3 This file is part of the ARM-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * \license GPLv3 or later
30 #define STRING(x) STRING2(x)
31 #define STR_LINE STRING(__LINE__)
40 #include "uart_lowlevel.h"
41 #include "bigint_io.h"
45 #define MAX(a,b) (((a)>(b))?(a):(b))
49 #define MIN(a,b) (((a)<(b))?(a):(b))
52 #define SET_FBS(a, v) do{(a)->info &=~BIGINT_FBS_MASK; (a)->info |= (v);}while(0)
53 #define GET_FBS(a) ((a)->info&BIGINT_FBS_MASK)
54 #define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK
55 #define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK
56 #define XCHG(a,b) do{(a)^=(b); (b)^=(a); (a)^=(b);}while(0)
57 #define XCHG_PTR(a,b) do{ a = (void*)(((uint32_t)(a)) ^ ((uint32_t)(b))); \
58 b = (void*)(((uint32_t)(a)) ^ ((uint32_t)(b))); \
59 a = (void*)(((uint32_t)(a)) ^ ((uint32_t)(b)));}while(0)
61 #define GET_SIGN(a) ((a)->info&BIGINT_NEG_MASK)
63 /******************************************************************************/
64 void bigint_adjust(bigint_t* a){
65 while(a->length_B!=0 && a->wordv[a->length_B-1]==0){
73 uint8_t i = BIGINT_WORD_SIZE-1;
74 t = a->wordv[a->length_B-1];
75 while((t&(1<<(BIGINT_WORD_SIZE-1)))==0 && i){
82 /******************************************************************************/
84 uint32_t bigint_get_first_set_bit(bigint_t* a){
86 return (uint32_t)(-1);
88 return (a->length_B-1)*sizeof(bigint_word_t)*8+GET_FBS(a);
92 /******************************************************************************/
94 uint32_t bigint_get_last_set_bit(bigint_t* a){
99 return (uint32_t)(-1);
101 while(a->wordv[r]==0 && r<a->length_B){
104 if(a->wordv[r] == 0){
105 return (uint32_t)(-1);
107 while((x&a->wordv[r])==0){
111 return r*BIGINT_WORD_SIZE+b;
114 /******************************************************************************/
116 void bigint_copy(bigint_t* dest, const bigint_t* src){
117 memcpy(dest->wordv, src->wordv, src->length_B*sizeof(bigint_word_t));
118 dest->length_B = src->length_B;
119 dest->info = src->info;
122 /******************************************************************************/
124 /* this should be implemented in assembly */
125 void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
127 bigint_wordplus_t t=0LL;
128 if(a->length_B < b->length_B){
131 for(i=0; i<b->length_B; ++i){
132 // t = (bigint_wordplus_t)(a->wordv[i]) + (bigint_wordplus_t)(b->wordv[i]) + t;
135 dest->wordv[i] = (bigint_word_t)t;
136 t>>=BIGINT_WORD_SIZE;
138 for(; i<a->length_B; ++i){
140 dest->wordv[i] = (bigint_word_t)t;
141 t>>=BIGINT_WORD_SIZE;
143 dest->wordv[i++] = (bigint_word_t)t;
148 /******************************************************************************/
150 /* this should be implemented in assembly */
151 void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale){
155 bigint_wordplus_t t=0;
156 scale_w = (scale+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
157 if(scale>dest->length_B*sizeof(bigint_word_t)){
158 memset(((uint8_t*)dest->wordv)+dest->length_B*sizeof(bigint_word_t), 0, scale-dest->length_B*sizeof(bigint_word_t));
