| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/security/nss/lib/freebl/mpi/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 16 kB |
|
Quelle mp_gf2m.c Sprache: C |
|||||||||||||||
|
/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mp_gf2m.h" #include "mp_gf2m-priv.h" #include "mplogic.h" #include "mpi-priv.h" const mp_digit mp_gf2m_sqr_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85 }; /* Multiply two binary polynomials mp_digits a, b. * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1. * Output in two mp_digits rh, rl. */ #if MP_DIGIT_BITS == 32 void s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b) { register mp_digit h, l, s; mp_digit tab[8], top2b = a >> 30; register mp_digit a1, a2, a4; a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1; tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1 ^ a2; tab[4] = a4; tab[5] = a1 ^ a4; tab[6] = a2 ^ a4; tab[7] = a1 ^ a2 ^ a4; s = tab[b & 0x7]; l = s; s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29; s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26; s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23; s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20; s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17; s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14; s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11; s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8; s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5; s = tab[b >> 30]; l ^= s << 30; h ^= s >> 2; /* compensate for the top two bits of a */ if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } *rh = h; *rl = l; } #else void s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b) { register mp_digit h, l, s; mp_digit tab[16], top3b = a >> 61; register mp_digit a1, a2, a4, a8; a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1; tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1 ^ a2; tab[4] = a4; tab[5] = a1 ^ a4; tab[6] = a2 ^ a4; tab[7] = a1 ^ a2 ^ a4; tab[8] = a8; tab[9] = a1 ^ a8; tab[10] = a2 ^ a8; tab[11] = a1 ^ a2 ^ a8; tab[12] = a4 ^ a8; tab[13] = a1 ^ a4 ^ a8; tab[14] = a2 ^ a4 ^ a8; tab[15] = a1 ^ a2 ^ a4 ^ a8; s = tab[b & 0xF]; l = s; s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60; s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56; s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52; s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48; s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44; s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40; s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36; s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32; s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28; s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24; s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20; s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16; s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12; s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8; s = tab[b >> 60]; l ^= s << 60; h ^= s >> 4; /* compensate for the top three bits of a */ if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } *rh = h; *rl = l; } #endif /* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0) * result is a binary polynomial in 4 mp_digits r[4]. * The caller