void
mpc_xor (mpc_t *rop, mpc_t op1, mpc_t op2)
{
mpc_t temp;
temp.precision = (op1.precision < op2.precision) ? op2.precision : op1.precision;
mpz_init (temp.object);
if (op1.precision == op2.precision)
mpz_xor (temp.object, op1.object, op2.object);
else if (op1.precision > op2.precision)
{
mpz_set (temp.object, op2.object);
power_of_ten (temp.object, op1.precision - op2.precision);
mpz_xor (temp.object, op1.object, temp.object);
}
else
{
mpz_set (temp.object, op1.object);
power_of_ten (temp.object, op2.precision - op1.precision);
mpz_xor (temp.object, temp.object, op2.object);
}
rop->precision = temp.precision;
mpz_set (rop->object, temp.object);
}
static PyObject *
GMPy_MPZ_Xor_Slot(PyObject *self, PyObject *other)
{
MPZ_Object *result;
if (CHECK_MPZANY(self)) {
if (CHECK_MPZANY(other)) {
if (!(result = GMPy_MPZ_New(NULL)))
return NULL;
mpz_xor(result->z, MPZ(self), MPZ(other));
}
else {
if (!(result = GMPy_MPZ_From_Integer(other, NULL)))
return NULL;
mpz_xor(result->z, MPZ(self), result->z);
}
}
else if (CHECK_MPZANY(other)) {
if (!(result = GMPy_MPZ_From_Integer(self, NULL)))
return NULL;
mpz_xor(result->z, result->z, MPZ(other));
}
else {
Py_RETURN_NOTIMPLEMENTED;
}
return (PyObject*)result;
}
static object
integer_log_op2(fixnum op,object x,enum type tx,object y,enum type ty) {
object u=big_fixnum1;
object ux=tx==t_bignum ? x : (mpz_set_si(MP(big_fixnum2),fix(x)), big_fixnum2);
object uy=ty==t_bignum ? y : (mpz_set_si(MP(big_fixnum3),fix(y)), big_fixnum3);
switch(op) {
case BOOLCLR: mpz_set_si(MP(u),0);break;
case BOOLSET: mpz_set_si(MP(u),-1);break;
case BOOL1: mpz_set(MP(u),MP(ux));break;
case BOOL2: mpz_set(MP(u),MP(uy));break;
case BOOLC1: mpz_com(MP(u),MP(ux));break;
case BOOLC2: mpz_com(MP(u),MP(uy));break;
case BOOLAND: mpz_and(MP(u),MP(ux),MP(uy));break;
case BOOLIOR: mpz_ior(MP(u),MP(ux),MP(uy));break;
case BOOLXOR: mpz_xor(MP(u),MP(ux),MP(uy));break;
case BOOLEQV: mpz_xor(MP(u),MP(ux),MP(uy));mpz_com(MP(u),MP(u));break;
case BOOLNAND: mpz_and(MP(u),MP(ux),MP(uy));mpz_com(MP(u),MP(u));break;
case BOOLNOR: mpz_ior(MP(u),MP(ux),MP(uy));mpz_com(MP(u),MP(u));break;
case BOOLANDC1:mpz_com(MP(u),MP(ux));mpz_and(MP(u),MP(u),MP(uy));break;
case BOOLANDC2:mpz_com(MP(u),MP(uy));mpz_and(MP(u),MP(ux),MP(u));break;
case BOOLORC1: mpz_com(MP(u),MP(ux));mpz_ior(MP(u),MP(u),MP(uy));break;
case BOOLORC2: mpz_com(MP(u),MP(uy));mpz_ior(MP(u),MP(ux),MP(u));break;
default:break;/*FIXME error*/
}
return u;
}
void Element::multiply(Element& A, Element& B) {
// Emulate hardware implementation.
