3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * \license GPLv3 or later
32 #include "bigint_io.h"
36 #define MAX(a,b) (((a)>(b))?(a):(b))
40 #define MIN(a,b) (((a)<(b))?(a):(b))
43 #define SET_FBS(a, v) do{(a)->info &=0xF8; (a)->info |= (v);}while(0)
44 #define GET_FBS(a) ((a)->info&BIGINT_FBS_MASK)
45 #define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK
46 #define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK
47 #define XCHG(a,b) do{(a)^=(b); (b)^=(a); (a)^=(b);}while(0)
48 #define XCHG_PTR(a,b) do{ a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \
49 b = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b))); \
50 a = (void*)(((uint16_t)(a)) ^ ((uint16_t)(b)));}while(0)
52 #define GET_SIGN(a) ((a)->info&BIGINT_NEG_MASK)
54 /******************************************************************************/
55 void bigint_adjust(bigint_t* a){
56 while(a->length_B!=0 && a->wordv[a->length_B-1]==0){
65 t = a->wordv[a->length_B-1];
66 while((t&0x80)==0 && i){
73 /******************************************************************************/
75 void bigint_copy(bigint_t* dest, const bigint_t* src){
76 memcpy(dest->wordv, src->wordv, src->length_B);
77 dest->length_B = src->length_B;
78 dest->info = src->info;
81 /******************************************************************************/
83 /* this should be implemented in assembly */
85 void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
87 if(a->length_B < b->length_B){
90 for(i=0; i<b->length_B; ++i){
91 t = a->wordv[i] + b->wordv[i] + t;
92 dest->wordv[i] = (uint8_t)t;
95 for(; i<a->length_B; ++i){
97 dest->wordv[i] = (uint8_t)t;
100 dest->wordv[i++] = t;
105 /******************************************************************************/
107 /* this should be implemented in assembly */
108 void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale){
111 if(scale>dest->length_B)
112 memset(dest->wordv+dest->length_B, 0, scale-dest->length_B);
113 for(i=scale; i<a->length_B+scale; ++i,++j){
115 if(dest->length_B>i){
118 dest->wordv[i] = (uint8_t)t;
122 if(dest->length_B>i){
123 t = dest->wordv[i] + t;
125 dest->wordv[i] = (uint8_t)t;
129 if(dest->length_B < i){
135 /******************************************************************************/
137 /* this should be implemented in assembly */
138 void bigint_sub_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
142 uint16_t i, min, max;
143 min = MIN(a->length_B, b->length_B);
144 max = MAX(a->length_B, b->length_B);
145 r = bigint_cmp_u(a,b);
153 dest->length_B = a->length_B;
154 memcpy(dest->wordv, a->wordv, a->length_B);
155 dest->info = a->info;
160 dest->length_B = b->length_B;
161 memcpy(dest->wordv, b->wordv, b->length_B);
162 dest->info = b->info;
167 bigint_sub_u(dest, b, a);
170 for(i=0; i<min; ++i){
171 t = a->wordv[i] - b->wordv[i] - borrow;
174 dest->wordv[i]=(uint8_t)t;
177 dest->wordv[i]=(uint8_t)t;
181 t = a->wordv[i] - borrow;
184 dest->wordv[i]=(uint8_t)t;
187 dest->wordv[i]=(uint8_t)t;
197 /******************************************************************************/
199 int8_t bigint_cmp_u(const bigint_t* a, const bigint_t* b){
