int ltc_ecc_is_point(const ltc_ecc_set_type *dp, void *x, void *y)
{
void *prime, *a, *b, *t1, *t2;
int err;
if ((err = mp_init_multi(&prime, &a, &b, &t1, &t2, NULL)) != CRYPT_OK) {
return err;
}
/* load prime, a and b */
if ((err = mp_read_radix(prime, dp->prime, 16)) != CRYPT_OK) goto cleanup;
if ((err = mp_read_radix(b, dp->B, 16)) != CRYPT_OK) goto cleanup;
if ((err = mp_read_radix(a, dp->A, 16)) != CRYPT_OK) goto cleanup;
/* compute y^2 */
if ((err = mp_sqr(y, t1)) != CRYPT_OK) goto cleanup;
/* compute x^3 */
if ((err = mp_sqr(x, t2)) != CRYPT_OK) goto cleanup;
if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) goto cleanup;
if ((err = mp_mul(x, t2, t2)) != CRYPT_OK) goto cleanup;
/* compute y^2 - x^3 */
if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) goto cleanup;
/* compute y^2 - x^3 - a*x */
if ((err = mp_submod(prime, a, prime, t2)) != CRYPT_OK) goto cleanup;
if ((err = mp_mulmod(t2, x, prime, t2)) != CRYPT_OK) goto cleanup;
if ((err = mp_addmod(t1, t2, prime, t1)) != CRYPT_OK) goto cleanup;
/* adjust range (0, prime) */
while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) goto cleanup;
}
while (mp_cmp(t1, prime) != LTC_MP_LT) {
if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) goto cleanup;
}
/* compare to b */
if (mp_cmp(t1, b) != LTC_MP_EQ) {
err = CRYPT_INVALID_PACKET;
} else {
err = CRYPT_OK;
}
cleanup:
mp_clear_multi(prime, b, t1, t2, NULL);
return err;
}
/* calculate c = a**b using a square-multiply algorithm */
int mp_expt_d MPA(mp_int * a, mp_digit b, mp_int * c)
{
int res;
mp_int g;
if ((res = mp_init_copy (MPST, &g, a)) != MP_OKAY) {
return res;
}
/* set initial result */
mp_set (c, 1);
while(b > 0) {
/* if the bit is set multiply */
if(b & 1) {
if ((res = mp_mul (MPST, c, &g, c)) != MP_OKAY) {
mp_clear(&g);
return res;
}
}
/* square */
if (b > 1 && (res = mp_sqr (MPST, &g, &g)) != MP_OKAY) {
mp_clear(&g);
return res;
}
/* shift to next bit */
b >>= 1;
}
mp_clear (&g);
return MP_OKAY;
}
/* calculate c = a**b using a square-multiply algorithm */
int mp_expt_d (mp_int * a, mp_digit b, mp_int * c)
{
int res, x;
mp_int g;
if ((res = mp_init_copy (&g, a)) != MP_OKAY) {
return res;
}
/* set initial result */
mp_set (c, 1);
for (x = 0; x < (int) DIGIT_BIT; x++) {
/* square */
if ((res = mp_sqr (c, c)) != MP_OKAY) {
mp_clear (&g);
return res;
}
/* if the bit is set multiply */
if ((b & (mp_digit) (((mp_digit)1) << (DIGIT_BIT - 1))) != 0) {
if ((res = mp_mul (c, &g, c)) != MP_OKAY) {
mp_clear (&g);
return res;
}
}
/* shift to next bit */
b <<= 1;
}
mp_clear (&g);
return MP_OKAY;
}
static int is_point(ecc_key *key)
{
void *prime, *b, *t1, *t2;
int err;
if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) {
return err;
}
/* load prime and b */
if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; }
if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; }
/* compute y^2 */
if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; }
/* compute x^3 */
if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; }
if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; }
if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; }
/* compute y^2 - x^3 */
if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; }
/* compute y^2 - x^3 + 3x */
if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; }
while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; }
}
while (mp_cmp(t1, prime) != LTC_MP_LT) {
if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; }
}
/* compare to b */
if (mp_cmp(t1, b) != LTC_MP_EQ) {
err = CRYPT_INVALID_PACKET;
} else {
err = CRYPT_OK;
}
error:
mp_clear_multi(prime, b, t1, t2, NULL);
return err;
}
int mpf_sqr(mp_float *a, mp_float *b)
{
int err;
if ((err = mp_sqr(&(a->mantissa), &(b->mantissa))) != MP_OKAY) {
return err;
}
b->exp = 2 * a->exp;
return mpf_normalize(b);
}
void
mpi_sqr(const mpi *a, mpi *b)
{
if (a->size == 0) {
mpi_zero(b);
return;
}
mp_size bsize = a->size * 2;
if (a == b) {
mp_digit *prod = MP_TMP_ALLOC(bsize);
mp_sqr(a->digits, a->size, prod);
bsize -= (prod[bsize - 1] == 0);
MPI_SIZE(b, bsize);
mp_copy(prod, bsize, b->digits);
MP_TMP_FREE(prod);
} else {
MPI_MIN_ALLOC(b, bsize);
mp_sqr(a->digits, a->size, b->digits);
b->size = bsize - (b->digits[bsize - 1] == 0);
}
b->sign = 0;
}
/* c = a * a (mod b) */
int mp_sqrmod(const mp_int *a, const mp_int *b, mp_int *c)
{
int res;
mp_int t;
if ((res = mp_init(&t)) != MP_OKAY) {
return res;
}
if ((res = mp_sqr(a, &t)) != MP_OKAY) {
mp_clear(&t);
return res;
}
res = mp_mod(&t, b, c);
mp_clear(&t);
return res;
}
/**
Map a projective jacbobian point back to affine space
@param P [in/out] The point to map
@param modulus The modulus of the field the ECC curve is in
@param mp The "b" value from montgomery_setup()
@return CRYPT_OK on success
*/
int ltc_ecc_map(ecc_point *P, void *modulus, void *mp)
{
void *t1, *t2;
int err;
LTC_ARGCHK(P != NULL);
LTC_ARGCHK(modulus != NULL);
LTC_ARGCHK(mp != NULL);
if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
return CRYPT_MEM;
}
/* first map z back to normal */
if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; }
/* get 1/z */
if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; }
/* get 1/z^2 and 1/z^3 */
if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; }
/* multiply against x/y */
if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; }
if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; }
if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; }
err = CRYPT_OK;
done:
mp_clear_multi(t1, t2, NULL);
return err;
}
/* calculate c = a**b using a square-multiply algorithm */
int mp_expt_d_ex(const mp_int *a, mp_digit b, mp_int *c, int fast)
{
int res;
unsigned int x;
mp_int g;
if ((res = mp_init_copy(&g, a)) != MP_OKAY) {
return res;
}
/* set initial result */
mp_set(c, 1uL);
if (fast != 0) {
while (b > 0u) {
/* if the bit is set multiply */
if ((b & 1u) != 0u) {
if ((res = mp_mul(c, &g, c)) != MP_OKAY) {
mp_clear(&g);
return res;
}
}
/* square */
if (b > 1u) {
if ((res = mp_sqr(&g, &g)) != MP_OKAY) {
mp_clear(&g);
return res;
}
}
/* shift to next bit */
b >>= 1;
}
} else {
for (x = 0; x < (unsigned)DIGIT_BIT; x++) {
/*
* Try to find the two primes based on 2 exponents plus either a prime
* or a modulus.
*
* In: e, d and either p or n (depending on the setting of hasModulus).
* Out: p,q.
*
* Step 1, Since d = e**-1 mod phi, we know that d*e == 1 mod phi, or
* d*e = 1+k*phi, or d*e-1 = k*phi. since d is less than phi and e is
* usually less than d, then k must be an integer between e-1 and 1
* (probably on the order of e).
* Step 1a, If we were passed just a prime, we can divide k*phi by that
* prime-1 and get k*(q-1). This will reduce the size of our division
* through the rest of the loop.
* Step 2, Loop through the values k=e-1 to 1 looking for k. k should be on
* the order or e, and e is typically small. This may take a while for
* a large random e. We are looking for a k that divides kphi
* evenly. Once we find a k that divides kphi evenly, we assume it
* is the true k. It's possible this k is not the 'true' k but has
* swapped factors of p-1 and/or q-1. Because of this, we
* tentatively continue Steps 3-6 inside this loop, and may return looking
* for another k on failure.
* Step 3, Calculate are tentative phi=kphi/k. Note: real phi is (p-1)*(q-1).
* Step 4a, if we have a prime, kphi is already k*(q-1), so phi is or tenative
* q-1. q = phi+1. If k is correct, q should be the right length and
* prime.
* Step 4b, It's possible q-1 and k could have swapped factors. We now have a
* possible solution that meets our criteria. It may not be the only
* solution, however, so we keep looking. If we find more than one,
* we will fail since we cannot determine which is the correct
* solution, and returning the wrong modulus will compromise both
* moduli. If no other solution is found, we return the unique solution.
* Step 5a, If we have the modulus (n=pq), then use the following formula to
* calculate s=(p+q): , phi = (p-1)(q-1) = pq -p-q +1 = n-s+1. so
* s=n-phi+1.
* Step 5b, Use n=pq and s=p+q to solve for p and q as follows:
* since q=s-p, then n=p*(s-p)= sp - p^2, rearranging p^2-s*p+n = 0.
* from the quadratic equation we have p=1/2*(s+sqrt(s*s-4*n)) and
* q=1/2*(s-sqrt(s*s-4*n)) if s*s-4*n is a perfect square, we are DONE.
* If it is not, continue in our look looking for another k. NOTE: the
* code actually distributes the 1/2 and results in the equations:
* sqrt = sqrt(s/2*s/2-n), p=s/2+sqrt, q=s/2-sqrt. The algebra saves us
* and extra divide by 2 and a multiply by 4.
*
* This will return p & q. q may be larger than p in the case that p was given
* and it was the smaller prime.
*/
static mp_err
rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
mp_int *n, PRBool hasModulus,
unsigned int keySizeInBits)
{
mp_int kphi; /* k*phi */
mp_int k; /* current guess at 'k' */
mp_int phi; /* (p-1)(q-1) */
mp_int s; /* p+q/2 (s/2 in the algebra) */
mp_int r; /* remainder */
mp_int tmp; /* p-1 if p is given, n+1 is modulus is given */
mp_int sqrt; /* sqrt(s/2*s/2-n) */
mp_err err = MP_OKAY;
unsigned int order_k;
MP_DIGITS(&kphi) = 0;
MP_DIGITS(&phi) = 0;
MP_DIGITS(&s) = 0;
MP_DIGITS(&k) = 0;
MP_DIGITS(&r) = 0;
MP_DIGITS(&tmp) = 0;
MP_DIGITS(&sqrt) = 0;
CHECK_MPI_OK( mp_init(&kphi) );
CHECK_MPI_OK( mp_init(&phi) );
CHECK_MPI_OK( mp_init(&s) );
CHECK_MPI_OK( mp_init(&k) );
CHECK_MPI_OK( mp_init(&r) );
CHECK_MPI_OK( mp_init(&tmp) );
CHECK_MPI_OK( mp_init(&sqrt) );
/* our algorithm looks for a factor k whose maximum size is dependent
* on the size of our smallest exponent, which had better be the public
* exponent (if it's the private, the key is vulnerable to a brute force
* attack).
*
* since our factor search is linear, we need to limit the maximum
* size of the public key. this should not be a problem normally, since
* public keys are usually small.
*
* if we want to handle larger public key sizes, we should have
* a version which tries to 'completely' factor k*phi (where completely
* means 'factor into primes, or composites with which are products of
* large primes). Once we have all the factors, we can sort them out and
* try different combinations to form our phi. The risk is if (p-1)/2,
* (q-1)/2, and k are all large primes. In any case if the public key
* is small (order of 20 some bits), then a linear search for k is
* manageable.
*/
if (mpl_significant_bits(e) > 23) {
err=MP_RANGE;
goto cleanup;
}
/* calculate k*phi = e*d - 1 */
CHECK_MPI_OK( mp_mul(e, d, &kphi) );
CHECK_MPI_OK( mp_sub_d(&kphi, 1, &kphi) );
/* kphi is (e*d)-1, which is the same as k*(p-1)(q-1)
* d < (p-1)(q-1), therefor k must be less than e-1
* We can narrow down k even more, though. Since p and q are odd and both
* have their high bit set, then we know that phi must be on order of
* keySizeBits.
*/
order_k = (unsigned)mpl_significant_bits(&kphi) - keySizeInBits;
/* for (k=kinit; order(k) >= order_k; k--) { */
/* k=kinit: k can't be bigger than kphi/2^(keySizeInBits -1) */
CHECK_MPI_OK( mp_2expt(&k,keySizeInBits-1) );
CHECK_MPI_OK( mp_div(&kphi, &k, &k, NULL));
if (mp_cmp(&k,e) >= 0) {
/* also can't be bigger then e-1 */
CHECK_MPI_OK( mp_sub_d(e, 1, &k) );
}
/* calculate our temp value */
/* This saves recalculating this value when the k guess is wrong, which
* is reasonably frequent. */
/* for the modulus case, tmp = n+1 (used to calculate p+q = tmp - phi) */
/* for the prime case, tmp = p-1 (used to calculate q-1= phi/tmp) */
if (hasModulus) {
CHECK_MPI_OK( mp_add_d(n, 1, &tmp) );
} else {
CHECK_MPI_OK( mp_sub_d(p, 1, &tmp) );
CHECK_MPI_OK(mp_div(&kphi,&tmp,&kphi,&r));
if (mp_cmp_z(&r) != 0) {
/* p-1 doesn't divide kphi, some parameter wasn't correct */
err=MP_RANGE;
goto cleanup;
}
mp_zero(q);
/* kphi is now k*(q-1) */
}
/* rest of the for loop */
for (; (err == MP_OKAY) && (mpl_significant_bits(&k) >= order_k);
err = mp_sub_d(&k, 1, &k)) {
/* looking for k as a factor of kphi */
CHECK_MPI_OK(mp_div(&kphi,&k,&phi,&r));
if (mp_cmp_z(&r) != 0) {
/* not a factor, try the next one */
continue;
}
/* we have a possible phi, see if it works */
if (!hasModulus) {
if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits/2) {
/* phi is not the right size */
continue;
}
/* phi should be divisible by 2, since
* q is odd and phi=(q-1). */
if (mpp_divis_d(&phi,2) == MP_NO) {
/* phi is not divisible by 4 */
continue;
}
/* we now have a candidate for the second prime */
CHECK_MPI_OK(mp_add_d(&phi, 1, &tmp));
/* check to make sure it is prime */
err = rsa_is_prime(&tmp);
if (err != MP_OKAY) {
if (err == MP_NO) {
/* No, then we still have the wrong phi */
err = MP_OKAY;
continue;
}
goto cleanup;
}
/*
* It is possible that we have the wrong phi if
* k_guess*(q_guess-1) = k*(q-1) (k and q-1 have swapped factors).