// Set result to 0
mpz_t result;
mpz_init(result);
// Modulus: x^163 + x^7 + x^6 + x^3 + 1 (wordlength 163)
mpz_t mod;
mpz_init(mod);
mpz_set_str(mod, "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011001001", 2);
//gmp_printf("Mod = %Zx\n", mod);
// Length of modulus in base 2
int mod_len = 163;
//printf("Len = %d\n", mod_len);
int m = 0;
for (long i = (long) mod_len; i > 0; i--) {
if (mpz_tstbit(A.getMP(), i - 1) == 1) {
mpz_xor(result, result, B.getMP());
}
if (m == 1) {
mpz_xor(result, result, mod);
}
// Set m & T for next round
m = mpz_tstbit(result, mod_len - 1);
// Shift T by 1 bit to the left and clear MSB bit
mpz_clrbit(result, mod_len - 1);
mpz_mul_2exp(result, result, 1);
/*printf("[Mult] i = %d - T = ", mod_len - i + 2);
gmp_printf("0x%Zx\n", result);*/
}
// Shift result back 1 place & place m back in front
mpz_tdiv_q_2exp(result, result, 1);
if (m == 1) {
mpz_setbit(result, 162);
}
/*printf("[Mult] i = 0 - T = ");
gmp_printf("0x%Zx\n", result);*/
// Set result
mpz_set(this->a, result);
}
VALUE method_hash_vl(VALUE self, VALUE bitlength) {
int bl = NUM2INT(bitlength);
// for hard typecasting
unsigned char one_char;
char* result;
result = malloc(bl*sizeof(char));
unsigned long long len = RSTRING_LEN(self);
char *string = RSTRING_PTR(self);
if(len == 0){ return 0; }
mpz_t x, mask, long_len;
mpz_init_set_ui (long_len, len);
one_char = RSTRING_PTR(self)[0];
mpz_init_set_ui (x, one_char << 7);
int m = 1000003;
// generating mask of length bitlength filled with 1
mpz_init (mask);
mpz_ui_pow_ui(mask, 2, bl);
mpz_sub_ui (mask, mask, 1);
mpz_t computations, byte;
mpz_init(computations);
mpz_init2 (byte, 8);
int i = 0;
for(i; i < len; i++) {
one_char = string[i];
mpz_set_ui(byte, one_char);
mpz_mul_ui(computations, x, m);
mpz_xor(computations, computations, byte);
mpz_and (x, mask, computations);
}
mpz_xor(x, x, long_len);
//gmp_printf ("C xored x is %Zd\n", x);
mpz_get_str (result, 10, x);
VALUE res = rb_str_new2(result);
mpz_clear(x);
mpz_clear(byte);
mpz_clear(computations);
mpz_clear(mask);
mpz_clear(long_len);
free(result);
return res;
}
static PyObject *
GMPy_XMPZ_IXor_Slot(PyObject *self, PyObject *other)
{
if(CHECK_MPZANY(other)) {
mpz_xor(MPZ(self), MPZ(self), MPZ(other));
Py_INCREF(self);
return self;
}
if(PyIntOrLong_Check(other)) {
mpz_set_PyIntOrLong(global.tempz, other);
mpz_xor(MPZ(self), MPZ(self), global.tempz);
Py_INCREF(self);
return self;
}
Py_RETURN_NOTIMPLEMENTED;
}
static PyObject *
Pyxmpz_inplace_xor(PyObject *self, PyObject *other)
{
mpz_t tempz;
if(CHECK_MPZANY(other)) {
mpz_xor(Pyxmpz_AS_MPZ(self), Pyxmpz_AS_MPZ(self), Pyxmpz_AS_MPZ(other));
Py_INCREF(self);
return self;
}
if(PyIntOrLong_Check(other)) {
mpz_inoc(tempz);
mpz_set_PyIntOrLong(tempz, other);
mpz_xor(Pyxmpz_AS_MPZ(self), Pyxmpz_AS_MPZ(self), tempz);
mpz_cloc(tempz);
Py_INCREF(self);
return self;
}
Py_RETURN_NOTIMPLEMENTED;
}
mpz_t* fnv_hash_mpz(const void *key, int keylen,int keysize){
mpz_t *hash,*fnv_prime,*cur_octet;
mpz_init_set_str(*hash,offset_basis_512,0);
mpz_init_set_str(*fnv_prime,fnv_prime_512,0);
mpz_init(*cur_octet);
const uint8_t *raw_data=(const uint8_t *)key;
int i;
for(i=0;i<keylen;i++){
mpz_set_ui(*cur_octet,(uint64_t)raw_data[i]);
mpz_xor(*hash,*hash,*cur_octet);
mpz_mul(*hash,*hash,*fnv_prime);
}
return hash;
}
/* written as a one-off script mostly because (as of now) it doesn't seem to
* be needed by any other challenge. if that ends up not being the case,
* it'll be rewritten with properly general functions and everything. */
int main(void)
{
char *hex1 = "1c0111001f010100061a024b53535009181c";
