
982 } else if((cmp
= s_mp_cmp(a
, b
)) > 0) { /* Same sign, a > b */
986 if((res
= mp_init_copy(&tmp
, a
)) != MP_OKAY
)
988 if((res
= s_mp_sub(&tmp
, b
)) != MP_OKAY
) {
996 if(c
!= a
&& ((res
= mp_copy(a
, c
)) != MP_OKAY
))
999 if((res
= s_mp_sub(c
, b
)) != MP_OKAY
)
1003 } else if(cmp
== 0) { /* Same sign, equal magnitude */
1007 } else { /* Same sign, b > a */
1011 if((res
= mp_init_copy(&tmp
, b
)) != MP_OKAY
)
1014 if((res
= s_mp_sub(&tmp
, a
)) != MP_OKAY
) {
1022 if(c
!= b
&& ((res
= mp_copy(b
, c
)) != MP_OKAY
))
1025 if((res
= s_mp_sub(c
, a
)) != MP_OKAY
)
1032 if(USED(c
) == 1 && DIGIT(c
, 0) == 0)
1037 } /* end mp_sub() */
1041 /* {{{ mp_mul(a, b, c) */
1046 Compute c = a * b. All parameters may be identical.
1049 mp_err
mp_mul(mp_int
*a
, mp_int
*b
, mp_int
*c
)
1054 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
1056 sgn
= (SIGN(a
) == SIGN(b
)) ? MP_ZPOS
: MP_NEG
;
1059 if((res
= s_mp_mul(c
, a
)) != MP_OKAY
)
1063 if((res
= mp_copy(a
, c
)) != MP_OKAY
)
1066 if((res
= s_mp_mul(c
, b
)) != MP_OKAY
)
1070 if(sgn
== MP_ZPOS
|| s_mp_cmp_d(c
, 0) == MP_EQ
)
1077 } /* end mp_mul() */
1081 /* {{{ mp_mul_2d(a, d, c) */
1086 Compute c = a * 2^d. a may be the same as c.
1089 mp_err
mp_mul_2d(mp_int
*a
, mp_digit d
, mp_int
*c
)
1093 ARGCHK(a
!= NULL
&& c
!= NULL
, MP_BADARG
);
1095 if((res
= mp_copy(a
, c
)) != MP_OKAY
)
1101 return s_mp_mul_2d(c
, d
);
1103 } /* end mp_mul() */
1107 /* {{{ mp_sqr(a, b) */
1110 mp_err
mp_sqr(mp_int
*a
, mp_int
*b
)
1114 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
1116 if((res
= mp_copy(a
, b
)) != MP_OKAY
)
1119 if((res
= s_mp_sqr(b
)) != MP_OKAY
)
1126 } /* end mp_sqr() */
1131 /* {{{ mp_div(a, b, q, r) */
1136 Compute q = a / b and r = a mod b. Input parameters may be re-used
1137 as output parameters. If q or r is NULL, that portion of the
1138 computation will be discarded (although it will still be computed)
1140 Pay no attention to the hacker behind the curtain.
1143 mp_err
mp_div(mp_int
*a
, mp_int
*b
, mp_int
*q
, mp_int
*r
)
1149 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
1151 if(mp_cmp_z(b
) == MP_EQ
)
1154 /* If a <= b, we can compute the solution without division, and
1155 avoid any memory allocation
1157 if((cmp
= s_mp_cmp(a
, b
)) < 0) {
1159 if((res
= mp_copy(a
, r
)) != MP_OKAY
)
1168 } else if(cmp
== 0) {
1170 /* Set quotient to 1, with appropriate sign */
1172 int qneg
= (SIGN(a
) != SIGN(b
));
1185 /* If we get here, it means we actually have to do some division */
1187 /* Set up some temporaries... */
1188 if((res
= mp_init_copy(&qtmp
, a
)) != MP_OKAY
)
1190 if((res
= mp_init_copy(&rtmp
, b
)) != MP_OKAY
)
1193 if((res
= s_mp_div(&qtmp
, &rtmp
)) != MP_OKAY
)
1196 /* Compute the signs for the output */
1197 SIGN(&rtmp
) = SIGN(a
); /* Sr = Sa */
1198 if(SIGN(a
) == SIGN(b
))
1199 SIGN(&qtmp
) = MP_ZPOS
; /* Sq = MP_ZPOS if Sa = Sb */
1201 SIGN(&qtmp
) = MP_NEG
; /* Sq = MP_NEG if Sa != Sb */
1203 if(s_mp_cmp_d(&qtmp
, 0) == MP_EQ
)
1204 SIGN(&qtmp
) = MP_ZPOS
;
1205 if(s_mp_cmp_d(&rtmp
, 0) == MP_EQ
)
1206 SIGN(&rtmp
) = MP_ZPOS
;
1208 /* Copy output, if it is needed */
1210 s_mp_exch(&qtmp
, q
);
1213 s_mp_exch(&rtmp
, r
);
1221 } /* end mp_div() */
1225 /* {{{ mp_div_2d(a, d, q, r) */
1227 mp_err
mp_div_2d(mp_int
*a
, mp_digit d
, mp_int
*q
, mp_int
*r
)
1231 ARGCHK(a
!= NULL
, MP_BADARG
);
1234 if((res
= mp_copy(a
, q
)) != MP_OKAY
)
1241 if((res
= mp_copy(a
, r
)) != MP_OKAY
)
1249 } /* end mp_div_2d() */
1253 /* {{{ mp_expt(a, b, c) */
1258 Compute c = a ** b, that is, raise a to the b power. Uses a
1259 standard iterative square-and-multiply technique.
1262 mp_err
mp_expt(mp_int
*a
, mp_int
*b
, mp_int
*c
)
1269 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
1274 if((res
= mp_init(&s
)) != MP_OKAY
)
1279 if((res
= mp_init_copy(&x
, a
)) != MP_OKAY
)
1282 /* Loop over low-order digits in ascending order */
1283 for(dig
= 0; dig
< (USED(b
) - 1); dig
++) {
1286 /* Loop over bits of each non-maximal digit */
1287 for(bit
= 0; bit
< DIGIT_BIT
; bit
++) {
1289 if((res
= s_mp_mul(&s
, &x
)) != MP_OKAY
)
1295 if((res
= s_mp_sqr(&x
)) != MP_OKAY
)
1300 /* Consider now the last digit... */
1305 if((res
= s_mp_mul(&s
, &x
)) != MP_OKAY
)
1311 if((res
= s_mp_sqr(&x
)) != MP_OKAY
)
1318 res
= mp_copy(&s
, c
);
1327 } /* end mp_expt() */
1331 /* {{{ mp_2expt(a, k) */
1333 /* Compute a = 2^k */
1335 mp_err
mp_2expt(mp_int
*a
, mp_digit k
)
1337 ARGCHK(a
!= NULL
, MP_BADARG
);
1339 return s_mp_2expt(a
, k
);
1341 } /* end mp_2expt() */
1345 /* {{{ mp_mod(a, m, c) */
1350 Compute c = a (mod m). Result will always be 0 <= c < m.
1353 mp_err
mp_mod(mp_int
*a
, mp_int
*m
, mp_int
*c
)
1358 ARGCHK(a
!= NULL
&& m
!= NULL
&& c
!= NULL
, MP_BADARG
);
1360 if(SIGN(m
) == MP_NEG
)
1364 If |a| > m, we need to divide to get the remainder and take the
1367 If |a| < m, we don't need to do any division, just copy and adjust
1368 the sign (if a is negative).
1370 If |a| == m, we can simply set the result to zero.
1372 This order is intended to minimize the average path length of the
1373 comparison chain on common workloads -- the most frequent cases are
1374 that |a| != m, so we do those first.