160 // a->wordv = (const uint32_t*)(((uint8_t*)a->wordv)+(scale&3));
161 dst = dest->wordv + (scale&(sizeof(bigint_word_t)-1));
162 for(i=scale/sizeof(bigint_word_t); i<a->length_B+scale_w; ++i,++j){
164 if(dest->length_B>i){
167 dst[i] = (bigint_word_t)t;
168 t>>=BIGINT_WORD_SIZE;
171 if(dest->length_B>i){
174 dst[i] = (bigint_word_t)t;
175 t>>=BIGINT_WORD_SIZE;
178 if(dest->length_B < i){
184 /******************************************************************************/
186 /* this should be implemented in assembly */
187 void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
190 bigint_wordplus_signed_t t=0LL;
191 uint16_t i, min, max;
192 min = MIN(a->length_B, b->length_B);
193 max = MAX(a->length_B, b->length_B);
194 r = bigint_cmp_u(a,b);
196 bigint_set_zero(dest);
200 bigint_copy(dest, a);
205 bigint_copy(dest, b);
210 bigint_sub_u(dest, b, a);
213 for(i=0; i<min; ++i){
219 dest->wordv[i]=(bigint_word_t)t;
222 dest->wordv[i]=(bigint_word_t)t;
226 t = a->wordv[i] - borrow;
229 dest->wordv[i]=(bigint_word_t)t;
232 dest->wordv[i]=(bigint_word_t)t;
242 /******************************************************************************/
244 int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
245 if(a->length_B > b->length_B){
248 if(a->length_B < b->length_B){
257 if(a->wordv[i]!=b->wordv[i]){
258 if(a->wordv[i]>b->wordv[i]){
268 /******************************************************************************/
270 void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
273 s |= GET_SIGN(b)?1:0;
275 case 0: /* both positive */
276 bigint_add_u(dest, a,b);
279 case 1: /* a positive, b negative */
280 bigint_sub_u(dest, a, b);
282 case 2: /* a negative, b positive */
283 bigint_sub_u(dest, b, a);
285 case 3: /* both negative */
286 bigint_add_u(dest, a, b);
289 default: /* how can this happen?*/
294 /******************************************************************************/
296 void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
299 s |= GET_SIGN(b)?1:0;
301 case 0: /* both positive */
302 bigint_sub_u(dest, a,b);
304 case 1: /* a positive, b negative */
305 bigint_add_u(dest, a, b);
308 case 2: /* a negative, b positive */
309 bigint_add_u(dest, a, b);
312 case 3: /* both negative */
313 bigint_sub_u(dest, b, a);
315 default: /* how can this happen?*/
321 /******************************************************************************/
323 int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b){
325 if(a->length_B==0 && b->length_B==0){
329 s |= GET_SIGN(b)?1:0;
331 case 0: /* both positive */
332 return bigint_cmp_u(a, b);
334 case 1: /* a positive, b negative */
337 case 2: /* a negative, b positive */
340 case 3: /* both negative */
341 return bigint_cmp_u(b, a);
343 default: /* how can this happen?*/
346 return 0; /* just to satisfy the compiler */
349 /******************************************************************************/
351 void bigint_shiftleft(bigint_t* a, uint16_t shift){