* since our q_quess is prime, however. We have found a valid
* rsa key because:
* q is the correct order of magnitude.
* phi = (p-1)(q-1) where p and q are both primes.
* e*d mod phi = 1.
* There is no way to know from the info given if this is the
* original key. We never want to return the wrong key because if
* two moduli with the same factor is known, then euclid's gcd
* algorithm can be used to find that factor. Even though the
* caller didn't pass the original modulus, it doesn't mean the
* modulus wasn't known or isn't available somewhere. So to be safe
* if we can't be sure we have the right q, we don't return any.
*
* So to make sure we continue looking for other valid q's. If none
* are found, then we can safely return this one, otherwise we just
* fail */
if (mp_cmp_z(q) != 0) {
/* this is the second valid q, don't return either,
* just fail */
err = MP_RANGE;
break;
}
/* we only have one q so far, save it and if no others are found,
* it's safe to return it */
CHECK_MPI_OK(mp_copy(&tmp, q));
continue;
}
/* test our tentative phi */
/* phi should be the correct order */
if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits) {
/* phi is not the right size */
continue;
}
/* phi should be divisible by 4, since
* p and q are odd and phi=(p-1)(q-1). */
if (mpp_divis_d(&phi,4) == MP_NO) {
/* phi is not divisible by 4 */
continue;
}
/* n was given, calculate s/2=(p+q)/2 */
CHECK_MPI_OK( mp_sub(&tmp, &phi, &s) );
CHECK_MPI_OK( mp_div_2(&s, &s) );
/* calculate sqrt(s/2*s/2-n) */
CHECK_MPI_OK(mp_sqr(&s,&sqrt));
CHECK_MPI_OK(mp_sub(&sqrt,n,&r)); /* r as a tmp */
CHECK_MPI_OK(mp_sqrt(&r,&sqrt));
/* make sure it's a perfect square */
/* r is our original value we took the square root of */
/* q is the square of our tentative square root. They should be equal*/
CHECK_MPI_OK(mp_sqr(&sqrt,q)); /* q as a tmp */
if (mp_cmp(&r,q) != 0) {
/* sigh according to the doc, mp_sqrt could return sqrt-1 */
CHECK_MPI_OK(mp_add_d(&sqrt,1,&sqrt));
CHECK_MPI_OK(mp_sqr(&sqrt,q));
if (mp_cmp(&r,q) != 0) {
/* s*s-n not a perfect square, this phi isn't valid, find * another.*/
continue;
}
}
/* NOTE: In this case we know we have the one and only answer.
* "Why?", you ask. Because:
* 1) n is a composite of two large primes (or it wasn't a
* valid RSA modulus).
* 2) If we know any number such that x^2-n is a perfect square
* and x is not (n+1)/2, then we can calculate 2 non-trivial
* factors of n.
* 3) Since we know that n has only 2 non-trivial prime factors,
* we know the two factors we have are the only possible factors.
*/
/* Now we are home free to calculate p and q */
/* p = s/2 + sqrt, q= s/2 - sqrt */
CHECK_MPI_OK(mp_add(&s,&sqrt,p));
CHECK_MPI_OK(mp_sub(&s,&sqrt,q));
break;
}
if ((unsigned)mpl_significant_bits(&k) < order_k) {
if (hasModulus || (mp_cmp_z(q) == 0)) {
/* If we get here, something was wrong with the parameters we
* were given */
err = MP_RANGE;
}
}
cleanup:
mp_clear(&kphi);
mp_clear(&phi);
mp_clear(&s);
mp_clear(&k);
mp_clear(&r);
mp_clear(&tmp);
mp_clear(&sqrt);
return err;
}
int
is_mersenne (long s, int *pp)
{
mp_int n, u;
int res, k;
*pp = 0;
if ((res = mp_init (&n)) != MP_OKAY) {
return res;
}
if ((res = mp_init (&u)) != MP_OKAY) {
goto LBL_N;
}
/* n = 2^s - 1 */
if ((res = mp_2expt(&n, s)) != MP_OKAY) {
goto LBL_MU;
}
if ((res = mp_sub_d (&n, 1, &n)) != MP_OKAY) {
goto LBL_MU;
}
/* set u=4 */
mp_set (&u, 4);
/* for k=1 to s-2 do */
for (k = 1; k <= s - 2; k++) {
/* u = u^2 - 2 mod n */
if ((res = mp_sqr (&u, &u)) != MP_OKAY) {
goto LBL_MU;
}
if ((res = mp_sub_d (&u, 2, &u)) != MP_OKAY) {
goto LBL_MU;
}
/* make sure u is positive */
while (u.sign == MP_NEG) {
if ((res = mp_add (&u, &n, &u)) != MP_OKAY) {
goto LBL_MU;
}
}
/* reduce */
if ((res = mp_reduce_2k (&u, &n, 1)) != MP_OKAY) {
goto LBL_MU;
}
}
/* if u == 0 then its prime */
if (mp_iszero (&u) == 1) {
mp_prime_is_prime(&n, 8, pp);
if (*pp != 1) printf("FAILURE\n");
}
res = MP_OKAY;
LBL_MU:mp_clear (&u);
LBL_N:mp_clear (&n);
return res;
}
int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
{
mp_int M[TAB_SIZE], res;
mp_digit buf, mp;
int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
/* use a pointer to the reduction algorithm. This allows us to use
* one of many reduction algorithms without modding the guts of
* the code with if statements everywhere.
*/
int (*redux)(mp_int*,mp_int*,mp_digit);
/* find window size */
x = mp_count_bits (X);
if (x <= 7) {
winsize = 2;
} else if (x <= 36) {
winsize = 3;
} else if (x <= 140) {
winsize = 4;
} else if (x <= 450) {
winsize = 5;
} else if (x <= 1303) {
winsize = 6;
} else if (x <= 3529) {
winsize = 7;
} else {
winsize = 8;
}
#ifdef MP_LOW_MEM
if (winsize > 5) {
winsize = 5;
}
#endif
/* init M array */
/* init first cell */
if ((err = mp_init_size(&M[1], P->alloc)) != MP_OKAY) {
return err;
}
/* now init the second half of the array */
for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
if ((err = mp_init_size(&M[x], P->alloc)) != MP_OKAY) {
for (y = 1<<(winsize-1); y < x; y++) {
mp_clear (&M[y]);
}
mp_clear(&M[1]);
return err;
}
}
/* determine and setup reduction code */
if (redmode == 0) {
#ifdef BN_MP_MONTGOMERY_SETUP_C
/* now setup montgomery */
if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) {
goto LBL_M;
}
#else
err = MP_VAL;
goto LBL_M;
#endif
/* automatically pick the comba one if available (saves quite a few calls/ifs) */
#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
if ((((P->used * 2) + 1) < MP_WARRAY) &&
(P->used < (1 << ((CHAR_BIT * sizeof(mp_word)) - (2 * DIGIT_BIT))))) {
redux = fast_mp_montgomery_reduce;
} else
#endif
{
#ifdef BN_MP_MONTGOMERY_REDUCE_C
/* use slower baseline Montgomery method */
redux = mp_montgomery_reduce;
#else
err = MP_VAL;
goto LBL_M;
#endif
}
} else if (redmode == 1) {
#if defined(BN_MP_DR_SETUP_C) && defined(BN_MP_DR_REDUCE_C)
/* setup DR reduction for moduli of the form B**k - b */
mp_dr_setup(P, &mp);
redux = mp_dr_reduce;
#else
err = MP_VAL;
goto LBL_M;
#endif
} else {
#if defined(BN_MP_REDUCE_2K_SETUP_C) && defined(BN_MP_REDUCE_2K_C)
/* setup DR reduction for moduli of the form 2**k - b */
if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) {
goto LBL_M;
}
redux = mp_reduce_2k;
#else
err = MP_VAL;
goto LBL_M;
#endif
}
/* setup result */
if ((err = mp_init_size (&res, P->alloc)) != MP_OKAY) {
goto LBL_M;
}
/* create M table
*
*
* The first half of the table is not computed though accept for M[0] and M[1]
*/
if (redmode == 0) {
#ifdef BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
/* now we need R mod m */
if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) {
goto LBL_RES;
}
/* now set M[1] to G * R mod m */
if ((err = mp_mulmod (G, &res, P, &M[1])) != MP_OKAY) {
goto LBL_RES;
}
#else
err = MP_VAL;
goto LBL_RES;
#endif
} else {
mp_set(&res, 1);
if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) {
goto LBL_RES;
}
}
/* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_RES;
}
for (x = 0; x < (winsize - 1); x++) {
if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
/* create upper table */
for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
if ((err = mp_mul (&M[x - 1], &M[1], &M[x])) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&M[x], P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
/* set initial mode and bit cnt */
mode = 0;
bitcnt = 1;
buf = 0;
digidx = X->used - 1;
bitcpy = 0;
bitbuf = 0;
for (;;) {
/* grab next digit as required */
if (--bitcnt == 0) {
/* if digidx == -1 we are out of digits so break */
if (digidx == -1) {
break;
}
/* read next digit and reset bitcnt */
buf = X->dp[digidx--];
bitcnt = (int)DIGIT_BIT;
}
/* grab the next msb from the exponent */
y = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
buf <<= (mp_digit)1;
/* if the bit is zero and mode == 0 then we ignore it
* These represent the leading zero bits before the first 1 bit
* in the exponent. Technically this opt is not required but it
* does lower the # of trivial squaring/reductions used
*/
if ((mode == 0) && (y == 0)) {
continue;
}
/* if the bit is zero and mode == 1 then we square */
if ((mode == 1) && (y == 0)) {
if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&res, P, mp)) != MP_OKAY) {
goto LBL_RES;
}
continue;
}
/* else we add it to the window */
bitbuf |= (y << (winsize - ++bitcpy));
mode = 2;
if (bitcpy == winsize) {
/* ok window is filled so square as required and multiply */
/* square first */
for (x = 0; x < winsize; x++) {
if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&res, P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
/* then multiply */
if ((err = mp_mul (&res, &M[bitbuf], &res)) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&res, P, mp)) != MP_OKAY) {
goto LBL_RES;
}
/* empty window and reset */
bitcpy = 0;
bitbuf = 0;
mode = 1;
}
}
/* if bits remain then square/multiply */
if ((mode == 2) && (bitcpy > 0)) {
/* square then multiply if the bit is set */
for (x = 0; x < bitcpy; x++) {
if ((err = mp_sqr (&res, &res)) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&res, P, mp)) != MP_OKAY) {
goto LBL_RES;
}
/* get next bit of the window */
bitbuf <<= 1;
if ((bitbuf & (1 << winsize)) != 0) {
/* then multiply */
if ((err = mp_mul (&res, &M[1], &res)) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&res, P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
}
}
if (redmode == 0) {
/* fixup result if Montgomery reduction is used
* recall that any value in a Montgomery system is
* actually multiplied by R mod n. So we have
* to reduce one more time to cancel out the factor
* of R.
*/
if ((err = redux(&res, P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
/* swap res with Y */
mp_exch (&res, Y);
err = MP_OKAY;
LBL_RES:mp_clear (&res);
LBL_M:
mp_clear(&M[1]);
for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
mp_clear (&M[x]);
}
return err;
}
/*
Strong Lucas-Selfridge test.
returns MP_YES if it is a strong L-S prime, MP_NO if it is composite
Code ported from Thomas Ray Nicely's implementation of the BPSW test
at http://www.trnicely.net/misc/bpsw.html
Freeware copyright (C) 2016 Thomas R. Nicely <http://www.trnicely.net>.
Released into the public domain by the author, who disclaims any legal
liability arising from its use
The multi-line comments are made by Thomas R. Nicely and are copied verbatim.
Additional comments marked "CZ" (without the quotes) are by the code-portist.
(If that name sounds familiar, he is the guy who found the fdiv bug in the
Pentium (P5x, I think) Intel processor)
*/
int mp_prime_strong_lucas_selfridge(const mp_int *a, int *result)
{
/* CZ TODO: choose better variable names! */
mp_int Dz, gcd, Np1, Uz, Vz, U2mz, V2mz, Qmz, Q2mz, Qkdz, T1z, T2z, T3z, T4z, Q2kdz;
/* CZ TODO: Some of them need the full 32 bit, hence the (temporary) exclusion of MP_8BIT */
int32_t D, Ds, J, sign, P, Q, r, s, u, Nbits;
int e;
int isset;
*result = MP_NO;
/*
Find the first element D in the sequence {5, -7, 9, -11, 13, ...}
such that Jacobi(D,N) = -1 (Selfridge's algorithm). Theory
indicates that, if N is not a perfect square, D will "nearly
always" be "small." Just in case, an overflow trap for D is
included.
*/
if ((e = mp_init_multi(&Dz, &gcd, &Np1, &Uz, &Vz, &U2mz, &V2mz, &Qmz, &Q2mz, &Qkdz, &T1z, &T2z, &T3z, &T4z, &Q2kdz,
NULL)) != MP_OKAY) {
return e;
}
D = 5;
sign = 1;
for (;;) {
Ds = sign * D;
sign = -sign;
if ((e = mp_set_long(&Dz, (unsigned long)D)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_gcd(a, &Dz, &gcd)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* if 1 < GCD < N then N is composite with factor "D", and
Jacobi(D,N) is technically undefined (but often returned
as zero). */
if ((mp_cmp_d(&gcd, 1uL) == MP_GT) && (mp_cmp(&gcd, a) == MP_LT)) {
goto LBL_LS_ERR;
}
if (Ds < 0) {
Dz.sign = MP_NEG;
}
if ((e = mp_kronecker(&Dz, a, &J)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if (J == -1) {
break;
}
D += 2;
if (D > (INT_MAX - 2)) {
e = MP_VAL;
goto LBL_LS_ERR;
}
}
P = 1; /* Selfridge's choice */
Q = (1 - Ds) / 4; /* Required so D = P*P - 4*Q */
/* NOTE: The conditions (a) N does not divide Q, and
(b) D is square-free or not a perfect square, are included by
some authors; e.g., "Prime numbers and computer methods for
factorization," Hans Riesel (2nd ed., 1994, Birkhauser, Boston),
p. 130. For this particular application of Lucas sequences,
these conditions were found to be immaterial. */
/* Now calculate N - Jacobi(D,N) = N + 1 (even), and calculate the
odd positive integer d and positive integer s for which
N + 1 = 2^s*d (similar to the step for N - 1 in Miller's test).