1376 if((mag
= s_mp_cmp(a
, m
)) > 0) {
1377 if((res
= mp_div(a
, m
, NULL
, c
)) != MP_OKAY
)
1380 if(SIGN(c
) == MP_NEG
) {
1381 if((res
= mp_add(c
, m
, c
)) != MP_OKAY
)
1385 } else if(mag
< 0) {
1386 if((res
= mp_copy(a
, c
)) != MP_OKAY
)
1389 if(mp_cmp_z(a
) < 0) {
1390 if((res
= mp_add(c
, m
, c
)) != MP_OKAY
)
1402 } /* end mp_mod() */
1406 /* {{{ mp_mod_d(a, d, c) */
1411 Compute c = a (mod d). Result will always be 0 <= c < d
1413 mp_err
mp_mod_d(mp_int
*a
, mp_digit d
, mp_digit
*c
)
1418 ARGCHK(a
!= NULL
&& c
!= NULL
, MP_BADARG
);
1420 if(s_mp_cmp_d(a
, d
) > 0) {
1421 if((res
= mp_div_d(a
, d
, NULL
, &rem
)) != MP_OKAY
)
1425 if(SIGN(a
) == MP_NEG
)
1426 rem
= d
- DIGIT(a
, 0);
1436 } /* end mp_mod_d() */
1440 /* {{{ mp_sqrt(a, b) */
1445 Compute the integer square root of a, and store the result in b.
1446 Uses an integer-arithmetic version of Newton's iterative linear
1447 approximation technique to determine this value; the result has the
1448 following two properties:
1453 It is a range error to pass a negative value.
1455 mp_err
mp_sqrt(mp_int
*a
, mp_int
*b
)
1460 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_BADARG
);
1462 /* Cannot take square root of a negative value */
1463 if(SIGN(a
) == MP_NEG
)
1466 /* Special cases for zero and one, trivial */
1467 if(mp_cmp_d(a
, 0) == MP_EQ
|| mp_cmp_d(a
, 1) == MP_EQ
)
1468 return mp_copy(a
, b
);
1470 /* Initialize the temporaries we'll use below */
1471 if((res
= mp_init_size(&t
, USED(a
))) != MP_OKAY
)
1474 /* Compute an initial guess for the iteration as a itself */
1475 if((res
= mp_init_copy(&x
, a
)) != MP_OKAY
)
1478 s_mp_rshd(&x
, (USED(&x
)/2)+1);
1479 mp_add_d(&x
, 1, &x
);
1482 /* t = (x * x) - a */
1483 mp_copy(&x
, &t
); /* can't fail, t is big enough for original x */
1484 if((res
= mp_sqr(&t
, &t
)) != MP_OKAY
||
1485 (res
= mp_sub(&t
, a
, &t
)) != MP_OKAY
)
1490 if((res
= mp_div(&t
, &x
, &t
, NULL
)) != MP_OKAY
)
1494 /* Terminate the loop, if the quotient is zero */
1495 if(mp_cmp_z(&t
) == MP_EQ
)
1499 if((res
= mp_sub(&x
, &t
, &x
)) != MP_OKAY
)
1504 /* Copy result to output parameter */
1505 mp_sub_d(&x
, 1, &x
);
1515 } /* end mp_sqrt() */
1521 /*------------------------------------------------------------------------*/
1522 /* {{{ Modular arithmetic */
1525 /* {{{ mp_addmod(a, b, m, c) */
1528 mp_addmod(a, b, m, c)
1530 Compute c = (a + b) mod m
1533 mp_err
mp_addmod(mp_int
*a
, mp_int
*b
, mp_int
*m
, mp_int
*c
)
1537 ARGCHK(a
!= NULL
&& b
!= NULL
&& m
!= NULL
&& c
!= NULL
, MP_BADARG
);
1539 if((res
= mp_add(a
, b
, c
)) != MP_OKAY
)
1541 if((res
= mp_mod(c
, m
, c
)) != MP_OKAY
)
1550 /* {{{ mp_submod(a, b, m, c) */
1553 mp_submod(a, b, m, c)
1555 Compute c = (a - b) mod m
1558 mp_err
mp_submod(mp_int
*a
, mp_int
*b
, mp_int
*m
, mp_int
*c
)
1562 ARGCHK(a
!= NULL
&& b
!= NULL
&& m
!= NULL
&& c
!= NULL
, MP_BADARG
);
1564 if((res
= mp_sub(a
, b
, c
)) != MP_OKAY
)
1566 if((res
= mp_mod(c
, m
, c
)) != MP_OKAY
)
1575 /* {{{ mp_mulmod(a, b, m, c) */
1578 mp_mulmod(a, b, m, c)
1580 Compute c = (a * b) mod m
1583 mp_err
mp_mulmod(mp_int
*a
, mp_int
*b
, mp_int
*m
, mp_int
*c
)
1587 ARGCHK(a
!= NULL
&& b
!= NULL
&& m
!= NULL
&& c
!= NULL
, MP_BADARG
);
1589 if((res
= mp_mul(a
, b
, c
)) != MP_OKAY
)
1591 if((res
= mp_mod(c
, m
, c
)) != MP_OKAY
)
1600 /* {{{ mp_sqrmod(a, m, c) */
1603 mp_err
mp_sqrmod(mp_int
*a
, mp_int
*m
, mp_int
*c
)
1607 ARGCHK(a
!= NULL
&& m
!= NULL
&& c
!= NULL
, MP_BADARG
);
1609 if((res
= mp_sqr(a
, c
)) != MP_OKAY
)
1611 if((res
= mp_mod(c
, m
, c
)) != MP_OKAY
)
1616 } /* end mp_sqrmod() */
1621 /* {{{ mp_exptmod(a, b, m, c) */
1624 mp_exptmod(a, b, m, c)
1626 Compute c = (a ** b) mod m. Uses a standard square-and-multiply
1627 method with modular reductions at each step. (This is basically the
1628 same code as mp_expt(), except for the addition of the reductions)
1630 The modular reductions are done using Barrett's algorithm (see
1631 s_mp_reduce() below for details)
1634 mp_err
mp_exptmod(mp_int
*a
, mp_int
*b
, mp_int
*m
, mp_int
*c
)
1638 mp_digit d
, *db
= DIGITS(b
);
1639 mp_size ub
= USED(b
);
1642 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
1644 if(mp_cmp_z(b
) < 0 || mp_cmp_z(m
) <= 0)
1647 if((res
= mp_init(&s
)) != MP_OKAY
)
1649 if((res
= mp_init_copy(&x
, a
)) != MP_OKAY
)
1651 if((res
= mp_mod(&x
, m
, &x
)) != MP_OKAY
||
1652 (res
= mp_init(&mu
)) != MP_OKAY
)
1659 s_mp_lshd(&mu
, 2 * USED(m
));
1660 if((res
= mp_div(&mu
, m
, &mu
, NULL
)) != MP_OKAY
)
1663 /* Loop over digits of b in ascending order, except highest order */
1664 for(dig
= 0; dig
< (ub
- 1); dig
++) {
1667 /* Loop over the bits of the lower-order digits */
1668 for(bit
= 0; bit
< DIGIT_BIT
; bit
++) {
1670 if((res
= s_mp_mul(&s
, &x
)) != MP_OKAY
)
1672 if((res
= s_mp_reduce(&s
, m
, &mu
)) != MP_OKAY
)
1678 if((res
= s_mp_sqr(&x
)) != MP_OKAY
)
1680 if((res
= s_mp_reduce(&x
, m
, &mu
)) != MP_OKAY
)
1685 /* Now do the last digit... */
1690 if((res
= s_mp_mul(&s
, &x
)) != MP_OKAY
)
1692 if((res
= s_mp_reduce(&s
, m
, &mu
)) != MP_OKAY
)
1698 if((res
= s_mp_sqr(&x
)) != MP_OKAY
)
1700 if((res
= s_mp_reduce(&x
, m
, &mu
)) != MP_OKAY
)
1715 } /* end mp_exptmod() */
1719 /* {{{ mp_exptmod_d(a, d, m, c) */
1721 mp_err
mp_exptmod_d(mp_int
*a
, mp_digit d
, mp_int
*m
, mp_int
*c
)
1726 ARGCHK(a
!= NULL
&& c
!= NULL
, MP_BADARG
);
1728 if((res
= mp_init(&s
)) != MP_OKAY
)
1730 if((res
= mp_init_copy(&x
, a
)) != MP_OKAY
)
1737 if((res
= s_mp_mul(&s
, &x
)) != MP_OKAY
||
1738 (res
= mp_mod(&s
, m
, &s
)) != MP_OKAY
)
1744 if((res
= s_mp_sqr(&x
)) != MP_OKAY
||
1745 (res
= mp_mod(&x
, m
, &x
)) != MP_OKAY
)
1758 } /* end mp_exptmod_d() */
1761 #endif /* if MP_MODARITH */
1765 /*------------------------------------------------------------------------*/
1766 /* {{{ Comparison functions */
1768 /* {{{ mp_cmp_z(a) */
1773 Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0.