char *hex2 = "686974207468652062756c6c277320657965";
mpz_t hexval1, hexval2, result;
mpz_init_set_str(hexval1, hex1, 16);
mpz_init_set_str(hexval2, hex2, 16);
mpz_init(result);
mpz_xor(result, hexval1, hexval2);
gmp_printf("%Zx\n", result);
}
void
fips186_gen::gen_q (bigint *q)
{
bigint u1, u2;
char digest[HASHSIZE];
do {
sha1_hash (digest, seed, seedsize << 3); // seedsize * 8
mpz_set_rawmag_le (&u1, digest, HASHSIZE);
seed[3]++;
sha1_hash (digest, seed, seedsize << 3); // seedsize * 8
mpz_set_rawmag_le (&u2, digest, HASHSIZE);
mpz_xor (q, &u1, &u2);
mpz_setbit (q, (HASHSIZE << 3) - 1); // set high bit
mpz_setbit (q, 0); // set low bit
} while (!q->probab_prime (5));
}
num_t
num_int_two_op(optype_t op_type, num_t a, num_t b)
{
num_t r;
r = num_new_z(N_TEMP, NULL);
a = num_new_z(N_TEMP, a);
b = num_new_z(N_TEMP, b);
switch (op_type) {
case OP_AND:
mpz_and(Z(r), Z(a), Z(b));
break;
case OP_OR:
mpz_ior(Z(r), Z(a), Z(b));
break;
case OP_XOR:
mpz_xor(Z(r), Z(a), Z(b));
break;
case OP_SHR:
if (!mpz_fits_ulong_p(Z(b))) {
yyxerror
("Second argument to shift needs to fit into an unsigned long C datatype");
return NULL;
}
mpz_fdiv_q_2exp(Z(r), Z(a), mpz_get_ui(Z(b)));
break;
case OP_SHL:
if (!mpz_fits_ulong_p(Z(b))) {
yyxerror
("Second argument to shift needs to fit into an unsigned long C datatype");
return NULL;
}
mpz_mul_2exp(Z(r), Z(a), mpz_get_ui(Z(b)));
break;
default:
yyxerror("Unknown op in num_int_two_op");
}
return r;
}
//------------------------------------------------------------------------------
// Name: bitwise_xor
//------------------------------------------------------------------------------
knumber_base *knumber_integer::bitwise_xor(knumber_base *rhs) {
if(knumber_integer *const p = dynamic_cast<knumber_integer *>(rhs)) {
mpz_xor(mpz_, mpz_, p->mpz_);
return this;
} else if(knumber_float *const p = dynamic_cast<knumber_float *>(rhs)) {
knumber_float *f = new knumber_float(this);
delete this;
return f->bitwise_xor(p);
} else if(knumber_fraction *const p = dynamic_cast<knumber_fraction *>(rhs)) {
knumber_fraction *f = new knumber_fraction(this);
delete this;
return f->bitwise_xor(p);
} else if(knumber_error *const p = dynamic_cast<knumber_error *>(rhs)) {
delete this;
return p->clone();
}
Q_ASSERT(0);
return 0;
}
static void
mkseed (mpz_t seed)
{
FILE *f = fopen ("/dev/urandom", "rb");
if (f)
{
unsigned char buf[6];
size_t res;
setbuf (f, NULL);
res = fread (buf, sizeof(buf), 1, f);
fclose (f);
if (res == 1)
{
mpz_import (seed, sizeof(buf), 1, 1, 0, 0, buf);
return;
}
}
#ifdef __unix__
{
struct timeval tv;
mpz_t usec;
mpz_init (usec);
gettimeofday (&tv, NULL);
mpz_set_ui (seed, tv.tv_sec);
mpz_set_ui (usec, tv.tv_usec);
/* usec fits in 20 bits, shift left to make it 48 bits. */
mpz_mul_2exp (usec, usec, 28);
mpz_xor (seed, seed, usec);
mpz_clear (usec);
}
#else
mpz_set_ui (seed, time (NULL));
#endif
}
static Variant HHVM_FUNCTION(gmp_xor,
const Variant& dataA,
const Variant& dataB) {
mpz_t gmpDataA, gmpDataB, gmpReturn;
if (!variantToGMPData(cs_GMP_FUNC_NAME_GMP_XOR, gmpDataA, dataA)) {
return false;
}
if (!variantToGMPData(cs_GMP_FUNC_NAME_GMP_XOR, gmpDataB, dataB)) {
mpz_clear(gmpDataA);
return false;
}
mpz_init(gmpReturn);
mpz_xor(gmpReturn, gmpDataA, gmpDataB);
Variant ret = NEWOBJ(GMPResource)(gmpReturn);
mpz_clear(gmpDataA);
mpz_clear(gmpDataB);
mpz_clear(gmpReturn);
return ret;
}
void
hex_random_op3 (enum hex_random_op op, unsigned long maxbits,
char **ap, char **bp, char **rp)
{
mpz_t a, b, r;
unsigned long abits, bbits;
unsigned signs;
mpz_init (a);
mpz_init (b);
mpz_init (r);
abits = gmp_urandomb_ui (state, 32) % maxbits;