The strong Lucas-Selfridge test then returns N as a strong
Lucas probable prime (slprp) if any of the following
conditions is met: U_d=0, V_d=0, V_2d=0, V_4d=0, V_8d=0,
V_16d=0, ..., etc., ending with V_{2^(s-1)*d}=V_{(N+1)/2}=0
(all equalities mod N). Thus d is the highest index of U that
must be computed (since V_2m is independent of U), compared
to U_{N+1} for the standard Lucas-Selfridge test; and no
index of V beyond (N+1)/2 is required, just as in the
standard Lucas-Selfridge test. However, the quantity Q^d must
be computed for use (if necessary) in the latter stages of
the test. The result is that the strong Lucas-Selfridge test
has a running time only slightly greater (order of 10 %) than
that of the standard Lucas-Selfridge test, while producing
only (roughly) 30 % as many pseudoprimes (and every strong
Lucas pseudoprime is also a standard Lucas pseudoprime). Thus
the evidence indicates that the strong Lucas-Selfridge test is
more effective than the standard Lucas-Selfridge test, and a
Baillie-PSW test based on the strong Lucas-Selfridge test
should be more reliable. */
if ((e = mp_add_d(a, 1uL, &Np1)) != MP_OKAY) {
goto LBL_LS_ERR;
}
s = mp_cnt_lsb(&Np1);
/* CZ
* This should round towards zero because
* Thomas R. Nicely used GMP's mpz_tdiv_q_2exp()
* and mp_div_2d() is equivalent. Additionally:
* dividing an even number by two does not produce
* any leftovers.
*/
if ((e = mp_div_2d(&Np1, s, &Dz, NULL)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* We must now compute U_d and V_d. Since d is odd, the accumulated
values U and V are initialized to U_1 and V_1 (if the target
index were even, U and V would be initialized instead to U_0=0
and V_0=2). The values of U_2m and V_2m are also initialized to
U_1 and V_1; the FOR loop calculates in succession U_2 and V_2,
U_4 and V_4, U_8 and V_8, etc. If the corresponding bits
(1, 2, 3, ...) of t are on (the zero bit having been accounted
for in the initialization of U and V), these values are then
combined with the previous totals for U and V, using the
composition formulas for addition of indices. */
mp_set(&Uz, 1uL); /* U=U_1 */
mp_set(&Vz, (mp_digit)P); /* V=V_1 */
mp_set(&U2mz, 1uL); /* U_1 */
mp_set(&V2mz, (mp_digit)P); /* V_1 */
if (Q < 0) {
Q = -Q;
if ((e = mp_set_long(&Qmz, (unsigned long)Q)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul_2(&Qmz, &Q2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* Initializes calculation of Q^d */
if ((e = mp_set_long(&Qkdz, (unsigned long)Q)) != MP_OKAY) {
goto LBL_LS_ERR;
}
Qmz.sign = MP_NEG;
Q2mz.sign = MP_NEG;
Qkdz.sign = MP_NEG;
Q = -Q;
} else {
if ((e = mp_set_long(&Qmz, (unsigned long)Q)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul_2(&Qmz, &Q2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* Initializes calculation of Q^d */
if ((e = mp_set_long(&Qkdz, (unsigned long)Q)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
Nbits = mp_count_bits(&Dz);
for (u = 1; u < Nbits; u++) { /* zero bit off, already accounted for */
/* Formulas for doubling of indices (carried out mod N). Note that
* the indices denoted as "2m" are actually powers of 2, specifically
* 2^(ul-1) beginning each loop and 2^ul ending each loop.
*
* U_2m = U_m*V_m
* V_2m = V_m*V_m - 2*Q^m
*/
if ((e = mp_mul(&U2mz, &V2mz, &U2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mod(&U2mz, a, &U2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_sqr(&V2mz, &V2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_sub(&V2mz, &Q2mz, &V2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mod(&V2mz, a, &V2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* Must calculate powers of Q for use in V_2m, also for Q^d later */
if ((e = mp_sqr(&Qmz, &Qmz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* prevents overflow */ /* CZ still necessary without a fixed prealloc'd mem.? */
if ((e = mp_mod(&Qmz, a, &Qmz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul_2(&Qmz, &Q2mz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((isset = mp_get_bit(&Dz, u)) == MP_VAL) {
e = isset;
goto LBL_LS_ERR;
}
if (isset == MP_YES) {
/* Formulas for addition of indices (carried out mod N);
*
* U_(m+n) = (U_m*V_n + U_n*V_m)/2
* V_(m+n) = (V_m*V_n + D*U_m*U_n)/2
*
* Be careful with division by 2 (mod N)!
*/
if ((e = mp_mul(&U2mz, &Vz, &T1z)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul(&Uz, &V2mz, &T2z)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul(&V2mz, &Vz, &T3z)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul(&U2mz, &Uz, &T4z)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = s_mp_mul_si(&T4z, (long)Ds, &T4z)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_add(&T1z, &T2z, &Uz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if (mp_isodd(&Uz) != MP_NO) {
if ((e = mp_add(&Uz, a, &Uz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
/* CZ
* This should round towards negative infinity because
* Thomas R. Nicely used GMP's mpz_fdiv_q_2exp().
* But mp_div_2() does not do so, it is truncating instead.
*/
if ((e = mp_div_2(&Uz, &Uz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((Uz.sign == MP_NEG) && (mp_isodd(&Uz) != MP_NO)) {
if ((e = mp_sub_d(&Uz, 1uL, &Uz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
if ((e = mp_add(&T3z, &T4z, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if (mp_isodd(&Vz) != MP_NO) {
if ((e = mp_add(&Vz, a, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
if ((e = mp_div_2(&Vz, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((Vz.sign == MP_NEG) && (mp_isodd(&Vz) != MP_NO)) {
if ((e = mp_sub_d(&Vz, 1uL, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
if ((e = mp_mod(&Uz, a, &Uz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mod(&Vz, a, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
/* Calculating Q^d for later use */
if ((e = mp_mul(&Qkdz, &Qmz, &Qkdz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mod(&Qkdz, a, &Qkdz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
}
/* If U_d or V_d is congruent to 0 mod N, then N is a prime or a
strong Lucas pseudoprime. */
if ((mp_iszero(&Uz) != MP_NO) || (mp_iszero(&Vz) != MP_NO)) {
*result = MP_YES;
goto LBL_LS_ERR;
}
/* NOTE: Ribenboim ("The new book of prime number records," 3rd ed.,
1995/6) omits the condition V0 on p.142, but includes it on
p. 130. The condition is NECESSARY; otherwise the test will
return false negatives---e.g., the primes 29 and 2000029 will be
returned as composite. */
/* Otherwise, we must compute V_2d, V_4d, V_8d, ..., V_{2^(s-1)*d}
by repeated use of the formula V_2m = V_m*V_m - 2*Q^m. If any of
these are congruent to 0 mod N, then N is a prime or a strong
Lucas pseudoprime. */
/* Initialize 2*Q^(d*2^r) for V_2m */
if ((e = mp_mul_2(&Qkdz, &Q2kdz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
for (r = 1; r < s; r++) {
if ((e = mp_sqr(&Vz, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_sub(&Vz, &Q2kdz, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mod(&Vz, a, &Vz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if (mp_iszero(&Vz) != MP_NO) {
*result = MP_YES;
goto LBL_LS_ERR;
}
/* Calculate Q^{d*2^r} for next r (final iteration irrelevant). */
if (r < (s - 1)) {
if ((e = mp_sqr(&Qkdz, &Qkdz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mod(&Qkdz, a, &Qkdz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
if ((e = mp_mul_2(&Qkdz, &Q2kdz)) != MP_OKAY) {
goto LBL_LS_ERR;
}
}
}
LBL_LS_ERR:
mp_clear_multi(&Q2kdz, &T4z, &T3z, &T2z, &T1z, &Qkdz, &Q2mz, &Qmz, &V2mz, &U2mz, &Vz, &Uz, &Np1, &gcd, &Dz, NULL);
return e;
}
/* Karatsuba squaring, computes b = a*a using three
* half size squarings
*
* See comments of karatsuba_mul for details. It
* is essentially the same algorithm but merely
* tuned to perform recursive squarings.
*/
int mp_karatsuba_sqr (mp_int * a, mp_int * b)
{
mp_int x0, x1, t1, t2, x0x0, x1x1;
int B, err;
err = MP_MEM;
/* min # of digits */
B = USED(a);
/* now divide in two */
B = B >> 1;
/* init copy all the temps */
if (mp_init_size (&x0, B) != MP_OKAY)
goto ERR;
if (mp_init_size (&x1, USED(a) - B) != MP_OKAY)
goto X0;
/* init temps */
if (mp_init_size (&t1, USED(a) * 2) != MP_OKAY)
goto X1;
if (mp_init_size (&t2, USED(a) * 2) != MP_OKAY)
goto T1;
if (mp_init_size (&x0x0, B * 2) != MP_OKAY)
goto T2;
if (mp_init_size (&x1x1, (USED(a) - B) * 2) != MP_OKAY)
goto X0X0;
{
register int x;
register mp_digit *dst, *src;
src = DIGITS(a);
/* now shift the digits */
dst = DIGITS(&x0);
for (x = 0; x < B; x++) {
*dst++ = *src++;
}
dst = DIGITS(&x1);
for (x = B; x < USED(a); x++) {
*dst++ = *src++;
}
}
SET_USED(&x0,B);
SET_USED(&x1,USED(a) - B);
mp_clamp (&x0);
/* now calc the products x0*x0 and x1*x1 */
if (mp_sqr (&x0, &x0x0) != MP_OKAY)
goto X1X1; /* x0x0 = x0*x0 */
if (mp_sqr (&x1, &x1x1) != MP_OKAY)
goto X1X1; /* x1x1 = x1*x1 */
/* now calc (x1+x0)**2 */
if (s_mp_add (&x1, &x0, &t1) != MP_OKAY)
goto X1X1; /* t1 = x1 - x0 */
if (mp_sqr (&t1, &t1) != MP_OKAY)
goto X1X1; /* t1 = (x1 - x0) * (x1 - x0) */
/* add x0y0 */
if (s_mp_add (&x0x0, &x1x1, &t2) != MP_OKAY)
goto X1X1; /* t2 = x0x0 + x1x1 */
if (s_mp_sub (&t1, &t2, &t1) != MP_OKAY)
goto X1X1; /* t1 = (x1+x0)**2 - (x0x0 + x1x1) */
/* shift by B */
if (mp_lshd (&t1, B) != MP_OKAY)
goto X1X1; /* t1 = (x0x0 + x1x1 - (x1-x0)*(x1-x0))<<B */
if (mp_lshd (&x1x1, B * 2) != MP_OKAY)
goto X1X1; /* x1x1 = x1x1 << 2*B */
if (mp_add (&x0x0, &t1, &t1) != MP_OKAY)
goto X1X1; /* t1 = x0x0 + t1 */
if (mp_add (&t1, &x1x1, b) != MP_OKAY)
goto X1X1; /* t1 = x0x0 + t1 + x1x1 */
err = MP_OKAY;
X1X1:mp_clear (&x1x1);
X0X0:mp_clear (&x0x0);
T2:mp_clear (&t2);
T1:mp_clear (&t1);
X1:mp_clear (&x1);
X0:mp_clear (&x0);
ERR:
return err;
}
/*
Sets ret to nonzero value if arg is square, 0 if not
Sets t to the square root of arg if one is available, 0 if not
*/
static int mp_issquare(mp_int *arg, int *ret, mp_int *t)
{
int res;
mp_digit c;
mp_int tmp;
unsigned long r;
/* Default to Non-square :) */
*ret = MP_NO;
if (arg->sign == MP_NEG) {
return MP_VAL;
}
/* digits used? (TSD) */
if (arg->used == 0) {
return MP_OKAY;
}
/* First check mod 128 (suppose that DIGIT_BIT is at least 7) */
if (rem_128[127 & DIGIT(arg, 0)] == 1) {
mp_set_int(t, (mp_digit)(0));
return MP_OKAY;
}
/* Next check mod 105 (3*5*7) */
if ((res = mp_mod_d(arg, 105, &c)) != MP_OKAY) {
mp_set_int(t, (mp_digit)(0));
return res;
}
if (rem_105[c] == 1) {
mp_set_int(t, (mp_digit)(0));
return MP_OKAY;
}
if ((res =
mp_init_set_int(t,
11L * 13L * 17L * 19L * 23L * 29L * 31L)) != MP_OKAY) {
mp_set_int(t, (mp_digit)(0));
return res;
}
if ((res = mp_mod(arg, t, t)) != MP_OKAY) {
goto ERR;
}
r = mp_get_int(t);
/* Check for other prime modules. We know that res
* is already equal to MP_OKAY from the mp_mod call
*/
if ((1L << (r % 11)) & 0x5C4L)
goto ERR;
if ((1L << (r % 13)) & 0x9E4L)
goto ERR;
if ((1L << (r % 17)) & 0x5CE8L)
goto ERR;
if ((1L << (r % 19)) & 0x4F50CL)
goto ERR;
if ((1L << (r % 23)) & 0x7ACCA0L)
goto ERR;
if ((1L << (r % 29)) & 0xC2EDD0CL)
goto ERR;
if ((1L << (r % 31)) & 0x6DE2B848L)
goto ERR;
/* Final check - is sqr(sqrt(arg)) == arg ? */
if ((res = mp_sqrt(arg, t)) != MP_OKAY) {
goto ERR;
}
mp_init(&tmp);
if ((res = mp_sqr(t, &tmp)) != MP_OKAY) {
goto ERR;
}
*ret = (mp_cmp_mag(&tmp, arg) == MP_EQ) ? MP_YES : MP_NO;
mp_clear(&tmp);
return res;
ERR:
mp_set_int(t, (mp_digit)(0));
mp_clear(&tmp);
return res;
}
int main(void)
{
mp_int a, b, c, d, e, f;
unsigned long expt_n, add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n,
gcd_n, lcm_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n, t;
unsigned rr;
int i, n, err, cnt, ix, old_kara_m, old_kara_s;
mp_digit mp;
mp_init(&a);
mp_init(&b);
mp_init(&c);
mp_init(&d);
mp_init(&e);
mp_init(&f);
srand(time(NULL));
#if 0
// test montgomery
printf("Testing montgomery...\n");
for (i = 1; i < 10; i++) {
printf("Testing digit size: %d\n", i);
for (n = 0; n < 1000; n++) {
mp_rand(&a, i);
a.dp[0] |= 1;
// let's see if R is right
mp_montgomery_calc_normalization(&b, &a);
mp_montgomery_setup(&a, &mp);
// now test a random reduction
for (ix = 0; ix < 100; ix++) {
mp_rand(&c, 1 + abs(rand()) % (2*i));
mp_copy(&c, &d);
mp_copy(&c, &e);
mp_mod(&d, &a, &d);
mp_montgomery_reduce(&c, &a, mp);
mp_mulmod(&c, &b, &a, &c);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("d = e mod a, c = e MOD a\n");
mp_todecimal(&a, buf); printf("a = %s\n", buf);
mp_todecimal(&e, buf); printf("e = %s\n", buf);
mp_todecimal(&d, buf); printf("d = %s\n", buf);
mp_todecimal(&c, buf); printf("c = %s\n", buf);
printf("compare no compare!\n"); exit(EXIT_FAILURE); }
}
}
}
printf("done\n");
// test mp_get_int
printf("Testing: mp_get_int\n");