352 uint16_t byteshift, word_alloc;
356 bigint_wordplus_t t=0;
362 for(i=0;i<=byteshift/sizeof(bigint_word_t); ++i){
363 a->wordv[a->length_B+i] = 0;
366 memmove(((uint8_t*)a->wordv)+byteshift, a->wordv, a->length_B*sizeof(bigint_word_t));
367 memset(a->wordv, 0, byteshift);
369 p = (bigint_word_t*)(((uint8_t*)a->wordv)+byteshift);
370 word_alloc = a->length_B+(byteshift+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t)+1;
371 a->wordv[word_alloc-1]=0;
373 for(i=0; i<a->length_B; ++i){
374 t |= ((bigint_wordplus_t)p[i])<<bitshift;
375 p[i] = (bigint_word_t)t;
376 t >>= BIGINT_WORD_SIZE;
378 p[i] = (bigint_word_t)t;
380 a->length_B = word_alloc;
384 /******************************************************************************/
386 void bigint_shiftright(bigint_t* a, uint16_t shift){
390 bigint_wordplus_t t=0;
393 if(byteshift >= a->length_B*sizeof(bigint_word_t)){ /* we would shift out more than we have */
397 if(byteshift == a->length_B*sizeof(bigint_word_t)-1 && bitshift>GET_FBS(a)){
402 memmove(a->wordv, (uint8_t*)a->wordv+byteshift, a->length_B-byteshift);
403 memset((uint8_t*)a->wordv+a->length_B-byteshift, 0, byteshift);
405 byteshift /= sizeof(bigint_word_t);
407 /* shift to the right */
408 for(i=a->length_B-byteshift-1; i>0; --i){
409 t |= ((bigint_wordplus_t)(a->wordv[i]))<<(BIGINT_WORD_SIZE-bitshift);
410 a->wordv[i] = (bigint_word_t)(t>>BIGINT_WORD_SIZE);
411 t <<= BIGINT_WORD_SIZE;
413 t |= ((bigint_wordplus_t)(a->wordv[0]))<<(BIGINT_WORD_SIZE-bitshift);
414 a->wordv[0] = (bigint_word_t)(t>>BIGINT_WORD_SIZE);
416 a->length_B -= ((shift/8)+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
420 /******************************************************************************/
422 void bigint_xor(bigint_t* dest, const bigint_t* a){
424 for(i=0; i<a->length_B; ++i){
425 dest->wordv[i] ^= a->wordv[i];
430 /******************************************************************************/
432 void bigint_set_zero(bigint_t* a){
436 /******************************************************************************/
438 /* using the Karatsuba-Algorithm */
439 /* x*y = (xh*yh)*b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + yh*yl */
440 void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
441 if(a->length_B==0 || b->length_B==0){
442 bigint_set_zero(dest);
445 if(dest==a || dest==b){
447 bigint_word_t d_b[a->length_B+b->length_B];
449 bigint_mul_u(&d, a, b);
450 bigint_copy(dest, &d);
453 if(a->length_B==1 || b->length_B==1){
457 bigint_wordplus_t i, t=0;
458 bigint_word_t x = a->wordv[0];
459 for(i=0; i<b->length_B; ++i){
460 t += ((bigint_wordplus_t)b->wordv[i])*((bigint_wordplus_t)x);
461 dest->wordv[i] = (bigint_word_t)t;
462 t>>=BIGINT_WORD_SIZE;
464 dest->wordv[i] = (bigint_word_t)t;
469 if(a->length_B<=4/sizeof(bigint_word_t) && b->length_B<=4/sizeof(bigint_word_t)){
472 memcpy(&p, a->wordv, a->length_B*sizeof(bigint_word_t));
473 memcpy(&q, b->wordv, b->length_B*sizeof(bigint_word_t));
474 r = (uint64_t)p*(uint64_t)q;