200 if(a->length_B > b->length_B){
203 if(a->length_B < b->length_B){
212 if(a->wordv[i]!=b->wordv[i]){
213 if(a->wordv[i]>b->wordv[i]){
223 /******************************************************************************/
225 void bigint_add_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
228 s |= GET_SIGN(b)?1:0;
230 case 0: /* both positive */
231 bigint_add_u(dest, a,b);
234 case 1: /* a positive, b negative */
235 bigint_sub_u(dest, a, b);
237 case 2: /* a negative, b positive */
238 bigint_sub_u(dest, b, a);
240 case 3: /* both negative */
241 bigint_add_u(dest, a, b);
244 default: /* how can this happen?*/
249 /******************************************************************************/
251 void bigint_sub_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
254 s |= GET_SIGN(b)?1:0;
256 case 0: /* both positive */
257 bigint_sub_u(dest, a,b);
259 case 1: /* a positive, b negative */
260 bigint_add_u(dest, a, b);
263 case 2: /* a negative, b positive */
264 bigint_add_u(dest, a, b);
267 case 3: /* both negative */
268 bigint_sub_u(dest, b, a);
270 default: /* how can this happen?*/
276 /******************************************************************************/
278 int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b){
280 if(a->length_B==0 && b->length_B==0){
284 s |= GET_SIGN(b)?1:0;
286 case 0: /* both positive */
287 return bigint_cmp_u(a, b);
289 case 1: /* a positive, b negative */
292 case 2: /* a negative, b positive */
295 case 3: /* both negative */
296 return bigint_cmp_u(b, a);
298 default: /* how can this happen?*/
301 return 0; /* just to satisfy the compiler */
304 /******************************************************************************/
306 void bigint_shiftleft(bigint_t* a, uint16_t shift){
311 byteshift = (shift+3)/8;
313 memmove(a->wordv+byteshift, a->wordv, a->length_B);
314 memset(a->wordv, 0, byteshift);
316 if(bitshift<=4){ /* shift to the left */
317 for(i=byteshift; i<a->length_B+byteshift; ++i){
318 t |= (a->wordv[i])<<bitshift;
319 a->wordv[i] = (uint8_t)t;
322 a->wordv[i] = (uint8_t)t;
324 }else{ /* shift to the right */
325 for(i=a->length_B+byteshift-1; i>byteshift-1; --i){
326 t |= (a->wordv[i])<<(bitshift);
327 a->wordv[i] = (uint8_t)(t>>8);
330 t |= (a->wordv[i])<<(bitshift);
331 a->wordv[i] = (uint8_t)(t>>8);
334 a->length_B += byteshift;
338 /******************************************************************************/
340 void bigint_shiftright(bigint_t* a, uint16_t shift){
347 if(byteshift >= a->length_B){ /* we would shift out more than we have */
351 if(byteshift == a->length_B-1 && bitshift>GET_FBS(a)){
356 memmove(a->wordv, a->wordv+byteshift, a->length_B-byteshift);
357 memset(a->wordv+a->length_B-byteshift, 0, byteshift);
360 /* shift to the right */
361 for(i=a->length_B-byteshift-1; i>0; --i){
362 t |= (a->wordv[i])<<(8-bitshift);
363 a->wordv[i] = (uint8_t)(t>>8);
366 t |= (a->wordv[0])<<(8-bitshift);
367 a->wordv[0] = (uint8_t)(t>>8);
369 a->length_B -= byteshift;
373 /******************************************************************************/
375 void bigint_xor(bigint_t* dest, const bigint_t* a){
377 for(i=0; i<a->length_B; ++i){