for (i = 0; i < 1000; ++i) {
t = ((unsigned long) rand() * rand() + 1) & 0xFFFFFFFF;
mp_set_int(&a, t);
if (t != mp_get_int(&a)) {
printf("mp_get_int() bad result!\n");
return 1;
}
}
mp_set_int(&a, 0);
if (mp_get_int(&a) != 0) {
printf("mp_get_int() bad result!\n");
return 1;
}
mp_set_int(&a, 0xffffffff);
if (mp_get_int(&a) != 0xffffffff) {
printf("mp_get_int() bad result!\n");
return 1;
}
// test mp_sqrt
printf("Testing: mp_sqrt\n");
for (i = 0; i < 1000; ++i) {
printf("%6d\r", i);
fflush(stdout);
n = (rand() & 15) + 1;
mp_rand(&a, n);
if (mp_sqrt(&a, &b) != MP_OKAY) {
printf("mp_sqrt() error!\n");
return 1;
}
mp_n_root(&a, 2, &a);
if (mp_cmp_mag(&b, &a) != MP_EQ) {
printf("mp_sqrt() bad result!\n");
return 1;
}
}
printf("\nTesting: mp_is_square\n");
for (i = 0; i < 1000; ++i) {
printf("%6d\r", i);
fflush(stdout);
/* test mp_is_square false negatives */
n = (rand() & 7) + 1;
mp_rand(&a, n);
mp_sqr(&a, &a);
if (mp_is_square(&a, &n) != MP_OKAY) {
printf("fn:mp_is_square() error!\n");
return 1;
}
if (n == 0) {
printf("fn:mp_is_square() bad result!\n");
return 1;
}
/* test for false positives */
mp_add_d(&a, 1, &a);
if (mp_is_square(&a, &n) != MP_OKAY) {
printf("fp:mp_is_square() error!\n");
return 1;
}
if (n == 1) {
printf("fp:mp_is_square() bad result!\n");
return 1;
}
}
printf("\n\n");
/* test for size */
for (ix = 10; ix < 128; ix++) {
printf("Testing (not safe-prime): %9d bits \r", ix);
fflush(stdout);
err =
mp_prime_random_ex(&a, 8, ix,
(rand() & 1) ? LTM_PRIME_2MSB_OFF :
LTM_PRIME_2MSB_ON, myrng, NULL);
if (err != MP_OKAY) {
printf("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits(&a) != ix) {
printf("Prime is %d not %d bits!!!\n", mp_count_bits(&a), ix);
return EXIT_FAILURE;
}
}
for (ix = 16; ix < 128; ix++) {
printf("Testing ( safe-prime): %9d bits \r", ix);
fflush(stdout);
err =
mp_prime_random_ex(&a, 8, ix,
((rand() & 1) ? LTM_PRIME_2MSB_OFF :
LTM_PRIME_2MSB_ON) | LTM_PRIME_SAFE, myrng,
NULL);
if (err != MP_OKAY) {
printf("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits(&a) != ix) {
printf("Prime is %d not %d bits!!!\n", mp_count_bits(&a), ix);
return EXIT_FAILURE;
}
/* let's see if it's really a safe prime */
mp_sub_d(&a, 1, &a);
mp_div_2(&a, &a);
mp_prime_is_prime(&a, 8, &cnt);
if (cnt != MP_YES) {
printf("sub is not prime!\n");
return EXIT_FAILURE;
}
}
printf("\n\n");
mp_read_radix(&a, "123456", 10);
mp_toradix_n(&a, buf, 10, 3);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 4);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 30);
printf("a == %s\n", buf);
#if 0
for (;;) {
fgets(buf, sizeof(buf), stdin);
mp_read_radix(&a, buf, 10);
mp_prime_next_prime(&a, 5, 1);
mp_toradix(&a, buf, 10);
printf("%s, %lu\n", buf, a.dp[0] & 3);
}
#endif
/* test mp_cnt_lsb */
printf("testing mp_cnt_lsb...\n");
mp_set(&a, 1);
for (ix = 0; ix < 1024; ix++) {
if (mp_cnt_lsb(&a) != ix) {
printf("Failed at %d, %d\n", ix, mp_cnt_lsb(&a));
return 0;
}
mp_mul_2(&a, &a);
}
/* test mp_reduce_2k */
printf("Testing mp_reduce_2k...\n");
for (cnt = 3; cnt <= 128; ++cnt) {
mp_digit tmp;
mp_2expt(&a, cnt);
mp_sub_d(&a, 2, &a); /* a = 2**cnt - 2 */
printf("\nTesting %4d bits", cnt);
printf("(%d)", mp_reduce_is_2k(&a));
mp_reduce_2k_setup(&a, &tmp);
printf("(%d)", tmp);
for (ix = 0; ix < 1000; ix++) {
if (!(ix & 127)) {
printf(".");
fflush(stdout);
}
mp_rand(&b, (cnt / DIGIT_BIT + 1) * 2);
mp_copy(&c, &b);
mp_mod(&c, &a, &c);
mp_reduce_2k(&b, &a, 2);
if (mp_cmp(&c, &b)) {
printf("FAILED\n");
exit(0);
}
}
}
/* test mp_div_3 */
printf("Testing mp_div_3...\n");
mp_set(&d, 3);
for (cnt = 0; cnt < 10000;) {
mp_digit r1, r2;
if (!(++cnt & 127))
printf("%9d\r", cnt);
mp_rand(&a, abs(rand()) % 128 + 1);
mp_div(&a, &d, &b, &e);
mp_div_3(&a, &c, &r2);
if (mp_cmp(&b, &c) || mp_cmp_d(&e, r2)) {
printf("\n\nmp_div_3 => Failure\n");
}
}
printf("\n\nPassed div_3 testing\n");
/* test the DR reduction */
printf("testing mp_dr_reduce...\n");
for (cnt = 2; cnt < 32; cnt++) {
printf("%d digit modulus\n", cnt);
mp_grow(&a, cnt);
mp_zero(&a);
for (ix = 1; ix < cnt; ix++) {
a.dp[ix] = MP_MASK;
}
a.used = cnt;
a.dp[0] = 3;
mp_rand(&b, cnt - 1);
mp_copy(&b, &c);
rr = 0;
do {
if (!(rr & 127)) {
printf("%9lu\r", rr);
fflush(stdout);
}
mp_sqr(&b, &b);
mp_add_d(&b, 1, &b);
mp_copy(&b, &c);
mp_mod(&b, &a, &b);
mp_dr_reduce(&c, &a, (((mp_digit) 1) << DIGIT_BIT) - a.dp[0]);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("Failed on trial %lu\n", rr);
exit(-1);
}
} while (++rr < 500);
printf("Passed DR test for %d digits\n", cnt);
}
#endif
/* test the mp_reduce_2k_l code */
#if 0
#if 0
/* first load P with 2^1024 - 0x2A434 B9FDEC95 D8F9D550 FFFFFFFF FFFFFFFF */
mp_2expt(&a, 1024);
mp_read_radix(&b, "2A434B9FDEC95D8F9D550FFFFFFFFFFFFFFFF", 16);
mp_sub(&a, &b, &a);
#elif 1
/* p = 2^2048 - 0x1 00000000 00000000 00000000 00000000 4945DDBF 8EA2A91D 5776399B B83E188F */
mp_2expt(&a, 2048);
mp_read_radix(&b,
"1000000000000000000000000000000004945DDBF8EA2A91D5776399BB83E188F",
16);
mp_sub(&a, &b, &a);
#endif
mp_todecimal(&a, buf);
printf("p==%s\n", buf);
/* now mp_reduce_is_2k_l() should return */
if (mp_reduce_is_2k_l(&a) != 1) {
printf("mp_reduce_is_2k_l() return 0, should be 1\n");
return EXIT_FAILURE;
}
mp_reduce_2k_setup_l(&a, &d);
/* now do a million square+1 to see if it varies */
mp_rand(&b, 64);
mp_mod(&b, &a, &b);
mp_copy(&b, &c);
printf("testing mp_reduce_2k_l...");
fflush(stdout);
for (cnt = 0; cnt < (1UL << 20); cnt++) {
mp_sqr(&b, &b);
mp_add_d(&b, 1, &b);
mp_reduce_2k_l(&b, &a, &d);
mp_sqr(&c, &c);
mp_add_d(&c, 1, &c);
mp_mod(&c, &a, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("mp_reduce_2k_l() failed at step %lu\n", cnt);
mp_tohex(&b, buf);
printf("b == %s\n", buf);
mp_tohex(&c, buf);
printf("c == %s\n", buf);
return EXIT_FAILURE;
}
}
printf("...Passed\n");
#endif
div2_n = mul2_n = inv_n = expt_n = lcm_n = gcd_n = add_n =
sub_n = mul_n = div_n = sqr_n = mul2d_n = div2d_n = cnt = add_d_n =
sub_d_n = 0;
/* force KARA and TOOM to enable despite cutoffs */
KARATSUBA_SQR_CUTOFF = KARATSUBA_MUL_CUTOFF = 8;
TOOM_SQR_CUTOFF = TOOM_MUL_CUTOFF = 16;
for (;;) {
/* randomly clear and re-init one variable, this has the affect of triming the alloc space */
switch (abs(rand()) % 7) {
case 0:
mp_clear(&a);
mp_init(&a);
break;
case 1:
mp_clear(&b);
mp_init(&b);
break;
case 2:
mp_clear(&c);
mp_init(&c);
break;
case 3:
mp_clear(&d);
mp_init(&d);
break;
case 4:
mp_clear(&e);
mp_init(&e);
break;
case 5:
mp_clear(&f);
mp_init(&f);
break;
case 6:
break; /* don't clear any */
}
printf
("%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu ",
add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n, gcd_n, lcm_n,
expt_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n);
fgets(cmd, 4095, stdin);
cmd[strlen(cmd) - 1] = 0;
printf("%s ]\r", cmd);
fflush(stdout);
if (!strcmp(cmd, "mul2d")) {
++mul2d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &rr);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_mul_2d(&a, rr, &a);
a.sign = b.sign;
if (mp_cmp(&a, &b) != MP_EQ) {
printf("mul2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return 0;
}
} else if (!strcmp(cmd, "div2d")) {
++div2d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &rr);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_div_2d(&a, rr, &a, &e);
a.sign = b.sign;
if (a.used == b.used && a.used == 0) {
a.sign = b.sign = MP_ZPOS;
}
if (mp_cmp(&a, &b) != MP_EQ) {
printf("div2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return 0;
}
} else if (!strcmp(cmd, "add")) {
++add_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_add(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("add %lu failure!\n", add_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
/* test the sign/unsigned storage functions */
rr = mp_signed_bin_size(&c);
mp_to_signed_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_signed_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mp_signed_bin failure!\n");
draw(&c);
draw(&d);
return 0;
}
rr = mp_unsigned_bin_size(&c);
mp_to_unsigned_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_unsigned_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp_mag(&c, &d) != MP_EQ) {
printf("mp_unsigned_bin failure!\n");
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "sub")) {
++sub_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_sub(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("sub %lu failure!\n", sub_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "mul")) {
++mul_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_mul(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mul %lu failure!\n", mul_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "div")) {
++div_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&d, buf, 64);
mp_div(&a, &b, &e, &f);
if (mp_cmp(&c, &e) != MP_EQ || mp_cmp(&d, &f) != MP_EQ) {
printf("div %lu %d, %d, failure!\n", div_n, mp_cmp(&c, &e),
mp_cmp(&d, &f));
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
draw(&f);
return 0;
}
} else if (!strcmp(cmd, "sqr")) {
++sqr_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_copy(&a, &c);
mp_sqr(&c, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sqr %lu failure!\n", sqr_n);
draw(&a);
draw(&b);
draw(&c);
return 0;
}
} else if (!strcmp(cmd, "gcd")) {
++gcd_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_gcd(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("gcd %lu failure!\n", gcd_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "lcm")) {
++lcm_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_lcm(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("lcm %lu failure!\n", lcm_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "expt")) {
++expt_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&d, buf, 64);
mp_copy(&a, &e);
mp_exptmod(&e, &b, &c, &e);
if (mp_cmp(&d, &e) != MP_EQ) {
printf("expt %lu failure!\n", expt_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
return 0;
}
} else if (!strcmp(cmd, "invmod")) {
++inv_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_invmod(&a, &b, &d);
mp_mulmod(&d, &a, &b, &e);
if (mp_cmp_d(&e, 1) != MP_EQ) {
printf("inv [wrong value from MPI?!] failure\n");
draw(&a);
draw(&b);
draw(&c);
draw(&d);
mp_gcd(&a, &b, &e);
draw(&e);
return 0;
}
} else if (!strcmp(cmd, "div2")) {
++div2_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_div_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("div_2 %lu failure\n", div2_n);
draw(&a);
draw(&b);
draw(&c);
return 0;
}
} else if (!strcmp(cmd, "mul2")) {
++mul2_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_mul_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("mul_2 %lu failure\n", mul2_n);
draw(&a);
draw(&b);
draw(&c);
return 0;
}
} else if (!strcmp(cmd, "add_d")) {
++add_d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &ix);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_add_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("add_d %lu failure\n", add_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return 0;
}
} else if (!strcmp(cmd, "sub_d")) {
++sub_d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &ix);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_sub_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sub_d %lu failure\n", sub_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return 0;
}
}
}
return 0;
}
int main(void)
{
ulong64 tt, gg, CLK_PER_SEC;
FILE *log, *logb, *logc, *logd;
mp_int a, b, c, d, e, f;
int n, cnt, ix, old_kara_m, old_kara_s;
unsigned rr;
mp_init(&a);
mp_init(&b);
mp_init(&c);
mp_init(&d);
mp_init(&e);
mp_init(&f);
srand(time(NULL));
/* temp. turn off TOOM */
TOOM_MUL_CUTOFF = TOOM_SQR_CUTOFF = 100000;
CLK_PER_SEC = TIMFUNC();
sleep(1);
CLK_PER_SEC = TIMFUNC() - CLK_PER_SEC;
printf("CLK_PER_SEC == %llu\n", CLK_PER_SEC);
goto exptmod;
log = fopen("logs/add.log", "w");
for (cnt = 8; cnt <= 128; cnt += 8) {
SLEEP;
mp_rand(&a, cnt);
mp_rand(&b, cnt);
rr = 0;
tt = -1;
do {
gg = TIMFUNC();
DO(mp_add(&a, &b, &c));
gg = (TIMFUNC() - gg) >> 1;
if (tt > gg)
tt = gg;
} while (++rr < 100000);
printf("Adding\t\t%4d-bit => %9llu/sec, %9llu cycles\n",
mp_count_bits(&a), CLK_PER_SEC / tt, tt);
fprintf(log, "%d %9llu\n", cnt * DIGIT_BIT, tt);
fflush(log);
}
fclose(log);
log = fopen("logs/sub.log", "w");
for (cnt = 8; cnt <= 128; cnt += 8) {
SLEEP;
mp_rand(&a, cnt);
mp_rand(&b, cnt);
rr = 0;
tt = -1;
do {
gg = TIMFUNC();
DO(mp_sub(&a, &b, &c));
gg = (TIMFUNC() - gg) >> 1;
if (tt > gg)
tt = gg;
} while (++rr < 100000);
printf("Subtracting\t\t%4d-bit => %9llu/sec, %9llu cycles\n",
mp_count_bits(&a), CLK_PER_SEC / tt, tt);
fprintf(log, "%d %9llu\n", cnt * DIGIT_BIT, tt);