bbits = gmp_urandomb_ui (state, 32) % maxbits;
mpz_rrandomb (a, state, abits);
mpz_rrandomb (b, state, bbits);
signs = gmp_urandomb_ui (state, 3);
if (signs & 1)
mpz_neg (a, a);
if (signs & 2)
mpz_neg (b, b);
switch (op)
{
default:
abort ();
case OP_ADD:
mpz_add (r, a, b);
break;
case OP_SUB:
mpz_sub (r, a, b);
break;
case OP_MUL:
mpz_mul (r, a, b);
break;
case OP_GCD:
if (signs & 4)
{
/* Produce a large gcd */
unsigned long gbits = gmp_urandomb_ui (state, 32) % maxbits;
mpz_rrandomb (r, state, gbits);
mpz_mul (a, a, r);
mpz_mul (b, b, r);
}
mpz_gcd (r, a, b);
break;
case OP_LCM:
if (signs & 4)
{
/* Produce a large gcd */
unsigned long gbits = gmp_urandomb_ui (state, 32) % maxbits;
mpz_rrandomb (r, state, gbits);
mpz_mul (a, a, r);
mpz_mul (b, b, r);
}
mpz_lcm (r, a, b);
break;
case OP_AND:
mpz_and (r, a, b);
break;
case OP_IOR:
mpz_ior (r, a, b);
break;
case OP_XOR:
mpz_xor (r, a, b);
break;
}
gmp_asprintf (ap, "%Zx", a);
gmp_asprintf (bp, "%Zx", b);
gmp_asprintf (rp, "%Zx", r);
mpz_clear (a);
mpz_clear (b);
mpz_clear (r);
}
/* Evaluate the expression E and put the result in R. */
void
mpz_eval_expr (mpz_ptr r, expr_t e)
{
mpz_t lhs, rhs;
switch (e->op)
{
case LIT:
mpz_set (r, e->operands.val);
return;
case PLUS:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_add (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
case MINUS:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_sub (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
case MULT:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_mul (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
case DIV:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_fdiv_q (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
case MOD:
mpz_init (rhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_abs (rhs, rhs);
mpz_eval_mod_expr (r, e->operands.ops.lhs, rhs);
mpz_clear (rhs);
return;
case REM:
/* Check if lhs operand is POW expression and optimize for that case. */
if (e->operands.ops.lhs->op == POW)
{
mpz_t powlhs, powrhs;
mpz_init (powlhs);
mpz_init (powrhs);
mpz_init (rhs);
mpz_eval_expr (powlhs, e->operands.ops.lhs->operands.ops.lhs);
mpz_eval_expr (powrhs, e->operands.ops.lhs->operands.ops.rhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_powm (r, powlhs, powrhs, rhs);
if (mpz_cmp_si (rhs, 0L) < 0)
mpz_neg (r, r);
mpz_clear (powlhs);
mpz_clear (powrhs);
mpz_clear (rhs);
return;
}
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_fdiv_r (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
#if __GNU_MP_VERSION >= 2
case INVMOD:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_invert (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
#endif
case POW:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
if (mpz_cmpabs_ui (lhs, 1) <= 0)
{
/* For 0^rhs and 1^rhs, we just need to verify that
rhs is well-defined. For (-1)^rhs we need to
determine (rhs mod 2). For simplicity, compute
(rhs mod 2) for all three cases. */
expr_t two, et;
two = malloc (sizeof (struct expr));
two -> op = LIT;
mpz_init_set_ui (two->operands.val, 2L);
makeexp (&et, MOD, e->operands.ops.rhs, two);
e->operands.ops.rhs = et;
}
mpz_eval_expr (rhs, e->operands.ops.rhs);
if (mpz_cmp_si (rhs, 0L) == 0)
/* x^0 is 1 */
mpz_set_ui (r, 1L);
else if (mpz_cmp_si (lhs, 0L) == 0)
/* 0^y (where y != 0) is 0 */
mpz_set_ui (r, 0L);
else if (mpz_cmp_ui (lhs, 1L) == 0)
/* 1^y is 1 */
mpz_set_ui (r, 1L);
else if (mpz_cmp_si (lhs, -1L) == 0)
/* (-1)^y just depends on whether y is even or odd */
mpz_set_si (r, (mpz_get_ui (rhs) & 1) ? -1L : 1L);
else if (mpz_cmp_si (rhs, 0L) < 0)
