]> git.saurik.com Git - apple/security.git/blob - libsecurity_cryptkit/lib/giantIntegers.c
projects / apple / security.git / blob
? search:


087323a364de53d8737b753884179dad0b0336a3
[apple/security.git] / libsecurity_cryptkit / lib / giantIntegers.c
1 /* Copyright (c) 1998 Apple Computer, Inc. All rights reserved.
2 *
3 * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
4 * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
5 * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE
6 * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER,
7 * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
8 * EXPOSE YOU TO LIABILITY.
9 ***************************************************************************
10
11 giantIntegers.c - library for large-integer arithmetic.
12
13 Revision History
14 ----------------
15 12/04/98 dmitch/R. Crandall
16 Fixed a==b bug in addg().
17 10/06/98 ap
18 Changed to compile with C++.
19 13 Apr 98 Fixed shiftright(1) bug in modg_via_recip.
20 09 Apr 98 Doug Mitchell at Apple
21 Major rewrite of core arithmetic routines to make this module
22 independent of size of giantDigit.
23 Removed idivg() and radixdiv().
24 20 Jan 98 Doug Mitchell at Apple
25 Deleted FFT arithmetic; simplified mulg().
26 09 Jan 98 Doug Mitchell and Richard Crandall at Apple
27 gshiftright() optimization.
28 08 Jan 98 Doug Mitchell at Apple
29 newGiant() returns NULL on malloc failure
30 24 Dec 97 Doug Mitchell and Richard Crandall at Apple
31 New grammarSquare(); optimized modg_via_recip()
32 11 Jun 97 Doug Mitchell and Richard Crandall at Apple
33 Added modg_via_recip(), divg_via_recip(), make_recip()
34 Added new multiple giant stack mechanism
35 Fixed potential packing/alignment bug in copyGiant()
36 Added profiling for borrowGiant(), returnGiant()
37 Deleted obsolete ifdef'd code
38 Deleted newgiant()
39 All calls to borrowGiant() now specify required size (no more
40 borrowGiant(0) calls)
41 08 May 97 Doug Mitchell at Apple
42 Changed size of giantstruct.n to 1 for Mac build
43 05 Feb 97 Doug Mitchell at Apple
44 newGiant() no longer modifies CurrentMaxShorts or giant stack
45 Added modg profiling
46 01 Feb 97 Doug Mitchell at NeXT
47 Added iszero() check in gcompg
48 17 Jan 97 Richard Crandall, Doug Mitchell at NeXT
49 Fixed negation bug in gmersennemod()
50 Fixed n[words-1] == 0 bug in extractbits()
51 Cleaned up lots of static declarations
52 19 Sep 96 Doug Mitchell at NeXT
53 Fixed --size underflow bug in normal_subg().
54 4 Sep 96 Doug Mitchell at NeXT
55 Fixed (b<n), (sign<0) case in gmersennemod() to allow for arbitrary n.
56 9 Aug 96 Doug Mitchell at NeXT
57 Fixed sign-extend bug in data_to_giant().
58 7 Aug 96 Doug Mitchell at NeXT
59 Changed precision in newtondivide().
60 Removed #ifdef UNUSED code.
61 24 Jul 96 Doug Mitchell at NeXT
62 Added scompg().
63 1991 Richard Crandall at NeXT
64 Created.
65
66 */
67
68 #include <stdio.h>
69 #include <stdlib.h>
70 #include <string.h>
71 #include "platform.h"
72 #include "giantIntegers.h"
73 #include "feeDebug.h"
74 #include "ckconfig.h"
75 #include "ellipticMeasure.h"
76 #include "falloc.h"
77 #include "giantPortCommon.h"
78
79 #ifdef FEE_DEBUG
80 #if (GIANT_LOG2_BITS_PER_DIGIT == 4)
81 #warning Compiling with two-byte giantDigits
82 #endif
83 #endif
84
85
86 #if FEE_DEBUG
87 char printbuf1[200];
88 char printbuf2[200];
89 char printbuf3[200];
90 void printGiantBuf(giant x)
91 {
92 int i;
93
94 sprintf(printbuf2, "sign=%d cap=%d n[]=", x->sign, x->capacity);
95 for(i=0; i<abs(x->sign); i++) {
96 sprintf(printbuf3 + 10*i, "%u:", x->n[i]);
97 }
98 }
99
100 char printbuf4[200];
101 char printbuf5[200];
102 void printGiantBuf2(giant x)
103 {
104 int i;
105
106 sprintf(printbuf4, "sign=%d cap=%d n[]=", x->sign, x->capacity);
107 for(i=0; i<abs(x->sign); i++) {
108 sprintf(printbuf5 + 10*i, "%u:", x->n[i]);
109 }
110 }
111 #endif /* FEE_DEBUG */
112
113 /******** debugging flags *********/
114
115 /*
116 * Flag use of unoptimized divg, modg, binvg
117 */
118 //#define WARN_UNOPTIMIZE FEE_DEBUG
119 #define WARN_UNOPTIMIZE 0
120
121 /*
122 * Log interesting giant stack events
123 */
124 #define LOG_GIANT_STACK 0
125
126 /*
127 * Log allocation of giant larger than stack size
128 */
129 #define LOG_GIANT_STACK_OVERFLOW 1
130
131 /*
132 * Flag newGiant(0) and borrowGiant(0) calls
133 */
134 #define WARN_ZERO_GIANT_SIZE FEE_DEBUG
135
136 /* temp mac-only giant initialization debug */
137 #define GIANT_MAC_DEBUG 0
138 #if GIANT_MAC_DEBUG
139
140 #include <string.h>
141 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
142 #include <TextUtils.h>
143
144 /* this one needs a writable string */
145 static void logCom(unsigned char *str) {
146 c2pstr((char *)str);
147 DebugStr(str);
148 }
149
150 /* constant strings */
151 void dblog0(const char *str) {
152 Str255 outStr;
153 strcpy((char *)outStr, str);
154 logCom(outStr);
155 }
156
157 #else
158 #define dblog0(s)
159
160 #endif /* GIANT_MAC_DEBUG */
161
162 #ifndef min
163 #define min(a,b) ((a)<(b)? (a) : (b))
164 #endif // min
165 #ifndef max
166 #define max(a,b) ((a)>(b)? (a) : (b))
167 #endif // max
168
169 #ifndef TRUE
170 #define TRUE 1
171 #endif // TRUE
172 #ifndef FALSE
173 #define FALSE 0
174 #endif // FALSE
175
176 static void absg(giant g); /* g := |g|. */
177
178 /************** globals *******************/
179
180
181 /* ------ giant stack package ------ */
182
183 /*
184 * The giant stack package is a local cache which allows us to avoid calls
185 * to malloc() for borrowGiant(). On a 90 Mhz Pentium, enabling the
186 * giant stack package shows about a 1.35 speedup factor over an identical
187 * CryptKit without the giant stacks enabled.
