/*------------------------------------------------------------
*
* mpa_exp_mod
*
* Calculates dest = op1 ^ op2 mod n
*
*/
void mpa_exp_mod(mpanum dest,
const mpanum op1,
const mpanum op2,
const mpanum n,
const mpanum r_modn,
const mpanum r2_modn,
const mpa_word_t n_inv, mpa_scratch_mem pool)
{
mpanum A;
mpanum B;
mpanum xtilde;
mpanum *ptr_a;
mpanum *ptr_b;
mpanum *swapper;
int idx;
mpa_alloc_static_temp_var(&A, pool);
mpa_alloc_static_temp_var(&B, pool);
mpa_alloc_static_temp_var(&xtilde, pool);
/* transform to Montgomery space */
/* use internal version since xtidle is big enough */
__mpa_montgomery_mul(xtilde, op1, r2_modn, n, n_inv);
mpa_copy(A, r_modn);
ptr_a = &A;
ptr_b = &B;
__mpa_set_unused_digits_to_zero(A);
__mpa_set_unused_digits_to_zero(B);
for (idx = mpa_highest_bit_index(op2); idx >= 0; idx--) {
__mpa_montgomery_mul(*ptr_b, *ptr_a, *ptr_a, n, n_inv);
if (mpa_get_bit(op2, idx) == 1) {
__mpa_montgomery_mul(*ptr_a, *ptr_b, xtilde, n, n_inv);
} else {
swapper = ptr_a;
ptr_a = ptr_b;
ptr_b = swapper;
}
}
/* transform back form Montgomery space */
__mpa_montgomery_mul(*ptr_b, (const mpanum)&const_one, *ptr_a,
n, n_inv);
mpa_copy(dest, *ptr_b);
mpa_free_static_temp_var(&A, pool);
mpa_free_static_temp_var(&B, pool);
mpa_free_static_temp_var(&xtilde, pool);
}
/*------------------------------------------------------------
*
* mpa_shift_right
*
* Shifts src right by "steps" step and put result in dest.
* It does not care about signs. Dest will have same sign as src.
*
*/
void mpa_shift_right(mpanum dest, mpanum src, mpa_word_t steps)
{
mpa_word_t q; /* quotient of steps div WORD_SIZE */
mpa_word_t r; /* remainder of steps div WORD_SIZE */
mpa_word_t i;
/* the bits of the word which will be shifted into another word */
mpa_word_t rbits;
/*
* Copy first, then check, since even a shifted zero should
* be copied.
*/
mpa_copy(dest, src);
__mpa_set_unused_digits_to_zero(dest);
if (steps == 0 || __mpanum_is_zero(dest))
return;
r = steps & (WORD_SIZE - 1); /* 0 <= r < WORD_SIZE */
q = steps >> LOG_OF_WORD_SIZE; /* 0 <= q */
if (q >= __mpanum_size(dest)) {
mpa_set_word(dest, 0);
return;
}
/*
* Here we have:
* 0 <= r < WORD_SIZE - 1
* 0 <= q < _mpanumSize(dest)
*/
if (r == 0) { /* and q > 0 */
/* Simple shift by words */
for (i = 0; i < __mpanum_size(dest) - q; i++)
dest->d[i] = dest->d[i + q];
} else {
/* combination of word and bit shifting */
for (i = 0; i < __mpanum_size(dest) - q - 1; i++) {
dest->d[i] = dest->d[i + q];
rbits = dest->d[i + q + 1] & ((1 << r) - 1);
dest->d[i] =
(dest->d[i] >> r) ^ (rbits << (WORD_SIZE - r));
}
/* final word is special */
dest->d[i] = dest->d[i + q] >> r;
}
/* update the size of dest */
if (dest->size > 0)
dest->size -= q;
else
dest->size += q;
/* Take care of the case when we shifted out all bits from MSW */
if (__mpanum_msw(dest) == 0) {
if (dest->size > 0)
dest->size--;
else
dest->size++;
}
}
/* --------------------------------------------------------------------
* mpa_shift_left
*
* Shifts src left by "steps" step and put result in dest.
* It does not care about signs. Dest will have same sign as src.
*/
void mpa_shift_left(mpanum dest, mpanum src, mpa_word_t steps)
{
mpa_word_t q; /* quotient of steps div WORD_SIZE */
mpa_word_t r; /* remainder of steps div WORD_SIZE */
mpa_word_t i;
/* the bits of the word which will be shifted into another word */
mpa_word_t rbits;
mpa_word_t need_extra_word;
/*
* Copy first, then check, since even a shifted zero should
* be copied.
*/
mpa_copy(dest, src);
__mpa_set_unused_digits_to_zero(dest);
if (steps == 0 || __mpanum_is_zero(dest))
return;
r = steps & (WORD_SIZE - 1); /* 0 <= r < WORD_SIZE */
q = steps >> LOG_OF_WORD_SIZE; /* 0 <= q */
/*
* The size of dest will always increase by at least q.
* If we're shifting r bits and the r highest bits in
* the MSW of dest is zero, we don't need the extra word
* Note:
* We cannot do
* if (_mpanumMSW(dest) >> (WORD_SIZE - r))
* since some compilers (MS) does not shift the word
* if the shift quantity is larger or equal to the word size...
* Otherwise it would be natural to say that (a >> b) is just zero
* if b is larger than the number of bit of a, but no no...
*/
need_extra_word = 0;
if (__mpanum_msw(dest) & (((1 << r) - 1) << (WORD_SIZE - r)))
need_extra_word = 1;
if (r == 0) { /* and q > 0 */
/*
* We have a simple shift by words
*/
for (i = __mpanum_size(dest) + q - 1; i > q - 1; i--)
dest->d[i] = dest->d[i - q];
} else {
/*
* We have a combination of word and bit shifting.
*
* If need_extra_word is 1, the MSW is special and handled
* here
*/
i = __mpanum_size(dest) + q + need_extra_word;
if (need_extra_word) {
rbits = dest->d[i - q - 1] >> (WORD_SIZE - r);
dest->d[i] ^= rbits;
}
i--;
dest->d[i] = dest->d[i - q] << r;
while (i > q) {
rbits = dest->d[i - q - 1] >> (WORD_SIZE - r);
dest->d[i] ^= rbits;
i--;
dest->d[i] = dest->d[i - q] << r;
}
}
mpa_memset(dest->d, 0, BYTES_PER_WORD * q);
/* update the size of dest */
if (dest->size > 0)
dest->size += q + need_extra_word;
else
dest->size -= q + need_extra_word;
}
