3 This file is part of the ARM-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * \license GPLv3 or later
30 #define STRING(x) STRING2(x)
31 #define STR_LINE STRING(__LINE__)
41 #include "bigint_io.h"
46 #define MAX(a,b) (((a)>(b))?(a):(b))
50 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
53 #define SET_FBS(a, v) do {(a)->info &= ~BIGINT_FBS_MASK; (a)->info |= (v);} while(0)
54 #define GET_FBS(a) ((a)->info & BIGINT_FBS_MASK)
55 #define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK
56 #define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK
57 #define XCHG(a,b) do{(a) ^= (b); (b) ^= (a); (a) ^= (b);} while(0)
58 #define XCHG_PTR(a,b) do{ a = (void*)(((intptr_t)(a)) ^ ((intptr_t)(b))); \
59 b = (void*)(((intptr_t)(a)) ^ ((intptr_t)(b))); \
60 a = (void*)(((intptr_t)(a)) ^ ((intptr_t)(b)));} while(0)
62 #define GET_SIGN(a) ((a)->info & BIGINT_NEG_MASK)
64 /******************************************************************************/
65 void bigint_adjust(bigint_t *a){
66 while (a->length_W != 0 && a->wordv[a->length_W - 1] == 0) {
69 if (a->length_W == 0) {
74 uint8_t i = BIGINT_WORD_SIZE - 1;
75 t = a->wordv[a->length_W - 1];
76 while ((t & (((bigint_word_t)1) << (BIGINT_WORD_SIZE - 1))) == 0 && i) {
83 /******************************************************************************/
85 bigint_length_t bigint_length_b(const bigint_t *a){
86 if(!a->length_W || a->length_W==0){
89 return (a->length_W-1) * BIGINT_WORD_SIZE + GET_FBS(a);
92 /******************************************************************************/
94 bigint_length_t bigint_length_B(const bigint_t *a){
95 return a->length_W * sizeof(bigint_word_t);
98 /******************************************************************************/
100 uint32_t bigint_get_first_set_bit(const bigint_t *a){
101 if(a->length_W == 0) {
102 return (uint32_t)(-1);
104 return (a->length_W-1) * sizeof(bigint_word_t) * CHAR_BIT + GET_FBS(a);
108 /******************************************************************************/
110 uint32_t bigint_get_last_set_bit(const bigint_t *a){
115 return (uint32_t)(-1);
117 while(a->wordv[r]==0 && r<a->length_W){
120 if(a->wordv[r] == 0){
121 return (uint32_t)(-1);
123 while((x&a->wordv[r])==0){
127 return r*BIGINT_WORD_SIZE+b;
130 /******************************************************************************/
132 void bigint_copy(bigint_t *dest, const bigint_t *src){
133 if(dest->wordv != src->wordv){
134 memcpy(dest->wordv, src->wordv, src->length_W * sizeof(bigint_word_t));
136 dest->length_W = src->length_W;
137 dest->info = src->info;
140 /******************************************************************************/
142 /* this should be implemented in assembly */
143 void bigint_add_u(bigint_t *dest, const bigint_t *a, const bigint_t *b){
145 bigint_wordplus_t t = 0LL;
146 if (a->length_W < b->length_W) {
149 for(i = 0; i < b->length_W; ++i) {
152 dest->wordv[i] = (bigint_word_t)t;
153 t >>= BIGINT_WORD_SIZE;
155 for(; i < a->length_W; ++i){
157 dest->wordv[i] = (bigint_word_t)t;
158 t >>= BIGINT_WORD_SIZE;
161 dest->wordv[i++] = (bigint_word_t)t;
168 /******************************************************************************/