fflush(log);
}
fclose(log);
/* do mult/square twice, first without karatsuba and second with */
multtest:
old_kara_m = KARATSUBA_MUL_CUTOFF;
old_kara_s = KARATSUBA_SQR_CUTOFF;
for (ix = 0; ix < 2; ix++) {
printf("With%s Karatsuba\n", (ix == 0) ? "out" : "");
KARATSUBA_MUL_CUTOFF = (ix == 0) ? 9999 : old_kara_m;
KARATSUBA_SQR_CUTOFF = (ix == 0) ? 9999 : old_kara_s;
log = fopen((ix == 0) ? "logs/mult.log" : "logs/mult_kara.log", "w");
for (cnt = 4; cnt <= 10240 / DIGIT_BIT; cnt += 2) {
SLEEP;
mp_rand(&a, cnt);
mp_rand(&b, cnt);
rr = 0;
tt = -1;
do {
gg = TIMFUNC();
DO(mp_mul(&a, &b, &c));
gg = (TIMFUNC() - gg) >> 1;
if (tt > gg)
tt = gg;
} while (++rr < 100);
printf("Multiplying\t%4d-bit => %9llu/sec, %9llu cycles\n",
mp_count_bits(&a), CLK_PER_SEC / tt, tt);
fprintf(log, "%d %9llu\n", mp_count_bits(&a), tt);
fflush(log);
}
fclose(log);
log = fopen((ix == 0) ? "logs/sqr.log" : "logs/sqr_kara.log", "w");
for (cnt = 4; cnt <= 10240 / DIGIT_BIT; cnt += 2) {
SLEEP;
mp_rand(&a, cnt);
rr = 0;
tt = -1;
do {
gg = TIMFUNC();
DO(mp_sqr(&a, &b));
gg = (TIMFUNC() - gg) >> 1;
if (tt > gg)
tt = gg;
} while (++rr < 100);
printf("Squaring\t%4d-bit => %9llu/sec, %9llu cycles\n",
mp_count_bits(&a), CLK_PER_SEC / tt, tt);
fprintf(log, "%d %9llu\n", mp_count_bits(&a), tt);
fflush(log);
}
fclose(log);
}
exptmod:
{
char *primes[] = {
/* 2K large moduli */
"179769313486231590772930519078902473361797697894230657273430081157732675805500963132708477322407536021120113879871393357658789768814416622492847430639474124377767893424865485276302219601246094119453082952085005768838150682342462881473913110540827237163350510684586239334100047359817950870678242457666208137217",
"32317006071311007300714876688669951960444102669715484032130345427524655138867890893197201411522913463688717960921898019494119559150490921095088152386448283120630877367300996091750197750389652106796057638384067568276792218642619756161838094338476170470581645852036305042887575891541065808607552399123930385521914333389668342420684974786564569494856176035326322058077805659331026192708460314150258592864177116725943603718461857357598351152301645904403697613233287231227125684710820209725157101726931323469678542580656697935045997268352998638099733077152121140120031150424541696791951097529546801429027668869927491725169",
"1044388881413152506691752710716624382579964249047383780384233483283953907971557456848826811934997558340890106714439262837987573438185793607263236087851365277945956976543709998340361590134383718314428070011855946226376318839397712745672334684344586617496807908705803704071284048740118609114467977783598029006686938976881787785946905630190260940599579453432823469303026696443059025015972399867714215541693835559885291486318237914434496734087811872639496475100189041349008417061675093668333850551032972088269550769983616369411933015213796825837188091833656751221318492846368125550225998300412344784862595674492194617023806505913245610825731835380087608622102834270197698202313169017678006675195485079921636419370285375124784014907159135459982790513399611551794271106831134090584272884279791554849782954323534517065223269061394905987693002122963395687782878948440616007412945674919823050571642377154816321380631045902916136926708342856440730447899971901781465763473223850267253059899795996090799469201774624817718449867455659250178329070473119433165550807568221846571746373296884912819520317457002440926616910874148385078411929804522981857338977648103126085902995208257421855249796721729039744118165938433694823325696642096892124547425283",
/* 2K moduli mersenne primes */
"6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151",
"531137992816767098689588206552468627329593117727031923199444138200403559860852242739162502265229285668889329486246501015346579337652707239409519978766587351943831270835393219031728127",
"10407932194664399081925240327364085538615262247266704805319112350403608059673360298012239441732324184842421613954281007791383566248323464908139906605677320762924129509389220345773183349661583550472959420547689811211693677147548478866962501384438260291732348885311160828538416585028255604666224831890918801847068222203140521026698435488732958028878050869736186900714720710555703168729087",
"1475979915214180235084898622737381736312066145333169775147771216478570297878078949377407337049389289382748507531496480477281264838760259191814463365330269540496961201113430156902396093989090226259326935025281409614983499388222831448598601834318536230923772641390209490231836446899608210795482963763094236630945410832793769905399982457186322944729636418890623372171723742105636440368218459649632948538696905872650486914434637457507280441823676813517852099348660847172579408422316678097670224011990280170474894487426924742108823536808485072502240519452587542875349976558572670229633962575212637477897785501552646522609988869914013540483809865681250419497686697771007",
"259117086013202627776246767922441530941818887553125427303974923161874019266586362086201209516800483406550695241733194177441689509238807017410377709597512042313066624082916353517952311186154862265604547691127595848775610568757931191017711408826252153849035830401185072116424747461823031471398340229288074545677907941037288235820705892351068433882986888616658650280927692080339605869308790500409503709875902119018371991620994002568935113136548829739112656797303241986517250116412703509705427773477972349821676443446668383119322540099648994051790241624056519054483690809616061625743042361721863339415852426431208737266591962061753535748892894599629195183082621860853400937932839420261866586142503251450773096274235376822938649407127700846077124211823080804139298087057504713825264571448379371125032081826126566649084251699453951887789613650248405739378594599444335231188280123660406262468609212150349937584782292237144339628858485938215738821232393687046160677362909315071",
"190797007524439073807468042969529173669356994749940177394741882673528979787005053706368049835514900244303495954950709725762186311224148828811920216904542206960744666169364221195289538436845390250168663932838805192055137154390912666527533007309292687539092257043362517857366624699975402375462954490293259233303137330643531556539739921926201438606439020075174723029056838272505051571967594608350063404495977660656269020823960825567012344189908927956646011998057988548630107637380993519826582389781888135705408653045219655801758081251164080554609057468028203308718724654081055323215860189611391296030471108443146745671967766308925858547271507311563765171008318248647110097614890313562856541784154881743146033909602737947385055355960331855614540900081456378659068370317267696980001187750995491090350108417050917991562167972281070161305972518044872048331306383715094854938415738549894606070722584737978176686422134354526989443028353644037187375385397838259511833166416134323695660367676897722287918773420968982326089026150031515424165462111337527431154890666327374921446276833564519776797633875503548665093914556482031482248883127023777039667707976559857333357013727342079099064400455741830654320379350833236245819348824064783585692924881021978332974949906122664421376034687815350484991",
/* DR moduli */
"14059105607947488696282932836518693308967803494693489478439861164411992439598399594747002144074658928593502845729752797260025831423419686528151609940203368612079",
"101745825697019260773923519755878567461315282017759829107608914364075275235254395622580447400994175578963163918967182013639660669771108475957692810857098847138903161308502419410142185759152435680068435915159402496058513611411688900243039",
"736335108039604595805923406147184530889923370574768772191969612422073040099331944991573923112581267542507986451953227192970402893063850485730703075899286013451337291468249027691733891486704001513279827771740183629161065194874727962517148100775228363421083691764065477590823919364012917984605619526140821797602431",
"38564998830736521417281865696453025806593491967131023221754800625044118265468851210705360385717536794615180260494208076605798671660719333199513807806252394423283413430106003596332513246682903994829528690198205120921557533726473585751382193953592127439965050261476810842071573684505878854588706623484573925925903505747545471088867712185004135201289273405614415899438276535626346098904241020877974002916168099951885406379295536200413493190419727789712076165162175783",
"542189391331696172661670440619180536749994166415993334151601745392193484590296600979602378676624808129613777993466242203025054573692562689251250471628358318743978285860720148446448885701001277560572526947619392551574490839286458454994488665744991822837769918095117129546414124448777033941223565831420390846864429504774477949153794689948747680362212954278693335653935890352619041936727463717926744868338358149568368643403037768649616778526013610493696186055899318268339432671541328195724261329606699831016666359440874843103020666106568222401047720269951530296879490444224546654729111504346660859907296364097126834834235287147",
"1487259134814709264092032648525971038895865645148901180585340454985524155135260217788758027400478312256339496385275012465661575576202252063145698732079880294664220579764848767704076761853197216563262660046602703973050798218246170835962005598561669706844469447435461092542265792444947706769615695252256130901271870341005768912974433684521436211263358097522726462083917939091760026658925757076733484173202927141441492573799914240222628795405623953109131594523623353044898339481494120112723445689647986475279242446083151413667587008191682564376412347964146113898565886683139407005941383669325997475076910488086663256335689181157957571445067490187939553165903773554290260531009121879044170766615232300936675369451260747671432073394867530820527479172464106442450727640226503746586340279816318821395210726268291535648506190714616083163403189943334431056876038286530365757187367147446004855912033137386225053275419626102417236133948503",
"1095121115716677802856811290392395128588168592409109494900178008967955253005183831872715423151551999734857184538199864469605657805519106717529655044054833197687459782636297255219742994736751541815269727940751860670268774903340296040006114013971309257028332849679096824800250742691718610670812374272414086863715763724622797509437062518082383056050144624962776302147890521249477060215148275163688301275847155316042279405557632639366066847442861422164832655874655824221577849928863023018366835675399949740429332468186340518172487073360822220449055340582568461568645259954873303616953776393853174845132081121976327462740354930744487429617202585015510744298530101547706821590188733515880733527449780963163909830077616357506845523215289297624086914545378511082534229620116563260168494523906566709418166011112754529766183554579321224940951177394088465596712620076240067370589036924024728375076210477267488679008016579588696191194060127319035195370137160936882402244399699172017835144537488486396906144217720028992863941288217185353914991583400421682751000603596655790990815525126154394344641336397793791497068253936771017031980867706707490224041075826337383538651825493679503771934836094655802776331664261631740148281763487765852746577808019633679",
/* generic unrestricted moduli */
"17933601194860113372237070562165128350027320072176844226673287945873370751245439587792371960615073855669274087805055507977323024886880985062002853331424203",
"2893527720709661239493896562339544088620375736490408468011883030469939904368086092336458298221245707898933583190713188177399401852627749210994595974791782790253946539043962213027074922559572312141181787434278708783207966459019479487",
"347743159439876626079252796797422223177535447388206607607181663903045907591201940478223621722118173270898487582987137708656414344685816179420855160986340457973820182883508387588163122354089264395604796675278966117567294812714812796820596564876450716066283126720010859041484786529056457896367683122960411136319",
"47266428956356393164697365098120418976400602706072312735924071745438532218237979333351774907308168340693326687317443721193266215155735814510792148768576498491199122744351399489453533553203833318691678263241941706256996197460424029012419012634671862283532342656309677173602509498417976091509154360039893165037637034737020327399910409885798185771003505320583967737293415979917317338985837385734747478364242020380416892056650841470869294527543597349250299539682430605173321029026555546832473048600327036845781970289288898317888427517364945316709081173840186150794397479045034008257793436817683392375274635794835245695887",