475 memcpy(dest->wordv, &r, (a->length_B+b->length_B)*sizeof(bigint_word_t));
476 dest->length_B = a->length_B+b->length_B;
480 bigint_set_zero(dest);
481 /* split a in xh & xl; split b in yh & yl */
483 n=(MAX(a->length_B, b->length_B)+1)/2;
484 bigint_t xl, xh, yl, yh;
490 xl.length_B = a->length_B;
496 xh.wordv = a->wordv+n;
497 xh.length_B = a->length_B-n;
503 yl.length_B = b->length_B;
509 yh.wordv = b->wordv+n;
510 yh.length_B = b->length_B-n;
513 /* now we have split up a and b */
514 bigint_word_t tmp_b[2*n+2], m_b[2*(n+1)];
515 bigint_t tmp, tmp2, m;
517 tmp2.wordv = tmp_b+n+1;
520 bigint_mul_u(dest, &xl, &yl); /* dest <= xl*yl */
521 bigint_add_u(&tmp2, &xh, &xl); /* tmp2 <= xh+xl */
522 bigint_add_u(&tmp, &yh, &yl); /* tmp <= yh+yl */
523 bigint_mul_u(&m, &tmp2, &tmp); /* m <= tmp2*tmp */
524 bigint_mul_u(&tmp, &xh, &yh); /* h <= xh*yh */
525 bigint_sub_u(&m, &m, dest); /* m <= m-dest */
526 bigint_sub_u(&m, &m, &tmp); /* m <= m-h */
527 bigint_add_scale_u(dest, &m, n*sizeof(bigint_word_t));
528 bigint_add_scale_u(dest, &tmp, 2*n*sizeof(bigint_word_t));
531 /******************************************************************************/
533 void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
536 s |= GET_SIGN(b)?1:0;
538 case 0: /* both positive */
539 bigint_mul_u(dest, a,b);
542 case 1: /* a positive, b negative */
543 bigint_mul_u(dest, a,b);
546 case 2: /* a negative, b positive */
547 bigint_mul_u(dest, a,b);
550 case 3: /* both negative */
551 bigint_mul_u(dest, a,b);
554 default: /* how can this happen?*/
559 /******************************************************************************/
562 /* (xh*b^n+xl)^2 = xh^2*b^2n + 2*xh*xl*b^n + xl^2 */
563 void bigint_square(bigint_t* dest, const bigint_t* a){
564 if(a->length_B*sizeof(bigint_word_t)<=4){
566 memcpy(&r, a->wordv, a->length_B*sizeof(bigint_word_t));
568 memcpy(dest->wordv, &r, 2*a->length_B*sizeof(bigint_word_t));
570 dest->length_B=2*a->length_B;
576 bigint_word_t d_b[a->length_B*2];
578 bigint_square(&d, a);
579 bigint_copy(dest, &d);
584 bigint_t xh, xl, tmp; /* x-high, x-low, temp */
585 bigint_word_t buffer[2*n+1];
588 xh.wordv = &(a->wordv[n]);
589 xh.length_B = a->length_B-n;
591 // cli_putstr("\r\nDBG (a): xl: "); bigint_print_hex(&xl);
592 // cli_putstr("\r\nDBG (b): xh: "); bigint_print_hex(&xh);
593 bigint_square(dest, &xl);
594 // cli_putstr("\r\nDBG (1): xl**2: "); bigint_print_hex(dest);
595 bigint_square(&tmp, &xh);
596 // cli_putstr("\r\nDBG (2): xh**2: "); bigint_print_hex(&tmp);
597 bigint_add_scale_u(dest, &tmp, 2*n*sizeof(bigint_word_t));
598 // cli_putstr("\r\nDBG (3): xl**2 + xh**2*n**2: "); bigint_print_hex(dest);
599 bigint_mul_u(&tmp, &xl, &xh);
600 // cli_putstr("\r\nDBG (4): xl*xh: "); bigint_print_hex(&tmp);
601 bigint_shiftleft(&tmp, 1);
602 // cli_putstr("\r\nDBG (5): xl*xh*2: "); bigint_print_hex(&tmp);
603 bigint_add_scale_u(dest, &tmp, n*sizeof(bigint_word_t));
604 // cli_putstr("\r\nDBG (6): x**2: "); bigint_print_hex(dest);
605 // cli_putstr("\r\n");