188 */
189
190 #if GIANTS_VIA_STACK
191
192 #if LOG_GIANT_STACK
193 #define gstackDbg(x) printf x
194 #else // LOG_GIANT_STACK
195 #define gstackDbg(x)
196 #endif // LOG_GIANT_STACK
197
198 typedef struct {
199 unsigned numDigits; // capacity of giants in this stack
200 unsigned numFree; // number of free giants in stack
201 unsigned totalGiants; // total number in *stack
202 giant *stack;
203 } gstack;
204
205 static gstack *gstacks = NULL; // array of stacks
206 static unsigned numGstacks = 0; // # of elements in gstacks
207 static int gstackInitd = 0; // this module has been init'd
208
209 #define INIT_NUM_GIANTS 16 /* initial # of giants / stack */
210 #define MIN_GIANT_SIZE 4 /* numDigits for gstack[0] */
211 #define GIANT_SIZE_INCR 2 /* in << bits */
212
213 /*
214 * Initialize giant stacks, with up to specified max giant size.
215 */
216 void initGiantStacks(unsigned maxDigits)
217 {
218 unsigned curSize = MIN_GIANT_SIZE;
219 unsigned sz;
220 unsigned i;
221
222 dblog0("initGiantStacks\n");
223
224 if(gstackInitd) {
225 /*
226 * Shouldn't be called more than once...
227 */
228 printf("multiple initGiantStacks calls\n");
229 return;
230 }
231 gstackDbg(("initGiantStacks(%d)\n", maxDigits));
232
233 /*
234 * How many stacks?
235 */
236 numGstacks = 1;
237 while(curSize<=maxDigits) {
238 curSize <<= GIANT_SIZE_INCR;
239 numGstacks++;
240 }
241
242 sz = sizeof(gstack) * numGstacks;
243 gstacks = (gstack*) fmalloc(sz);
244 bzero(gstacks, sz);
245
246 curSize = MIN_GIANT_SIZE;
247 for(i=0; i<numGstacks; i++) {
248 gstacks[i].numDigits = curSize;
249 curSize <<= GIANT_SIZE_INCR;
250 }
251
252 gstackInitd = 1;
253 }
254
255 /* called at shut down - free resources */
256 void freeGiantStacks()
257 {
258 int i;
259 int j;
260 gstack *gs;
261
262 if(!gstackInitd) {
263 return;
264 }
265 for(i=0; i<numGstacks; i++) {
266 gs = &gstacks[i];
267 for(j=0; j<gs->numFree; j++) {
268 freeGiant(gs->stack[j]);
269 gs->stack[j] = NULL;
270 }
271 /* and the stack itself - may be null if this was never used */
272 if(gs->stack != NULL) {
273 ffree(gs->stack);
274 gs->stack = NULL;
275 }
276 }
277 ffree(gstacks);
278 gstacks = NULL;
279 gstackInitd = 0;
280 }
281
282 #endif // GIANTS_VIA_STACK
283
284 giant borrowGiant(unsigned numDigits)
285 {
286 giant result;
287
288 #if GIANTS_VIA_STACK
289
290 unsigned stackNum;
291 gstack *gs = gstacks;
292
293 #if WARN_ZERO_GIANT_SIZE
294 if(numDigits == 0) {
295 printf("borrowGiant(0)\n");
296 numDigits = gstacks[numGstacks-1].numDigits;
297 }
298 #endif // WARN_ZERO_GIANT_SIZE
299
300 /*
301 * Find appropriate stack
302 */
303 if(numDigits <= MIN_GIANT_SIZE)
304 stackNum = 0;
305 else if (numDigits <= (MIN_GIANT_SIZE << GIANT_SIZE_INCR))
306 stackNum = 1;
307 else if (numDigits <= (MIN_GIANT_SIZE << (2 * GIANT_SIZE_INCR)))
308 stackNum = 2;
309 else if (numDigits <= (MIN_GIANT_SIZE << (3 * GIANT_SIZE_INCR)))
310 stackNum = 3;
311 else if (numDigits <= (MIN_GIANT_SIZE << (4 * GIANT_SIZE_INCR)))
312 stackNum = 4;
313 else
314 stackNum = numGstacks;
315
316 if(stackNum >= numGstacks) {
317 /*
318 * out of bounds; just malloc
319 */
320 #if LOG_GIANT_STACK_OVERFLOW
321 gstackDbg(("giantFromStack overflow; numDigits %d\n",
322 numDigits));
323 #endif // LOG_GIANT_STACK_OVERFLOW
324 return newGiant(numDigits);
325 }
326 gs = &gstacks[stackNum];
327
328 #if GIANT_MAC_DEBUG
329 if((gs->numFree != 0) && (gs->stack == NULL)) {
330 dblog0("borrowGiant: null stack!\n");
331 }
332 #endif
333
334 if(gs->numFree != 0) {
335 result = gs->stack[--gs->numFree];
336 }
337 else {
338 /*
339 * Stack empty; malloc
340 */
341 result = newGiant(gs->numDigits);
342 }
343
344 #else /* GIANTS_VIA_STACK */
345
346 result = newGiant(numDigits);
347
348 #endif /* GIANTS_VIA_STACK */
349
350 PROF_INCR(numBorrows);
351 return result;
352 }
353
354 void returnGiant(giant g)
355 {
356
357 #if GIANTS_VIA_STACK
358
359 unsigned stackNum;
360 gstack *gs;
361 unsigned cap = g->capacity;
362
363
364 #if FEE_DEBUG
365 if(!gstackInitd) {
366 CKRaise("returnGiant before stacks initialized!");
367 }
368 #endif // FEE_DEBUG
369
370 #if GIANT_MAC_DEBUG
371 if(g == NULL) {
372 dblog0("returnGiant: null g!\n");
373 }
374 #endif
375
376 /*
377 * Find appropriate stack. Note we expect exact match of
378 * capacity and stack's giant size.
379 */
380 /*
381 * Optimized unrolled loop. Just make sure there are enough cases
382 * to handle all of the stacks. Errors in this case will be flagged
383 * via LOG_GIANT_STACK_OVERFLOW.
384 */
385 switch(cap) {
386 case MIN_GIANT_SIZE:
387 stackNum = 0;
388 break;
389 case MIN_GIANT_SIZE << GIANT_SIZE_INCR:
390 stackNum = 1;
391 break;
392 case MIN_GIANT_SIZE << (2 * GIANT_SIZE_INCR):
393 stackNum = 2;
394 break;
395 case MIN_GIANT_SIZE << (3 * GIANT_SIZE_INCR):
396 stackNum = 3;
397 break;
398 case MIN_GIANT_SIZE << (4 * GIANT_SIZE_INCR):
399 stackNum = 4;
400 break;
401 default:
402 stackNum = numGstacks;
403 break;
404 }
405
406 if(stackNum >= numGstacks) {
407 /*
408 * out of bounds; just free
409 */
410 #if LOG_GIANT_STACK_OVERFLOW
411 gstackDbg(("giantToStack overflow; numDigits %d\n", cap));
412 #endif // LOG_GIANT_STACK_OVERFLOW
413 freeGiant(g);
414 return;
415 }
416 gs = &gstacks[stackNum];
417 if(gs->numFree == gs->totalGiants) {
418 if(gs->totalGiants == 0) {
419 gstackDbg(("Initial alloc of gstack(%d)\n",
420 gs->numDigits));
421 gs->totalGiants = INIT_NUM_GIANTS;
422 }
423 else {
424 gs->totalGiants *= 2;
425 gstackDbg(("Bumping gstack(%d) to %d\n",
426 gs->numDigits, gs->totalGiants));
427 }
428 gs->stack = (giantstruct**) frealloc(gs->stack, gs->totalGiants*sizeof(giant));
429 }
430 g->sign = 0; // not sure this is important...