"436463808505957768574894870394349739623346440601945961161254440072143298152040105676491048248110146278752857839930515766167441407021501229924721335644557342265864606569000117714935185566842453630868849121480179691838399545644365571106757731317371758557990781880691336695584799313313687287468894148823761785582982549586183756806449017542622267874275103877481475534991201849912222670102069951687572917937634467778042874315463238062009202992087620963771759666448266532858079402669920025224220613419441069718482837399612644978839925207109870840278194042158748845445131729137117098529028886770063736487420613144045836803985635654192482395882603511950547826439092832800532152534003936926017612446606135655146445620623395788978726744728503058670046885876251527122350275750995227",
"11424167473351836398078306042624362277956429440521137061889702611766348760692206243140413411077394583180726863277012016602279290144126785129569474909173584789822341986742719230331946072730319555984484911716797058875905400999504305877245849119687509023232790273637466821052576859232452982061831009770786031785669030271542286603956118755585683996118896215213488875253101894663403069677745948305893849505434201763745232895780711972432011344857521691017896316861403206449421332243658855453435784006517202894181640562433575390821384210960117518650374602256601091379644034244332285065935413233557998331562749140202965844219336298970011513882564935538704289446968322281451907487362046511461221329799897350993370560697505809686438782036235372137015731304779072430260986460269894522159103008260495503005267165927542949439526272736586626709581721032189532726389643625590680105784844246152702670169304203783072275089194754889511973916207",
"1214855636816562637502584060163403830270705000634713483015101384881871978446801224798536155406895823305035467591632531067547890948695117172076954220727075688048751022421198712032848890056357845974246560748347918630050853933697792254955890439720297560693579400297062396904306270145886830719309296352765295712183040773146419022875165382778007040109957609739589875590885701126197906063620133954893216612678838507540777138437797705602453719559017633986486649523611975865005712371194067612263330335590526176087004421363598470302731349138773205901447704682181517904064735636518462452242791676541725292378925568296858010151852326316777511935037531017413910506921922450666933202278489024521263798482237150056835746454842662048692127173834433089016107854491097456725016327709663199738238442164843147132789153725513257167915555162094970853584447993125488607696008169807374736711297007473812256272245489405898470297178738029484459690836250560495461579533254473316340608217876781986188705928270735695752830825527963838355419762516246028680280988020401914551825487349990306976304093109384451438813251211051597392127491464898797406789175453067960072008590614886532333015881171367104445044718144312416815712216611576221546455968770801413440778423979",
NULL
};
log = fopen("logs/expt.log", "w");
logb = fopen("logs/expt_dr.log", "w");
logc = fopen("logs/expt_2k.log", "w");
logd = fopen("logs/expt_2kl.log", "w");
for (n = 0; primes[n]; n++) {
SLEEP;
mp_read_radix(&a, primes[n], 10);
mp_zero(&b);
for (rr = 0; rr < (unsigned) mp_count_bits(&a); rr++) {
mp_mul_2(&b, &b);
b.dp[0] |= lbit();
b.used += 1;
}
mp_sub_d(&a, 1, &c);
mp_mod(&b, &c, &b);
mp_set(&c, 3);
rr = 0;
tt = -1;
do {
gg = TIMFUNC();
DO(mp_exptmod(&c, &b, &a, &d));
gg = (TIMFUNC() - gg) >> 1;
if (tt > gg)
tt = gg;
} while (++rr < 10);
mp_sub_d(&a, 1, &e);
mp_sub(&e, &b, &b);
mp_exptmod(&c, &b, &a, &e); /* c^(p-1-b) mod a */
mp_mulmod(&e, &d, &a, &d); /* c^b * c^(p-1-b) == c^p-1 == 1 */
if (mp_cmp_d(&d, 1)) {
printf("Different (%d)!!!\n", mp_count_bits(&a));
draw(&d);
exit(0);
}
printf("Exponentiating\t%4d-bit => %9llu/sec, %9llu cycles\n",
mp_count_bits(&a), CLK_PER_SEC / tt, tt);
fprintf(n < 4 ? logd : (n < 9) ? logc : (n < 16) ? logb : log,
"%d %9llu\n", mp_count_bits(&a), tt);
}
}
fclose(log);
fclose(logb);
fclose(logc);
fclose(logd);
log = fopen("logs/invmod.log", "w");
for (cnt = 4; cnt <= 128; cnt += 4) {
SLEEP;
mp_rand(&a, cnt);
mp_rand(&b, cnt);
do {
mp_add_d(&b, 1, &b);
mp_gcd(&a, &b, &c);
} while (mp_cmp_d(&c, 1) != MP_EQ);
rr = 0;
tt = -1;
do {
gg = TIMFUNC();
DO(mp_invmod(&b, &a, &c));
gg = (TIMFUNC() - gg) >> 1;
if (tt > gg)
tt = gg;
} while (++rr < 1000);
mp_mulmod(&b, &c, &a, &d);
if (mp_cmp_d(&d, 1) != MP_EQ) {
printf("Failed to invert\n");
return 0;
}
printf("Inverting mod\t%4d-bit => %9llu/sec, %9llu cycles\n",
mp_count_bits(&a), CLK_PER_SEC / tt, tt);
fprintf(log, "%d %9llu\n", cnt * DIGIT_BIT, tt);
}
fclose(log);
return 0;
}
int main(void)
{
int n, tmp;
mp_int a, b, c, d, e;
clock_t t1;
char buf[4096];
mp_init(&a);
mp_init(&b);
mp_init(&c);
mp_init(&d);
mp_init(&e);
/* initial (2^n - 1)^2 testing, makes sure the comba multiplier works [it has the new carry code] */
/*
mp_set(&a, 1);
for (n = 1; n < 8192; n++) {
mp_mul(&a, &a, &c);
printf("mul\n");
mp_to64(&a, buf);
printf("%s\n%s\n", buf, buf);
mp_to64(&c, buf);
printf("%s\n", buf);
mp_add_d(&a, 1, &a);
mp_mul_2(&a, &a);
mp_sub_d(&a, 1, &a);
}
*/
rng = fopen("/dev/urandom", "rb");
if (rng == NULL) {
rng = fopen("/dev/random", "rb");
if (rng == NULL) {
fprintf(stderr, "\nWarning: stdin used as random source\n\n");
rng = stdin;
}
}
t1 = clock();
for (;;) {
#if 0
if (clock() - t1 > CLOCKS_PER_SEC) {
sleep(2);
t1 = clock();
}
#endif
n = fgetc(rng) % 15;
if (n == 0) {
/* add tests */
rand_num(&a);
rand_num(&b);
mp_add(&a, &b, &c);
printf("add\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 1) {
/* sub tests */
rand_num(&a);
rand_num(&b);
mp_sub(&a, &b, &c);
printf("sub\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 2) {
/* mul tests */
rand_num(&a);
rand_num(&b);
mp_mul(&a, &b, &c);
printf("mul\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 3) {
/* div tests */
rand_num(&a);
rand_num(&b);
mp_div(&a, &b, &c, &d);
printf("div\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
mp_to64(&d, buf);
printf("%s\n", buf);
} else if (n == 4) {
/* sqr tests */
rand_num(&a);
mp_sqr(&a, &b);
printf("sqr\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 5) {
/* mul_2d test */
rand_num(&a);
mp_copy(&a, &b);
n = fgetc(rng) & 63;
mp_mul_2d(&b, n, &b);
mp_to64(&a, buf);
printf("mul2d\n");
printf("%s\n", buf);
printf("%d\n", n);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 6) {
/* div_2d test */
rand_num(&a);
mp_copy(&a, &b);
n = fgetc(rng) & 63;
mp_div_2d(&b, n, &b, NULL);
mp_to64(&a, buf);
printf("div2d\n");
printf("%s\n", buf);
printf("%d\n", n);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 7) {
/* gcd test */
rand_num(&a);
rand_num(&b);
a.sign = MP_ZPOS;
b.sign = MP_ZPOS;
mp_gcd(&a, &b, &c);
printf("gcd\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 8) {
/* lcm test */
rand_num(&a);
rand_num(&b);
a.sign = MP_ZPOS;
b.sign = MP_ZPOS;
mp_lcm(&a, &b, &c);
printf("lcm\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 9) {
/* exptmod test */
rand_num2(&a);
rand_num2(&b);
rand_num2(&c);
// if (c.dp[0]&1) mp_add_d(&c, 1, &c);
a.sign = b.sign = c.sign = 0;
mp_exptmod(&a, &b, &c, &d);
printf("expt\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
mp_to64(&d, buf);
printf("%s\n", buf);
} else if (n == 10) {
/* invmod test */
rand_num2(&a);
rand_num2(&b);
b.sign = MP_ZPOS;
a.sign = MP_ZPOS;
mp_gcd(&a, &b, &c);
if (mp_cmp_d(&c, 1) != 0) continue;
if (mp_cmp_d(&b, 1) == 0) continue;
mp_invmod(&a, &b, &c);
printf("invmod\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 11) {
rand_num(&a);
mp_mul_2(&a, &a);
mp_div_2(&a, &b);
printf("div2\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 12) {
rand_num2(&a);
mp_mul_2(&a, &b);
printf("mul2\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 13) {
rand_num2(&a);
tmp = abs(rand()) & THE_MASK;
mp_add_d(&a, tmp, &b);
printf("add_d\n");
mp_to64(&a, buf);
printf("%s\n%d\n", buf, tmp);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 14) {
rand_num2(&a);
tmp = abs(rand()) & THE_MASK;
mp_sub_d(&a, tmp, &b);
printf("sub_d\n");
mp_to64(&a, buf);
printf("%s\n%d\n", buf, tmp);
mp_to64(&b, buf);
printf("%s\n", buf);
}
}
fclose(rng);
return 0;
}
/* Do modular exponentiation using integer multiply code. */
mp_err mp_exptmod_i(const mp_int * montBase,
const mp_int * exponent,
const mp_int * modulus,
mp_int * result,
mp_mont_modulus *mmm,
int nLen,
mp_size bits_in_exponent,
mp_size window_bits,
mp_size odd_ints)
{
mp_int *pa1, *pa2, *ptmp;
mp_size i;
mp_err res;
int expOff;
mp_int accum1, accum2, power2, oddPowers[MAX_ODD_INTS];
/* power2 = base ** 2; oddPowers[i] = base ** (2*i + 1); */
/* oddPowers[i] = base ** (2*i + 1); */
MP_DIGITS(&accum1) = 0;
MP_DIGITS(&accum2) = 0;
MP_DIGITS(&power2) = 0;
for (i = 0; i < MAX_ODD_INTS; ++i) {
MP_DIGITS(oddPowers + i) = 0;
}
MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
MP_CHECKOK( mp_init_copy(&oddPowers[0], montBase) );
mp_init_size(&power2, nLen + 2 * MP_USED(montBase) + 2);
MP_CHECKOK( mp_sqr(montBase, &power2) ); /* power2 = montBase ** 2 */
MP_CHECKOK( s_mp_redc(&power2, mmm) );
for (i = 1; i < odd_ints; ++i) {
mp_init_size(oddPowers + i, nLen + 2 * MP_USED(&power2) + 2);
MP_CHECKOK( mp_mul(oddPowers + (i - 1), &power2, oddPowers + i) );
MP_CHECKOK( s_mp_redc(oddPowers + i, mmm) );
}
/* set accumulator to montgomery residue of 1 */
mp_set(&accum1, 1);
MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
pa1 = &accum1;
pa2 = &accum2;
for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
mp_size smallExp;
MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
smallExp = (mp_size)res;
if (window_bits == 1) {
if (!smallExp) {
SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 1) {
SQR(pa1,pa2); MUL(0,pa2,pa1);
} else {
ABORT;
}
} else if (window_bits == 4) {
if (!smallExp) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
} else if (smallExp & 1) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
MUL(smallExp/2, pa1,pa2); SWAPPA;
} else if (smallExp & 2) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2);
MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 4) {
SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/8,pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 8) {
SQR(pa1,pa2); MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else {
ABORT;
}
} else if (window_bits == 5) {
if (!smallExp) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 1) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
SQR(pa1,pa2); MUL(smallExp/2,pa2,pa1);
} else if (smallExp & 2) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
MUL(smallExp/4,pa1,pa2); SQR(pa2,pa1);
} else if (smallExp & 4) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2);
MUL(smallExp/8,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
} else if (smallExp & 8) {
SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/16,pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
} else if (smallExp & 0x10) {
SQR(pa1,pa2); MUL(smallExp/32,pa2,pa1); SQR(pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
} else {
ABORT;
}
} else if (window_bits == 6) {
if (!smallExp) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
SQR(pa1,pa2); SQR(pa2,pa1);
} else if (smallExp & 1) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/2,pa1,pa2); SWAPPA;
} else if (smallExp & 2) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
SQR(pa1,pa2); MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 4) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
MUL(smallExp/8,pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 8) {
SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2);
MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 0x10) {
SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/32,pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else if (smallExp & 0x20) {
SQR(pa1,pa2); MUL(smallExp/64,pa2,pa1); SQR(pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else {
ABORT;
}
} else {
ABORT;
}
}
res = s_mp_redc(pa1, mmm);
mp_exch(pa1, result);
CLEANUP:
mp_clear(&accum1);
mp_clear(&accum2);
mp_clear(&power2);
for (i = 0; i < odd_ints; ++i) {
mp_clear(oddPowers + i);
}
return res;
}
int main(int argc, char *argv[])
{
int n, tmp;
long long max;
mp_int a, b, c, d, e;
#ifdef MTEST_NO_FULLSPEED
clock_t t1;
#endif
char buf[4096];
mp_init(&a);
mp_init(&b);
mp_init(&c);
mp_init(&d);
mp_init(&e);
if (argc > 1) {
max = strtol(argv[1], NULL, 0);
if (max < 0) {
if (max > -64) {
max = (1 << -(max)) + 1;
} else {
max = 1;
}
} else if (max == 0) {
max = 1;
}
}
else {
max = 0;
}
/* initial (2^n - 1)^2 testing, makes sure the comba multiplier works [it has the new carry code] */
/*
mp_set(&a, 1);
for (n = 1; n < 8192; n++) {