378 dest->wordv[i] ^= a->wordv[i];
383 /******************************************************************************/
385 void bigint_set_zero(bigint_t* a){
389 /******************************************************************************/
391 /* using the Karatsuba-Algorithm */
392 /* x*y = (xh*yh)*b**2n + ((xh+xl)*(yh+yl) - xh*yh - xl*yl)*b**n + yh*yl */
393 void bigint_mul_u(bigint_t* dest, const bigint_t* a, const bigint_t* b){
394 if(dest==a || dest==b){
396 uint8_t d_b[a->length_B+b->length_B];
398 bigint_mul_u(&d, a, b);
399 bigint_copy(dest, &d);
402 if(a->length_B==0 || b->length_B==0){
403 bigint_set_zero(dest);
406 if(a->length_B==1 || b->length_B==1){
411 uint8_t x = a->wordv[0];
412 for(i=0; i<b->length_B; ++i){
414 dest->wordv[i] = (uint8_t)t;
417 dest->wordv[i] = (uint8_t)t;
422 if(a->length_B<=4 && b->length_B<=4){
425 memcpy(&p, a->wordv, a->length_B);
426 memcpy(&q, b->wordv, b->length_B);
427 r = (uint64_t)p*(uint64_t)q;
428 memcpy(dest->wordv, &r, a->length_B+b->length_B);
429 dest->length_B = a->length_B+b->length_B;
433 bigint_set_zero(dest);
434 /* split a in xh & xl; split b in yh & yl */
436 n=(MAX(a->length_B, b->length_B)+1)/2;
437 bigint_t xl, xh, yl, yh;
443 xl.length_B = a->length_B;
449 xh.wordv = a->wordv+n;
450 xh.length_B = a->length_B-n;
456 yl.length_B = b->length_B;
462 yh.wordv = b->wordv+n;
463 yh.length_B = b->length_B-n;
466 /* now we have split up a and b */
467 uint8_t tmp_b[2*n+2], m_b[2*(n+1)];
468 bigint_t tmp, tmp2, m;
470 tmp2.wordv = tmp_b+n+1;
473 bigint_mul_u(dest, &xl, &yl); /* dest <= xl*yl */
474 bigint_add_u(&tmp2, &xh, &xl); /* tmp2 <= xh+xl */
475 bigint_add_u(&tmp, &yh, &yl); /* tmp <= yh+yl */
476 bigint_mul_u(&m, &tmp2, &tmp); /* m <= tmp2*tmp */
477 bigint_mul_u(&tmp, &xh, &yh); /* h <= xh*yh */
478 bigint_sub_u(&m, &m, dest); /* m <= m-dest */
479 bigint_sub_u(&m, &m, &tmp); /* m <= m-h */
480 bigint_add_scale_u(dest, &m, n);
481 bigint_add_scale_u(dest, &tmp, 2*n);
484 /******************************************************************************/
486 void bigint_mul_s(bigint_t* dest, const bigint_t* a, const bigint_t* b){
489 s |= GET_SIGN(b)?1:0;
491 case 0: /* both positive */
492 bigint_mul_u(dest, a,b);
495 case 1: /* a positive, b negative */
496 bigint_mul_u(dest, a,b);
499 case 2: /* a negative, b positive */
500 bigint_mul_u(dest, a,b);
503 case 3: /* both negative */
504 bigint_mul_u(dest, a,b);
507 default: /* how can this happen?*/
512 /******************************************************************************/
515 /* (xh*b^n+xl)^2 = xh^2*b^2n + 2*xh*xl*b^n + xl^2 */
516 void bigint_square(bigint_t* dest, const bigint_t* a){
519 memcpy(&r, a->wordv, a->length_B);
521 memcpy(dest->wordv, &r, 2*a->length_B);
523 dest->length_B=2*a->length_B;
529 uint8_t d_b[a->length_B*2];
531 bigint_square(&d, a);
532 bigint_copy(dest, &d);
537 bigint_t xh, xl, tmp; /* x-high, x-low, temp */
538 uint8_t buffer[2*n+1];
541 xh.wordv = a->wordv+n;
542 xh.length_B = a->length_B-n;
544 bigint_square(dest, &xl);
545 bigint_square(&tmp, &xh);
546 bigint_add_scale_u(dest, &tmp, 2*n);
547 bigint_mul_u(&tmp, &xl, &xh);
548 bigint_shiftleft(&tmp, 1);