431 gs->stack[gs->numFree++] = g;
432
433 #if GIANT_MAC_DEBUG
434 if((gs->numFree != 0) && (gs->stack == NULL)) {
435 dblog0("borrowGiant: null stack!\n");
436 }
437 #endif
438
439 #else /* GIANTS_VIA_STACK */
440
441 freeGiant(g);
442
443 #endif /* GIANTS_VIA_STACK */
444 }
445
446 void freeGiant(giant x) {
447 ffree(x);
448 }
449
450 giant newGiant(unsigned numDigits) {
451 // giant sufficient for 2^numbits+16 sized ops
452 int size;
453 giant result;
454
455 #if WARN_ZERO_GIANT_SIZE
456 if(numDigits == 0) {
457 printf("newGiant(0)\n");
458 #if GIANTS_VIA_STACK
459 numDigits = gstacks[numGstacks-1].totalGiants;
460 #else
461 /* HACK */
462 numDigits = 20;
463 #endif
464 }
465 #endif // WARN_ZERO_GIANT_SIZE
466
467 size = (numDigits-1) * GIANT_BYTES_PER_DIGIT + sizeof(giantstruct);
468 result = (giant)fmalloc(size);
469 if(result == NULL) {
470 return NULL;
471 }
472 result->sign = 0;
473 result->capacity = numDigits;
474 return result;
475 }
476
477 giant copyGiant(giant x)
478 {
479 int bytes;
480
481 giant result = newGiant(x->capacity);
482
483 /*
484 * 13 Jun 1997
485 * NO! this assumes packed alignment
486 */
487 bytes = sizeof(giantstruct) +
488 ((x->capacity - 1) * GIANT_BYTES_PER_DIGIT);
489 bcopy(x, result, bytes);
490 return result;
491 }
492
493 /* ------ initialization and utility routines ------ */
494
495
496 unsigned bitlen(giant n) {
497 unsigned b = GIANT_BITS_PER_DIGIT;
498 giantDigit c = 1 << (GIANT_BITS_PER_DIGIT - 1);
499 giantDigit w;
500
501 if (isZero(n)) {
502 return(0);
503 }
504 w = n->n[abs(n->sign) - 1];
505 if (!w) {
506 CKRaise("bitlen - no bit set!");
507 }
508 while((w&c) == 0) {
509 b--;
510 c >>= 1;
511 }
512 return(GIANT_BITS_PER_DIGIT * (abs(n->sign)-1) + b);
513 }
514
515 int bitval(giant n, int pos) {
516 int i = abs(pos) >> GIANT_LOG2_BITS_PER_DIGIT;
517 giantDigit c = 1 << (pos & (GIANT_BITS_PER_DIGIT - 1));
518
519 return((n->n[i]) & c);
520 }
521
522 int gsign(giant g)
523 /* returns the sign of g */
524 {
525 if (isZero(g)) return(0);
526 if (g->sign > 0) return(1);
527 return(-1);
528 }
529
530 /*
531 * Adjust sign for possible leading (m.s.) zero digits
532 */
533 void gtrimSign(giant g)
534 {
535 int numDigits = abs(g->sign);
536 int i;
537
538 for(i=numDigits-1; i>=0; i--) {
539 if(g->n[i] == 0) {
540 numDigits--;
541 }
542 else {
543 break;
544 }
545 }
546 if(g->sign < 0) {
547 g->sign = -numDigits;
548 }
549 else {
550 g->sign = numDigits;
551 }
552 }
553
554
555 int isone(giant g) {
556 return((g->sign==1)&&(g->n[0]==1));
557 }
558
559 int isZero(giant thegiant) {
560 /* Returns TRUE if thegiant == 0. */
561 int count;
562 int length = abs(thegiant->sign);
563 giantDigit *numpointer;
564
565 if (length) {
566 numpointer = thegiant->n;
567
568 for(count = 0; count<length; ++count,++numpointer)
569 if (*numpointer != 0 ) return(FALSE);
570 }
571 return(TRUE);
572 }
573
574 int gcompg(giant a, giant b)
575 /* returns -1,0,1 if a<b, a=b, a>b, respectively */
576 {
577 int sa = a->sign;
578 int j;
579 int sb = b->sign;
580 giantDigit va;
581 giantDigit vb;
582 int sgn;
583
584 if(isZero(a) && isZero(b)) return 0;
585 if(sa > sb) return(1);
586 if(sa < sb) return(-1);
587 if(sa < 0) {
588 sa = -sa; /* Take absolute value of sa */
589 sgn = -1;
590 } else sgn = 1;
591 for(j = sa-1; j >= 0; j--) {
592 va = a->n[j]; vb = b->n[j];
593 if (va > vb) return(sgn);
594 if (va < vb) return(-sgn);
595 }
596 return(0);
597 }
598
599 /* destgiant becomes equal to srcgiant */
600 void gtog(giant srcgiant, giant destgiant) {
601
602 int numbytes;
603
604 CKASSERT(srcgiant != NULL);
605 numbytes = abs(srcgiant->sign) * GIANT_BYTES_PER_DIGIT;
606 if (destgiant->capacity < abs(srcgiant->sign))
607 CKRaise("gtog overflow!!");
608 memcpy((char *)destgiant->n, (char *)srcgiant->n, numbytes);
609 destgiant->sign = srcgiant->sign;
610 }
611
612 void int_to_giant(int i, giant g) {
613 /* The giant g becomes set to the integer value i. */
614 int isneg = (i<0);
615 unsigned int j = abs(i);
616 unsigned dex;
617
618 g->sign = 0;
619 if (i==0) {
620 g->n[0] = 0;
621 return;
622 }
623
624 if(GIANT_BYTES_PER_DIGIT == sizeof(int)) {
625 g->n[0] = j;
626 g->sign = 1;
627 }
628 else {
629 /* one loop per digit */
630 unsigned scnt = GIANT_BITS_PER_DIGIT; // fool compiler
631
632 for(dex=0; dex<sizeof(int); dex++) {
633 g->n[dex] = j & GIANT_DIGIT_MASK;
634 j >>= scnt;
635 g->sign++;
636 if(j == 0) {
637 break;
638 }
639 }
640 }
641 if (isneg) {
642 g->sign = -(g->sign);
643 }
644 }
645
646 /*------------- Arithmetic --------------*/
647
648 void negg(giant g) {
649 /* g becomes -g */
650 g->sign = -g->sign;
651 }
652
653 void iaddg(int i, giant g) { /* positive g becomes g + (int)i */
654 int j;
655 giantDigit carry;
656 int size = abs(g->sign);
657
658 if (isZero(g)) {
659 int_to_giant(i,g);
660 }
661 else {
662 carry = i;
663 for(j=0; ((j<size) && (carry != 0)); j++) {
664 g->n[j] = giantAddDigits(g->n[j], carry, &carry);
665 }
666 if(carry) {
667 ++g->sign;
668 // realloc
669 if (g->sign > (int)g->capacity) CKRaise("iaddg overflow!");
670 g->n[size] = carry;
671 }
672 }
673 }
674
675 /*
676 * g *= (int n)
677 *
678 * FIXME - we can improve this...