170 /* this should be implemented in assembly */
171 void bigint_add_scale_u(bigint_t *dest, const bigint_t *a, bigint_length_t scale){
172 if(a->length_W == 0){
176 bigint_add_u(dest, dest, a);
180 #if BIGINT_WORD_SIZE == 8
181 memset(dest->wordv + dest->length_W, 0, MAX(dest->length_W, a->length_W + scale) - dest->length_W);
182 x.wordv = dest->wordv + scale;
183 x.length_W = dest->length_W - scale;
184 if((int16_t)x.length_W < 0){
190 bigint_add_u(&x, &x, a);
191 dest->length_W = x.length_W + scale;
196 bigint_length_t word_shift = scale / sizeof(bigint_word_t), byte_shift = scale % sizeof(bigint_word_t);
197 bigint_word_t bv[a->length_W + 1];
199 bv[0] = bv[a->length_W] = 0;
200 memcpy((uint8_t*)bv + byte_shift, a->wordv, a->length_W * sizeof(bigint_word_t));
201 s.length_W = a->length_W + 1;
203 memset(dest->wordv + dest->length_W, 0, (MAX(dest->length_W, s.length_W + word_shift) - dest->length_W) * sizeof(bigint_word_t));
204 x.wordv = dest->wordv + word_shift;
205 x.length_W = dest->length_W - word_shift;
206 if((int16_t)x.length_W < 0){
212 bigint_add_u(&x, &x, &s);
213 dest->length_W = x.length_W + word_shift;
219 /******************************************************************************/
221 /* this should be implemented in assembly */
222 void bigint_sub_u(bigint_t *dest, const bigint_t *a, const bigint_t *b){
225 bigint_wordplus_signed_t t = 0;
227 if(b->length_W == 0){
228 bigint_copy(dest, a);
232 if(a->length_W == 0){
233 bigint_copy(dest, b);
237 r = bigint_cmp_u(a,b);
239 bigint_set_zero(dest);
243 bigint_sub_u(dest, b, a);
247 for(i = 0; i < a->length_W; ++i){
253 dest->wordv[i] = (bigint_word_t)t;
254 borrow = t < 0 ? 1 : 0;
261 /******************************************************************************/
263 int8_t bigint_cmp_u(const bigint_t *a, const bigint_t *b){
264 if(a->length_W > b->length_W){
267 if(a->length_W < b->length_W){
270 if(a->length_W == 0){
276 if(a->wordv[i] != b->wordv[i]){
277 if(a->wordv[i] > b->wordv[i]){
287 /******************************************************************************/
289 void bigint_add_s(bigint_t *dest, const bigint_t *a, const bigint_t *b){
292 s |= GET_SIGN(b)?1:0;
294 case 0: /* both positive */
295 bigint_add_u(dest, a,b);
298 case 1: /* a positive, b negative */
299 bigint_sub_u(dest, a, b);
301 case 2: /* a negative, b positive */
302 bigint_sub_u(dest, b, a);
304 case 3: /* both negative */
305 bigint_add_u(dest, a, b);
308 default: /* how can this happen?*/
313 /******************************************************************************/
315 void bigint_sub_s(bigint_t *dest, const bigint_t *a, const bigint_t *b){
318 s |= GET_SIGN(b)?1:0;
320 case 0: /* both positive */
321 bigint_sub_u(dest, a,b);
323 case 1: /* a positive, b negative */
324 bigint_add_u(dest, a, b);
327 case 2: /* a negative, b positive */
328 bigint_add_u(dest, a, b);
331 case 3: /* both negative */
332 bigint_sub_u(dest, b, a);
334 default: /* how can this happen?*/
340 /******************************************************************************/
342 int8_t bigint_cmp_s(const bigint_t *a, const bigint_t *b){
344 if(a->length_W==0 && b->length_W==0){
348 s |= GET_SIGN(b)?1:0;
350 case 0: /* both positive */