549 bigint_add_scale_u(dest, &tmp, n);
552 /******************************************************************************/
554 void bigint_sub_u_bitscale(bigint_t* a, const bigint_t* b, uint16_t bitscale){
556 uint8_t tmp_b[b->length_B+1];
557 uint16_t i,j,byteshift=bitscale/8;
561 if(a->length_B < b->length_B+byteshift){
562 cli_putstr_P(PSTR("\r\nERROR: bigint_sub_u_bitscale result negative"));
568 bigint_copy(&tmp, b);
569 bigint_shiftleft(&tmp, bitscale&7);
571 for(j=0,i=byteshift; i<tmp.length_B+byteshift; ++i, ++j){
572 t = a->wordv[i] - tmp.wordv[j] - borrow;
573 a->wordv[i] = (uint8_t)t;
581 if(i+1 > a->length_B){
582 cli_putstr_P(PSTR("\r\nERROR: bigint_sub_u_bitscale result negative (2) shift="));
583 cli_hexdump_rev(&bitscale, 2);
587 a->wordv[i] -= borrow;
588 if(a->wordv[i]!=0xff){
596 /******************************************************************************/
598 void bigint_reduce(bigint_t* a, const bigint_t* r){
599 uint8_t rfbs = GET_FBS(r);
601 cli_putstr_P(PSTR("\r\nreduce "));
603 cli_putstr_P(PSTR(" % "));
605 cli_putstr_P(PSTR("\r\n"));
611 while(a->length_B > r->length_B){
612 bigint_sub_u_bitscale(a, r, (a->length_B-r->length_B)*8+GET_FBS(a)-rfbs-1);
615 while((GET_FBS(a) > rfbs+1) && (a->length_B == r->length_B)){
616 bigint_sub_u_bitscale(a, r, GET_FBS(a)-rfbs-1);
619 while(bigint_cmp_u(a,r)>=0){
625 /******************************************************************************/
627 /* calculate dest = a**exp % r */
628 /* using square&multiply */
629 void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, const bigint_t* r){
630 bigint_t tmp, tmp2, x;
631 uint8_t x_b[MAX(r->length_B, a->length_B)], tmp_b[r->length_B*2], tmp2_b[r->length_B*2];
638 bigint_reduce(&x, r);
639 bigint_copy(&tmp, &x);
640 if(a->length_B==0 || exp->length_B==0 || r->length_B==0){
644 if(exp->wordv[i]!=1){
645 for(j=1<<(GET_FBS(exp)-1); j>0; j>>=1){
647 bigint_square(&tmp2, &tmp);
648 bigint_reduce(&tmp2, r);
651 bigint_mul_u(&tmp, &tmp2, &x);
652 bigint_reduce(&tmp, r);
654 bigint_copy(&tmp, &tmp2);
659 for(j=0x80; j>0; j>>=1){
661 bigint_square(&tmp2, &tmp);
662 bigint_reduce(&tmp2, r);
665 bigint_mul_u(&tmp, &tmp2, &x);
666 bigint_reduce(&tmp, r);
668 bigint_copy(&tmp, &tmp2);
672 // cli_putstr_P(PSTR("\r\n"));
673 bigint_copy(dest, &tmp);
676 /******************************************************************************/
677 /* gcd <-- gcd(x,y) a*x+b*y=gcd */
678 void bigint_gcdext(bigint_t* gcd, bigint_t* a, bigint_t* b, const bigint_t* x, const bigint_t* y){
679 bigint_t g, x_, y_, u, v, a_, b_, c_, d_;
680 volatile uint16_t i=0;
681 if(x->length_B==0 || y->length_B==0){
684 while(x->wordv[i]==0 && y->wordv[i]==0){
687 uint8_t g_b[i+2], x_b[x->length_B-i], y_b[y->length_B-i];
688 uint8_t u_b[x->length_B-i], v_b[y->length_B-i];
689 uint8_t a_b[y->length_B+2], c_b[y->length_B+2];
690 uint8_t b_b[x->length_B+2], d_b[x->length_B+2];
699 x_.info = y_.info = 0;
700 x_.length_B = x->length_B-i;
701 y_.length_B = y->length_B-i;
702 memcpy(x_.wordv, x->wordv+i, x_.length_B);
703 memcpy(y_.wordv, y->wordv+i, y_.length_B);
704 for(i=0; (x_.wordv[0]&(1<<i))==0 && (y_.wordv[0]&(1<<i))==0; ++i){