679 */
680 void imulg(unsigned n, giant g)
681 {
682 giant tmp = borrowGiant(abs(g->sign) + sizeof(int));
683
684 int_to_giant(n, tmp);
685 mulg(tmp, g);
686 returnGiant(tmp);
687 }
688
689 /* new addg, negg, and gcompg from Crandall 6/95 */
690 static void normal_addg(giant a, giant b)
691 /* b := a + b, both a,b assumed non-negative. */
692 {
693 giantDigit carry1 = 0;
694 giantDigit carry2 = 0;
695 int asize = a->sign, bsize = b->sign;
696 giantDigit *an = a->n;
697 giantDigit *bn = b->n;
698 giantDigit tmp;
699 int j;
700 int comSize;
701 int maxSize;
702
703 if(asize < bsize) {
704 comSize = asize;
705 maxSize = bsize;
706 }
707 else {
708 comSize = bsize;
709 maxSize = asize;
710 }
711
712 /* first handle the common digits */
713 for(j=0; j<comSize; j++) {
714 /*
715 * first add the carry, then an[j] - either add could result
716 * in another carry
717 */
718 if(carry1 || carry2) {
719 tmp = giantAddDigits(bn[j], (giantDigit)1, &carry1);
720 }
721 else {
722 carry1 = 0;
723 tmp = bn[j];
724 }
725 bn[j] = giantAddDigits(tmp, an[j], &carry2);
726 }
727
728 if(asize < bsize) {
729
730 /* now propagate remaining carry beyond asize */
731 if(carry2) {
732 carry1 = 1;
733 }
734 if(carry1) {
735 for(; j<bsize; j++) {
736 bn[j] = giantAddDigits(bn[j], (giantDigit)1, &carry1);
737 if(carry1 == 0) {
738 break;
739 }
740 }
741 }
742 } else {
743 /* now propagate remaining an[] and carry beyond bsize */
744 if(carry2) {
745 carry1 = 1;
746 }
747 for(; j<asize; j++) {
748 if(carry1) {
749 bn[j] = giantAddDigits(an[j], (giantDigit)1, &carry1);
750 }
751 else {
752 bn[j] = an[j];
753 carry1 = 0;
754 }
755 }
756 }
757 b->sign = maxSize;
758 if(carry1) {
759 // realloc?
760 bn[j] = 1;
761 b->sign++;
762 if (b->sign > (int)b->capacity) CKRaise("iaddg overflow!");
763 }
764
765 }
766
767 static void normal_subg(giant a, giant b)
768 /* b := b - a; requires b, a non-negative and b >= a. */
769 {
770 int j;
771 int size = b->sign;
772 giantDigit tmp;
773 giantDigit borrow1 = 0;
774 giantDigit borrow2 = 0;
775 giantDigit *an = a->n;
776 giantDigit *bn = b->n;
777
778 if(a->sign == 0) {
779 return;
780 }
781
782 for (j=0; j<a->sign; ++j) {
783 if(borrow1 || borrow2) {
784 tmp = giantSubDigits(bn[j], (giantDigit)1, &borrow1);
785 }
786 else {
787 tmp = bn[j];
788 borrow1 = 0;
789 }
790 bn[j] = giantSubDigits(tmp, an[j], &borrow2);
791 }
792 if(borrow1 || borrow2) {
793 /* propagate borrow thru remainder of bn[] */
794 borrow1 = 1;
795 for (j=a->sign; j<size; ++j) {
796 if(borrow1) {
797 bn[j] = giantSubDigits(bn[j], (giantDigit)1, &borrow1);
798 }
799 else {
800 break;
801 }
802 }
803 }
804
805 /* adjust sign for leading zero digits */
806 while((size-- > 0) && (b->n[size] == 0))
807 ;
808 b->sign = (b->n[size] == 0)? 0 : size+1;
809 }
810
811 static void reverse_subg(giant a, giant b)
812 /* b := a - b; requires b, a non-negative and a >= b. */
813 {
814 int j;
815 int size = a->sign;
816 giantDigit tmp;
817 giantDigit borrow1 = 0;
818 giantDigit borrow2 = 0;
819 giantDigit *an = a->n;
820 giantDigit *bn = b->n;
821
822 if(b->sign == 0) {
823 gtog(a, b);
824 return;
825 }
826 for (j=0; j<b->sign; ++j) {
827 if(borrow1 || borrow2) {
828 tmp = giantSubDigits(an[j], (giantDigit)1, &borrow1);
829 }
830 else {
831 tmp = an[j];
832 borrow1 = 0;
833 }
834 bn[j] = giantSubDigits(tmp, bn[j], &borrow2);
835 }
836 if(borrow1 || borrow2) {
837 /* propagate borrow thru remainder of bn[] */
838 borrow1 = 1;
839 }
840 for (j=b->sign; j<size; ++j) {
841 if(borrow1) {
842 bn[j] = giantSubDigits(an[j], (giantDigit)1, &borrow1);
843 }
844 else {
845 bn[j] = an[j];
846 borrow1 = 0;
847 }
848 }
849
850 b->sign = size; /* REC, 21 Apr 1996. */
851 while(!b->n[--size]);
852 b->sign = size+1;
853 }
854
855
856 void addg(giant a, giant b)
857 /* b := b + a, any signs any result. */
858 { int asgn = a->sign, bsgn = b->sign;
859 if(asgn == 0) return;
860 if(bsgn == 0) {
861 gtog(a,b);
862 return;
863 }
864 if((asgn < 0) == (bsgn < 0)) {
865 if(bsgn > 0) {
866 normal_addg(a,b);
867 return;
868 }
869 negg(a); if(a != b) negg(b); normal_addg(a,b); /* Fix REC 1 Dec 98. */
870 negg(a); if(a != b) negg(b); return; /* Fix REC 1 Dec 98. */
871 }
872 if(bsgn > 0) {
873 negg(a);
874 if(gcompg(b,a) >= 0) {
875 normal_subg(a,b);
876 negg(a);
877 return;
878 }
879 reverse_subg(a,b);
880 negg(a);
881 negg(b);
882 return;
883 }
884 negg(b);
885 if(gcompg(b,a) < 0) {
886 reverse_subg(a,b);
887 return;
888 }
889 normal_subg(a,b);
890 negg(b);
891 return;
892 }
893
894 void subg(giant a, giant b)
895 /* b := b - a, any signs, any result. */
896 {
897 int asgn = a->sign, bsgn = b->sign;
898 if(asgn == 0) return;
899 if(bsgn == 0) {
900 gtog(a,b);
901 negg(b);
902 return;
903 }
904 if((asgn < 0) != (bsgn < 0)) {
905 if(bsgn > 0) {
906 negg(a);
907 normal_addg(a,b);
908 negg(a);
909 return;
910 }
911 negg(b);
912 normal_addg(a,b);
913 negg(b);
914 return;
915 }
916 if(bsgn > 0) {
917 if(gcompg(b,a) >= 0) {
918 normal_subg(a,b);
919 return;
920 }
921 reverse_subg(a,b);
922 negg(b);
923 return;
924 }
925 negg(a); negg(b);
926 if(gcompg(b,a) >= 0) {
927 normal_subg(a,b);
928 negg(a);
929 negg(b);
930 return;
931 }
932 reverse_subg(a,b);
933 negg(a);
934 return;
935 }
936
937 static void bdivg(giant v, giant u)
938 /* u becomes greatest power of two not exceeding u/v. */
939 {
940 int diff = bitlen(u) - bitlen(v);
941 giant scratch7;
942
943 if (diff<0) {
944 int_to_giant(0,u);
945 return;
946 }
947 scratch7 = borrowGiant(u->capacity);
948 gtog(v, scratch7);
949 gshiftleft(diff,scratch7);
950 if(gcompg(u,scratch7) < 0) diff--;
951 if(diff<0) {
952 int_to_giant(0,u);
953 returnGiant(scratch7);
954 return;
955 }
956 int_to_giant(1,u);
957 gshiftleft(diff,u);
958 returnGiant(scratch7);
959 }
960
961 int binvaux(giant p, giant x)
962 /* Binary inverse method.