1776 int mp_cmp_z(mp_int
*a
)
1778 if(SIGN(a
) == MP_NEG
)
1780 else if(USED(a
) == 1 && DIGIT(a
, 0) == 0)
1785 } /* end mp_cmp_z() */
1789 /* {{{ mp_cmp_d(a, d) */
1794 Compare a <=> d. Returns <0 if a<d, 0 if a=d, >0 if a>d
1797 int mp_cmp_d(mp_int
*a
, mp_digit d
)
1799 ARGCHK(a
!= NULL
, MP_EQ
);
1801 if(SIGN(a
) == MP_NEG
)
1804 return s_mp_cmp_d(a
, d
);
1806 } /* end mp_cmp_d() */
1810 /* {{{ mp_cmp(a, b) */
1812 int mp_cmp(mp_int
*a
, mp_int
*b
)
1814 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_EQ
);
1816 if(SIGN(a
) == SIGN(b
)) {
1819 if((mag
= s_mp_cmp(a
, b
)) == MP_EQ
)
1822 if(SIGN(a
) == MP_ZPOS
)
1827 } else if(SIGN(a
) == MP_ZPOS
) {
1833 } /* end mp_cmp() */
1837 /* {{{ mp_cmp_mag(a, b) */
1842 Compares |a| <=> |b|, and returns an appropriate comparison result
1845 int mp_cmp_mag(mp_int
*a
, mp_int
*b
)
1847 ARGCHK(a
!= NULL
&& b
!= NULL
, MP_EQ
);
1849 return s_mp_cmp(a
, b
);
1851 } /* end mp_cmp_mag() */
1855 /* {{{ mp_cmp_int(a, z) */
1858 This just converts z to an mp_int, and uses the existing comparison
1859 routines. This is sort of inefficient, but it's not clear to me how
1860 frequently this wil get used anyway. For small positive constants,
1861 you can always use mp_cmp_d(), and for zero, there is mp_cmp_z().
1863 int mp_cmp_int(mp_int
*a
, long z
)
1868 ARGCHK(a
!= NULL
, MP_EQ
);
1870 mp_init(&tmp
); mp_set_int(&tmp
, z
);
1871 out
= mp_cmp(a
, &tmp
);
1876 } /* end mp_cmp_int() */
1880 /* {{{ mp_isodd(a) */
1885 Returns a true (non-zero) value if a is odd, false (zero) otherwise.
1887 int mp_isodd(mp_int
*a
)
1889 ARGCHK(a
!= NULL
, 0);
1891 return (DIGIT(a
, 0) & 1);
1893 } /* end mp_isodd() */
1897 /* {{{ mp_iseven(a) */
1899 int mp_iseven(mp_int
*a
)
1901 return !mp_isodd(a
);
1903 } /* end mp_iseven() */
1909 /*------------------------------------------------------------------------*/
1910 /* {{{ Number theoretic functions */
1913 /* {{{ mp_gcd(a, b, c) */
1916 Like the old mp_gcd() function, except computes the GCD using the
1917 binary algorithm due to Josef Stein in 1961 (via Knuth).
1919 mp_err
mp_gcd(mp_int
*a
, mp_int
*b
, mp_int
*c
)
1925 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
1927 if(mp_cmp_z(a
) == MP_EQ
&& mp_cmp_z(b
) == MP_EQ
)
1929 if(mp_cmp_z(a
) == MP_EQ
) {
1930 return mp_copy(b
, c
);
1931 } else if(mp_cmp_z(b
) == MP_EQ
) {
1932 return mp_copy(a
, c
);
1935 if((res
= mp_init(&t
)) != MP_OKAY
)
1937 if((res
= mp_init_copy(&u
, a
)) != MP_OKAY
)
1939 if((res
= mp_init_copy(&v
, b
)) != MP_OKAY
)
1945 /* Divide out common factors of 2 until at least 1 of a, b is even */
1946 while(mp_iseven(&u
) && mp_iseven(&v
)) {
1954 if((res
= mp_copy(&v
, &t
)) != MP_OKAY
)
1958 if(SIGN(&v
) == MP_ZPOS
)
1964 if((res
= mp_copy(&u
, &t
)) != MP_OKAY
)
1970 while(mp_iseven(&t
)) {
1974 if(mp_cmp_z(&t
) == MP_GT
) {
1975 if((res
= mp_copy(&t
, &u
)) != MP_OKAY
)
1979 if((res
= mp_copy(&t
, &v
)) != MP_OKAY
)
1983 if(SIGN(&t
) == MP_ZPOS
)
1989 if((res
= mp_sub(&u
, &v
, &t
)) != MP_OKAY
)
1992 if(s_mp_cmp_d(&t
, 0) == MP_EQ
)
1996 s_mp_2expt(&v
, k
); /* v = 2^k */
1997 res
= mp_mul(&u
, &v
, c
); /* c = u * v */
2008 } /* end mp_bgcd() */
2012 /* {{{ mp_lcm(a, b, c) */
2014 /* We compute the least common multiple using the rule:
2018 ... by computing the product, and dividing out the gcd.
2021 mp_err
mp_lcm(mp_int
*a
, mp_int
*b
, mp_int
*c
)
2026 ARGCHK(a
!= NULL
&& b
!= NULL
&& c
!= NULL
, MP_BADARG
);
2028 /* Set up temporaries */
2029 if((res
= mp_init(&gcd
)) != MP_OKAY
)
2031 if((res
= mp_init(&prod
)) != MP_OKAY
)
2034 if((res
= mp_mul(a
, b
, &prod
)) != MP_OKAY
)
2036 if((res
= mp_gcd(a
, b
, &gcd
)) != MP_OKAY
)
2039 res
= mp_div(&prod
, &gcd
, c
, NULL
);
2048 } /* end mp_lcm() */
2052 /* {{{ mp_xgcd(a, b, g, x, y) */
2055 mp_xgcd(a, b, g, x, y)
2057 Compute g = (a, b) and values x and y satisfying Bezout's identity
2058 (that is, ax + by = g). This uses the extended binary GCD algorithm
2059 based on the Stein algorithm used for mp_gcd()
2062 mp_err
mp_xgcd(mp_int
*a
, mp_int
*b
, mp_int
*g
, mp_int
*x
, mp_int
*y
)
2064 mp_int gx
, xc
, yc
, u
, v
, A
, B
, C
, D
;
2069 if(mp_cmp_z(b
) == 0)
2072 /* Initialize all these variables we need */
2073 if((res
= mp_init(&u
)) != MP_OKAY
) goto CLEANUP
;
2075 if((res
= mp_init(&v
)) != MP_OKAY
) goto CLEANUP
;
2077 if((res
= mp_init(&gx
)) != MP_OKAY
) goto CLEANUP
;
2078 clean
[++last
] = &gx
;
2079 if((res
= mp_init(&A
)) != MP_OKAY
) goto CLEANUP
;
2081 if((res
= mp_init(&B
)) != MP_OKAY
) goto CLEANUP
;
2083 if((res
= mp_init(&C
)) != MP_OKAY
) goto CLEANUP
;
2085 if((res
= mp_init(&D
)) != MP_OKAY
) goto CLEANUP
;
2087 if((res
= mp_init_copy(&xc
, a
)) != MP_OKAY
) goto CLEANUP
;
2088 clean
[++last
] = &xc
;
2090 if((res
= mp_init_copy(&yc
, b
)) != MP_OKAY
) goto CLEANUP
;
2091 clean
[++last
] = &yc
;
2096 /* Divide by two until at least one of them is even */
2097 while(mp_iseven(&xc
) && mp_iseven(&yc
)) {
2100 if((res
= s_mp_mul_2(&gx
)) != MP_OKAY
)
2106 mp_set(&A
, 1); mp_set(&D
, 1);
2108 /* Loop through binary GCD algorithm */
2110 while(mp_iseven(&u
)) {
2113 if(mp_iseven(&A
) && mp_iseven(&B
)) {
2114 s_mp_div_2(&A
); s_mp_div_2(&B
);
2116 if((res
= mp_add(&A
, &yc
, &A
)) != MP_OKAY
) goto CLEANUP
;
2118 if((res
= mp_sub(&B
, &xc
, &B
)) != MP_OKAY
) goto CLEANUP
;
2123 while(mp_iseven(&v
)) {
2126 if(mp_iseven(&C
) && mp_iseven(&D
)) {
2127 s_mp_div_2(&C
); s_mp_div_2(&D
);
2129 if((res
= mp_add(&C
, &yc
, &C
)) != MP_OKAY
) goto CLEANUP
;
2131 if((res
= mp_sub(&D
, &xc
, &D
)) != MP_OKAY
) goto CLEANUP
;
2136 if(mp_cmp(&u
, &v
) >= 0) {
2137 if((res
= mp_sub(&u
, &v
, &u
)) != MP_OKAY
) goto CLEANUP
;
2138 if((res
= mp_sub(&A
, &C
, &A
)) != MP_OKAY
) goto CLEANUP
;
2139 if((res
= mp_sub(&B
, &D
, &B
)) != MP_OKAY
) goto CLEANUP
;
2142 if((res
= mp_sub(&v
, &u
, &v
)) != MP_OKAY
) goto CLEANUP
;
2143 if((res
= mp_sub(&C
, &A
, &C
)) != MP_OKAY
) goto CLEANUP
;
2144 if((res
= mp_sub(&D
, &B
, &D
)) != MP_OKAY
) goto CLEANUP
;
2148 /* If we're done, copy results to output */
2149 if(mp_cmp_z(&u
) == 0) {
2151 if((res
= mp_copy(&C
, x
)) != MP_OKAY
) goto CLEANUP
;
2154 if((res
= mp_copy(&D
, y
)) != MP_OKAY
) goto CLEANUP
;
2157 if((res
= mp_mul(&gx
, &v
, g
)) != MP_OKAY
) goto CLEANUP
;
2165 mp_clear(clean
[last
--]);