/* x^(-n) is 0 */
mpz_set_ui (r, 0L);
else
{
unsigned long int cnt;
unsigned long int y;
/* error if exponent does not fit into an unsigned long int. */
if (mpz_cmp_ui (rhs, ~(unsigned long int) 0) > 0)
goto pow_err;
y = mpz_get_ui (rhs);
/* x^y == (x/(2^c))^y * 2^(c*y) */
#if __GNU_MP_VERSION >= 2
cnt = mpz_scan1 (lhs, 0);
#else
cnt = 0;
#endif
if (cnt != 0)
{
if (y * cnt / cnt != y)
goto pow_err;
mpz_tdiv_q_2exp (lhs, lhs, cnt);
mpz_pow_ui (r, lhs, y);
mpz_mul_2exp (r, r, y * cnt);
}
else
mpz_pow_ui (r, lhs, y);
}
mpz_clear (lhs); mpz_clear (rhs);
return;
pow_err:
error = "result of `pow' operator too large";
mpz_clear (lhs); mpz_clear (rhs);
longjmp (errjmpbuf, 1);
case GCD:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_gcd (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
#if __GNU_MP_VERSION > 2 || __GNU_MP_VERSION_MINOR >= 1
case LCM:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_lcm (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
#endif
case AND:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_and (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
case IOR:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_ior (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
#if __GNU_MP_VERSION > 2 || __GNU_MP_VERSION_MINOR >= 1
case XOR:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
mpz_xor (r, lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
return;
#endif
case NEG:
mpz_eval_expr (r, e->operands.ops.lhs);
mpz_neg (r, r);
return;
case NOT:
mpz_eval_expr (r, e->operands.ops.lhs);
mpz_com (r, r);
return;
case SQRT:
mpz_init (lhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
if (mpz_sgn (lhs) < 0)
{
error = "cannot take square root of negative numbers";
mpz_clear (lhs);
longjmp (errjmpbuf, 1);
}
mpz_sqrt (r, lhs);
return;
#if __GNU_MP_VERSION > 2 || __GNU_MP_VERSION_MINOR >= 1
case ROOT:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
if (mpz_sgn (rhs) <= 0)
{
error = "cannot take non-positive root orders";
mpz_clear (lhs); mpz_clear (rhs);
longjmp (errjmpbuf, 1);
}
if (mpz_sgn (lhs) < 0 && (mpz_get_ui (rhs) & 1) == 0)
{
error = "cannot take even root orders of negative numbers";
mpz_clear (lhs); mpz_clear (rhs);
longjmp (errjmpbuf, 1);
}
{
unsigned long int nth = mpz_get_ui (rhs);
if (mpz_cmp_ui (rhs, ~(unsigned long int) 0) > 0)
{
/* If we are asked to take an awfully large root order, cheat and
ask for the largest order we can pass to mpz_root. This saves
some error prone special cases. */
nth = ~(unsigned long int) 0;
}
mpz_root (r, lhs, nth);
}
mpz_clear (lhs); mpz_clear (rhs);
return;
#endif
case FAC:
mpz_eval_expr (r, e->operands.ops.lhs);
if (mpz_size (r) > 1)
{
error = "result of `!' operator too large";
longjmp (errjmpbuf, 1);
}
mpz_fac_ui (r, mpz_get_ui (r));
return;
#if __GNU_MP_VERSION >= 2
case POPCNT:
mpz_eval_expr (r, e->operands.ops.lhs);
{ long int cnt;
cnt = mpz_popcount (r);
mpz_set_si (r, cnt);
}
return;
case HAMDIST:
{ long int cnt;
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
cnt = mpz_hamdist (lhs, rhs);
mpz_clear (lhs); mpz_clear (rhs);
mpz_set_si (r, cnt);
}
return;
#endif
case LOG2:
mpz_eval_expr (r, e->operands.ops.lhs);
{ unsigned long int cnt;
if (mpz_sgn (r) <= 0)
{
error = "logarithm of non-positive number";
longjmp (errjmpbuf, 1);
}
cnt = mpz_sizeinbase (r, 2);
mpz_set_ui (r, cnt - 1);
}
return;
case LOG:
{ unsigned long int cnt;
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
if (mpz_sgn (lhs) <= 0)
{
error = "logarithm of non-positive number";
mpz_clear (lhs); mpz_clear (rhs);
longjmp (errjmpbuf, 1);
}
if (mpz_cmp_ui (rhs, 256) >= 0)