963 Returns zero if no inverse exists, in which case x becomes
964 GCD(x,p). */
965 {
966 giant scratch7;
967 giant u0;
968 giant u1;
969 giant v0;
970 giant v1;
971 int result = 1;
972 int giantSize;
973 PROF_START;
974
975 if(isone(x)) return(result);
976 giantSize = 4 * abs(p->sign);
977 scratch7 = borrowGiant(giantSize);
978 u0 = borrowGiant(giantSize);
979 u1 = borrowGiant(giantSize);
980 v0 = borrowGiant(giantSize);
981 v1 = borrowGiant(giantSize);
982 int_to_giant(1, v0); gtog(x, v1);
983 int_to_giant(0,x); gtog(p, u1);
984 while(!isZero(v1)) {
985 gtog(u1, u0); bdivg(v1, u0);
986 gtog(x, scratch7);
987 gtog(v0, x);
988 mulg(u0, v0);
989 subg(v0,scratch7);
990 gtog(scratch7, v0);
991
992 gtog(u1, scratch7);
993 gtog(v1, u1);
994 mulg(u0, v1);
995 subg(v1,scratch7);
996 gtog(scratch7, v1);
997 }
998 if (!isone(u1)) {
999 gtog(u1,x);
1000 if(x->sign<0) addg(p, x);
1001 result = 0;
1002 goto done;
1003 }
1004 if (x->sign<0) addg(p, x);
1005 done:
1006 returnGiant(scratch7);
1007 returnGiant(u0);
1008 returnGiant(u1);
1009 returnGiant(v0);
1010 returnGiant(v1);
1011 PROF_END(binvauxTime);
1012 return(result);
1013 }
1014
1015 /*
1016 * Superceded by binvg_cp()
1017 */
1018 #if 0
1019 int binvg(giant p, giant x)
1020 {
1021 modg(p, x);
1022 return(binvaux(p,x));
1023 }
1024 #endif
1025
1026 static void absg(giant g) {
1027 /* g becomes the absolute value of g */
1028 if (g->sign < 0) g->sign = -g->sign;
1029 }
1030
1031 void gshiftleft(int bits, giant g) {
1032 /* shift g left bits bits. Equivalent to g = g*2^bits */
1033 int rem = bits & (GIANT_BITS_PER_DIGIT - 1);
1034 int crem = GIANT_BITS_PER_DIGIT - rem;
1035 int digits = 1 + (bits >> GIANT_LOG2_BITS_PER_DIGIT);
1036 int size = abs(g->sign);
1037 int j;
1038 int k;
1039 int sign = gsign(g);
1040 giantDigit carry;
1041 giantDigit dat;
1042
1043 #if FEE_DEBUG
1044 if(bits < 0) {
1045 CKRaise("gshiftleft(-bits)\n");
1046 }
1047 #endif /* FEE_DEBUG */
1048
1049 if(!bits) return;
1050 if(!size) return;
1051 if((size+digits) > (int)g->capacity) {
1052 CKRaise("gshiftleft overflow");
1053 return;
1054 }
1055 k = size - 1 + digits; // (MSD of result + 1)
1056 carry = 0;
1057
1058 /* bug fix for 32-bit giantDigits; this is also an optimization for
1059 * other sizes. rem=0 means we're shifting strictly by digits, no
1060 * bit shifts. */
1061 if(rem == 0) {
1062 g->n[k] = 0; // XXX hack - for sign fixup
1063 for(j=size-1; j>=0; j--) {
1064 g->n[--k] = g->n[j];
1065 }
1066 do{
1067 g->n[--k] = 0;
1068 } while(k>0);
1069 }
1070 else {
1071 /*
1072 * normal unaligned case
1073 * FIXME - this writes past g->n[size-1] the first time thru!