351 return bigint_cmp_u(a, b);
353 case 1: /* a positive, b negative */
356 case 2: /* a negative, b positive */
359 case 3: /* both negative */
360 return bigint_cmp_u(b, a);
362 default: /* how can this happen?*/
365 return 0; /* just to satisfy the compiler */
368 /******************************************************************************/
370 void bigint_shiftleft(bigint_t *a, bigint_length_t shift){
371 bigint_length_t byteshift, words_to_shift;
375 bigint_wordplus_t t = 0;
380 byteshift = shift / 8;
381 bitshift = shift & 7;
382 if (byteshift % sizeof(bigint_word_t)) {
383 a->wordv[a->length_W + byteshift / sizeof(bigint_t)] = 0;
386 memmove(((uint8_t*)a->wordv) + byteshift, a->wordv, a->length_W * sizeof(bigint_word_t));
387 memset(a->wordv, 0, byteshift);
390 a->length_W += (byteshift + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
394 p = &a->wordv[byteshift / sizeof(bigint_word_t)];
395 words_to_shift = a->length_W + (byteshift % sizeof(bigint_word_t) ? 1 : 0);
396 for (i = 0; i < words_to_shift; ++i) {
397 t |= ((bigint_wordplus_t)p[i]) << bitshift;
398 p[i] = (bigint_word_t)t;
399 t >>= BIGINT_WORD_SIZE;
402 p[i] = (bigint_word_t)t;
405 a->length_W += (byteshift + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
409 /******************************************************************************/
411 void bigint_shiftright(bigint_t *a, bigint_length_t shift){
412 bigint_length_t byteshift;
415 bigint_wordplus_t t = 0;
416 byteshift = shift / 8;
417 bitshift = shift & 7;
419 if(bigint_get_first_set_bit(a) < shift){ /* we would shift out more than we have */
425 memmove(a->wordv, (uint8_t*)a->wordv + byteshift, a->length_W * sizeof(bigint_word_t) - byteshift);
426 memset((uint8_t*)&a->wordv[a->length_W] - byteshift, 0, byteshift);
429 a->length_W -= byteshift / sizeof(bigint_word_t);
431 if(bitshift != 0 && a->length_W){
432 /* shift to the right */
435 t |= ((bigint_wordplus_t)(a->wordv[i])) << (BIGINT_WORD_SIZE - bitshift);
436 a->wordv[i] = (bigint_word_t)(t >> BIGINT_WORD_SIZE);
437 t <<= BIGINT_WORD_SIZE;
443 /******************************************************************************/
445 void bigint_xor(bigint_t *dest, const bigint_t *a){
447 for(i=0; i<a->length_W; ++i){
448 dest->wordv[i] ^= a->wordv[i];
453 /******************************************************************************/
455 void bigint_set_zero(bigint_t *a){
459 /******************************************************************************/
461 /* using the Karatsuba-Algorithm */
462 /* x*y = (xh*yh)*b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + yh*yl */
463 void bigint_mul_u(bigint_t *dest, const bigint_t *a, const bigint_t *b){
464 if(a->length_W == 0 || b->length_W == 0){
465 bigint_set_zero(dest);
468 if(dest == a || dest == b){
470 bigint_word_t d_b[a->length_W + b->length_W];
472 bigint_mul_u(&d, a, b);
473 bigint_copy(dest, &d);
476 if(a->length_W == 1 || b->length_W == 1){
477 if(a->length_W != 1){
480 bigint_wordplus_t t = 0;
482 bigint_word_t x = a->wordv[0];
483 for(i=0; i < b->length_W; ++i){
484 t += ((bigint_wordplus_t)b->wordv[i]) * ((bigint_wordplus_t)x);
485 dest->wordv[i] = (bigint_word_t)t;
486 t >>= BIGINT_WORD_SIZE;