708 cli_putstr_P(PSTR("\r\nDBG: initshift = "));
709 cli_hexdump_rev(&i, 2);
715 bigint_shiftleft(&g, i);
717 cli_putstr_P(PSTR("\r\nDBG: initshift (2) = "));
718 cli_hexdump_rev(&i, 2);
719 cli_putstr_P(PSTR("\r\n x' = "));
720 bigint_print_hex(&x_);
721 cli_putstr_P(PSTR("\r\n y' = "));
722 bigint_print_hex(&y_);
724 bigint_shiftright(&x_, i);
725 bigint_shiftright(&y_, i);
727 cli_putstr_P(PSTR("\r\n x' = "));
728 bigint_print_hex(&x_);
729 cli_putstr_P(PSTR("\r\n y' = "));
730 bigint_print_hex(&y_);
740 bigint_copy(&u, &x_);
741 bigint_copy(&v, &y_);
748 bigint_set_zero(&b_);
749 bigint_set_zero(&c_);
752 cli_putstr_P(PSTR("\r\n while u%2==0; u = "));
753 bigint_print_hex(&u);
754 cli_putstr_P(PSTR("\r\nDBG: (10) a = "));
755 bigint_print_hex(&a_);
756 cli_putstr_P(PSTR("\r\nDBG: (10) b = "));
757 bigint_print_hex(&b_);
758 cli_putstr_P(PSTR("\r\nDBG: (10) c = "));
759 bigint_print_hex(&c_);
760 cli_putstr_P(PSTR("\r\nDBG: (10) d = "));
761 bigint_print_hex(&d_);
763 while((u.wordv[0]&1)==0){
764 bigint_shiftright(&u, 1);
765 if((a_.wordv[0]&1) || (b_.wordv[0]&1)){
766 bigint_add_s(&a_, &a_, &y_);
767 bigint_sub_s(&b_, &b_, &x_);
769 bigint_shiftright(&a_, 1);
770 bigint_shiftright(&b_, 1);
773 cli_putstr_P(PSTR("\r\n while v%2==0; v = "));
774 bigint_print_hex(&v);
775 cli_putstr_P(PSTR("\r\nDBG: (20) a = "));
776 bigint_print_hex(&a_);
777 cli_putstr_P(PSTR("\r\nDBG: (20) b = "));
778 bigint_print_hex(&b_);
779 cli_putstr_P(PSTR("\r\nDBG: (20) c = "));
780 bigint_print_hex(&c_);
781 cli_putstr_P(PSTR("\r\nDBG: (20) d = "));
782 bigint_print_hex(&d_);
784 while((v.wordv[0]&1)==0){
785 bigint_shiftright(&v, 1);
786 if((c_.wordv[0]&1) || (d_.wordv[0]&1)){
787 bigint_add_s(&c_, &c_, &y_);
788 bigint_sub_s(&d_, &d_, &x_);
790 bigint_shiftright(&c_, 1);
791 bigint_shiftright(&d_, 1);
795 cli_putstr_P(PSTR("\r\n if u>=v ..."));
796 cli_putstr_P(PSTR("\r\nDBG: (30) a = "));
797 bigint_print_hex(&a_);
798 cli_putstr_P(PSTR("\r\nDBG: (30) b = "));
799 bigint_print_hex(&b_);
800 cli_putstr_P(PSTR("\r\nDBG: (30) c = "));
801 bigint_print_hex(&c_);
802 cli_putstr_P(PSTR("\r\nDBG: (30) d = "));
803 bigint_print_hex(&d_);
805 if(bigint_cmp_u(&u, &v)>=0){
806 bigint_sub_u(&u, &u, &v);
807 bigint_sub_s(&a_, &a_, &c_);
808 bigint_sub_s(&b_, &b_, &d_);
810 bigint_sub_u(&v, &v, &u);
811 bigint_sub_s(&c_, &c_, &a_);
812 bigint_sub_s(&d_, &d_, &b_);
816 cli_putstr_P(PSTR("\r\nDBG: u negative! u = "));
817 bigint_print_hex(&u);
820 cli_putstr_P(PSTR("\r\nDBG: v negative! v = "));
821 bigint_print_hex(&v);
825 cli_putstr_P(PSTR("\r\nDBG: (2) a = "));
826 bigint_print_hex(&a_);
827 cli_putstr_P(PSTR("\r\nDBG: (2) b = "));
828 bigint_print_hex(&b_);
829 cli_putstr_P(PSTR("\r\nDBG: (2) c = "));
830 bigint_print_hex(&c_);
831 cli_putstr_P(PSTR("\r\nDBG: (2) d = "));
832 bigint_print_hex(&d_);
836 bigint_mul_s(gcd, &v, &g);
846 /******************************************************************************/
848 void bigint_inverse(bigint_t* dest, bigint_t* a, bigint_t* m){
849 bigint_gcdext(NULL, dest, NULL, a, m);
850 while(dest->info&BIGINT_NEG_MASK){
851 bigint_add_s(dest, dest, m);
projects / avr-crypto-lib.git / blob