608 /******************************************************************************/
609 void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale){
611 bigint_word_t tmp_b[b->length_B+4];
612 uint16_t i,j,word_shift=bitscale/(8*sizeof(bigint_word_t));
614 bigint_wordplus_signed_t t;
616 if(a->length_B < b->length_B+word_shift){
617 cli_putstr("\r\nDBG: *bang*\r\n");
622 bigint_copy(&tmp, b);
623 bigint_shiftleft(&tmp, bitscale&(BIGINT_WORD_SIZE-1));
624 // cli_putstr("\r\nDBG(sub_ub.0) tmp_shift = "); bigint_print_hex(&tmp);
625 for(j=0,i=word_shift; i<tmp.length_B+word_shift; ++i, ++j){
629 a->wordv[i] = (bigint_word_t)t;
637 if(i+1 > a->length_B){
638 cli_putstr("\r\nDBG: *boom*\r\n");
642 a->wordv[i] -= borrow;
643 if(a->wordv[i]!=0xff){
651 /******************************************************************************/
653 void bigint_reduce(bigint_t* a, const bigint_t* r){
654 // bigint_adjust((bigint_t*)r);
655 uint8_t rfbs = GET_FBS(r);
657 // cli_putstr("\r\nDBG: (a) = "); bigint_print_hex(a);
658 if(r->length_B==0 || a->length_B==0){
661 if((r->length_B*sizeof(bigint_word_t)<=4) && (a->length_B*sizeof(bigint_word_t)<=4)){
663 memcpy(&p, a->wordv, a->length_B*sizeof(bigint_word_t));
664 memcpy(&q, r->wordv, r->length_B*sizeof(bigint_word_t));
666 memcpy(a->wordv, &p, a->length_B*sizeof(bigint_word_t));
668 // cli_putstr("\r\nDBG: (0) = "); bigint_print_hex(a);
672 while(a->length_B > r->length_B){
673 shift = (a->length_B - r->length_B) * 8 * sizeof(bigint_word_t) + GET_FBS(a) - rfbs - 1;
674 // cli_putstr("\r\nDBG: (p) shift = "); cli_hexdump_rev(&shift, 2);
675 // cli_putstr(" a_len = "); cli_hexdump_rev(&a->length_B, 2);
676 // cli_putstr(" r_len = "); cli_hexdump_rev(&r->length_B, 2);
678 bigint_sub_u_bitscale(a, r, shift);
679 // cli_putstr("\r\nDBG: (1) = "); bigint_print_hex(a);
681 while((GET_FBS(a) > rfbs+1) && (a->length_B == r->length_B)){
682 shift = GET_FBS(a)-rfbs-1;
683 // cli_putstr("\r\nDBG: (q) shift = "); cli_hexdump_rev(&shift, 2);
684 bigint_sub_u_bitscale(a, r, GET_FBS(a)-rfbs-1);
685 // cli_putstr("\r\nDBG: (2) = "); bigint_print_hex(a);
687 while(bigint_cmp_u(a,r)>=0){
689 // cli_putstr("\r\nDBG: (3) = "); bigint_print_hex(a);
692 // cli_putstr("\r\nDBG: (a) = "); bigint_print_hex(a);
693 // cli_putstr("\r\n");
696 /******************************************************************************/
698 /* calculate dest = a**exp % r */
699 /* using square&multiply */
700 void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r){
701 if(a->length_B==0 || r->length_B==0){
706 bigint_word_t t, base_b[MAX(a->length_B,r->length_B*2)], res_b[r->length_B*2];
709 // uint16_t *xaddr = &i;
710 // cli_putstr("\r\npre-alloc (");
711 // cli_hexdump_rev(&xaddr, 4);
712 // cli_putstr(") ...");
715 bigint_copy(&base, a);
716 // cli_putstr("\r\npost-copy");
717 bigint_reduce(&base, r);
721 // cli_putstr("\r\nadjust ");
723 // cli_putstr("\r\nexpmod ");
724 for(i=0; i+1<exp->length_B; ++i){
726 for(j=0; j<BIGINT_WORD_SIZE; ++j){
728 bigint_mul_u(&res, &res, &base);