2169 } /* end mp_xgcd() */
2173 /* {{{ mp_invmod(a, m, c) */
2178 Compute c = a^-1 (mod m), if there is an inverse for a (mod m).
2179 This is equivalent to the question of whether (a, m) = 1. If not,
2180 MP_UNDEF is returned, and there is no inverse.
2183 mp_err
mp_invmod(mp_int
*a
, mp_int
*m
, mp_int
*c
)
2188 ARGCHK(a
&& m
&& c
, MP_BADARG
);
2190 if(mp_cmp_z(a
) == 0 || mp_cmp_z(m
) == 0)
2193 if((res
= mp_init(&g
)) != MP_OKAY
)
2195 if((res
= mp_init(&x
)) != MP_OKAY
)
2198 if((res
= mp_xgcd(a
, m
, &g
, &x
, NULL
)) != MP_OKAY
)
2201 if(mp_cmp_d(&g
, 1) != MP_EQ
) {
2206 res
= mp_mod(&x
, m
, c
);
2216 } /* end mp_invmod() */
2219 #endif /* if MP_NUMTH */
2223 /*------------------------------------------------------------------------*/
2224 /* {{{ mp_print(mp, ofp) */
2230 Print a textual representation of the given mp_int on the output
2231 stream 'ofp'. Output is generated using the internal radix.
2234 void mp_print(mp_int
*mp
, FILE *ofp
)
2238 if(mp
== NULL
|| ofp
== NULL
)
2241 fputc((SIGN(mp
) == MP_NEG
) ? '-' : '+', ofp
);
2243 for(ix
= USED(mp
) - 1; ix
>= 0; ix
--) {
2244 fprintf(ofp
, DIGIT_FMT
, DIGIT(mp
, ix
));
2247 } /* end mp_print() */
2249 #endif /* if MP_IOFUNC */
2253 /*------------------------------------------------------------------------*/
2254 /* {{{ More I/O Functions */
2256 /* {{{ mp_read_signed_bin(mp, str, len) */
2259 mp_read_signed_bin(mp, str, len)
2261 Read in a raw value (base 256) into the given mp_int
2264 mp_err
mp_read_signed_bin(mp_int
*mp
, unsigned char *str
, int len
)
2268 ARGCHK(mp
!= NULL
&& str
!= NULL
&& len
> 0, MP_BADARG
);
2270 if((res
= mp_read_unsigned_bin(mp
, str
+ 1, len
- 1)) == MP_OKAY
) {
2271 /* Get sign from first byte */
2280 } /* end mp_read_signed_bin() */
2284 /* {{{ mp_signed_bin_size(mp) */
2286 int mp_signed_bin_size(mp_int
*mp
)
2288 ARGCHK(mp
!= NULL
, 0);
2290 return mp_unsigned_bin_size(mp
) + 1;
2292 } /* end mp_signed_bin_size() */
2296 /* {{{ mp_to_signed_bin(mp, str) */
2298 mp_err
mp_to_signed_bin(mp_int
*mp
, unsigned char *str
)
2300 ARGCHK(mp
!= NULL
&& str
!= NULL
, MP_BADARG
);
2302 /* Caller responsible for allocating enough memory (use mp_raw_size(mp)) */
2303 str
[0] = (char)SIGN(mp
);
2305 return mp_to_unsigned_bin(mp
, str
+ 1);
2307 } /* end mp_to_signed_bin() */
2311 /* {{{ mp_read_unsigned_bin(mp, str, len) */
2314 mp_read_unsigned_bin(mp, str, len)
2316 Read in an unsigned value (base 256) into the given mp_int
2319 mp_err
mp_read_unsigned_bin(mp_int
*mp
, unsigned char *str
, int len
)
2324 ARGCHK(mp
!= NULL
&& str
!= NULL
&& len
> 0, MP_BADARG
);
2328 for(ix
= 0; ix
< len
; ix
++) {
2329 if((res
= s_mp_mul_2d(mp
, CHAR_BIT
)) != MP_OKAY
)
2332 if((res
= mp_add_d(mp
, str
[ix
], mp
)) != MP_OKAY
)
2338 } /* end mp_read_unsigned_bin() */
2342 /* {{{ mp_unsigned_bin_size(mp) */
2344 int mp_unsigned_bin_size(mp_int
*mp
)
2349 ARGCHK(mp
!= NULL
, 0);
2351 /* Special case for the value zero */
2352 if(USED(mp
) == 1 && DIGIT(mp
, 0) == 0)
2355 count
= (USED(mp
) - 1) * sizeof(mp_digit
);
2356 topdig
= DIGIT(mp
, USED(mp
) - 1);
2358 while(topdig
!= 0) {
2360 topdig
>>= CHAR_BIT
;
2365 } /* end mp_unsigned_bin_size() */
2369 /* {{{ mp_to_unsigned_bin(mp, str) */
2371 mp_err
mp_to_unsigned_bin(mp_int
*mp
, unsigned char *str
)
2373 mp_digit
*dp
, *end
, d
;
2374 unsigned char *spos
;
2376 ARGCHK(mp
!= NULL
&& str
!= NULL
, MP_BADARG
);
2379 end
= dp
+ USED(mp
) - 1;
2382 /* Special case for zero, quick test */
2383 if(dp
== end
&& *dp
== 0) {
2388 /* Generate digits in reverse order */
2393 for(ix
= 0; ix
< sizeof(mp_digit
); ++ix
) {
2394 *spos
= d
& UCHAR_MAX
;
2402 /* Now handle last digit specially, high order zeroes are not written */
2405 *spos
= d
& UCHAR_MAX
;
2410 /* Reverse everything to get digits in the correct order */
2411 while(--spos
> str
) {
2412 unsigned char t
= *str
;
2421 } /* end mp_to_unsigned_bin() */
2425 /* {{{ mp_count_bits(mp) */
2427 int mp_count_bits(mp_int
*mp
)
2432 ARGCHK(mp
!= NULL
, MP_BADARG
);
2434 len
= DIGIT_BIT
* (USED(mp
) - 1);
2435 d
= DIGIT(mp
, USED(mp
) - 1);
2444 } /* end mp_count_bits() */
2448 /* {{{ mp_read_radix(mp, str, radix) */
2451 mp_read_radix(mp, str, radix)
2453 Read an integer from the given string, and set mp to the resulting
2454 value. The input is presumed to be in base 10. Leading non-digit
2455 characters are ignored, and the function reads until a non-digit
2456 character or the end of the string.
