3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * \license GPLv3 or later
33 #define MAX(a,b) (((a)>(b))?(a):(b))
37 #define MIN(a,b) (((a)<(b))?(a):(b))
40 #define SET_FBS(a, v) do{(a)->info &=0xF8; (a)->info |= (v);}while(0)
41 #define GET_FBS(a) ((a)->info&BIGINT_FBS_MASK)
42 #define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK
43 #define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK
44 #define XCHG(a,b) do{(a)^=(b); (b)^=(a); (a)^=(b);}while(0)
45 #define XCHG_PTR(a,b) do{ a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \
46 b = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \
47 a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b)));}while(0)
49 #define GET_SIGN(a) ((a)->info&BIGINT_NEG_MASK)
51 /******************************************************************************/
52 void bigint_adjust(bigint_t* a){
53 while(a->length_B!=0 && a->wordv[a->length_B-1]==0){
62 t = a->wordv[a->length_B-1];
63 while((t&0x80)==0 && i){
70 /******************************************************************************/
72 void bigint_copy(bigint_t* dest, const bigint_t* src){
73 memcpy(dest->wordv, src->wordv, src->length_B);
74 dest->length_B = src->length_B;
75 dest->info = src->info;
78 /******************************************************************************/
80 /* this should be implemented in assembly */
82 void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
84 if(a->length_B < b->length_B){
87 for(i=0; i<b->length_B; ++i){
88 t = a->wordv[i] + b->wordv[i] + t;
89 dest->wordv[i] = (uint8_t)t;
92 for(; i<a->length_B; ++i){
94 dest->wordv[i] = (uint8_t)t;
102 /******************************************************************************/
104 /* this should be implemented in assembly */
105 void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale){
108 if(scale>dest->length_B)
109 memset(dest->wordv+dest->length_B, 0, scale-dest->length_B);
110 for(i=scale; i<a->length_B+scale; ++i,++j){
112 if(dest->length_B>i){
115 dest->wordv[i] = (uint8_t)t;
119 if(dest->length_B>i){
120 t = dest->wordv[i] + t;
122 dest->wordv[i] = (uint8_t)t;
126 if(dest->length_B < i){
132 /******************************************************************************/
134 /* this should be implemented in assembly */
135 void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
139 uint16_t i, min, max;
140 min = MIN(a->length_B, b->length_B);
141 max = MAX(a->length_B, b->length_B);
142 r = bigint_cmp_u(a,b);
150 dest->length_B = a->length_B;
151 memcpy(dest->wordv, a->wordv, a->length_B);
152 dest->info = a->info;
157 dest->length_B = b->length_B;
158 memcpy(dest->wordv, b->wordv, b->length_B);
159 dest->info = b->info;
164 bigint_sub_u(dest, b, a);
167 for(i=0; i<min; ++i){
168 t = a->wordv[i] - b->wordv[i] - borrow;
171 dest->wordv[i]=(uint8_t)t;
174 dest->wordv[i]=(uint8_t)t;
178 t = a->wordv[i] - borrow;
181 dest->wordv[i]=(uint8_t)t;
184 dest->wordv[i]=(uint8_t)t;
194 /******************************************************************************/
196 int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
197 if(a->length_B > b->length_B){
200 if(a->length_B < b->length_B){
209 if(a->wordv[i]!=b->wordv[i]){
210 if(a->wordv[i]>b->wordv[i]){
220 /******************************************************************************/
222 void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