MUST ensure that r has the right amount of space allocated. */ void s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1, const mp_digit b0) { mp_digit m1, m0; /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ s_bmul_1x1(r + 3, r + 2, a1, b1); s_bmul_1x1(r + 1, r, a0, b0); s_bmul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ } /* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0) * result is a binary polynomial in 6 mp_digits r[6]. * The caller MUST ensure that r has the right amount of space allocated. */ void s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0, const mp_digit b2, const mp_digit b1, const mp_digit b0) { mp_digit zm[4]; s_bmul_1x1(r + 5, r + 4, a2, b2); /* fill top 2 words */ s_bmul_2x2(zm, a1, a2 ^ a0, b1, b2 ^ b0); /* fill middle 4 words */ s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */ zm[3] ^= r[3]; zm[2] ^= r[2]; zm[1] ^= r[1] ^ r[5]; zm[0] ^= r[0] ^ r[4]; r[5] ^= zm[3]; r[4] ^= zm[2]; r[3] ^= zm[1]; r[2] ^= zm[0]; } /* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0) * result is a binary polynomial in 8 mp_digits r[8]. * The caller MUST ensure that r has the right amount of space allocated. */ void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1, const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1, const mp_digit b0) { mp_digit zm[4]; s_bmul_2x2(r + 4, a3, a2, b3, b2); /* fill top 4 words */ s_bmul_2x2(zm, a3 ^ a1, a2 ^ a0, b3 ^ b1, b2 ^ b0); /* fill middle 4 words */ s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */ zm[3] ^= r[3] ^ r[7]; zm[2] ^= r[2] ^ r[6]; zm[1] ^= r[1] ^ r[5]; zm[0] ^= r[0] ^ r[4]; r[5] ^= zm[3]; r[4] ^= zm[2]; r[3] ^= zm[1]; r[2] ^= zm[0]; } /* Compute addition of two binary polynomials a and b, * store result in c; c could be a or b, a and b could be equal; * c is the bitwise XOR of a and b. */ mp_err mp_badd(const mp_int *a, const mp_int *b, mp_int *c) { mp_digit *pa, *pb, *pc; mp_size ix; mp_size used_pa, used_pb; mp_err res = MP_OKAY; /* Add all digits up to the precision of b. If b had more * precision than a initially, swap a, b first */ if (MP_USED(a) >= MP_USED(b)) { pa = MP_DIGITS(a); pb = MP_DIGITS(b); used_pa = MP_USED(a); used_pb = MP_USED(b); } else { pa = MP_DIGITS(b); pb = MP_DIGITS(a); used_pa = MP_USED(b); used_pb = MP_USED(a); } /* Make sure c has enough precision for the output value */ MP_CHECKOK(s_mp_pad(c, used_pa)); /* Do word-by-word xor */ pc = MP_DIGITS(c); for (ix = 0; ix < used_pb; ix++) { (*pc++) = (*pa++) ^ (*pb++); } /* Finish the rest of digits until we're actually done */ for (; ix < used_pa; ++ix) { *pc++ = *pa++; } MP_USED(c) = used_pa; MP_SIGN(c) = ZPOS; s_mp_clamp(c); CLEANUP: return res; } #define s_mp_div2(a) MP_CHECKOK(mpl_rsh((a), (a), 1)); /* Compute binary polynomial multiply d = a * b */ static void s_bmul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d) { mp_digit a_i, a0b0, a1b1, carry = 0; while (a_len--) { a_i = *a++; s_bmul_1x1(&a1b1, &a0b0, a_i, b); *d++ = a0b0 ^ carry; carry = a1b1; } *d = carry; } /* Compute binary polynomial xor multiply accumulate d ^= a * b */ static void s_bmul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d) { mp_digit a_i, a0b0, a1b1, carry = 0; while (a_len--) { a_i = *a++; s_bmul_1x1(&a1b1, &a0b0, a_i, b); *d++ ^= a0b0 ^ carry; carry = a1b1; } *d ^= carry; } /* Compute binary polynomial xor multiply c = a * b. * All parameters may be identical. */ mp_err mp_bmul(const mp_int *a, const mp_int *b, mp_int *c) { mp_digit *pb, b_i; mp_int tmp; mp_size ib, a_used, b_used; mp_err res = MP_OKAY; MP_DIGITS(&tmp) = 0; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); if (a == c) { MP_CHECKOK(mp_init_copy(&tmp, a)); if (a == b) b = &tmp; a = &tmp; } else if (b == c) { MP_CHECKOK(mp_init_copy(&tmp, b)); b = &tmp; } if (MP_USED(a) < MP_USED(b)) { const mp_int *xch = b; /* switch a and b if b longer */ b = a; a = xch; } MP_USED(c) = 1; MP_DIGIT(c, 0) = 0; MP_CHECKOK(s_mp_pad(c, USED(a) + USED(b))); pb = MP_DIGITS(b); s_bmul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c)); /* Outer loop: Digits of b */ a_used = MP_USED(a); b_used = MP_USED(b); MP_USED(c) = a_used + b_used; for (ib = 1; ib < b_used; ib++) { b_i = *pb++; /* Inner product: Digits of a */ if (b_i) s_bmul_d_add(MP_DIGITS(a), a_used, b_i, MP_DIGITS(c) + ib); else MP_DIGIT(c, ib + a_used) = b_i; } s_mp_clamp(c); SIGN(c) = ZPOS; CLEANUP: mp_clear(&tmp); return res; } /* Compute modular reduction of a and store result in r. * r could be a. * For modular arithmetic, the irreducible polynomial f(t) is represented * as an array of int[], where f(t) is of the form: * f(t) = t^p[0] + t^p[1] + ... + t^p[k] * where m = p[0] > p[1] > ... > p[k] = 0. */ mp_err mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r) { int j, k; int n, dN, d0, d1; mp_digit zz, *z, tmp; mp_size used; mp_err res = MP_OKAY; /* The algorithm does the reduction in place in r, * if a != r, copy a into r first so reduction can be done in r */ if (a != r) { MP_CHECKOK(mp_copy(a, r)); } z = MP_DIGITS(r); /* start reduction */ /*dN = p[0] / MP_DIGIT_BITS; */ dN = p[0] >> MP_DIGIT_BITS_LOG_2; used = MP_USED(r); for (j = used - 1; j > dN;) { zz = z[j]; if (zz == 0) { j--; continue; } z[j] = 0; for (k = 1; p[k] > 0; k++) { /* reducing component t^p[k] */ n = p[0] - p[k]; /*d0 = n % MP_DIGIT_BITS; */ d0 = n & MP_DIGIT_BITS_MASK; d1 = MP_DIGIT_BITS - d0; /*n /= MP_DIGIT_BITS; */ n >>= MP_DIGIT_BITS_LOG_2; z[j - n] ^= (zz >> d0); if (d0) z[j - n - 1] ^= (zz << d1); } /* reducing component t^0 */ n = dN; /*d0 = p[0] % MP_DIGIT_BITS;*/ d0 = p[0] & MP_DIGIT_BITS_MASK; d1 = MP_DIGIT_BITS - d0; z[j - n] ^= (zz >> d0); if (d0) z[j - n - 1] ^= (zz << d1); } /* final round of reduction */ while (j == dN) { /* d0 = p[0] % MP_DIGIT_BITS; */ d0 = p[0] & MP_DIGIT_BITS_MASK; zz = z[dN] >> d0; if (zz == 0) break; d1 = MP_DIGIT_BITS - d0; /* clear up the top d1 bits */ if (d0) { z[dN] = (z[dN] << d1) >> d1; } else { z[dN] = 0; } *z ^= zz; /* reduction t^0 component */ for (k = 1; p[k] > 0; k++) { /* reducing component t^p[k]*/ /* n = p[k] / MP_DIGIT_BITS; */ n = p[k] >> MP_DIGIT_BITS_LOG_2; /* d0 = p[k] % MP_DIGIT_BITS; */ d0 = p[k] & MP_DIGIT_BITS_MASK; d1 = MP_DIGIT_BITS - d0; z[n] ^= (zz << d0); tmp = zz >> d1; if (d0 && tmp) z[n + 1] ^= tmp; } } s_mp_clamp(r); CLEANUP: return res; } /* Compute the product of two polynomials a and b, reduce modulo p, * Store the result in r. r could be a or b; a could be b. */ mp_err mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], mp_int *r) { mp_err res; if (a == b) return mp_bsqrmod(a, p, r); if ((res = mp_bmul(a, b, r)) != MP_OKAY) return