mp_mul(&a, &a, &c);
printf("mul\n");
mp_to64(&a, buf);
printf("%s\n%s\n", buf, buf);
mp_to64(&c, buf);
printf("%s\n", buf);
mp_add_d(&a, 1, &a);
mp_mul_2(&a, &a);
mp_sub_d(&a, 1, &a);
}
*/
#ifdef LTM_MTEST_REAL_RAND
rng = fopen("/dev/urandom", "rb");
if (rng == NULL) {
rng = fopen("/dev/random", "rb");
if (rng == NULL) {
fprintf(stderr, "\nWarning: stdin used as random source\n\n");
rng = stdin;
}
}
#else
srand(23);
#endif
#ifdef MTEST_NO_FULLSPEED
t1 = clock();
#endif
for (;;) {
#ifdef MTEST_NO_FULLSPEED
if (clock() - t1 > CLOCKS_PER_SEC) {
sleep(2);
t1 = clock();
}
#endif
n = getRandChar() % 15;
if (max != 0) {
--max;
if (max == 0)
n = 255;
}
if (n == 0) {
/* add tests */
rand_num(&a);
rand_num(&b);
mp_add(&a, &b, &c);
printf("add\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 1) {
/* sub tests */
rand_num(&a);
rand_num(&b);
mp_sub(&a, &b, &c);
printf("sub\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 2) {
/* mul tests */
rand_num(&a);
rand_num(&b);
mp_mul(&a, &b, &c);
printf("mul\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 3) {
/* div tests */
rand_num(&a);
rand_num(&b);
mp_div(&a, &b, &c, &d);
printf("div\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
mp_to64(&d, buf);
printf("%s\n", buf);
} else if (n == 4) {
/* sqr tests */
rand_num(&a);
mp_sqr(&a, &b);
printf("sqr\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 5) {
/* mul_2d test */
rand_num(&a);
mp_copy(&a, &b);
n = getRandChar() & 63;
mp_mul_2d(&b, n, &b);
mp_to64(&a, buf);
printf("mul2d\n");
printf("%s\n", buf);
printf("%d\n", n);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 6) {
/* div_2d test */
rand_num(&a);
mp_copy(&a, &b);
n = getRandChar() & 63;
mp_div_2d(&b, n, &b, NULL);
mp_to64(&a, buf);
printf("div2d\n");
printf("%s\n", buf);
printf("%d\n", n);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 7) {
/* gcd test */
rand_num(&a);
rand_num(&b);
a.sign = MP_ZPOS;
b.sign = MP_ZPOS;
mp_gcd(&a, &b, &c);
printf("gcd\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 8) {
/* lcm test */
rand_num(&a);
rand_num(&b);
a.sign = MP_ZPOS;
b.sign = MP_ZPOS;
mp_lcm(&a, &b, &c);
printf("lcm\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 9) {
/* exptmod test */
rand_num2(&a);
rand_num2(&b);
rand_num2(&c);
// if (c.dp[0]&1) mp_add_d(&c, 1, &c);
a.sign = b.sign = c.sign = 0;
mp_exptmod(&a, &b, &c, &d);
printf("expt\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
mp_to64(&d, buf);
printf("%s\n", buf);
} else if (n == 10) {
/* invmod test */
do {
rand_num2(&a);
rand_num2(&b);
b.sign = MP_ZPOS;
a.sign = MP_ZPOS;
mp_gcd(&a, &b, &c);
} while (mp_cmp_d(&c, 1) != 0 || mp_cmp_d(&b, 1) == 0);
mp_invmod(&a, &b, &c);
printf("invmod\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
mp_to64(&c, buf);
printf("%s\n", buf);
} else if (n == 11) {
rand_num(&a);
mp_mul_2(&a, &a);
mp_div_2(&a, &b);
printf("div2\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 12) {
rand_num2(&a);
mp_mul_2(&a, &b);
printf("mul2\n");
mp_to64(&a, buf);
printf("%s\n", buf);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 13) {
rand_num2(&a);
tmp = abs(rand()) & THE_MASK;
mp_add_d(&a, tmp, &b);
printf("add_d\n");
mp_to64(&a, buf);
printf("%s\n%d\n", buf, tmp);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 14) {
rand_num2(&a);
tmp = abs(rand()) & THE_MASK;
mp_sub_d(&a, tmp, &b);
printf("sub_d\n");
mp_to64(&a, buf);
printf("%s\n%d\n", buf, tmp);
mp_to64(&b, buf);
printf("%s\n", buf);
} else if (n == 255) {
printf("exit\n");
break;
}
}
#ifdef LTM_MTEST_REAL_RAND
fclose(rng);
#endif
return 0;
}
/* sqr */
static int sqr(void *a, void *b)
{
LTC_ARGCHK(a != NULL);
LTC_ARGCHK(b != NULL);
return mpi_to_ltc_error(mp_sqr(a, b));
}
//http://numbers.computation.free.fr/Constants/Algorithms/splitting.html
int mp_acoth_binary_splitting(mp_int * q, mp_int * a, mp_int * b, mp_int * P,
mp_int * Q, mp_int * R)
{
int err;
mp_int p1, q1, r1, p2, q2, r2, t1, t2, one;
if ((err =
mp_init_multi(&p1, &q1, &r1, &p2, &q2, &r2, &t1, &t2, &one,
NULL)) != MP_OKAY) {
return err;
}
err = MP_OKAY;
mp_set(&one, 1);
if ((err = mp_sub(b, a, &t1)) != MP_OKAY) {
goto _ERR;
}
if (mp_cmp(&t1, &one) == MP_EQ) {
if ((err = mp_mul_2d(a, 1, &t1)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_add_d(&t1, 3, &t1)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_set_int(P, 1)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_sqr(q, &t2)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_mul(&t1, &t2, Q)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_copy(&t1, R)) != MP_OKAY) {
goto _ERR;
}
goto _ERR;
}
if ((err = mp_add(a, b, &t1)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_div_2d(&t1, 1, &t1, NULL)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_acoth_binary_splitting(q, a, &t1, &p1, &q1, &r1)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_acoth_binary_splitting(q, &t1, b, &p2, &q2, &r2)) != MP_OKAY) {
goto _ERR;
}
//P = q2*p1 + r1*p2
if ((err = mp_mul(&q2, &p1, &t1)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_mul(&r1, &p2, &t2)) != MP_OKAY) {
goto _ERR;
}
if ((err = mp_add(&t1, &t2, P)) != MP_OKAY) {
goto _ERR;
}
//Q = q1*q2
if ((err = mp_mul(&q1, &q2, Q)) != MP_OKAY) {
goto _ERR;
}
//R = r1*r2
if ((err = mp_mul(&r1, &r2, R)) != MP_OKAY) {
goto _ERR;
}
_ERR:
mp_clear_multi(&p1, &q1, &r1, &p2, &q2, &r2, &t1, &t2, &one, NULL);
return err;
}
/* squaring using Toom-Cook 3-way algorithm */
int
mp_toom_sqr(mp_int *a, mp_int *b)
{
mp_int w0, w1, w2, w3, w4, tmp1, a0, a1, a2;
int res, B;
/* init temps */
if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4, &a0, &a1, &a2, &tmp1, NULL)) != MP_OKAY) {
return res;
}
/* B */
B = a->used / 3;
/* a = a2 * B^2 + a1 * B + a0 */
if ((res = mp_mod_2d(a, DIGIT_BIT * B, &a0)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_copy(a, &a1)) != MP_OKAY) {
goto ERR;
}
mp_rshd(&a1, B);
mp_mod_2d(&a1, DIGIT_BIT * B, &a1);
if ((res = mp_copy(a, &a2)) != MP_OKAY) {
goto ERR;
}
mp_rshd(&a2, B*2);
/* w0 = a0*a0 */
if ((res = mp_sqr(&a0, &w0)) != MP_OKAY) {
goto ERR;
}
/* w4 = a2 * a2 */
if ((res = mp_sqr(&a2, &w4)) != MP_OKAY) {
goto ERR;
}
/* w1 = (a2 + 2(a1 + 2a0))**2 */
if ((res = mp_mul_2(&a0, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&tmp1, &a1, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_mul_2(&tmp1, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&tmp1, &a2, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sqr(&tmp1, &w1)) != MP_OKAY) {
goto ERR;
}
/* w3 = (a0 + 2(a1 + 2a2))**2 */
if ((res = mp_mul_2(&a2, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&tmp1, &a1, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_mul_2(&tmp1, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sqr(&tmp1, &w3)) != MP_OKAY) {
goto ERR;
}
/* w2 = (a2 + a1 + a0)**2 */
if ((res = mp_add(&a2, &a1, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sqr(&tmp1, &w2)) != MP_OKAY) {
goto ERR;
}
/* now solve the matrix
0 0 0 0 1
1 2 4 8 16
1 1 1 1 1
16 8 4 2 1
1 0 0 0 0
using 12 subtractions, 4 shifts, 2 small divisions and 1 small multiplication.
*/
/* r1 - r4 */
if ((res = mp_sub(&w1, &w4, &w1)) != MP_OKAY) {
goto ERR;
}
/* r3 - r0 */
if ((res = mp_sub(&w3, &w0, &w3)) != MP_OKAY) {
goto ERR;
}
/* r1/2 */
if ((res = mp_div_2(&w1, &w1)) != MP_OKAY) {
goto ERR;
}
/* r3/2 */
if ((res = mp_div_2(&w3, &w3)) != MP_OKAY) {
goto ERR;
}
/* r2 - r0 - r4 */
if ((res = mp_sub(&w2, &w0, &w2)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sub(&w2, &w4, &w2)) != MP_OKAY) {
goto ERR;
}
/* r1 - r2 */
if ((res = mp_sub(&w1, &w2, &w1)) != MP_OKAY) {
goto ERR;
}
/* r3 - r2 */
if ((res = mp_sub(&w3, &w2, &w3)) != MP_OKAY) {
goto ERR;
}
/* r1 - 8r0 */
if ((res = mp_mul_2d(&w0, 3, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sub(&w1, &tmp1, &w1)) != MP_OKAY) {
goto ERR;
}
/* r3 - 8r4 */
if ((res = mp_mul_2d(&w4, 3, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sub(&w3, &tmp1, &w3)) != MP_OKAY) {
goto ERR;
}
/* 3r2 - r1 - r3 */
if ((res = mp_mul_d(&w2, 3, &w2)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sub(&w2, &w1, &w2)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sub(&w2, &w3, &w2)) != MP_OKAY) {
goto ERR;
}
/* r1 - r2 */
if ((res = mp_sub(&w1, &w2, &w1)) != MP_OKAY) {
goto ERR;
}
/* r3 - r2 */
if ((res = mp_sub(&w3, &w2, &w3)) != MP_OKAY) {
goto ERR;
}
/* r1/3 */
if ((res = mp_div_3(&w1, &w1, NULL)) != MP_OKAY) {
goto ERR;
}
/* r3/3 */
if ((res = mp_div_3(&w3, &w3, NULL)) != MP_OKAY) {
goto ERR;
}
/* at this point shift W[n] by B*n */
if ((res = mp_lshd(&w1, 1*B)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_lshd(&w2, 2*B)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_lshd(&w3, 3*B)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_lshd(&w4, 4*B)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&w0, &w1, b)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&w2, &w3, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&w4, &tmp1, &tmp1)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_add(&tmp1, b, b)) != MP_OKAY) {
goto ERR;
}
ERR:
mp_clear_multi(&w0, &w1, &w2, &w3, &w4, &a0, &a1, &a2, &tmp1, NULL);
return res;
}
int main(void)
{
unsigned rr;
int cnt, ix;
#if LTM_DEMO_TEST_VS_MTEST
unsigned long expt_n, add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n,
gcd_n, lcm_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n;
char* ret;
#else
unsigned long s, t;
unsigned long long q, r;
mp_digit mp;
int i, n, err, should;
#endif
if (mp_init_multi(&a, &b, &c, &d, &e, &f, NULL)!= MP_OKAY)
return EXIT_FAILURE;
atexit(_cleanup);
#if defined(LTM_DEMO_REAL_RAND)
if (!fd_urandom) {
fd_urandom = fopen("/dev/urandom", "r");
if (!fd_urandom) {
#if !defined(_WIN32)
fprintf(stderr, "\ncould not open /dev/urandom\n");
#endif
}
}
#endif
srand(LTM_DEMO_RAND_SEED);
#ifdef MP_8BIT
printf("Digit size 8 Bit \n");
#endif
#ifdef MP_16BIT
printf("Digit size 16 Bit \n");
#endif
#ifdef MP_32BIT
printf("Digit size 32 Bit \n");
#endif
#ifdef MP_64BIT
printf("Digit size 64 Bit \n");
#endif
printf("Size of mp_digit: %u\n", (unsigned int)sizeof(mp_digit));
printf("Size of mp_word: %u\n", (unsigned int)sizeof(mp_word));
printf("DIGIT_BIT: %d\n", DIGIT_BIT);
printf("MP_PREC: %d\n", MP_PREC);
#if LTM_DEMO_TEST_VS_MTEST == 0
// trivial stuff
// a: 0->5
mp_set_int(&a, 5);
// a: 5-> b: -5
mp_neg(&a, &b);
if (mp_cmp(&a, &b) != MP_GT) {
return EXIT_FAILURE;
}
if (mp_cmp(&b, &a) != MP_LT) {
return EXIT_FAILURE;
}
// a: 5-> a: -5
mp_neg(&a, &a);
if (mp_cmp(&b, &a) != MP_EQ) {
return EXIT_FAILURE;
}
// a: -5-> b: 5
mp_abs(&a, &b);
if (mp_isneg(&b) != MP_NO) {
return EXIT_FAILURE;
}
// a: -5-> b: -4
mp_add_d(&a, 1, &b);
if (mp_isneg(&b) != MP_YES) {
return EXIT_FAILURE;
}
if (mp_get_int(&b) != 4) {
return EXIT_FAILURE;
}
// a: -5-> b: 1
mp_add_d(&a, 6, &b);
if (mp_get_int(&b) != 1) {
return EXIT_FAILURE;
}
// a: -5-> a: 1
mp_add_d(&a, 6, &a);
if (mp_get_int(&a) != 1) {
return EXIT_FAILURE;
}
mp_zero(&a);
// a: 0-> a: 6
mp_add_d(&a, 6, &a);
if (mp_get_int(&a) != 6) {
return EXIT_FAILURE;
}
mp_set_int(&a, 0);
mp_set_int(&b, 1);
if ((err = mp_jacobi(&a, &b, &i)) != MP_OKAY) {
printf("Failed executing mp_jacobi(0 | 1) %s.\n", mp_error_to_string(err));
return EXIT_FAILURE;
}
if (i != 1) {
printf("Failed trivial mp_jacobi(0 | 1) %d != 1\n", i);
return EXIT_FAILURE;
}
for (cnt = 0; cnt < (int)(sizeof(jacobi)/sizeof(jacobi[0])); ++cnt) {
mp_set_int(&b, jacobi[cnt].n);
/* only test positive values of a */
for (n = -5; n <= 10; ++n) {
mp_set_int(&a, abs(n));
should = MP_OKAY;
if (n < 0) {
mp_neg(&a, &a);
/* Until #44 is fixed the negative a's must fail */
should = MP_VAL;
}
if ((err = mp_jacobi(&a, &b, &i)) != should) {
printf("Failed executing mp_jacobi(%d | %lu) %s.\n", n, jacobi[cnt].n, mp_error_to_string(err));
return EXIT_FAILURE;
}
if (err == MP_OKAY && i != jacobi[cnt].c[n + 5]) {
printf("Failed trivial mp_jacobi(%d | %lu) %d != %d\n", n, jacobi[cnt].n, i, jacobi[cnt].c[n + 5]);
return EXIT_FAILURE;
}
}
}
// test mp_get_int
printf("\n\nTesting: mp_get_int");
for (i = 0; i < 1000; ++i) {
t = ((unsigned long) rand () * rand () + 1) & 0xFFFFFFFF;
mp_set_int (&a, t);
if (t != mp_get_int (&a)) {
printf ("\nmp_get_int() bad result!");
return EXIT_FAILURE;
}
}
mp_set_int(&a, 0);
if (mp_get_int(&a) != 0) {
printf("\nmp_get_int() bad result!");
return EXIT_FAILURE;
}
mp_set_int(&a, 0xffffffff);
if (mp_get_int(&a) != 0xffffffff) {
printf("\nmp_get_int() bad result!");
return EXIT_FAILURE;
}
printf("\n\nTesting: mp_get_long\n");
for (i = 0; i < (int)(sizeof(unsigned long)*CHAR_BIT) - 1; ++i) {
t = (1ULL << (i+1)) - 1;
if (!t)
t = -1;
printf(" t = 0x%lx i = %d\r", t, i);
do {