225 s |= GET_SIGN(b)?1:0;
227 case 0: /* both positive */
228 bigint_add_u(dest, a,b);
231 case 1: /* a positive, b negative */
232 bigint_sub_u(dest, a, b);
234 case 2: /* a negative, b positive */
235 bigint_sub_u(dest, b, a);
237 case 3: /* both negative */
238 bigint_add_u(dest, a, b);
241 default: /* how can this happen?*/
246 /******************************************************************************/
248 void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
251 s |= GET_SIGN(b)?1:0;
253 case 0: /* both positive */
254 bigint_sub_u(dest, a,b);
256 case 1: /* a positive, b negative */
257 bigint_add_u(dest, a, b);
260 case 2: /* a negative, b positive */
261 bigint_add_u(dest, a, b);
264 case 3: /* both negative */
265 bigint_sub_u(dest, b, a);
267 default: /* how can this happen?*/
273 /******************************************************************************/
275 int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b){
277 if(a->length_B==0 && b->length_B==0){
281 s |= GET_SIGN(b)?1:0;
283 case 0: /* both positive */
284 return bigint_cmp_u(a, b);
286 case 1: /* a positive, b negative */
289 case 2: /* a negative, b positive */
292 case 3: /* both negative */
293 return bigint_cmp_u(b, a);
295 default: /* how can this happen?*/
298 return 0; /* just to satisfy the compiler */
301 /******************************************************************************/
303 void bigint_shiftleft(bigint_t* a, uint16_t shift){
308 byteshift = (shift+3)/8;
310 memmove(a->wordv+byteshift, a->wordv, a->length_B);
311 memset(a->wordv, 0, byteshift);
313 if(bitshift<=4){ /* shift to the left */
314 for(i=byteshift; i<a->length_B+byteshift; ++i){
315 t |= (a->wordv[i])<<bitshift;
316 a->wordv[i] = (uint8_t)t;
319 a->wordv[i] = (uint8_t)t;
321 }else{ /* shift to the right */
322 for(i=a->length_B+byteshift-1; i>byteshift-1; --i){
323 t |= (a->wordv[i])<<(bitshift);
324 a->wordv[i] = (uint8_t)(t>>8);
327 t |= (a->wordv[i])<<(bitshift);
328 a->wordv[i] = (uint8_t)(t>>8);
331 a->length_B += byteshift;
335 /******************************************************************************/
337 void bigint_shiftright(bigint_t* a, uint16_t shift){
344 if(byteshift >= a->length_B){ /* we would shift out more than we have */
348 if(byteshift == a->length_B-1 && bitshift>GET_FBS(a)){
353 memmove(a->wordv, a->wordv+byteshift, a->length_B-byteshift);
354 memset(a->wordv+a->length_B-byteshift, 0, byteshift);
357 /* shift to the right */
358 for(i=a->length_B-byteshift-1; i>0; --i){
359 t |= (a->wordv[i])<<(8-bitshift);
360 a->wordv[i] = (uint8_t)(t>>8);
363 t |= (a->wordv[0])<<(8-bitshift);
364 a->wordv[0] = (uint8_t)(t>>8);
366 a->length_B -= byteshift;
370 /******************************************************************************/
372 void bigint_xor(bigint_t* dest, const bigint_t* a){
374 for(i=0; i<a->length_B; ++i){
375 dest->wordv[i] ^= a->wordv[i];
380 /******************************************************************************/
382 void bigint_set_zero(bigint_t* a){
386 /******************************************************************************/
388 /* using the Karatsuba-Algorithm */
389 /* x*y = (xh*yh)*b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + yh*yl */
390 void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
391 if(dest==a || dest==b){