{
error = "logarithm base too large";
mpz_clear (lhs); mpz_clear (rhs);
longjmp (errjmpbuf, 1);
}
cnt = mpz_sizeinbase (lhs, mpz_get_ui (rhs));
mpz_set_ui (r, cnt - 1);
mpz_clear (lhs); mpz_clear (rhs);
}
return;
case FERMAT:
{
unsigned long int t;
mpz_init (lhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
t = (unsigned long int) 1 << mpz_get_ui (lhs);
if (mpz_cmp_ui (lhs, ~(unsigned long int) 0) > 0 || t == 0)
{
error = "too large Mersenne number index";
mpz_clear (lhs);
longjmp (errjmpbuf, 1);
}
mpz_set_ui (r, 1);
mpz_mul_2exp (r, r, t);
mpz_add_ui (r, r, 1);
mpz_clear (lhs);
}
return;
case MERSENNE:
mpz_init (lhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
if (mpz_cmp_ui (lhs, ~(unsigned long int) 0) > 0)
{
error = "too large Mersenne number index";
mpz_clear (lhs);
longjmp (errjmpbuf, 1);
}
mpz_set_ui (r, 1);
mpz_mul_2exp (r, r, mpz_get_ui (lhs));
mpz_sub_ui (r, r, 1);
mpz_clear (lhs);
return;
case FIBONACCI:
{ mpz_t t;
unsigned long int n, i;
mpz_init (lhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
if (mpz_sgn (lhs) <= 0 || mpz_cmp_si (lhs, 1000000000) > 0)
{
error = "Fibonacci index out of range";
mpz_clear (lhs);
longjmp (errjmpbuf, 1);
}
n = mpz_get_ui (lhs);
mpz_clear (lhs);
#if __GNU_MP_VERSION > 2 || __GNU_MP_VERSION_MINOR >= 1
mpz_fib_ui (r, n);
#else
mpz_init_set_ui (t, 1);
mpz_set_ui (r, 1);
if (n <= 2)
mpz_set_ui (r, 1);
else
{
for (i = 3; i <= n; i++)
{
mpz_add (t, t, r);
mpz_swap (t, r);
}
}
mpz_clear (t);
#endif
}
return;
case RANDOM:
{
unsigned long int n;
mpz_init (lhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
if (mpz_sgn (lhs) <= 0 || mpz_cmp_si (lhs, 1000000000) > 0)
{
error = "random number size out of range";
mpz_clear (lhs);
longjmp (errjmpbuf, 1);
}
n = mpz_get_ui (lhs);
mpz_clear (lhs);
mpz_urandomb (r, rstate, n);
}
return;
case NEXTPRIME:
{
mpz_eval_expr (r, e->operands.ops.lhs);
mpz_nextprime (r, r);
}
return;
case BINOM:
mpz_init (lhs); mpz_init (rhs);
mpz_eval_expr (lhs, e->operands.ops.lhs);
mpz_eval_expr (rhs, e->operands.ops.rhs);
{
unsigned long int k;
if (mpz_cmp_ui (rhs, ~(unsigned long int) 0) > 0)
{
error = "k too large in (n over k) expression";
mpz_clear (lhs); mpz_clear (rhs);
longjmp (errjmpbuf, 1);
}
k = mpz_get_ui (rhs);
mpz_bin_ui (r, lhs, k);
}
mpz_clear (lhs); mpz_clear (rhs);
return;
case TIMING:
{
int t0;
t0 = cputime ();
mpz_eval_expr (r, e->operands.ops.lhs);
printf ("time: %d\n", cputime () - t0);
}
return;
default:
abort ();
}
}
static void
mpz_eqv_op(cl_object out, cl_object i, cl_object j)
{
mpz_xor(out->big.big_num, i->big.big_num, j->big.big_num);
mpz_com(out->big.big_num, out->big.big_num);
}
void ConstFoldBinop(BinopKind kind,
const mpz_t left_val, const mpz_t right_val, mpz_t res)
{
switch (kind) {
case B_Plus:
mpz_add(res, left_val, right_val);
break;
case B_Minus:
case B_MinusPP: // TODO: include scaling here?
mpz_sub(res, left_val, right_val);
break;
case B_Mult:
mpz_mul(res, left_val, right_val);
break;
case B_Div:
case B_DivExact: // treat like regular division during folding.
// leave zero value for division by zero.
if (mpz_cmp_si(right_val, 0) != 0)
mpz_fdiv_q(res, left_val, right_val);
break;
case B_Mod:
// ditto for modulus by zero or negative values.
if (mpz_cmp_si(right_val, 0) > 0)
mpz_fdiv_r(res, left_val, right_val);
break;
case B_ShiftLeft:
// ditto for left shifts by negative or large values.
if (mpz_cmp_si(right_val, 0) >= 0 &&
mpz_cmp_si(right_val, 64) <= 0)
mpz_mul_2exp(res, left_val, mpz_get_ui(right_val));
break;
case B_ShiftRight:
// ditto for right shifts by negative values or large values.