1074 */
1075 for(j=size-1; j>=0; j--) {
1076 dat = g->n[j];
1077 g->n[k--] = (dat >> crem) | carry;
1078 carry = (dat << rem);
1079 }
1080 do{
1081 g->n[k--] = carry;
1082 carry = 0;
1083 } while(k>=0);
1084 }
1085 k = size - 1 + digits;
1086 if(g->n[k] == 0) --k;
1087 g->sign = sign * (k+1);
1088 if (abs(g->sign) > g->capacity) {
1089 CKRaise("gshiftleft overflow");
1090 }
1091 }
1092
1093 void gshiftright(int bits, giant g) {
1094 /* shift g right bits bits. Equivalent to g = g/2^bits */
1095 int j;
1096 int size=abs(g->sign);
1097 giantDigit carry;
1098 int digits = bits >> GIANT_LOG2_BITS_PER_DIGIT;
1099 int remain = bits & (GIANT_BITS_PER_DIGIT - 1);
1100 int cremain = GIANT_BITS_PER_DIGIT - remain;
1101
1102 #if FEE_DEBUG
1103 if(bits < 0) {
1104 CKRaise("gshiftright(-bits)\n");
1105 }
1106 #endif /* FEE_DEBUG */
1107 if(bits==0) return;
1108 if(isZero(g)) return;
1109 if (digits >= size) {
1110 g->sign = 0;
1111 return;
1112 }
1113
1114 size -= digits;
1115
1116 /* Begin OPT: 9 Jan 98 REC. */
1117 if(remain == 0) {
1118 if(g->sign > 0) {
1119 g->sign = size;
1120 }
1121 else {
1122 g->sign = -size;
1123 }
1124 for(j=0; j < size; j++) {
1125 g->n[j] = g->n[j+digits];
1126 }
1127 return;
1128 }
1129 /* End OPT: 9 Jan 98 REC. */
1130
1131 for(j=0;j<size;++j) {
1132 if (j==size-1) {
1133 carry = 0;
1134 }
1135 else {
1136 carry = (g->n[j+digits+1]) << cremain;
1137 }
1138 g->n[j] = ((g->n[j+digits]) >> remain ) | carry;
1139 }
1140 if (g->n[size-1] == 0) {
1141 --size;
1142 }
1143 if(g->sign > 0) {
1144 g->sign = size;
1145 }
1146 else {
1147 g->sign = -size;
1148 }
1149 if (abs(g->sign) > g->capacity) {
1150 CKRaise("gshiftright overflow");
1151 }
1152 }
1153
1154
1155 void extractbits(unsigned n, giant src, giant dest) {
1156 /* dest becomes lowermost n bits of src. Equivalent to dest = src % 2^n */
1157 int digits = n >> GIANT_LOG2_BITS_PER_DIGIT;
1158 int numbytes = digits * GIANT_BYTES_PER_DIGIT;
1159 int bits = n & (GIANT_BITS_PER_DIGIT - 1);
1160
1161 if (n <= 0) {
1162 return;
1163 }
1164 if (dest->capacity * 8 * GIANT_BYTES_PER_DIGIT < n) {
1165 CKRaise("extractbits - not enough room");
1166 }
1167 if (digits >= abs(src->sign)) {
1168 gtog(src,dest);
1169 }
1170 else {
1171 memcpy((char *)(dest->n), (char *)(src->n), numbytes);
1172 if (bits) {
1173 dest->n[digits] = src->n[digits] & ((1<<bits)-1);
1174 ++digits;
1175 }
1176 /* Next, fix by REC, 12 Jan 97. */
1177 // while((dest->n[words-1] == 0) && (words > 0)) --words;
1178 while((digits > 0) && (dest->n[digits-1] == 0)) {
1179 --digits;
1180 }
1181 if(src->sign < 0) {
1182 dest->sign = -digits;
1183 }
1184 else {
1185 dest->sign = digits;
1186 }
1187 }
1188 if (abs(dest->sign) > dest->capacity) {
1189 CKRaise("extractbits overflow");
1190 }
1191 }
1192
1193 #define NEW_MERSENNE 0
1194
1195 /*
1196 * New gmersennemod, 24 Dec 1997. This runs significantly slower than the
1197 * original.
1198 */
1199 #if NEW_MERSENNE
1200
1201 void
1202 gmersennemod(
1203 int n,
1204 giant g
1205 )
1206 /* g := g (mod 2^n - 1) */
1207 {
1208 int the_sign;
1209 giant scratch3 = borrowGiant(g->capacity);
1210 giant scratch4 = borrowGiant(1);
1211
1212 if ((the_sign = gsign(g)) < 0) absg(g);
1213 while (bitlen(g) > n) {
1214 gtog(g,scratch3);
1215 gshiftright(n,scratch3);
1216 addg(scratch3,g);
1217 gshiftleft(n,scratch3);
1218 subg(scratch3,g);
1219 }
1220 if(isZero(g)) goto out;
1221 int_to_giant(1,scratch3);
1222 gshiftleft(n,scratch3);
1223 int_to_giant(1,scratch4);
1224 subg(scratch4,scratch3);
1225 if(gcompg(g,scratch3) >= 0) subg(scratch3,g);
1226 if (the_sign < 0) {
1227 g->sign = -g->sign;
1228 addg(scratch3,g);
1229 }
1230 out:
1231 returnGiant(scratch3);
1232 returnGiant(scratch4);
1233 }
1234
1235 #else /* NEW_MERSENNE */
1236
1237 void gmersennemod(int n, giant g) {
1238 /* g becomes g mod ((2^n)-1)
1239 31 Jul 96 modified REC.
1240 17 Jan 97 modified REC.
1241 */
1242 unsigned bits = n & (GIANT_BITS_PER_DIGIT - 1);
1243 unsigned digits = 1 + ((n-1) >> GIANT_LOG2_BITS_PER_DIGIT);
1244 int isPositive = (g->sign > 0);
1245 int j;
1246 int b;
1247 int size;
1248 int foundzero;
1249 giantDigit mask = (bits == 0) ? GIANT_DIGIT_MASK : (giantDigit)((1<<bits)-1);
1250 giant scratch1;
1251
1252 b = bitlen(g);
1253 if(b < n) {
1254 unsigned numDigits = (n + GIANT_BITS_PER_DIGIT - 1) >>
1255 GIANT_LOG2_BITS_PER_DIGIT;
1256 giantDigit lastWord = 0;
1257 giantDigit bits = 1;
1258
1259 if(g->sign >= 0) return;
1260
1261 /*
1262 * Cons up ((2**n)-1), add to g.
1263 */
1264 scratch1 = borrowGiant(numDigits + 1);
1265 scratch1->sign = numDigits;
1266 for(j=0; j<(int)(numDigits-1); j++) {
1267 scratch1->n[j] = GIANT_DIGIT_MASK;
1268 }
1269
1270 /*
1271 * Last word has lower (n & (GIANT_BITS_PER_DIGIT-1)) bits set.