393 uint8_t d_b[a->length_B+b->length_B];
395 bigint_mul_u(&d, a, b);
396 bigint_copy(dest, &d);
399 if(a->length_B==0 || b->length_B==0){
400 bigint_set_zero(dest);
403 if(a->length_B==1 || b->length_B==1){
408 uint8_t x = a->wordv[0];
409 for(i=0; i<b->length_B; ++i){
411 dest->wordv[i] = (uint8_t)t;
414 dest->wordv[i] = (uint8_t)t;
419 if(a->length_B<=4 && b->length_B<=4){
422 memcpy(&p, a->wordv, a->length_B);
423 memcpy(&q, b->wordv, b->length_B);
424 r = (uint64_t)p*(uint64_t)q;
425 memcpy(dest->wordv, &r, a->length_B+b->length_B);
426 dest->length_B = a->length_B+b->length_B;
430 bigint_set_zero(dest);
431 /* split a in xh & xl; split b in yh & yl */
433 n=(MAX(a->length_B, b->length_B)+1)/2;
434 bigint_t xl, xh, yl, yh;
440 xl.length_B = a->length_B;
446 xh.wordv = a->wordv+n;
447 xh.length_B = a->length_B-n;
453 yl.length_B = b->length_B;
459 yh.wordv = b->wordv+n;
460 yh.length_B = b->length_B-n;
463 /* now we have split up a and b */
464 uint8_t tmp_b[2*n+2], m_b[2*(n+1)];
465 bigint_t tmp, tmp2, m;
467 tmp2.wordv = tmp_b+n+1;
470 bigint_mul_u(dest, &xl, &yl); /* dest <= xl*yl */
471 bigint_add_u(&tmp2, &xh, &xl); /* tmp2 <= xh+xl */
472 bigint_add_u(&tmp, &yh, &yl); /* tmp <= yh+yl */
473 bigint_mul_u(&m, &tmp2, &tmp); /* m <= tmp2*tmp */
474 bigint_mul_u(&tmp, &xh, &yh); /* h <= xh*yh */
475 bigint_sub_u(&m, &m, dest); /* m <= m-dest */
476 bigint_sub_u(&m, &m, &tmp); /* m <= m-h */
477 bigint_add_scale_u(dest, &m, n);
478 bigint_add_scale_u(dest, &tmp, 2*n);
481 /******************************************************************************/
483 void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
486 s |= GET_SIGN(b)?1:0;
488 case 0: /* both positive */
489 bigint_mul_u(dest, a,b);
492 case 1: /* a positive, b negative */
493 bigint_mul_u(dest, a,b);
496 case 2: /* a negative, b positive */
497 bigint_mul_u(dest, a,b);
500 case 3: /* both negative */
501 bigint_mul_u(dest, a,b);
504 default: /* how can this happen?*/
509 /******************************************************************************/
512 /* (xh*b^n+xl)^2 = xh^2*b^2n + 2*xh*xl*b^n + xl^2 */
513 void bigint_square(bigint_t* dest, const bigint_t* a){
516 memcpy(&r, a->wordv, a->length_B);
518 memcpy(dest->wordv, &r, 2*a->length_B);
520 dest->length_B=2*a->length_B;
526 uint8_t d_b[a->length_B*2];
528 bigint_square(&d, a);
529 bigint_copy(dest, &d);
534 bigint_t xh, xl, tmp; /* x-high, x-low, temp */
535 uint8_t buffer[2*n+1];
538 xh.wordv = a->wordv+n;
539 xh.length_B = a->length_B-n;
541 bigint_square(dest, &xl);
542 bigint_square(&tmp, &xh);
543 bigint_add_scale_u(dest, &tmp, 2*n);
544 bigint_mul_u(&tmp, &xl, &xh);
545 bigint_shiftleft(&tmp, 1);
546 bigint_add_scale_u(dest, &tmp, n);
549 /******************************************************************************/
551 void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale){
553 uint8_t tmp_b[b->length_B+1];
554 uint16_t i,j,byteshift=bitscale/8;
558 if(a->length_B < b->length_B+byteshift){
564 bigint_copy(&tmp, b);
565 bigint_shiftleft(&tmp, bitscale&7);
567 for(j=0,i=byteshift; i<tmp.length_B+byteshift; ++i, ++j){
568 t = a->wordv[i] - tmp.wordv[j] - borrow;
569 a->wordv[i] = (uint8_t)t;
577 if(i+1 > a->length_B){
578 cli_hexdump_rev(&bitscale, 2);
582 a->wordv[i] -= borrow;
583 if(a->wordv[i]!=0xff){