if (mpz_cmp_si(right_val, 0) >= 0 &&
mpz_cmp_si(right_val, 64) <= 0)
mpz_tdiv_q_2exp(res, left_val, mpz_get_ui(right_val));
break;
case B_BitwiseAnd:
mpz_and(res, left_val, right_val);
break;
case B_BitwiseOr:
mpz_ior(res, left_val, right_val);
break;
case B_BitwiseXOr:
mpz_xor(res, left_val, right_val);
break;
case B_Min:
if (mpz_cmp(left_val, right_val) < 0)
mpz_set(res, left_val);
else
mpz_set(res, right_val);
break;
case B_Max:
if (mpz_cmp(left_val, right_val) > 0)
mpz_set(res, left_val);
else
mpz_set(res, right_val);
break;
case B_LessThan:
case B_LessThanP:
FoldBoolean(res, mpz_cmp(left_val, right_val) < 0);
break;
case B_GreaterThan:
case B_GreaterThanP:
FoldBoolean(res, mpz_cmp(left_val, right_val) > 0);
break;
case B_LessEqual:
case B_LessEqualP:
FoldBoolean(res, mpz_cmp(left_val, right_val) <= 0);
break;
case B_GreaterEqual:
case B_GreaterEqualP:
FoldBoolean(res, mpz_cmp(left_val, right_val) >= 0);
break;
case B_Equal:
case B_EqualP:
FoldBoolean(res, mpz_cmp(left_val, right_val) == 0);
break;
case B_NotEqual:
case B_NotEqualP:
FoldBoolean(res, mpz_cmp(left_val, right_val) != 0);
break;
case B_LogicalAnd:
FoldBoolean(res, mpz_cmp_si(left_val, 0) != 0 &&
mpz_cmp_si(right_val, 0) != 0);
break;
case B_LogicalOr:
FoldBoolean(res, mpz_cmp_si(left_val, 0) != 0 ||
mpz_cmp_si(right_val, 0) != 0);
break;
default:
logout << "ERROR: ConstFoldBinop: Unexpected "
<< BinopString(kind)
<< " " << left_val << " " << right_val << endl;
Assert(false);
}
}
/*
PSEC-KEM key encapsulation mechanism
Return: TRUE if succeed; otherwise FALSE
*/
u8 PSEC_KEM_KEM(
PSEC_KEM_PUB_KEY *publicKey, /* PSEC_KEM public key */
PSEC_KEM_KEY_ENCAPSULATION *keyEncapsulation, /* returned keyEncapsulation */
PSEC_KEM_KEY_MATERIAL *keyMaterial, /* returned key material */
EC_PARAM *E,
PSEC_KEM_EC_ENCODING_FORMAT format
)
{
mpz_t s, u, res, v;
u8 *s_raw, *u_raw, *t_raw, *mgf_arg_1, *mgf_arg_2, *res_raw, *v_raw, *PEH_raw;
u8 *EG_raw;
s32 i;
u32 hoLen, uoLen, EGoLen, PEHoLen, qoLen;
EC_POINT h_tilde, g_tilde;
mpz_init(s);
mpz_init(u);
mpz_init(res);
mpz_init(v);
hoLen = (publicKey->hLen) >> 3;
uoLen = (u32)ceil(E->pLen/8.0) + 16;
keyMaterial->KoLen = (publicKey->outputKeyLen) >> 3;
qoLen = (u32)ceil(E->qLen/8.0);
if (format == COMPRESSED) {
EGoLen = 1 + qoLen;
PEHoLen = 1 + qoLen;
} else {
EGoLen = 1 + 2*qoLen;
PEHoLen = 1 + 2*qoLen;
}
if ((publicKey->pk).inf_id == EC_O)
PEHoLen = 1;
if ((E->P).inf_id == EC_O)
EGoLen = 1;
#ifdef DEBUG
printf("hoLen = %u\n", hoLen);
printf("uoLen = %u\n", uoLen);
printf("keyMaterial->KoLen = %u\n", keyMaterial->KoLen);
printf("EGoLen = %u\n", EGoLen);
printf("PEHoLen = %u\n", PEHoLen);
#endif
EC_initPoint ( &h_tilde );
EC_initPoint ( &g_tilde);
s_raw = (BYTE *) malloc (hoLen);
u_raw = (BYTE *) malloc (uoLen);
t_raw = (BYTE *) malloc (uoLen + keyMaterial->KoLen);
mgf_arg_1 = (u8 *) malloc (4 + hoLen);
mgf_arg_2 = (u8 *) malloc (4 + EGoLen + PEHoLen);
res_raw = (u8 *) malloc (hoLen);
v_raw = (u8 *) malloc (hoLen);
PEH_raw = (u8 *) malloc (PEHoLen);
EG_raw = (u8 *) malloc (EGoLen);
/* generate s */