1272 */
1273 for(j=0; j < (int)(n & (GIANT_BITS_PER_DIGIT-1)); j++) {
1274 lastWord |= bits;
1275 bits <<= 1;
1276 }
1277 scratch1->n[numDigits-1] = lastWord;
1278 addg(g, scratch1); /* One version. */
1279 gtog(scratch1, g);
1280 returnGiant(scratch1);
1281 return;
1282 }
1283 if(b == n) {
1284 for(foundzero=0, j=0; j<b; j++) {
1285 if(bitval(g, j)==0) {
1286 foundzero = 1;
1287 break;
1288 }
1289 }
1290 if (!foundzero) {
1291 int_to_giant(0, g);
1292 return;
1293 }
1294 }
1295
1296 absg(g);
1297 scratch1 = borrowGiant(g->capacity);
1298 while ( ((unsigned)(g->sign) > digits) ||
1299 ( ((unsigned)(g->sign)==digits) && (g->n[digits-1] > mask))) {
1300 extractbits(n, g, scratch1);
1301 gshiftright(n, g);
1302 addg(scratch1, g);
1303 }
1304 size = g->sign;
1305
1306 /* Commence new negation routine - REC 17 Jan 1997. */
1307 if (!isPositive) { /* Mersenne negation is just bitwise complement. */
1308 for(j = digits-1; j >= size; j--) {
1309 g->n[j] = GIANT_DIGIT_MASK;
1310 }
1311 for(j = size-1; j >= 0; j--) {
1312 g->n[j] = ~g->n[j];
1313 }
1314 g->n[digits-1] &= mask;
1315 j = digits-1;
1316 while((g->n[j] == 0) && (j > 0)) {
1317 --j;
1318 }
1319 size = j+1;
1320 }
1321 /* End new negation routine. */
1322
1323 g->sign = size;
1324 if (abs(g->sign) > g->capacity) {
1325 CKRaise("gmersennemod overflow");
1326 }
1327 if (size < (int)digits) {
1328 goto bye;
1329 }
1330 if (g->n[size-1] != mask) {
1331 goto bye;
1332 }
1333 mask = GIANT_DIGIT_MASK;
1334 for(j=0; j<(size-1); j++) {
1335 if (g->n[j] != mask) {
1336 goto bye;
1337 }
1338 }
1339 g->sign = 0;
1340 bye:
1341 returnGiant(scratch1);
1342 }
1343
1344 #endif /* NEW_MERSENNE */
1345
1346 void mulg(giant a, giant b) { /* b becomes a*b. */
1347
1348 int i;
1349 int asize, bsize;
1350 giantDigit *bptr = b->n;
1351 giantDigit mult;
1352 giant scratch1;
1353 giantDigit carry;
1354 giantDigit *scrPtr;
1355
1356
1357 if (isZero(b)) {
1358 return;
1359 }
1360 if (isZero(a)) {
1361 gtog(a, b);
1362 return;
1363 }
1364 if(a == b) {
1365 grammarSquare(b);
1366 return;
1367 }
1368
1369 bsize = abs(b->sign);
1370 asize = abs(a->sign);
1371 scratch1 = borrowGiant((asize+bsize));
1372 scrPtr = scratch1->n;
1373
1374 for(i=0; i<asize+bsize; ++i) {
1375 scrPtr[i]=0;
1376 }
1377
1378 for(i=0; i<bsize; ++i, scrPtr++) {
1379 mult = bptr[i];
1380 if (mult != 0) {
1381 carry = VectorMultiply(mult,
1382 a->n,
1383 asize,
1384 scrPtr);
1385 /* handle MSD carry */
1386 scrPtr[asize] += carry;
1387 }
1388 }
1389 bsize+=asize;
1390 if(scratch1->n[bsize - 1] == 0) {
1391 --bsize;
1392 }
1393 scratch1->sign = gsign(a) * gsign(b) * bsize;
1394 if (abs(scratch1->sign) > scratch1->capacity) {
1395 CKRaise("GiantGrammarMul overflow");
1396 }
1397 gtog(scratch1,b);
1398 returnGiant(scratch1);
1399
1400 #if FEE_DEBUG
1401 (void)bitlen(b); // Assertion....
1402 #endif /* FEE_DEBUG */
1403 PROF_INCR(numMulg); // for normal profiling
1404 INCR_MULGS; // for ellipticMeasure
1405 }
1406
1407 void grammarSquare(giant a) {
1408 /*
1409 * For now, we're going to match the old implementation line for
1410 * line by maintaining prod, carry, and temp as double precision
1411 * giantDigits. There is probably a much better implementation....
1412 */
1413 giantDigit prodLo;
1414 giantDigit prodHi;
1415 giantDigit carryLo = 0;
1416 giantDigit carryHi = 0;
1417 giantDigit tempLo;
1418 giantDigit tempHi;
1419 unsigned int cur_term;
1420 unsigned asize;
1421 unsigned max;
1422 giantDigit *ptr = a->n;
1423 giantDigit *ptr1;
1424 giantDigit *ptr2;
1425 giant scratch;
1426
1427 /* dmitch 11 Jan 1998 - special case for a == 0 */
1428 if(a->sign == 0) {
1429 goto end;
1430 }
1431 /* end a == 0 case */
1432 asize = abs(a->sign);
1433 max = asize * 2 - 1;
1434 scratch = borrowGiant(2 * asize);
1435 asize--;
1436
1437 /*
1438 * temp = *ptr;
1439 * temp *= temp;
1440 * scratch->n[0] = temp;
1441 * carry = temp >> 16;
1442 */
1443 giantMulDigits(*ptr, *ptr, &tempLo, &tempHi);
1444 scratch->n[0] = tempLo;
1445 carryLo = tempHi;
1446 carryHi = 0;
1447
1448 for (cur_term = 1; cur_term < max; cur_term++) {
1449 ptr1 = ptr2 = ptr;
1450 if (cur_term <= asize) {
1451 ptr2 += cur_term;
1452 } else {
1453 ptr1 += cur_term - asize;
1454 ptr2 += asize;
1455 }
1456
1457 /*
1458 * prod = carry & 0xFFFF;
1459 * carry >>= 16;
1460 */
1461 prodLo = carryLo;
1462 prodHi = 0;
1463 carryLo = carryHi;
1464 carryHi = 0;
1465 while(ptr1 < ptr2) {
1466 /*
1467 * temp = *ptr1++ * *ptr2--;
1468 */
1469 giantMulDigits(*ptr1++, *ptr2--, &tempLo, &tempHi);
1470
1471 /*
1472 * prod += (temp << 1) & 0xFFFF;
1473 */
1474 giantAddDouble(&prodLo, &prodHi, (tempLo << 1));
1475
1476 /*
1477 * carry += (temp >> 15);
1478 * use bits from both product digits..
1479 */
1480 giantAddDouble(&carryLo, &carryHi,
1481 (tempLo >> (GIANT_BITS_PER_DIGIT - 1)));
1482 giantAddDouble(&carryLo, &carryHi, (tempHi << 1));
1483
1484 /* snag the msb from that last shift */
1485 carryHi += (tempHi >> (GIANT_BITS_PER_DIGIT - 1));
1486 }
1487 if (ptr1 == ptr2) {
1488 /*
1489 * temp = *ptr1;
1490 * temp *= temp;
1491 */
1492 giantMulDigits(*ptr1, *ptr1, &tempLo, &tempHi);
1493
1494 /*
1495 * prod += temp & 0xFFFF;
1496 */
1497 giantAddDouble(&prodLo, &prodHi, tempLo);
1498
1499 /*
1500 * carry += (temp >> 16);
1501 */
1502 giantAddDouble(&carryLo, &carryHi, tempHi);
1503 }
1504
1505 /*
1506 * carry += prod >> 16;
1507 */
1508 giantAddDouble(&carryLo, &carryHi, prodHi);
1509
1510 scratch->n[cur_term] = prodLo;
1511 }
1512 if (carryLo) {
1513 scratch->n[cur_term] = carryLo;
1514 scratch->sign = cur_term+1;
1515 } else scratch->sign = cur_term;
1516
1517 gtog(scratch,a);
1518 returnGiant(scratch);
1519 end:
1520 PROF_INCR(numGsquare);
1521 }
1522
1523 /*
1524 * Clear all of a giant's data fields, for secure erasure of sensitive data.,
1525 */
1526 void clearGiant(giant g)
1527 {
1528 unsigned i;
1529
1530 for(i=0; i<g->capacity; i++) {
1531 g->n[i] = 0;
1532 }
1533 g->sign = 0;
1534 }
1535
1536 #if ENGINE_127_BITS
1537 /*
1538 * only used by engineNSA127.c, which is obsolete as of 16 Jan 1997
1539 */
1540 int
1541 scompg(int n, giant g) {
1542 if((g->sign == 1) && (g->n[0] == n)) return(1);
1543 return(0);
1544 }
1545
1546 #endif // ENGINE_127_BITS
1547
1548 /*
1549 * New modg() and divg() arithmetic, from R. Crandall, 11 June 1997.