490 dest->wordv[i] = (bigint_word_t)t;
497 if(a->length_W * sizeof(bigint_word_t) <= 4 && b->length_W * sizeof(bigint_word_t) <= 4){
500 memcpy(&p, a->wordv, a->length_W*sizeof(bigint_word_t));
501 memcpy(&q, b->wordv, b->length_W*sizeof(bigint_word_t));
502 r = (uint64_t)p * (uint64_t)q;
503 memcpy(dest->wordv, &r, (dest->length_W = a->length_W + b->length_W)*sizeof(bigint_word_t));
507 /* split a in xh & xl; split b in yh & yl */
508 const bigint_length_t n = (MAX(a->length_W, b->length_W)+1)/2;
509 bigint_t xl, xh, yl, yh;
513 bigint_set_zero(&xh);
514 xl.length_W = a->length_W;
520 xh.wordv = &(a->wordv[n]);
521 xh.length_W = a->length_W-n;
525 bigint_set_zero(&yh);
526 yl.length_W = b->length_W;
532 yh.wordv = &(b->wordv[n]);
533 yh.length_W = b->length_W-n;
536 /* now we have split up a and b */
537 /* remember we want to do:
538 * x*y = (xh * b**n + xl) * (yh * b**n + yl)
539 * = (xh * yh) * b**2n + xh * b**n * yl + yh * b**n * xl + xl * yl
540 * = (xh * yh) * b**2n + (xh * yl + yh * xl) * b**n + xl *yl
541 * // xh * yl + yh * xl = (xh + yh) * (xl + yl) - xh * yh - xl * yl
542 * x*y = (xh * yh) * b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + xl*yl
543 * 5 9 2 4 3 7 5 6 1 8 1
545 bigint_word_t tmp_b[2 * n + 2], m_b[2 * (n + 1)];
546 bigint_t tmp, tmp2, m;
548 tmp2.wordv = &(tmp_b[n + 1]);
551 bigint_mul_u(dest, &xl, &yl); /* 1: dest <= xl*yl */
552 bigint_add_u(&tmp2, &xh, &xl); /* 2: tmp2 <= xh+xl */
553 bigint_add_u(&tmp, &yh, &yl); /* 3: tmp <= yh+yl */
554 bigint_mul_u(&m, &tmp2, &tmp); /* 4: m <= tmp2*tmp */
555 bigint_mul_u(&tmp, &xh, &yh); /* 5: tmp <= xh*yh */
556 bigint_sub_u(&m, &m, dest); /* 6: m <= m-dest */
557 bigint_sub_u(&m, &m, &tmp); /* 7: m <= m-tmp */
558 bigint_add_scale_u(dest, &m, n * sizeof(bigint_word_t)); /* 8: dest <= dest+m**n*/
559 bigint_add_scale_u(dest, &tmp, 2 * n * sizeof(bigint_word_t)); /* 9: dest <= dest+tmp**(2*n) */
562 /******************************************************************************/
564 void bigint_mul_s(bigint_t *dest, const bigint_t *a, const bigint_t *b){
567 s |= GET_SIGN(b)?1:0;
569 case 0: /* both positive */
570 bigint_mul_u(dest, a,b);
573 case 1: /* a positive, b negative */
574 bigint_mul_u(dest, a,b);
577 case 2: /* a negative, b positive */
578 bigint_mul_u(dest, a,b);
581 case 3: /* both negative */
582 bigint_mul_u(dest, a,b);
585 default: /* how can this happen?*/
590 /******************************************************************************/
594 unsigned square_depth = 0;
598 /* (xh*b^n+xl)^2 = xh^2*b^2n + 2*xh*xl*b^n + xl^2 */
599 void bigint_square(bigint_t *dest, const bigint_t *a){
600 if(a->length_W * sizeof(bigint_word_t) <= 4){
602 memcpy(&r, a->wordv, a->length_W * sizeof(bigint_word_t));
604 memcpy(dest->wordv, &r, 2 * a->length_W * sizeof(bigint_word_t));
606 dest->length_W = 2 * a->length_W;
611 if(dest->wordv == a->wordv){
613 bigint_word_t d_b[a->length_W*2];
615 bigint_square(&d, a);
616 bigint_copy(dest, &d);
619 bigint_fast_square(dest, a);
627 bigint_t xh, xl, tmp; /* x-high, x-low, temp */
628 bigint_word_t buffer[2*n+1];
632 xh.wordv = &(a->wordv[n]);
633 xh.length_W = a->length_W-n;
637 /* (xh * b**n + xl)**2 = xh**2 * b**2n + 2 * xh * xl * b**n + xl**2 */