591 /******************************************************************************/
593 void bigint_reduce(bigint_t* a, const bigint_t* r){
594 uint8_t rfbs = GET_FBS(r);
599 while(a->length_B > r->length_B){
600 bigint_sub_u_bitscale(a, r, (a->length_B-r->length_B)*8+GET_FBS(a)-rfbs-1);
603 while((GET_FBS(a) > rfbs+1) && (a->length_B == r->length_B)){
604 bigint_sub_u_bitscale(a, r, GET_FBS(a)-rfbs-1);
607 while(bigint_cmp_u(a,r)>=0){
613 /******************************************************************************/
615 /* calculate dest = a**exp % r */
616 /* using square&multiply */
617 void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r){
618 bigint_t tmp, tmp2, x;
619 uint8_t x_b[MAX(r->length_B, a->length_B)], tmp_b[r->length_B*2], tmp2_b[r->length_B*2];
626 bigint_reduce(&x, r);
627 bigint_copy(&tmp, &x);
628 if(a->length_B==0 || exp->length_B==0 || r->length_B==0){
632 if(exp->wordv[i]!=1){
633 for(j=1<<(GET_FBS(exp)-1); j>0; j>>=1){
634 bigint_square(&tmp2, &tmp);
635 bigint_reduce(&tmp2, r);
637 bigint_mul_u(&tmp, &tmp2, &x);
638 bigint_reduce(&tmp, r);
640 bigint_copy(&tmp, &tmp2);
645 for(j=0x80; j>0; j>>=1){
646 bigint_square(&tmp2, &tmp);
647 bigint_reduce(&tmp2, r);
649 bigint_mul_u(&tmp, &tmp2, &x);
650 bigint_reduce(&tmp, r);
652 bigint_copy(&tmp, &tmp2);
656 bigint_copy(dest, &tmp);
659 /******************************************************************************/
660 /* gcd <-- gcd(x,y) a*x+b*y=gcd */
661 void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y){
662 bigint_t g, x_, y_, u, v, a_, b_, c_, d_;
663 volatile uint16_t i=0;
664 if(x->length_B==0 || y->length_B==0){
667 while(x->wordv[i]==0 && y->wordv[i]==0){
670 uint8_t g_b[i+2], x_b[x->length_B-i], y_b[y->length_B-i];
671 uint8_t u_b[x->length_B-i], v_b[y->length_B-i];
672 uint8_t a_b[y->length_B+2], c_b[y->length_B+2];
673 uint8_t b_b[x->length_B+2], d_b[x->length_B+2];
682 x_.info = y_.info = 0;
683 x_.length_B = x->length_B-i;
684 y_.length_B = y->length_B-i;
685 memcpy(x_.wordv, x->wordv+i, x_.length_B);
686 memcpy(y_.wordv, y->wordv+i, y_.length_B);
687 for(i=0; (x_.wordv[0]&(1<<i))==0 && (y_.wordv[0]&(1<<i))==0; ++i){
694 bigint_shiftleft(&g, i);
695 bigint_shiftright(&x_, i);
696 bigint_shiftright(&y_, i);
705 bigint_copy(&u, &x_);
706 bigint_copy(&v, &y_);
713 bigint_set_zero(&b_);
714 bigint_set_zero(&c_);
716 while((u.wordv[0]&1)==0){
717 bigint_shiftright(&u, 1);
718 if((a_.wordv[0]&1) || (b_.wordv[0]&1)){
719 bigint_add_s(&a_, &a_, &y_);
720 bigint_sub_s(&b_, &b_, &x_);
722 bigint_shiftright(&a_, 1);
723 bigint_shiftright(&b_, 1);
725 while((v.wordv[0]&1)==0){
726 bigint_shiftright(&v, 1);
727 if((c_.wordv[0]&1) || (d_.wordv[0]&1)){
728 bigint_add_s(&c_, &c_, &y_);
729 bigint_sub_s(&d_, &d_, &x_);
731 bigint_shiftright(&c_, 1);
732 bigint_shiftright(&d_, 1);
735 if(bigint_cmp_u(&u, &v)>=0){
736 bigint_sub_u(&u, &u, &v);
737 bigint_sub_s(&a_, &a_, &c_);
738 bigint_sub_s(&b_, &b_, &d_);
740 bigint_sub_u(&v, &v, &u);
741 bigint_sub_s(&c_, &c_, &a_);
742 bigint_sub_s(&d_, &d_, &b_);
746 bigint_mul_s(gcd, &v, &g);
756 /******************************************************************************/
758 void bigint_inverse(bigint_t* dest, bigint_t* a, bigint_t* m){
759 bigint_gcdext(NULL, dest, NULL, a, m);
760 while(dest->info&BIGINT_NEG_MASK){
761 bigint_add_s(dest, dest, m);
projects / avr-crypto-lib.git / blob