1550 */
1551
1552 /*
1553 * Calculate the reciprocal of a demonimator used in divg_via_recip() and
1554 * modg_via_recip().
1555 */
1556 void
1557 make_recip(giant d, giant r)
1558 /* r becomes the steady-state reciprocal
1559 2^(2b)/d, where b = bit-length of d-1. */
1560 {
1561 int b;
1562 int giantSize = 4 * abs(d->sign);
1563 giant tmp = borrowGiant(giantSize);
1564 giant tmp2 = borrowGiant(giantSize);
1565
1566 if (isZero(d) || (d->sign < 0))
1567 {
1568 CKRaise("illegal argument to make_recip");
1569 }
1570 int_to_giant(1, r); subg(r, d); b = bitlen(d); addg(r, d);
1571 gshiftleft(b, r); gtog(r, tmp2);
1572 while(1) {
1573 gtog(r, tmp);
1574 gsquare(tmp);
1575 gshiftright(b, tmp);
1576 mulg(d, tmp);
1577 gshiftright(b, tmp);
1578 addg(r, r); subg(tmp, r);
1579 if(gcompg(r, tmp2) <= 0) break;
1580 gtog(r, tmp2);
1581 }
1582 int_to_giant(1, tmp);
1583 gshiftleft(2*b, tmp);
1584 gtog(r, tmp2); mulg(d, tmp2);
1585 subg(tmp2, tmp);
1586 int_to_giant(1, tmp2);
1587 while(tmp->sign < 0) {
1588 subg(tmp2, r);
1589 addg(d, tmp);
1590 }
1591
1592 returnGiant(tmp);
1593 returnGiant(tmp2);
1594 return;
1595 }
1596
1597 /*
1598 * Optimized divg, when reciprocal of denominator is known.
1599 */
1600 void
1601 divg_via_recip(giant d, giant r, giant n)
1602 /* n := n/d, where r is the precalculated
1603 steady-state reciprocal of d. */
1604 {
1605 int s = 2*(bitlen(r)-1), sign = gsign(n);
1606 int giantSize = (4 * abs(d->sign)) + abs(n->sign);
1607 giant tmp = borrowGiant(giantSize);
1608 giant tmp2 = borrowGiant(giantSize);
1609
1610 if (isZero(d) || (d->sign < 0))
1611 {
1612 CKRaise("illegal argument to divg_via_recip");
1613 }
1614 n->sign = abs(n->sign);
1615 int_to_giant(0, tmp2);
1616 while(1) {
1617 gtog(n, tmp);
1618 mulg(r, tmp);
1619 gshiftright(s, tmp);
1620 addg(tmp, tmp2);
1621 mulg(d, tmp);
1622 subg(tmp, n);
1623 if(gcompg(n,d) >= 0) {
1624 subg(d,n);
1625 iaddg(1, tmp2);
1626 }
1627 if(gcompg(n,d) < 0) break;
1628 }
1629 gtog(tmp2, n);
1630 n->sign *= sign;
1631 returnGiant(tmp);
1632 returnGiant(tmp2);
1633 return;
1634 }
1635
1636 /*
1637 * Optimized modg, when reciprocal of denominator is known.
1638 */
1639
1640 /* New version, 24 Dec 1997. */
1641
1642 void
1643 modg_via_recip(
1644 giant d,
1645 giant r,
1646 giant n
1647 )
1648 /* This is the fastest mod of the present collection.
1649 n := n % d, where r is the precalculated
1650 steady-state reciprocal of d. */
1651
1652 {
1653 int s = (bitlen(r)-1), sign = n->sign;
1654 int giantSize = (4 * abs(d->sign)) + abs(n->sign);
1655 giant tmp, tmp2;
1656
1657 tmp = borrowGiant(giantSize);
1658 tmp2 = borrowGiant(giantSize);
1659 if (isZero(d) || (d->sign < 0))
1660 {
1661 CKRaise("illegal argument to modg_via_recip");
1662 }
1663 n->sign = abs(n->sign);
1664 while (1)
1665 {
1666 gtog(n, tmp);
1667 /* bug fix 13 Apr 1998 */
1668 if(s == 0) {
1669 gshiftleft(1, tmp);
1670 }
1671 else {
1672 gshiftright(s-1, tmp);
1673 }
1674 /* end fix */
1675 mulg(r, tmp);
1676 gshiftright(s+1, tmp);
1677 mulg(d, tmp);
1678 subg(tmp, n);
1679 if (gcompg(n,d) >= 0)
1680 subg(d,n);
1681 if (gcompg(n,d) < 0)
1682 break;
1683 }
1684 if (sign >= 0)
1685 goto done;
1686 if (isZero(n))
1687 goto done;
1688 negg(n);
1689 addg(d,n);
1690 done:
1691 returnGiant(tmp);
1692 returnGiant(tmp2);
1693 return;
1694 }
1695
1696 /*
1697 * Unoptimized, inefficient general modg, when reciprocal of denominator
1698 * is not known.
1699 */
1700 void
1701 modg(
1702 giant d,
1703 giant n
1704 )
1705 {
1706 /* n becomes n%d. n is arbitrary, but the denominator d must be
1707 * positive! */
1708
1709 /*
1710 * 4/9/2001: seeing overflow on this recip. Alloc per
1711 * d->capacity, not d->sign.
1712 */
1713 //giant recip = borrowGiant(2 * abs(d->sign));
1714 giant recip = borrowGiant(2 * d->capacity);
1715
1716 #if WARN_UNOPTIMIZE
1717 dbgLog(("Warning: unoptimized modg!\n"));
1718 #endif // WARN_UNOPTIMIZE
1719
1720 make_recip(d, recip);
1721 modg_via_recip(d, recip, n);
1722 returnGiant(recip);
1723 }
1724
1725 /*
1726 * Unoptimized, inefficient general divg, when reciprocal of denominator
1727 * is not known.
1728 */
1729 void
1730 divg(
1731 giant d,
1732 giant n
1733 )
1734 {
1735 /* n becomes n/d. n is arbitrary, but the denominator d must be
1736 * positive!
1737 */
1738
1739 giant recip = borrowGiant(2 * abs(d->sign));
1740
1741 #if WARN_UNOPTIMIZE
1742 dbgLog(("Warning: unoptimized divg!\n"));
1743 #endif // WARN_UNOPTIMIZE
1744
1745 make_recip(d, recip);
1746 divg_via_recip(d, recip, n);
1747 returnGiant(recip);
1748 }
mirror of Security