2459 mp_err
mp_read_radix(mp_int
*mp
, unsigned char *str
, int radix
)
2461 int ix
= 0, val
= 0;
2463 mp_sign sig
= MP_ZPOS
;
2465 ARGCHK(mp
!= NULL
&& str
!= NULL
&& radix
>= 2 && radix
<= MAX_RADIX
,
2470 /* Skip leading non-digit characters until a digit or '-' or '+' */
2472 (s_mp_tovalue(str
[ix
], radix
) < 0) &&
2478 if(str
[ix
] == '-') {
2481 } else if(str
[ix
] == '+') {
2482 sig
= MP_ZPOS
; /* this is the default anyway... */
2486 while((val
= s_mp_tovalue(str
[ix
], radix
)) >= 0) {
2487 if((res
= s_mp_mul_d(mp
, radix
)) != MP_OKAY
)
2489 if((res
= s_mp_add_d(mp
, val
)) != MP_OKAY
)
2494 if(s_mp_cmp_d(mp
, 0) == MP_EQ
)
2501 } /* end mp_read_radix() */
2505 /* {{{ mp_radix_size(mp, radix) */
2507 int mp_radix_size(mp_int
*mp
, int radix
)
2510 ARGCHK(mp
!= NULL
, 0);
2512 len
= s_mp_outlen(mp_count_bits(mp
), radix
) + 1; /* for NUL terminator */
2514 if(mp_cmp_z(mp
) < 0)
2515 ++len
; /* for sign */
2519 } /* end mp_radix_size() */
2523 /* {{{ mp_value_radix_size(num, qty, radix) */
2525 /* num = number of digits
2526 qty = number of bits per digit
2529 Return the number of digits in the specified radix that would be
2530 needed to express 'num' digits of 'qty' bits each.
2532 int mp_value_radix_size(int num
, int qty
, int radix
)
2534 ARGCHK(num
>= 0 && qty
> 0 && radix
>= 2 && radix
<= MAX_RADIX
, 0);
2536 return s_mp_outlen(num
* qty
, radix
);
2538 } /* end mp_value_radix_size() */
2542 /* {{{ mp_toradix(mp, str, radix) */
2544 mp_err
mp_toradix(mp_int
*mp
, unsigned char *str
, int radix
)
2548 ARGCHK(mp
!= NULL
&& str
!= NULL
, MP_BADARG
);
2549 ARGCHK(radix
> 1 && radix
<= MAX_RADIX
, MP_RANGE
);
2551 if(mp_cmp_z(mp
) == MP_EQ
) {
2558 mp_digit rem
, rdx
= (mp_digit
)radix
;
2561 if((res
= mp_init_copy(&tmp
, mp
)) != MP_OKAY
)
2564 /* Save sign for later, and take absolute value */
2565 sgn
= SIGN(&tmp
); SIGN(&tmp
) = MP_ZPOS
;
2567 /* Generate output digits in reverse order */
2568 while(mp_cmp_z(&tmp
) != 0) {
2569 if((res
= s_mp_div_d(&tmp
, rdx
, &rem
)) != MP_OKAY
) {
2574 /* Generate digits, use capital letters */
2575 ch
= s_mp_todigit(rem
, radix
, 0);
2580 /* Add - sign if original value was negative */
2584 /* Add trailing NUL to end the string */
2587 /* Reverse the digits and sign indicator */
2603 } /* end mp_toradix() */
2607 /* {{{ mp_char2value(ch, r) */
2609 int mp_char2value(char ch
, int r
)
2611 return s_mp_tovalue(ch
, r
);
2613 } /* end mp_tovalue() */
2619 /* {{{ mp_strerror(ec) */
2624 Return a string describing the meaning of error code 'ec'. The
2625 string returned is allocated in static memory, so the caller should
2626 not attempt to modify or free the memory associated with this
2629 const char *mp_strerror(mp_err ec
)
2631 int aec
= (ec
< 0) ? -ec
: ec
;
2633 /* Code values are negative, so the senses of these comparisons
2635 if(ec
< MP_LAST_CODE
|| ec
> MP_OKAY
) {
2636 return mp_err_string
[0]; /* unknown error code */
2638 return mp_err_string
[aec
+ 1];
2641 } /* end mp_strerror() */
2645 /*========================================================================*/
2646 /*------------------------------------------------------------------------*/
2647 /* Static function definitions (internal use only) */
2649 /* {{{ Memory management */
2651 /* {{{ s_mp_grow(mp, min) */
2653 /* Make sure there are at least 'min' digits allocated to mp */
2654 mp_err
s_mp_grow(mp_int
*mp
, mp_size min
)
2656 if(min
> ALLOC(mp
)) {
2659 /* Set min to next nearest default precision block size */
2660 min
= ((min
+ (s_mp_defprec
- 1)) / s_mp_defprec
) * s_mp_defprec
;
2662 if((tmp
= s_mp_alloc(min
, sizeof(mp_digit
))) == NULL
)
2665 s_mp_copy(DIGITS(mp
), tmp
, USED(mp
));
2668 s_mp_setz(DIGITS(mp
), ALLOC(mp
));
2670 s_mp_free(DIGITS(mp
));
2677 } /* end s_mp_grow() */
2681 /* {{{ s_mp_pad(mp, min) */
2683 /* Make sure the used size of mp is at least 'min', growing if needed */
2684 mp_err
s_mp_pad(mp_int
*mp
, mp_size min
)
2686 if(min
> USED(mp
)) {
2689 /* Make sure there is room to increase precision */
2690 if(min
> ALLOC(mp
) && (res
= s_mp_grow(mp
, min
)) != MP_OKAY
)
2693 /* Increase precision; should already be 0-filled */
2699 } /* end s_mp_pad() */
2703 /* {{{ s_mp_setz(dp, count) */
2706 /* Set 'count' digits pointed to by dp to be zeroes */
2707 void s_mp_setz(mp_digit
*dp
, mp_size count
)
2712 for(ix
= 0; ix
< count
; ix
++)
2715 memset(dp
, 0, count
* sizeof(mp_digit
));
2718 } /* end s_mp_setz() */
2723 /* {{{ s_mp_copy(sp, dp, count) */
2726 /* Copy 'count' digits from sp to dp */
2727 void s_mp_copy(mp_digit
*sp
, mp_digit
*dp
, mp_size count
)
2732 for(ix
= 0; ix
< count
; ix
++)
2735 memcpy(dp
, sp
, count
* sizeof(mp_digit
));
2738 } /* end s_mp_copy() */
2743 /* {{{ s_mp_alloc(nb, ni) */
2746 /* Allocate ni records of nb bytes each, and return a pointer to that */
2747 void *s_mp_alloc(size_t nb
, size_t ni
)
2749 return calloc(nb
, ni
);
2751 } /* end s_mp_alloc() */
2756 /* {{{ s_mp_free(ptr) */
2759 /* Free the memory pointed to by ptr */
2760 void s_mp_free(void *ptr
)
2765 } /* end s_mp_free() */
2770 /* {{{ s_mp_clamp(mp) */
2772 /* Remove leading zeroes from the given value */
2773 void s_mp_clamp(mp_int
*mp
)
2775 mp_size du
= USED(mp
);
2776 mp_digit
*zp
= DIGITS(mp
) + du
- 1;
2778 while(du
> 1 && !*zp
--)
2783 } /* end s_mp_clamp() */
2788 /* {{{ s_mp_exch(a, b) */
2790 /* Exchange the data for a and b; (b, a) = (a, b) */
2791 void s_mp_exch(mp_int
*a
, mp_int
*b
)
2799 } /* end s_mp_exch() */
2805 /* {{{ Arithmetic helpers */
2807 /* {{{ s_mp_lshd(mp, p) */
2810 Shift mp leftward by p digits, growing if needed, and zero-filling
2811 the in-shifted digits at the right end. This is a convenient
2812 alternative to multiplication by powers of the radix
2815 mp_err
s_mp_lshd(mp_int
*mp
, mp_size p
)
2825 if((res
= s_mp_pad(mp
, USED(mp
) + p
)) != MP_OKAY
)
2831 /* Shift all the significant figures over as needed */
2832 for(ix
= pos
- p
; ix
>= 0; ix
--)
2833 dp
[ix
+ p
] = dp
[ix
];
2835 /* Fill the bottom digits with zeroes */
2836 for(ix
= 0; ix
< p
; ix
++)
2841 } /* end s_mp_lshd() */
2845 /* {{{ s_mp_rshd(mp, p) */
2848 Shift mp rightward by p digits. Maintains the invariant that
2849 digits above the precision are all zero. Digits shifted off the
2850 end are lost. Cannot fail.