res; return mp_bmod(r, p, r); } /* Compute binary polynomial squaring c = a*a mod p . * Parameter r and a can be identical. */ mp_err mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r) { mp_digit *pa, *pr, a_i; mp_int tmp; mp_size ia, a_used; mp_err res; ARGCHK(a != NULL && r != NULL, MP_BADARG); MP_DIGITS(&tmp) = 0; if (a == r) { MP_CHECKOK(mp_init_copy(&tmp, a)); a = &tmp; } MP_USED(r) = 1; MP_DIGIT(r, 0) = 0; MP_CHECKOK(s_mp_pad(r, 2 * USED(a))); pa = MP_DIGITS(a); pr = MP_DIGITS(r); a_used = MP_USED(a); MP_USED(r) = 2 * a_used; for (ia = 0; ia < a_used; ia++) { a_i = *pa++; *pr++ = gf2m_SQR0(a_i); *pr++ = gf2m_SQR1(a_i); } MP_CHECKOK(mp_bmod(r, p, r)); s_mp_clamp(r); SIGN(r) = ZPOS; CLEANUP: mp_clear(&tmp); return res; } /* Compute binary polynomial y/x mod p, y divided by x, reduce modulo p. * Store the result in r. r could be x or y, and x could equal y. * Uses algorithm Modular_Division_GF(2^m) from * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to * the Great Divide". */ int mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp, const unsigned int p[], mp_int *r) { mp_int aa, bb, uu; mp_int *a, *b, *u, *v; mp_err res = MP_OKAY; MP_DIGITS(&aa) = 0; MP_DIGITS(&bb) = 0; MP_DIGITS(&uu) = 0; MP_CHECKOK(mp_init_copy(&aa, x)); MP_CHECKOK(mp_init_copy(&uu, y)); MP_CHECKOK(mp_init_copy(&bb, pp)); MP_CHECKOK(s_mp_pad(r, USED(pp))); MP_USED(r) = 1; MP_DIGIT(r, 0) = 0; a = &aa; b = &bb; u = &uu; v = r; /* reduce x and y mod p */ MP_CHECKOK(mp_bmod(a, p, a)); MP_CHECKOK(mp_bmod(u, p, u)); while (!mp_isodd(a)) { s_mp_div2(a); if (mp_isodd(u)) { MP_CHECKOK(mp_badd(u, pp, u)); } s_mp_div2(u); } do { if (mp_cmp_mag(b, a) > 0) { MP_CHECKOK(mp_badd(b, a, b)); MP_CHECKOK(mp_badd(v, u, v)); do { s_mp_div2(b); if (mp_isodd(v)) { MP_CHECKOK(mp_badd(v, pp, v)); } s_mp_div2(v); } while (!mp_isodd(b)); } else if ((MP_DIGIT(a, 0) == 1) && (MP_USED(a) == 1)) break; else { MP_CHECKOK(mp_badd(a, b, a)); MP_CHECKOK(mp_badd(u, v, u)); do { s_mp_div2(a); if (mp_isodd(u)) { MP_CHECKOK(mp_badd(u, pp, u)); } s_mp_div2(u); } while (!mp_isodd(a)); } } while (1); MP_CHECKOK(mp_copy(u, r)); CLEANUP: mp_clear(&aa); mp_clear(&bb); mp_clear(&uu); return res; } /* Convert the bit-string representation of a polynomial a into an array * of integers corresponding to the bits with non-zero coefficient. * Up to max elements of the array will be filled. Return value is total * number of coefficients that would be extracted if array was large enough. */ int mp_bpoly2arr(const mp_int *a, unsigned int p[], int max) { int i, j, k; mp_digit top_bit, mask; top_bit = 1; top_bit <<= MP_DIGIT_BIT - 1; for (k = 0; k < max; k++) p[k] = 0; k = 0; for (i = MP_USED(a) - 1; i >= 0; i--) { mask = top_bit; for (j = MP_DIGIT_BIT - 1; j >= 0; j--) { if (MP_DIGITS(a)[i] & mask) { if (k < max) p[k] = MP_DIGIT_BIT * i + j; k++; } mask >>= 1; } } return k; } /* Convert the coefficient array representation of a polynomial to a * bit-string. The array must be terminated by 0. */ mp_err mp_barr2poly(const unsigned int p[], mp_int *a) { mp_err res = MP_OKAY; int i; mp_zero(a); for (i = 0; p[i] > 0; i++) { MP_CHECKOK(mpl_set_bit(a, p[i], 1)); } MP_CHECKOK(mpl_set_bit(a, 0, 1)); CLEANUP: return res; }
¤ Dauer der Verarbeitung: 0.6 Sekunden ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-04