/*------------------------------------------------------------ * * mpa_exp_mod * * Calculates dest = op1 ^ op2 mod n * */ void mpa_exp_mod(mpanum dest, const mpanum op1, const mpanum op2, const mpanum n, const mpanum r_modn, const mpanum r2_modn, const mpa_word_t n_inv, mpa_scratch_mem pool) { mpanum A; mpanum B; mpanum xtilde; mpanum *ptr_a; mpanum *ptr_b; mpanum *swapper; int idx; mpa_alloc_static_temp_var(&A, pool); mpa_alloc_static_temp_var(&B, pool); mpa_alloc_static_temp_var(&xtilde, pool); /* transform to Montgomery space */ /* use internal version since xtidle is big enough */ __mpa_montgomery_mul(xtilde, op1, r2_modn, n, n_inv); mpa_copy(A, r_modn); ptr_a = &A; ptr_b = &B; __mpa_set_unused_digits_to_zero(A); __mpa_set_unused_digits_to_zero(B); for (idx = mpa_highest_bit_index(op2); idx >= 0; idx--) { __mpa_montgomery_mul(*ptr_b, *ptr_a, *ptr_a, n, n_inv); if (mpa_get_bit(op2, idx) == 1) { __mpa_montgomery_mul(*ptr_a, *ptr_b, xtilde, n, n_inv); } else { swapper = ptr_a; ptr_a = ptr_b; ptr_b = swapper; } } /* transform back form Montgomery space */ __mpa_montgomery_mul(*ptr_b, (const mpanum)&const_one, *ptr_a, n, n_inv); mpa_copy(dest, *ptr_b); mpa_free_static_temp_var(&A, pool); mpa_free_static_temp_var(&B, pool); mpa_free_static_temp_var(&xtilde, pool); }
/*------------------------------------------------------------ * * mpa_shift_right * * Shifts src right by "steps" step and put result in dest. * It does not care about signs. Dest will have same sign as src. * */ void mpa_shift_right(mpanum dest, mpanum src, mpa_word_t steps) { mpa_word_t q; /* quotient of steps div WORD_SIZE */ mpa_word_t r; /* remainder of steps div WORD_SIZE */ mpa_word_t i; /* the bits of the word which will be shifted into another word */ mpa_word_t rbits; /* * Copy first, then check, since even a shifted zero should * be copied. */ mpa_copy(dest, src); __mpa_set_unused_digits_to_zero(dest); if (steps == 0 || __mpanum_is_zero(dest)) return; r = steps & (WORD_SIZE - 1); /* 0 <= r < WORD_SIZE */ q = steps >> LOG_OF_WORD_SIZE; /* 0 <= q */ if (q >= __mpanum_size(dest)) { mpa_set_word(dest, 0); return; } /* * Here we have: * 0 <= r < WORD_SIZE - 1 * 0 <= q < _mpanumSize(dest) */ if (r == 0) { /* and q > 0 */ /* Simple shift by words */ for (i = 0; i < __mpanum_size(dest) - q; i++) dest->d[i] = dest->d[i + q]; } else { /* combination of word and bit shifting */ for (i = 0; i < __mpanum_size(dest) - q - 1; i++) { dest->d[i] = dest->d[i + q]; rbits = dest->d[i + q + 1] & ((1 << r) - 1); dest->d[i] = (dest->d[i] >> r) ^ (rbits << (WORD_SIZE - r)); } /* final word is special */ dest->d[i] = dest->d[i + q] >> r; } /* update the size of dest */ if (dest->size > 0) dest->size -= q; else dest->size += q; /* Take care of the case when we shifted out all bits from MSW */ if (__mpanum_msw(dest) == 0) { if (dest->size > 0) dest->size--; else dest->size++; } }
/* -------------------------------------------------------------------- * mpa_shift_left * * Shifts src left by "steps" step and put result in dest. * It does not care about signs. Dest will have same sign as src. */ void mpa_shift_left(mpanum dest, mpanum src, mpa_word_t steps) { mpa_word_t q; /* quotient of steps div WORD_SIZE */ mpa_word_t r; /* remainder of steps div WORD_SIZE */ mpa_word_t i; /* the bits of the word which will be shifted into another word */ mpa_word_t rbits; mpa_word_t need_extra_word; /* * Copy first, then check, since even a shifted zero should * be copied. */ mpa_copy(dest, src); __mpa_set_unused_digits_to_zero(dest); if (steps == 0 || __mpanum_is_zero(dest)) return; r = steps & (WORD_SIZE - 1); /* 0 <= r < WORD_SIZE */ q = steps >> LOG_OF_WORD_SIZE; /* 0 <= q */ /* * The size of dest will always increase by at least q. * If we're shifting r bits and the r highest bits in * the MSW of dest is zero, we don't need the extra word * Note: * We cannot do * if (_mpanumMSW(dest) >> (WORD_SIZE - r)) * since some compilers (MS) does not shift the word * if the shift quantity is larger or equal to the word size... * Otherwise it would be natural to say that (a >> b) is just zero * if b is larger than the number of bit of a, but no no... */ need_extra_word = 0; if (__mpanum_msw(dest) & (((1 << r) - 1) << (WORD_SIZE - r))) need_extra_word = 1; if (r == 0) { /* and q > 0 */ /* * We have a simple shift by words */ for (i = __mpanum_size(dest) + q - 1; i > q - 1; i--) dest->d[i] = dest->d[i - q]; } else { /* * We have a combination of word and bit shifting. * * If need_extra_word is 1, the MSW is special and handled * here */ i = __mpanum_size(dest) + q + need_extra_word; if (need_extra_word) { rbits = dest->d[i - q - 1] >> (WORD_SIZE - r); dest->d[i] ^= rbits; } i--; dest->d[i] = dest->d[i - q] << r; while (i > q) { rbits = dest->d[i - q - 1] >> (WORD_SIZE - r); dest->d[i] ^= rbits; i--; dest->d[i] = dest->d[i - q] << r; } } mpa_memset(dest->d, 0, BYTES_PER_WORD * q); /* update the size of dest */ if (dest->size > 0) dest->size += q + need_extra_word; else dest->size -= q + need_extra_word; }