2853 void s_mp_rshd(mp_int
*mp
, mp_size p
)
2861 /* Shortcut when all digits are to be shifted off */
2863 s_mp_setz(DIGITS(mp
), ALLOC(mp
));
2869 /* Shift all the significant figures over as needed */
2871 for(ix
= p
; ix
< USED(mp
); ix
++)
2872 dp
[ix
- p
] = dp
[ix
];
2874 /* Fill the top digits with zeroes */
2876 while(ix
< USED(mp
))
2879 /* Strip off any leading zeroes */
2882 } /* end s_mp_rshd() */
2886 /* {{{ s_mp_div_2(mp) */
2888 /* Divide by two -- take advantage of radix properties to do it fast */
2889 void s_mp_div_2(mp_int
*mp
)
2893 } /* end s_mp_div_2() */
2897 /* {{{ s_mp_mul_2(mp) */
2899 mp_err
s_mp_mul_2(mp_int
*mp
)
2902 mp_digit kin
= 0, kout
, *dp
= DIGITS(mp
);
2905 /* Shift digits leftward by 1 bit */
2906 for(ix
= 0; ix
< USED(mp
); ix
++) {
2907 kout
= (dp
[ix
] >> (DIGIT_BIT
- 1)) & 1;
2908 dp
[ix
] = (dp
[ix
] << 1) | kin
;
2913 /* Deal with rollover from last digit */
2915 if(ix
>= ALLOC(mp
)) {
2916 if((res
= s_mp_grow(mp
, ALLOC(mp
) + 1)) != MP_OKAY
)
2927 } /* end s_mp_mul_2() */
2931 /* {{{ s_mp_mod_2d(mp, d) */
2934 Remainder the integer by 2^d, where d is a number of bits. This
2935 amounts to a bitwise AND of the value, and does not require the full
2938 void s_mp_mod_2d(mp_int
*mp
, mp_digit d
)
2940 unsigned int ndig
= (d
/ DIGIT_BIT
), nbit
= (d
% DIGIT_BIT
);
2942 mp_digit dmask
, *dp
= DIGITS(mp
);
2944 if(ndig
>= USED(mp
))
2947 /* Flush all the bits above 2^d in its digit */
2948 dmask
= (1 << nbit
) - 1;
2951 /* Flush all digits above the one with 2^d in it */
2952 for(ix
= ndig
+ 1; ix
< USED(mp
); ix
++)
2957 } /* end s_mp_mod_2d() */
2961 /* {{{ s_mp_mul_2d(mp, d) */
2964 Multiply by the integer 2^d, where d is a number of bits. This
2965 amounts to a bitwise shift of the value, and does not require the
2966 full multiplication code.
2968 mp_err
s_mp_mul_2d(mp_int
*mp
, mp_digit d
)
2971 mp_digit save
, next
, mask
, *dp
;
2975 if((res
= s_mp_lshd(mp
, d
/ DIGIT_BIT
)) != MP_OKAY
)
2978 dp
= DIGITS(mp
); used
= USED(mp
);
2981 mask
= (1 << d
) - 1;
2983 /* If the shift requires another digit, make sure we've got one to
2985 if((dp
[used
- 1] >> (DIGIT_BIT
- d
)) & mask
) {
2986 if((res
= s_mp_grow(mp
, used
+ 1)) != MP_OKAY
)
2991 /* Do the shifting... */
2993 for(ix
= 0; ix
< used
; ix
++) {
2994 next
= (dp
[ix
] >> (DIGIT_BIT
- d
)) & mask
;
2995 dp
[ix
] = (dp
[ix
] << d
) | save
;
2999 /* If, at this point, we have a nonzero carryout into the next
3000 digit, we'll increase the size by one digit, and store it...
3010 } /* end s_mp_mul_2d() */
3014 /* {{{ s_mp_div_2d(mp, d) */
3017 Divide the integer by 2^d, where d is a number of bits. This
3018 amounts to a bitwise shift of the value, and does not require the
3019 full division code (used in Barrett reduction, see below)
3021 void s_mp_div_2d(mp_int
*mp
, mp_digit d
)
3024 mp_digit save
, next
, mask
, *dp
= DIGITS(mp
);
3026 s_mp_rshd(mp
, d
/ DIGIT_BIT
);
3029 mask
= (1 << d
) - 1;
3032 for(ix
= USED(mp
) - 1; ix
>= 0; ix
--) {
3033 next
= dp
[ix
] & mask
;
3034 dp
[ix
] = (dp
[ix
] >> d
) | (save
<< (DIGIT_BIT
- d
));
3040 } /* end s_mp_div_2d() */
3044 /* {{{ s_mp_norm(a, b) */
3049 Normalize a and b for division, where b is the divisor. In order
3050 that we might make good guesses for quotient digits, we want the
3051 leading digit of b to be at least half the radix, which we
3052 accomplish by multiplying a and b by a constant. This constant is
3053 returned (so that it can be divided back out of the remainder at the
3054 end of the division process).
3056 We multiply by the smallest power of 2 that gives us a leading digit
3057 at least half the radix. By choosing a power of 2, we simplify the
3058 multiplication and division steps to simple shifts.
3060 mp_digit
s_mp_norm(mp_int
*a
, mp_int
*b
)
3064 t
= DIGIT(b
, USED(b
) - 1);
3065 while(t
< (RADIX
/ 2)) {
3077 } /* end s_mp_norm() */
3083 /* {{{ Primitive digit arithmetic */
3085 /* {{{ s_mp_add_d(mp, d) */
3087 /* Add d to |mp| in place */
3088 mp_err
s_mp_add_d(mp_int
*mp
, mp_digit d
) /* unsigned digit addition */
3091 mp_size ix
= 1, used
= USED(mp
);
3092 mp_digit
*dp
= DIGITS(mp
);
3098 while(ix
< used
&& k
) {
3108 if((res
= s_mp_pad(mp
, USED(mp
) + 1)) != MP_OKAY
)
3116 } /* end s_mp_add_d() */
3120 /* {{{ s_mp_sub_d(mp, d) */
3122 /* Subtract d from |mp| in place, assumes |mp| > d */
3123 mp_err
s_mp_sub_d(mp_int
*mp
, mp_digit d
) /* unsigned digit subtract */
3126 mp_size ix
= 1, used
= USED(mp
);
3127 mp_digit
*dp
= DIGITS(mp
);
3129 /* Compute initial subtraction */
3130 w
= (RADIX
+ dp
[0]) - d
;
3131 b
= CARRYOUT(w
) ? 0 : 1;
3134 /* Propagate borrows leftward */
3135 while(b
&& ix
< used
) {
3136 w
= (RADIX
+ dp
[ix
]) - b
;
3137 b
= CARRYOUT(w
) ? 0 : 1;
3142 /* Remove leading zeroes */
3145 /* If we have a borrow out, it's a violation of the input invariant */
3151 } /* end s_mp_sub_d() */
3155 /* {{{ s_mp_mul_d(a, d) */
3157 /* Compute a = a * d, single digit multiplication */
3158 mp_err
s_mp_mul_d(mp_int
*a
, mp_digit d
)
3163 mp_digit
*dp
= DIGITS(a
);
3166 Single-digit multiplication will increase the precision of the
3167 output by at most one digit. However, we can detect when this
3168 will happen -- if the high-order digit of a, times d, gives a
3169 two-digit result, then the precision of the result will increase;
3170 otherwise it won't. We use this fact to avoid calling s_mp_pad()
3171 unless absolutely necessary.
3174 w
= dp
[max
- 1] * d
;
3175 if(CARRYOUT(w
) != 0) {
3176 if((res
= s_mp_pad(a
, max
+ 1)) != MP_OKAY
)
3181 for(ix
= 0; ix
< max
; ix
++) {
3182 w
= (dp
[ix
] * d
) + k
;
3187 /* If there is a precision increase, take care of it here; the above
3188 test guarantees we have enough storage to do this safely.
3199 } /* end s_mp_mul_d() */
3203 /* {{{ s_mp_div_d(mp, d, r) */
3206 s_mp_div_d(mp, d, r)
3208 Compute the quotient mp = mp / d and remainder r = mp mod d, for a
3209 single digit d. If r is null, the remainder will be discarded.