GenerateBytes(s_raw, hoLen, global_prng);
BYTE2WORD (s, s_raw, hoLen);
#ifdef DEBUG
printf("s = 0x%s\n", mpz_get_str(NULL, 16, s));
printf("\n"); fflush(stdout);
#endif
/* compute t = MGF1(0 || s) */
U32TO8_BIG(mgf_arg_1, 0L);
memcpy(mgf_arg_1+4, s_raw, hoLen);
MGF1( t_raw, 8 * (uoLen + keyMaterial->KoLen), mgf_arg_1, 4 + hoLen);
#ifdef DEBUG
printf("t = ");
printAsHex(t_raw, uoLen+keyMaterial->KoLen);
printf("\n"); fflush(stdout);
#endif
/* parse t as t = u || K */
memcpy( u_raw, t_raw, uoLen );
BYTE2WORD( u, u_raw, uoLen );
memcpy( keyMaterial->K_raw, t_raw+uoLen, keyMaterial->KoLen );
#ifdef DEBUG
printf("u = 0x%s\n", mpz_get_str(NULL, 16, u));
printf("keyMaterial = ");
printAsHex(keyMaterial->K_raw, keyMaterial->KoLen);
printf("\n"); fflush(stdout);
#endif
/* compute h_tilde = u * publicKey->pk */
EC_Mult( &h_tilde, u, &(publicKey->pk), E );
ec2os (PEH_raw, &h_tilde, E, format);
#ifdef DEBUG
printf("h_tilde.x = 0x%s\n", mpz_get_str(NULL, 16, h_tilde.x));
printf("h_tilde.y = 0x%s\n", mpz_get_str(NULL, 16, h_tilde.y));
printf("PEH = ");
printAsHex(PEH_raw, PEHoLen);
printf("\n"); fflush(stdout);
#endif
/* compute g_tilde = u * E->P */
EC_Mult( &g_tilde, u, &(E->P), E );
#ifdef DEBUG
printf("g_tilde.x = 0x%s\n", mpz_get_str(NULL, 16, g_tilde.x));
printf("g_tilde.y = 0x%s\n", mpz_get_str(NULL, 16, g_tilde.y));
printf("g_tilde.inf_id = %u\n", g_tilde.inf_id);
#endif
/* convert g_tilde's EC point to an octet string according to P1363 E.2.3.2 */
ec2os( EG_raw, &g_tilde, E, format);
#ifdef DEBUG
printf("EG = ");
printAsHex(EG_raw, EGoLen);
printf("\n"); fflush(stdout);
#endif
/* compute res = MGF1( 1 || EG || PEH ) */
U32TO8_BIG ( mgf_arg_2, 1L );
memcpy( mgf_arg_2 + 4, EG_raw, EGoLen );
memcpy( mgf_arg_2 + 4 + EGoLen, PEH_raw, PEHoLen );
MGF1( res_raw, publicKey->hLen, mgf_arg_2, 4 + EGoLen + PEHoLen);
BYTE2WORD( res, res_raw, hoLen);
#ifdef DEBUG
printf("res = 0x%s\n", mpz_get_str(NULL, 16, res));
printf("\n"); fflush(stdout);
#endif
/* compute v = s \xor res */
mpz_xor(v, s, res);
WORD2BYTE(v_raw, v, hoLen);
#ifdef DEBUG
printf("v = 0x%s\n", mpz_get_str(NULL, 16, v));
printf("\n"); fflush(stdout);
#endif
/* output C0 = EG || v */
memcpy( keyEncapsulation->C0, EG_raw, EGoLen);
memcpy( keyEncapsulation->C0 + EGoLen, v_raw, hoLen);
#ifdef DEBUG
printf("C0 = ");
printAsHex(keyEncapsulation->C0, keyEncapsulation->C0oLen);
printf("\n"); fflush(stdout);
#endif
/* clean up */
mpz_clear(s);
mpz_clear(u);
mpz_clear(res);
mpz_clear(v);
memset(s_raw, 0, hoLen);
memset(u_raw, 0, uoLen);
memset(t_raw, 0, uoLen + keyMaterial->KoLen);
memset(mgf_arg_1, 0, 4+hoLen);
memset(mgf_arg_2, 0, 4 + EGoLen + PEHoLen);
memset(res_raw, 0, hoLen);
memset(v_raw, 0, hoLen);
memset(PEH_raw, 0, PEHoLen);
memset(EG_raw, 0, EGoLen);
free(s_raw);
free(u_raw);
free(t_raw);
free(mgf_arg_1);
free(mgf_arg_2);
free(res_raw);
free(v_raw);
free(PEH_raw);
free(EG_raw);
EC_clearPoint ( &h_tilde );
EC_clearPoint ( &g_tilde );
return TRUE;
}
void C_BigInt::operator ^= (const C_BigInt inOperand) {
mpz_xor (mGMPint, mGMPint, inOperand.mGMPint) ;
}