639 if(square_depth == 1){
640 cli_putstr("\r\nDBG (a): xl: "); bigint_print_hex(&xl);
641 cli_putstr("\r\nDBG (b): xh: "); bigint_print_hex(&xh);
644 bigint_square(dest, &xl);
646 if(square_depth == 1){
647 cli_putstr("\r\nDBG (1): xl**2: "); bigint_print_hex(dest);
650 bigint_square(&tmp, &xh);
652 if(square_depth == 1){
653 cli_putstr("\r\nDBG (2): xh**2: "); bigint_print_hex(&tmp);
656 bigint_add_scale_u(dest, &tmp, 2 * n * sizeof(bigint_word_t));
658 if(square_depth == 1){
659 cli_putstr("\r\nDBG (3): xl**2 + xh**2*n**2: "); bigint_print_hex(dest);
662 bigint_mul_u(&tmp, &xl, &xh);
664 if(square_depth == 1){
665 cli_putstr("\r\nDBG (4): xl*xh: "); bigint_print_hex(&tmp);
668 bigint_shiftleft(&tmp, 1);
670 if(square_depth == 1){
671 cli_putstr("\r\nDBG (5): xl*xh*2: "); bigint_print_hex(&tmp);
674 bigint_add_scale_u(dest, &tmp, n * sizeof(bigint_word_t));
676 if(square_depth == 1){
677 cli_putstr("\r\nDBG (6): x**2: "); bigint_print_hex(dest);
686 /******************************************************************************/
688 void bigint_square(bigint_t *dest, const bigint_t *a) {
689 union __attribute__((packed)) {
691 bigint_wordplus_t uv;
693 bigint_word_t q, c1, c2;
694 bigint_length_t i, j;
696 if(a->length_W * sizeof(bigint_word_t) <= 4){
698 memcpy(&r, a->wordv, a->length_W * sizeof(bigint_word_t));
700 memcpy(dest->wordv, &r, 2 * a->length_W * sizeof(bigint_word_t));
702 dest->length_W = 2 * a->length_W;
707 if(dest->wordv == a->wordv){
709 bigint_word_t d_b[a->length_W * 2];
711 bigint_square(&d, a);
712 bigint_copy(dest, &d);
716 memset(dest->wordv, 0, a->length_W * 2 * sizeof(bigint_word_t));
718 for (i = 0; i < a->length_W; ++i) {
719 acc.uv = (bigint_wordplus_t)a->wordv[i] * (bigint_wordplus_t)a->wordv[i] + (bigint_wordplus_t)dest->wordv[2 * i];
720 dest->wordv[2 * i] = acc.u[0];
723 for (j = i + 1; j < a->length_W; ++j) {
724 acc.uv = (bigint_wordplus_t)a->wordv[i] * (bigint_wordplus_t)a->wordv[j];
725 q = acc.u[1] >> (BIGINT_WORD_SIZE - 1);
727 acc.uv += dest->wordv[i + j];
728 q += (acc.uv < dest->wordv[i + j]);
731 dest->wordv[i + j] = acc.u[0];
732 c1 = (bigint_wordplus_t)acc.u[1] + c2;
735 dest->wordv[i + a->length_W] += c1;
736 if (i < a->length_W - 1) {
737 dest->wordv[i + a->length_W + 1] = c2 + (dest->wordv[i + a->length_W] < c1);
741 dest->length_W = 2 * a->length_W;
745 /******************************************************************************/
747 void bigint_sub_u_bitscale(bigint_t *a, const bigint_t *b, bigint_length_t bitscale){
749 bigint_word_t tmp_b[b->length_W + 1];
750 const bigint_length_t word_shift = bitscale / BIGINT_WORD_SIZE;
752 if (a->length_W < b->length_W + word_shift) {
754 cli_putstr("\r\nDBG: *bang*\r\n");
760 bigint_copy(&tmp, b);
761 bigint_shiftleft(&tmp, bitscale % BIGINT_WORD_SIZE);
764 x.wordv = &(a->wordv[word_shift]);
765 x.length_W = a->length_W - word_shift;
767 bigint_sub_u(&x, &x, &tmp);
772 /******************************************************************************/
774 void bigint_reduce(bigint_t *a, const bigint_t *r){
775 uint8_t rfbs = GET_FBS(r);
776 if (r->length_W == 0 || a->length_W == 0) {
780 if (bigint_length_b(a) + 3 > bigint_length_b(r)) {