3212 mp_err
s_mp_div_d(mp_int
*mp
, mp_digit d
, mp_digit
*r
)
3217 mp_digit
*dp
= DIGITS(mp
), *qp
;
3223 /* Make room for the quotient */
3224 if((res
= mp_init_size("
, USED(mp
))) != MP_OKAY
)
3227 USED("
) = USED(mp
); /* so clamping will work below */
3230 /* Divide without subtraction */
3231 for(ix
= USED(mp
) - 1; ix
>= 0; ix
--) {
3232 w
= (w
<< DIGIT_BIT
) | dp
[ix
];
3244 /* Deliver the remainder, if desired */
3254 } /* end s_mp_div_d() */
3260 /* {{{ Primitive full arithmetic */
3262 /* {{{ s_mp_add(a, b) */
3264 /* Compute a = |a| + |b| */
3265 mp_err
s_mp_add(mp_int
*a
, mp_int
*b
) /* magnitude addition */
3269 mp_size ix
, used
= USED(b
);
3272 /* Make sure a has enough precision for the output value */
3273 if((used
> USED(a
)) && (res
= s_mp_pad(a
, used
)) != MP_OKAY
)
3277 Add up all digits up to the precision of b. If b had initially
3278 the same precision as a, or greater, we took care of it by the
3279 padding step above, so there is no problem. If b had initially
3280 less precision, we'll have to make sure the carry out is duly
3281 propagated upward among the higher-order digits of the sum.
3285 for(ix
= 0; ix
< used
; ++ix
) {
3291 /* If we run out of 'b' digits before we're actually done, make
3292 sure the carries get propagated upward...
3295 while(w
&& ix
< used
) {
3302 /* If there's an overall carry out, increase precision and include
3303 it. We could have done this initially, but why touch the memory
3304 allocator unless we're sure we have to?
3307 if((res
= s_mp_pad(a
, used
+ 1)) != MP_OKAY
)
3310 DIGIT(a
, ix
) = w
; /* pa may not be valid after s_mp_pad() call */
3315 } /* end s_mp_add() */
3319 /* {{{ s_mp_sub(a, b) */
3321 /* Compute a = |a| - |b|, assumes |a| >= |b| */
3322 mp_err
s_mp_sub(mp_int
*a
, mp_int
*b
) /* magnitude subtract */
3326 mp_size ix
, used
= USED(b
);
3329 Subtract and propagate borrow. Up to the precision of b, this
3330 accounts for the digits of b; after that, we just make sure the
3331 carries get to the right place. This saves having to pad b out to
3332 the precision of a just to make the loops work right...
3337 for(ix
= 0; ix
< used
; ++ix
) {
3338 w
= (RADIX
+ *pa
) - w
- *pb
++;
3340 w
= CARRYOUT(w
) ? 0 : 1;
3345 w
= RADIX
+ *pa
- w
;
3347 w
= CARRYOUT(w
) ? 0 : 1;
3351 /* Clobber any leading zeroes we created */
3355 If there was a borrow out, then |b| > |a| in violation
3356 of our input invariant. We've already done the work,
3357 but we'll at least complain about it...
3364 } /* end s_mp_sub() */
3368 mp_err
s_mp_reduce(mp_int
*x
, mp_int
*m
, mp_int
*mu
)
3372 mp_size um
= USED(m
);
3374 if((res
= mp_init_copy(&q
, x
)) != MP_OKAY
)
3377 s_mp_rshd(&q
, um
- 1); /* q1 = x / b^(k-1) */
3378 s_mp_mul(&q
, mu
); /* q2 = q1 * mu */
3379 s_mp_rshd(&q
, um
+ 1); /* q3 = q2 / b^(k+1) */
3381 /* x = x mod b^(k+1), quick (no division) */
3382 s_mp_mod_2d(x
, (mp_digit
)(DIGIT_BIT
* (um
+ 1)));
3384 /* q = q * m mod b^(k+1), quick (no division), uses the short multiplier */
3387 s_mp_mod_2d(&q
, (mp_digit
)(DIGIT_BIT
* (um
+ 1)));
3389 s_mp_mul_dig(&q
, m
, um
+ 1);
3393 if((res
= mp_sub(x
, &q
, x
)) != MP_OKAY
)
3396 /* If x < 0, add b^(k+1) to it */
3397 if(mp_cmp_z(x
) < 0) {
3399 if((res
= s_mp_lshd(&q
, um
+ 1)) != MP_OKAY
)
3401 if((res
= mp_add(x
, &q
, x
)) != MP_OKAY
)
3405 /* Back off if it's too big */
3406 while(mp_cmp(x
, m
) >= 0) {
3407 if((res
= s_mp_sub(x
, m
)) != MP_OKAY
)
3416 } /* end s_mp_reduce() */
3420 /* {{{ s_mp_mul(a, b) */
3422 /* Compute a = |a| * |b| */
3423 mp_err
s_mp_mul(mp_int
*a
, mp_int
*b
)
3428 mp_size ix
, jx
, ua
= USED(a
), ub
= USED(b
);
3429 mp_digit
*pa
, *pb
, *pt
, *pbt
;
3431 if((res
= mp_init_size(&tmp
, ua
+ ub
)) != MP_OKAY
)
3434 /* This has the effect of left-padding with zeroes... */
3435 USED(&tmp
) = ua
+ ub
;
3437 /* We're going to need the base value each iteration */
3440 /* Outer loop: Digits of b */
3443 for(ix
= 0; ix
< ub
; ++ix
, ++pb
) {
3447 /* Inner product: Digits of a */
3449 for(jx
= 0; jx
< ua
; ++jx
, ++pa
) {
3451 w
= *pb
* *pa
+ k
+ *pt
;
3467 } /* end s_mp_mul() */
3471 /* {{{ s_mp_kmul(a, b, out, len) */
3474 void s_mp_kmul(mp_digit
*a
, mp_digit
*b
, mp_digit
*out
, mp_size len
)
3480 for(ix
= 0; ix
< len
; ++ix
, ++b
) {
3485 for(jx
= 0; jx
< len
; ++jx
, ++pa
) {
3487 w
= *b
* *pa
+ k
+ *pt
;
3496 } /* end s_mp_kmul() */
3501 /* {{{ s_mp_sqr(a) */
3504 Computes the square of a, in place. This can be done more
3505 efficiently than a general multiplication, because many of the
3506 computation steps are redundant when squaring. The inner product
3507 step is a bit more complicated, but we save a fair number of
3508 iterations of the multiplication loop.
3511 mp_err
s_mp_sqr(mp_int
*a
)
3516 mp_size ix
, jx
, kx
, used
= USED(a
);
3517 mp_digit
*pa1
, *pa2
, *pt
, *pbt
;
3519 if((res
= mp_init_size(&tmp
, 2 * used
)) != MP_OKAY
)
3522 /* Left-pad with zeroes */
3523 USED(&tmp
) = 2 * used
;
3525 /* We need the base value each time through the loop */
3529 for(ix
= 0; ix
< used
; ++ix
, ++pa1
) {
3533 w
= DIGIT(&tmp
, ix
+ ix
) + (*pa1
* *pa1
);
3535 pbt
[ix
+ ix
] = ACCUM(w
);
3539 The inner product is computed as:
3541 (C, S) = t[i,j] + 2 a[i] a[j] + C
3543 This can overflow what can be represented in an mp_word, and
3544 since C arithmetic does not provide any way to check for
3545 overflow, we have to check explicitly for overflow conditions
3548 for(jx
= ix
+ 1, pa2
= DIGITS(a
) + jx
; jx
< used
; ++jx
, ++pa2
) {
3551 /* Store this in a temporary to avoid indirections later */
3554 /* Compute the multiplicative step */
3557 /* If w is more than half MP_WORD_MAX, the doubling will
3558 overflow, and we need to record a carry out into the next
3560 u
= (w
>> (MP_WORD_BIT
- 1)) & 1;
3562 /* Double what we've got, overflow will be ignored as defined
3563 for C arithmetic (we've already noted if it is to occur)
3567 /* Compute the additive step */
3570 /* If we do not already have an overflow carry, check to see
3571 if the addition will cause one, and set the carry out if so
3573 u
|= ((MP_WORD_MAX
- v
) < w
);
3575 /* Add in the rest, again ignoring overflow */
3578 /* Set the i,j digit of the output */
3581 /* Save carry information for the next iteration of the loop.