729 bigint_reduce(&res, r);
731 bigint_square(&base, &base);
732 bigint_reduce(&base, r);
741 bigint_mul_u(&res, &res, &base);
742 bigint_reduce(&res, r);
744 bigint_square(&base, &base);
745 bigint_reduce(&base, r);
749 bigint_copy(dest, &res);
752 /******************************************************************************/
754 #define cli_putstr(a)
755 #define bigint_print_hex(a)
756 #define cli_hexdump_rev(a,b)
757 #define uart_flush(a)
759 /* gcd <-- gcd(x,y) a*x+b*y=gcd */
760 void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y){
761 bigint_t g, x_, y_, u, v, a_, b_, c_, d_;
763 if(x->length_B==0 || y->length_B==0){
766 if(x->length_B==1 && x->wordv[0]==1){
780 if(y->length_B==1 && y->wordv[0]==1){
795 while(x->wordv[i]==0 && y->wordv[i]==0){
798 bigint_word_t g_b[i+2], x_b[x->length_B-i], y_b[y->length_B-i];
799 bigint_word_t u_b[x->length_B-i], v_b[y->length_B-i];
800 bigint_word_t a_b[y->length_B+2], c_b[y->length_B+2];
801 bigint_word_t b_b[x->length_B+2], d_b[x->length_B+2];
806 memset(g_b, 0, i*sizeof(bigint_word_t));
810 x_.info = y_.info = 0;
811 x_.length_B = x->length_B-i;
812 y_.length_B = y->length_B-i;
813 memcpy(x_.wordv, x->wordv+i, x_.length_B*sizeof(bigint_word_t));
814 memcpy(y_.wordv, y->wordv+i, y_.length_B*sizeof(bigint_word_t));
815 for(i=0; (x_.wordv[0]&(1<<i))==0 && (y_.wordv[0]&(1<<i))==0; ++i){
822 bigint_shiftleft(&g, i);
823 bigint_shiftright(&x_, i);
824 bigint_shiftright(&y_, i);
834 bigint_copy(&u, &x_);
835 bigint_copy(&v, &y_);
842 bigint_set_zero(&b_);
843 bigint_set_zero(&c_);
845 cli_putstr("\r\nDBG (gcdext) 0");
846 while((u.wordv[0]&1)==0){
847 cli_putstr("\r\nDBG (gcdext) 0.1");
848 bigint_shiftright(&u, 1);
849 if((a_.wordv[0]&1) || (b_.wordv[0]&1)){
850 bigint_add_s(&a_, &a_, &y_);
851 bigint_sub_s(&b_, &b_, &x_);
853 bigint_shiftright(&a_, 1);
854 bigint_shiftright(&b_, 1);
856 while((v.wordv[0]&1)==0){
857 cli_putstr("\r\nDBG (gcdext) 0.2");
858 bigint_shiftright(&v, 1);
859 if((c_.wordv[0]&1) || (d_.wordv[0]&1)){
860 bigint_add_s(&c_, &c_, &y_);
861 bigint_sub_s(&d_, &d_, &x_);
863 bigint_shiftright(&c_, 1);
864 bigint_shiftright(&d_, 1);
867 if(bigint_cmp_u(&u, &v)>=0){
868 bigint_sub_u(&u, &u, &v);
869 bigint_sub_s(&a_, &a_, &c_);
870 bigint_sub_s(&b_, &b_, &d_);
872 bigint_sub_u(&v, &v, &u);
873 bigint_sub_s(&c_, &c_, &a_);
874 bigint_sub_s(&d_, &d_, &b_);
878 bigint_mul_s(gcd, &v, &g);
888 /******************************************************************************/
890 void bigint_inverse(bigint_t* dest, const bigint_t* a, const bigint_t* m){
891 bigint_gcdext(NULL, dest, NULL, a, m);
892 while(dest->info&BIGINT_NEG_MASK){
893 bigint_add_s(dest, dest, m);
897 /******************************************************************************/
899 void bigint_changeendianess(bigint_t* a){
901 p = (uint8_t*)(a->wordv);
902 q = ((uint8_t*)p)+a->length_B*sizeof(bigint_word_t)-1;
911 /******************************************************************************/
projects / arm-crypto-lib.git / blob