781 if ((r->length_W * sizeof(bigint_word_t) <= 4) && (a->length_W * sizeof(bigint_word_t) <= 4)) {
782 uint32_t p = 0, q = 0;
783 memcpy(&p, a->wordv, a->length_W * sizeof(bigint_word_t));
784 memcpy(&q, r->wordv, r->length_W * sizeof(bigint_word_t));
786 memcpy(a->wordv, &p, a->length_W * sizeof(bigint_word_t));
787 a->length_W = r->length_W;
792 while (a->length_W > r->length_W) {
793 shift = (a->length_W - r->length_W) * CHAR_BIT * sizeof(bigint_word_t) + GET_FBS(a) - rfbs - 1;
794 bigint_sub_u_bitscale(a, r, shift);
796 while ((GET_FBS(a) > rfbs) && (a->length_W == r->length_W)) {
797 shift = GET_FBS(a) - rfbs - 1;
798 bigint_sub_u_bitscale(a, r, shift);
801 while (bigint_cmp_u(a, r) >= 0) {
802 bigint_sub_u(a, a, r);
807 /******************************************************************************/
809 /* calculate dest = a**exp % r */
810 /* using square&multiply */
811 void bigint_expmod_u_sam(bigint_t *dest, const bigint_t *a, const bigint_t *exp, const bigint_t *r){
812 if(a->length_W == 0){
813 bigint_set_zero(dest);
818 bigint_word_t t, base_w[MAX(a->length_W, r->length_W)], res_w[r->length_W * 2];
823 bigint_copy(&base, a);
824 bigint_reduce(&base, r);
829 if(exp->length_W == 0){
830 bigint_copy(dest, &res);
833 bigint_copy(&res, &base);
835 t = exp->wordv[exp->length_W - 1];
836 for (i = exp->length_W; i > 0; --i) {
837 t = exp->wordv[i - 1];
838 for (j = BIGINT_WORD_SIZE; j > 0; --j) {
840 if (t & (((bigint_word_t)1) << (BIGINT_WORD_SIZE - 1))) {
844 bigint_square(&res, &res);
845 bigint_reduce(&res, r);
846 if(t & (((bigint_word_t)1) << (BIGINT_WORD_SIZE - 1))){
847 bigint_mul_u(&res, &res, &base);
848 bigint_reduce(&res, r);
856 bigint_copy(dest, &res);
859 /******************************************************************************/
860 /* gcd <-- gcd(x,y) a*x+b*y=gcd */
861 void bigint_gcdext(bigint_t *gcd, bigint_t *a, bigint_t *b, const bigint_t *x, const bigint_t *y){
862 bigint_length_t i = 0;
863 if(x->length_W == 0 || y->length_W == 0){
865 bigint_set_zero(gcd);
875 if(x->length_W == 1 && x->wordv[0] == 1){
892 if(y->length_W == 1 && y->wordv[0] == 1){
910 while(x->wordv[i] == 0 && y->wordv[i] == 0){
913 bigint_word_t g_b[i + 2], x_b[x->length_W - i], y_b[y->length_W - i];
914 bigint_word_t u_b[x->length_W - i], v_b[y->length_W - i];
915 bigint_word_t a_b[y->length_W + 2], c_b[y->length_W + 2];
916 bigint_word_t b_b[x->length_W + 2], d_b[x->length_W + 2];
917 bigint_t g, x_, y_, u, v, a_, b_, c_, d_;
922 memset(g_b, 0, i * sizeof(bigint_word_t));
926 x_.info = y_.info = 0;
927 x_.length_W = x->length_W - i;
928 y_.length_W = y->length_W - i;
929 memcpy(x_.wordv, x->wordv + i, x_.length_W * sizeof(bigint_word_t));
930 memcpy(y_.wordv, y->wordv + i, y_.length_W * sizeof(bigint_word_t));
931 for(i = 0; (x_.wordv[0] & (1 << i)) == 0 && (y_.wordv[0] & (1 << i)) == 0; ++i){
938 bigint_shiftleft(&g, i);
939 bigint_shiftright(&x_, i);
940 bigint_shiftright(&y_, i);
950 bigint_copy(&u, &x_);
951 bigint_copy(&v, &y_);
958 bigint_set_zero(&b_);
959 bigint_set_zero(&c_);
961 while ((u.wordv[0] & 1) == 0) {
962 bigint_shiftright(&u, 1);
963 if((a_.wordv[0] & 1) || (b_.wordv[0] & 1)){
964 bigint_add_s(&a_, &a_, &y_);
965 bigint_sub_s(&b_, &b_, &x_);