3582 This is why k must be an mp_word, instead of an mp_digit */
3583 k
= CARRYOUT(w
) | (u
<< DIGIT_BIT
);
3587 /* Set the last digit in the cycle and reset the carry */
3588 k
= DIGIT(&tmp
, ix
+ jx
) + k
;
3589 pbt
[ix
+ jx
] = ACCUM(k
);
3592 /* If we are carrying out, propagate the carry to the next digit
3593 in the output. This may cascade, so we have to be somewhat
3594 circumspect -- but we will have enough precision in the output
3595 that we won't overflow
3599 k
= pbt
[ix
+ jx
+ kx
] + 1;
3600 pbt
[ix
+ jx
+ kx
] = ACCUM(k
);
3613 } /* end s_mp_sqr() */
3618 /* {{{ s_mp_div(a, b) */
3623 Compute a = a / b and b = a mod b. Assumes b > a.
3626 mp_err
s_mp_div(mp_int
*a
, mp_int
*b
)
3628 mp_int quot
, rem
, t
;
3634 if(mp_cmp_z(b
) == 0)
3637 /* Shortcut if b is power of two */
3638 if((ix
= s_mp_ispow2(b
)) >= 0) {
3639 mp_copy(a
, b
); /* need this for remainder */
3640 s_mp_div_2d(a
, (mp_digit
)ix
);
3641 s_mp_mod_2d(b
, (mp_digit
)ix
);
3646 /* Allocate space to store the quotient */
3647 if((res
= mp_init_size("
, USED(a
))) != MP_OKAY
)
3650 /* A working temporary for division */
3651 if((res
= mp_init_size(&t
, USED(a
))) != MP_OKAY
)
3654 /* Allocate space for the remainder */
3655 if((res
= mp_init_size(&rem
, USED(a
))) != MP_OKAY
)
3658 /* Normalize to optimize guessing */
3659 d
= s_mp_norm(a
, b
);
3661 /* Perform the division itself...woo! */
3665 /* Find a partial substring of a which is at least b */
3666 while(s_mp_cmp(&rem
, b
) < 0 && ix
>= 0) {
3667 if((res
= s_mp_lshd(&rem
, 1)) != MP_OKAY
)
3670 if((res
= s_mp_lshd("
, 1)) != MP_OKAY
)
3673 DIGIT(&rem
, 0) = DIGIT(a
, ix
);
3678 /* If we didn't find one, we're finished dividing */
3679 if(s_mp_cmp(&rem
, b
) < 0)
3682 /* Compute a guess for the next quotient digit */
3683 q
= DIGIT(&rem
, USED(&rem
) - 1);
3684 if(q
<= DIGIT(b
, USED(b
) - 1) && USED(&rem
) > 1)
3685 q
= (q
<< DIGIT_BIT
) | DIGIT(&rem
, USED(&rem
) - 2);
3687 q
/= DIGIT(b
, USED(b
) - 1);
3689 /* The guess can be as much as RADIX + 1 */
3693 /* See what that multiplies out to */
3695 if((res
= s_mp_mul_d(&t
, q
)) != MP_OKAY
)
3699 If it's too big, back it off. We should not have to do this
3700 more than once, or, in rare cases, twice. Knuth describes a
3701 method by which this could be reduced to a maximum of once, but
3702 I didn't implement that here.
3704 while(s_mp_cmp(&t
, &rem
) > 0) {
3709 /* At this point, q should be the right next digit */
3710 if((res
= s_mp_sub(&rem
, &t
)) != MP_OKAY
)
3714 Include the digit in the quotient. We allocated enough memory
3715 for any quotient we could ever possibly get, so we should not
3716 have to check for failures here
3718 DIGIT("
, 0) = q
;
3721 /* Denormalize remainder */
3723 s_mp_div_2d(&rem
, d
);
3728 /* Copy quotient back to output */
3729 s_mp_exch("
, a
);
3731 /* Copy remainder back to output */
3743 } /* end s_mp_div() */
3747 /* {{{ s_mp_2expt(a, k) */
3749 mp_err
s_mp_2expt(mp_int
*a
, mp_digit k
)
3754 dig
= k
/ DIGIT_BIT
;
3755 bit
= k
% DIGIT_BIT
;
3758 if((res
= s_mp_pad(a
, dig
+ 1)) != MP_OKAY
)
3761 DIGIT(a
, dig
) |= (1 << bit
);
3765 } /* end s_mp_2expt() */
3774 /* {{{ Primitive comparisons */
3776 /* {{{ s_mp_cmp(a, b) */
3778 /* Compare |a| <=> |b|, return 0 if equal, <0 if a<b, >0 if a>b */
3779 int s_mp_cmp(mp_int
*a
, mp_int
*b
)
3781 mp_size ua
= USED(a
), ub
= USED(b
);
3789 mp_digit
*ap
= DIGITS(a
) + ix
, *bp
= DIGITS(b
) + ix
;
3803 } /* end s_mp_cmp() */
3807 /* {{{ s_mp_cmp_d(a, d) */
3809 /* Compare |a| <=> d, return 0 if equal, <0 if a<d, >0 if a>d */
3810 int s_mp_cmp_d(mp_int
*a
, mp_digit d
)
3812 mp_size ua
= USED(a
);
3813 mp_digit
*ap
= DIGITS(a
);
3825 } /* end s_mp_cmp_d() */
3829 /* {{{ s_mp_ispow2(v) */
3832 Returns -1 if the value is not a power of two; otherwise, it returns
3833 k such that v = 2^k, i.e. lg(v).
3835 int s_mp_ispow2(mp_int
*v
)
3838 mp_size uv
= USED(v
);
3841 d
= DIGIT(v
, uv
- 1); /* most significant digit of v */
3843 while(d
&& ((d
& 1) == 0)) {
3850 dp
= DIGITS(v
) + ix
;
3854 return -1; /* not a power of two */
3859 return ((uv
- 1) * DIGIT_BIT
) + extra
;
3864 } /* end s_mp_ispow2() */
3868 /* {{{ s_mp_ispow2d(d) */
3870 int s_mp_ispow2d(mp_digit d
)
3874 while((d
& 1) == 0) {
3883 } /* end s_mp_ispow2d() */
3889 /* {{{ Primitive I/O helpers */
3891 /* {{{ s_mp_tovalue(ch, r) */
3894 Convert the given character to its digit value, in the given radix.
3895 If the given character is not understood in the given radix, -1 is
3896 returned. Otherwise the digit's numeric value is returned.
3898 The results will be odd if you use a radix < 2 or > 62, you are
3899 expected to know what you're up to.
3901 int s_mp_tovalue(char ch
, int r
)
3912 else if(isupper(xch
))
3913 val
= xch
- 'A' + 10;
3914 else if(islower(xch
))
3915 val
= xch
- 'a' + 36;
3923 if(val
< 0 || val
>= r
)
3928 } /* end s_mp_tovalue() */
3932 /* {{{ s_mp_todigit(val, r, low) */
3935 Convert val to a radix-r digit, if possible. If val is out of range
3936 for r, returns zero. Otherwise, returns an ASCII character denoting
3937 the value in the given radix.
3939 The results may be odd if you use a radix < 2 or > 64, you are
3940 expected to know what you're doing.
3943 char s_mp_todigit(int val
, int r
, int low
)
3947 if(val
< 0 || val
>= r
)
3957 } /* end s_mp_todigit() */
3961 /* {{{ s_mp_outlen(bits, radix) */
3964 Return an estimate for how long a string is needed to hold a radix
3965 r representation of a number with 'bits' significant bits.
3967 Does not include space for a sign or a NUL terminator.
3969 int s_mp_outlen(int bits
, int r
)
3971 return (int)((double)bits
* LOG_V_2(r
));
3973 } /* end s_mp_outlen() */
3979 /*------------------------------------------------------------------------*/
3980 /* HERE THERE BE DRAGONS */
3981 /* crc==4242132123, version==2, Sat Feb 02 06:43:52 2002 */
3983 /* $Source: /cvs/libtom/libtommath/mtest/mpi.c,v $ */
3984 /* $Revision: 1.2 $ */
3985 /* $Date: 2005/05/05 14:38:47 $ */