967 bigint_shiftright(&a_, 1);
968 bigint_shiftright(&b_, 1);
970 while ((v.wordv[0] & 1) == 0) {
971 bigint_shiftright(&v, 1);
972 if((c_.wordv[0] & 1) || (d_.wordv[0] & 1)){
973 bigint_add_s(&c_, &c_, &y_);
974 bigint_sub_s(&d_, &d_, &x_);
976 bigint_shiftright(&c_, 1);
977 bigint_shiftright(&d_, 1);
979 if(bigint_cmp_u(&u, &v) >= 0){
980 bigint_sub_u(&u, &u, &v);
981 bigint_sub_s(&a_, &a_, &c_);
982 bigint_sub_s(&b_, &b_, &d_);
984 bigint_sub_u(&v, &v, &u);
985 bigint_sub_s(&c_, &c_, &a_);
986 bigint_sub_s(&d_, &d_, &b_);
990 bigint_mul_s(gcd, &v, &g);
1000 /******************************************************************************/
1002 void bigint_inverse(bigint_t *dest, const bigint_t *a, const bigint_t *m){
1003 bigint_gcdext(NULL, dest, NULL, a, m);
1004 while(dest->info&BIGINT_NEG_MASK){
1005 bigint_add_s(dest, dest, m);
1009 /******************************************************************************/
1011 void bigint_changeendianess(bigint_t *a){
1013 p = (uint8_t*)(a->wordv);
1014 q = p + a->length_W * sizeof(bigint_word_t) - 1;
1023 /******************************************************************************/
1025 void bigint_mul_word_u(bigint_t *a, bigint_word_t b){
1026 bigint_wordplus_t c0 = 0, c1 = 0;
1034 for(i = 0; i < a->length_W; ++i){
1035 c1 = ((bigint_wordplus_t)(a->wordv[i])) * ((bigint_wordplus_t)b);
1037 a->wordv[i] = (bigint_word_t)c1;
1038 c0 = c1 >> BIGINT_WORD_SIZE;
1041 a->wordv[a->length_W] = (bigint_word_t)c0;
1047 /******************************************************************************/
1050 void bigint_clip(bigint_t *dest, bigint_length_t length_W){
1051 if(dest->length_W > length_W){
1052 dest->length_W = length_W;
1054 bigint_adjust(dest);
1056 /******************************************************************************/
1060 * dest = (a * b) % m (?)
1063 void bigint_mont_mul(bigint_t *dest, const bigint_t *a, const bigint_t *b, const bigint_t *m, const bigint_t *m_){
1064 const bigint_length_t s = MAX(MAX(a->length_W, b->length_W), m->length_W);
1066 bigint_word_t u_w[s + 2], t_w[s + 2];
1069 if (a->length_W == 0 || b->length_W == 0) {
1070 bigint_set_zero(dest);
1077 for (i = 0; i < a->length_W; ++i) {
1079 bigint_mul_word_u(&t, a->wordv[i]);
1080 bigint_add_u(&u, &u, &t);
1081 bigint_copy(&t, m_);
1082 if (u.length_W != 0) {
1083 bigint_mul_word_u(&t, u.wordv[0]);
1084 bigint_add_u(&u, &u, &t);
1086 bigint_shiftright(&u, BIGINT_WORD_SIZE);
1088 for (; i < s; ++i) {
1089 bigint_copy(&t, m_);
1090 if (u.length_W != 0) {
1091 bigint_mul_word_u(&t, u.wordv[0]);
1092 bigint_add_u(&u, &u, &t);
1094 bigint_shiftright(&u, BIGINT_WORD_SIZE);
1096 bigint_reduce(&u, m);
1097 bigint_copy(dest, &u);
1100 /******************************************************************************/
1102 void bigint_mont_red(bigint_t *dest, const bigint_t *a, const bigint_t *m, const bigint_t *m_){
1104 bigint_length_t i, s = MAX(a->length_W, m->length_W);
1105 bigint_word_t u_w[s + 2], t_w[s + 2];
1109 if (a->length_W == 0) {
1110 bigint_set_zero(dest);
1114 for (i = 0; i < m->length_W; ++i) {
1115 bigint_copy(&t, m_);
1116 if (u.length_W != 0) {
1117 bigint_mul_word_u(&t, u.wordv[0]);
1118 bigint_add_u(&u, &u, &t);
1120 bigint_shiftright(&u, BIGINT_WORD_SIZE);
1122 bigint_reduce(&u, m);
1123 bigint_copy(dest, &u);
1126 /******************************************************************************/
1128 * m_ = m * (- m0^-1 (mod 2^W))
1130 void bigint_mont_gen_m_(bigint_t* dest, const bigint_t* m){
1131 bigint_word_t x_w[2], m_w_0[1];
1135 bigint_print_hex(m);
1138 if (m->length_W == 0) {
1139 bigint_set_zero(dest);
1142 if ((m->wordv[0] & 1) == 0) {
1143 printf_P(PSTR("ERROR: m must not be even, m = "));
1144 bigint_print_hex(m);
1157 m_0.wordv[0] = m->wordv[0];
1159 bigint_adjust(&m_0);
1162 bigint_print_hex(&m_0);
1164 bigint_print_hex(&x);
1167 bigint_inverse(dest, &m_0, &x);
1169 printf("\nm0^-1 = ");
1170 bigint_print_hex(dest);
1173 bigint_sub_s(&x, &x, dest);
1175 printf("\n-m0^-1 = ");
1176 bigint_print_hex(&x);
1179 bigint_copy(dest, m);
1180 bigint_mul_word_u(dest, x.wordv[0]);
1183 /******************************************************************************/
1186 * dest = a * R mod m
1188 void bigint_mont_trans(bigint_t *dest, const bigint_t *a, const bigint_t *m){
1190 bigint_word_t t_w[a->length_W + m->length_W];
1193 memset(t_w, 0, m->length_W * sizeof(bigint_word_t));
1194 memcpy(&t_w[m->length_W], a->wordv, a->length_W * sizeof(bigint_word_t));
1196 t.length_W = a->length_W + m->length_W;
1197 bigint_reduce(&t, m);
1198 bigint_copy(dest, &t);
1201 /******************************************************************************/
1203 /* calculate dest = a**exp % r */
1204 /* using square&multiply */
1205 void bigint_expmod_u_mont_accel(bigint_t *dest, const bigint_t *a, const bigint_t *exp, const bigint_t *r, const bigint_t *m_){
1206 if(r->length_W == 0) {
1210 bigint_length_t s = r->length_W;
1212 bigint_word_t t, res_w[r->length_W * 2], ax_w[MAX(s, a->length_W)];
1222 bigint_adjust(&res);
1223 if (exp->length_W == 0) {
1224 bigint_copy(dest, &res);
1227 bigint_copy(&ax, a);
1228 bigint_reduce(&ax, r);
1229 bigint_mont_trans(&ax, &ax, r);
1230 bigint_mont_trans(&res, &res, r);
1232 t = exp->wordv[exp->length_W - 1];
1233 for (i = exp->length_W; i > 0; --i) {
1234 t = exp->wordv[i - 1];
1235 for(j = BIGINT_WORD_SIZE; j > 0; --j){
1237 if(t & (((bigint_wordplus_t)1) << (BIGINT_WORD_SIZE - 1))){
1242 bigint_square(&res, &res);
1243 bigint_mont_red(&res, &res, r, m_);
1244 if (t & (((bigint_wordplus_t)1) << (BIGINT_WORD_SIZE - 1))) {
1245 bigint_mont_mul(&res, &res, &ax, r, m_);
1252 bigint_mont_red(dest, &res, r, m_);
1255 /******************************************************************************/
1257 void bigint_expmod_u_mont_sam(bigint_t *dest, const bigint_t *a, const bigint_t *exp, const bigint_t *r){
1258 if(r->length_W == 0) {
1261 if(a->length_W == 0) {
1262 bigint_set_zero(dest);
1266 bigint_word_t m_w_[r->length_W + 1];
1268 bigint_mont_gen_m_(&m_, r);
1269 bigint_expmod_u_mont_accel(dest, a, exp, r,&m_);
1272 /******************************************************************************/
1276 void bigint_expmod_u(bigint_t *dest, const bigint_t *a, const bigint_t *exp, const bigint_t *r){
1277 if (r->wordv[0] & 1) {
1278 bigint_expmod_u_mont_sam(dest, a, exp, r);
1280 bigint_expmod_u_sam(dest, a, exp, r);
projects / avr-crypto-lib.git / blob