if (mp_set_long(&a, t) != MP_OKAY) {
printf("\nmp_set_long() error!");
return EXIT_FAILURE;
}
s = mp_get_long(&a);
if (s != t) {
printf("\nmp_get_long() bad result! 0x%lx != 0x%lx", s, t);
return EXIT_FAILURE;
}
t <<= 1;
} while(t);
}
printf("\n\nTesting: mp_get_long_long\n");
for (i = 0; i < (int)(sizeof(unsigned long long)*CHAR_BIT) - 1; ++i) {
r = (1ULL << (i+1)) - 1;
if (!r)
r = -1;
printf(" r = 0x%llx i = %d\r", r, i);
do {
if (mp_set_long_long(&a, r) != MP_OKAY) {
printf("\nmp_set_long_long() error!");
return EXIT_FAILURE;
}
q = mp_get_long_long(&a);
if (q != r) {
printf("\nmp_get_long_long() bad result! 0x%llx != 0x%llx", q, r);
return EXIT_FAILURE;
}
r <<= 1;
} while(r);
}
// test mp_sqrt
printf("\n\nTesting: mp_sqrt\n");
for (i = 0; i < 1000; ++i) {
printf ("%6d\r", i);
fflush (stdout);
n = (rand () & 15) + 1;
mp_rand (&a, n);
if (mp_sqrt (&a, &b) != MP_OKAY) {
printf ("\nmp_sqrt() error!");
return EXIT_FAILURE;
}
mp_n_root_ex (&a, 2, &c, 0);
mp_n_root_ex (&a, 2, &d, 1);
if (mp_cmp_mag (&c, &d) != MP_EQ) {
printf ("\nmp_n_root_ex() bad result!");
return EXIT_FAILURE;
}
if (mp_cmp_mag (&b, &c) != MP_EQ) {
printf ("mp_sqrt() bad result!\n");
return EXIT_FAILURE;
}
}
printf("\n\nTesting: mp_is_square\n");
for (i = 0; i < 1000; ++i) {
printf ("%6d\r", i);
fflush (stdout);
/* test mp_is_square false negatives */
n = (rand () & 7) + 1;
mp_rand (&a, n);
mp_sqr (&a, &a);
if (mp_is_square (&a, &n) != MP_OKAY) {
printf ("\nfn:mp_is_square() error!");
return EXIT_FAILURE;
}
if (n == 0) {
printf ("\nfn:mp_is_square() bad result!");
return EXIT_FAILURE;
}
/* test for false positives */
mp_add_d (&a, 1, &a);
if (mp_is_square (&a, &n) != MP_OKAY) {
printf ("\nfp:mp_is_square() error!");
return EXIT_FAILURE;
}
if (n == 1) {
printf ("\nfp:mp_is_square() bad result!");
return EXIT_FAILURE;
}
}
printf("\n\n");
// r^2 = n (mod p)
for (i = 0; i < (int)(sizeof(sqrtmod_prime)/sizeof(sqrtmod_prime[0])); ++i) {
mp_set_int(&a, sqrtmod_prime[i].p);
mp_set_int(&b, sqrtmod_prime[i].n);
if (mp_sqrtmod_prime(&b, &a, &c) != MP_OKAY) {
printf("Failed executing %d. mp_sqrtmod_prime\n", (i+1));
return EXIT_FAILURE;
}
if (mp_cmp_d(&c, sqrtmod_prime[i].r) != MP_EQ) {
printf("Failed %d. trivial mp_sqrtmod_prime\n", (i+1));
ndraw(&c, "r");
return EXIT_FAILURE;
}
}
/* test for size */
for (ix = 10; ix < 128; ix++) {
printf ("Testing (not safe-prime): %9d bits \r", ix);
fflush (stdout);
err = mp_prime_random_ex (&a, 8, ix,
(rand () & 1) ? 0 : LTM_PRIME_2MSB_ON, myrng,
NULL);
if (err != MP_OKAY) {
printf ("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits (&a) != ix) {
printf ("Prime is %d not %d bits!!!\n", mp_count_bits (&a), ix);
return EXIT_FAILURE;
}
}
printf("\n");
for (ix = 16; ix < 128; ix++) {
printf ("Testing ( safe-prime): %9d bits \r", ix);
fflush (stdout);
err = mp_prime_random_ex (
&a, 8, ix, ((rand () & 1) ? 0 : LTM_PRIME_2MSB_ON) | LTM_PRIME_SAFE,
myrng, NULL);
if (err != MP_OKAY) {
printf ("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits (&a) != ix) {
printf ("Prime is %d not %d bits!!!\n", mp_count_bits (&a), ix);
return EXIT_FAILURE;
}
/* let's see if it's really a safe prime */
mp_sub_d (&a, 1, &a);
mp_div_2 (&a, &a);
mp_prime_is_prime (&a, 8, &cnt);
if (cnt != MP_YES) {
printf ("sub is not prime!\n");
return EXIT_FAILURE;
}
}
printf("\n\n");
// test montgomery
printf("Testing: montgomery...\n");
for (i = 1; i <= 10; i++) {
if (i == 10)
i = 1000;
printf(" digit size: %2d\r", i);
fflush(stdout);
for (n = 0; n < 1000; n++) {
mp_rand(&a, i);
a.dp[0] |= 1;
// let's see if R is right
mp_montgomery_calc_normalization(&b, &a);
mp_montgomery_setup(&a, &mp);
// now test a random reduction
for (ix = 0; ix < 100; ix++) {
mp_rand(&c, 1 + abs(rand()) % (2*i));
mp_copy(&c, &d);
mp_copy(&c, &e);
mp_mod(&d, &a, &d);
mp_montgomery_reduce(&c, &a, mp);
mp_mulmod(&c, &b, &a, &c);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("d = e mod a, c = e MOD a\n");
mp_todecimal(&a, buf); printf("a = %s\n", buf);
mp_todecimal(&e, buf); printf("e = %s\n", buf);
mp_todecimal(&d, buf); printf("d = %s\n", buf);
mp_todecimal(&c, buf); printf("c = %s\n", buf);
printf("compare no compare!\n"); return EXIT_FAILURE; }
/* only one big montgomery reduction */
if (i > 10)
{
n = 1000;
ix = 100;
}
}
}
}
printf("\n\n");
mp_read_radix(&a, "123456", 10);
mp_toradix_n(&a, buf, 10, 3);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 4);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 30);
printf("a == %s\n", buf);
#if 0
for (;;) {
fgets(buf, sizeof(buf), stdin);
mp_read_radix(&a, buf, 10);
mp_prime_next_prime(&a, 5, 1);
mp_toradix(&a, buf, 10);
printf("%s, %lu\n", buf, a.dp[0] & 3);
}
#endif
/* test mp_cnt_lsb */
printf("\n\nTesting: mp_cnt_lsb");
mp_set(&a, 1);
for (ix = 0; ix < 1024; ix++) {
if (mp_cnt_lsb (&a) != ix) {
printf ("Failed at %d, %d\n", ix, mp_cnt_lsb (&a));
return EXIT_FAILURE;
}
mp_mul_2 (&a, &a);
}
/* test mp_reduce_2k */
printf("\n\nTesting: mp_reduce_2k\n");
for (cnt = 3; cnt <= 128; ++cnt) {
mp_digit tmp;
mp_2expt (&a, cnt);
mp_sub_d (&a, 2, &a); /* a = 2**cnt - 2 */
printf ("\r %4d bits", cnt);
printf ("(%d)", mp_reduce_is_2k (&a));
mp_reduce_2k_setup (&a, &tmp);
printf ("(%lu)", (unsigned long) tmp);
for (ix = 0; ix < 1000; ix++) {
if (!(ix & 127)) {
printf (".");
fflush (stdout);
}
mp_rand (&b, (cnt / DIGIT_BIT + 1) * 2);
mp_copy (&c, &b);
mp_mod (&c, &a, &c);
mp_reduce_2k (&b, &a, 2);
if (mp_cmp (&c, &b)) {
printf ("FAILED\n");
return EXIT_FAILURE;
}
}
}
/* test mp_div_3 */
printf("\n\nTesting: mp_div_3...\n");
mp_set(&d, 3);
for (cnt = 0; cnt < 10000;) {
mp_digit r2;
if (!(++cnt & 127))
{
printf("%9d\r", cnt);
fflush(stdout);
}
mp_rand(&a, abs(rand()) % 128 + 1);
mp_div(&a, &d, &b, &e);
mp_div_3(&a, &c, &r2);
if (mp_cmp(&b, &c) || mp_cmp_d(&e, r2)) {
printf("\nmp_div_3 => Failure\n");
}
}
printf("\nPassed div_3 testing");
/* test the DR reduction */
printf("\n\nTesting: mp_dr_reduce...\n");
for (cnt = 2; cnt < 32; cnt++) {
printf ("\r%d digit modulus", cnt);
mp_grow (&a, cnt);
mp_zero (&a);
for (ix = 1; ix < cnt; ix++) {
a.dp[ix] = MP_MASK;
}
a.used = cnt;
a.dp[0] = 3;
mp_rand (&b, cnt - 1);
mp_copy (&b, &c);
rr = 0;
do {
if (!(rr & 127)) {
printf (".");
fflush (stdout);
}
mp_sqr (&b, &b);
mp_add_d (&b, 1, &b);
mp_copy (&b, &c);
mp_mod (&b, &a, &b);
mp_dr_setup(&a, &mp),
mp_dr_reduce (&c, &a, mp);
if (mp_cmp (&b, &c) != MP_EQ) {
printf ("Failed on trial %u\n", rr);
return EXIT_FAILURE;
}
} while (++rr < 500);
printf (" passed");
fflush (stdout);
}
#if LTM_DEMO_TEST_REDUCE_2K_L
/* test the mp_reduce_2k_l code */
#if LTM_DEMO_TEST_REDUCE_2K_L == 1
/* first load P with 2^1024 - 0x2A434 B9FDEC95 D8F9D550 FFFFFFFF FFFFFFFF */
mp_2expt(&a, 1024);
mp_read_radix(&b, "2A434B9FDEC95D8F9D550FFFFFFFFFFFFFFFF", 16);
mp_sub(&a, &b, &a);
#elif LTM_DEMO_TEST_REDUCE_2K_L == 2
/* p = 2^2048 - 0x1 00000000 00000000 00000000 00000000 4945DDBF 8EA2A91D 5776399B B83E188F */
mp_2expt(&a, 2048);
mp_read_radix(&b,
"1000000000000000000000000000000004945DDBF8EA2A91D5776399BB83E188F",
16);
mp_sub(&a, &b, &a);
#else
#error oops
#endif
mp_todecimal(&a, buf);
printf("\n\np==%s\n", buf);
/* now mp_reduce_is_2k_l() should return */
if (mp_reduce_is_2k_l(&a) != 1) {
printf("mp_reduce_is_2k_l() return 0, should be 1\n");
return EXIT_FAILURE;
}
mp_reduce_2k_setup_l(&a, &d);
/* now do a million square+1 to see if it varies */
mp_rand(&b, 64);
mp_mod(&b, &a, &b);
mp_copy(&b, &c);
printf("Testing: mp_reduce_2k_l...");
fflush(stdout);
for (cnt = 0; cnt < (int)(1UL << 20); cnt++) {
mp_sqr(&b, &b);
mp_add_d(&b, 1, &b);
mp_reduce_2k_l(&b, &a, &d);
mp_sqr(&c, &c);
mp_add_d(&c, 1, &c);
mp_mod(&c, &a, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("mp_reduce_2k_l() failed at step %d\n", cnt);
mp_tohex(&b, buf);
printf("b == %s\n", buf);
mp_tohex(&c, buf);
printf("c == %s\n", buf);
return EXIT_FAILURE;
}
}
printf("...Passed\n");
#endif /* LTM_DEMO_TEST_REDUCE_2K_L */
#else
div2_n = mul2_n = inv_n = expt_n = lcm_n = gcd_n = add_n =
sub_n = mul_n = div_n = sqr_n = mul2d_n = div2d_n = cnt = add_d_n =
sub_d_n = 0;
/* force KARA and TOOM to enable despite cutoffs */
KARATSUBA_SQR_CUTOFF = KARATSUBA_MUL_CUTOFF = 8;
TOOM_SQR_CUTOFF = TOOM_MUL_CUTOFF = 16;
for (;;) {
/* randomly clear and re-init one variable, this has the affect of triming the alloc space */
switch (abs(rand()) % 7) {
case 0:
mp_clear(&a);
mp_init(&a);
break;
case 1:
mp_clear(&b);
mp_init(&b);
break;
case 2:
mp_clear(&c);
mp_init(&c);
break;
case 3:
mp_clear(&d);
mp_init(&d);
break;
case 4:
mp_clear(&e);
mp_init(&e);
break;
case 5:
mp_clear(&f);
mp_init(&f);
break;
case 6:
break; /* don't clear any */
}
printf
("%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu ",
add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n, gcd_n, lcm_n,
expt_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n);
ret=fgets(cmd, 4095, stdin); if(!ret){_panic(__LINE__);}
cmd[strlen(cmd) - 1] = 0;
printf("%-6s ]\r", cmd);
fflush(stdout);
if (!strcmp(cmd, "mul2d")) {
++mul2d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &rr);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_mul_2d(&a, rr, &a);
a.sign = b.sign;
if (mp_cmp(&a, &b) != MP_EQ) {
printf("mul2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "div2d")) {
++div2d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &rr);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_div_2d(&a, rr, &a, &e);
a.sign = b.sign;
if (a.used == b.used && a.used == 0) {
a.sign = b.sign = MP_ZPOS;
}
if (mp_cmp(&a, &b) != MP_EQ) {
printf("div2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "add")) {
++add_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_add(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("add %lu failure!\n", add_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
/* test the sign/unsigned storage functions */
rr = mp_signed_bin_size(&c);
mp_to_signed_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_signed_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mp_signed_bin failure!\n");
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
rr = mp_unsigned_bin_size(&c);
mp_to_unsigned_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_unsigned_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp_mag(&c, &d) != MP_EQ) {
printf("mp_unsigned_bin failure!\n");
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "sub")) {
++sub_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_sub(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("sub %lu failure!\n", sub_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "mul")) {
++mul_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_mul(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mul %lu failure!\n", mul_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "div")) {
++div_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&d, buf, 64);
mp_div(&a, &b, &e, &f);
if (mp_cmp(&c, &e) != MP_EQ || mp_cmp(&d, &f) != MP_EQ) {
printf("div %lu %d, %d, failure!\n", div_n, mp_cmp(&c, &e),
mp_cmp(&d, &f));
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
draw(&f);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "sqr")) {
++sqr_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_copy(&a, &c);
mp_sqr(&c, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sqr %lu failure!\n", sqr_n);
draw(&a);
draw(&b);
draw(&c);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "gcd")) {
++gcd_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_gcd(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("gcd %lu failure!\n", gcd_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "lcm")) {
++lcm_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_lcm(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("lcm %lu failure!\n", lcm_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "expt")) {
++expt_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&d, buf, 64);
mp_copy(&a, &e);
mp_exptmod(&e, &b, &c, &e);
if (mp_cmp(&d, &e) != MP_EQ) {
printf("expt %lu failure!\n", expt_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "invmod")) {
++inv_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_invmod(&a, &b, &d);
mp_mulmod(&d, &a, &b, &e);
if (mp_cmp_d(&e, 1) != MP_EQ) {
printf("inv [wrong value from MPI?!] failure\n");
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
mp_gcd(&a, &b, &e);
draw(&e);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "div2")) {
++div2_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_div_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("div_2 %lu failure\n", div2_n);
draw(&a);
draw(&b);
draw(&c);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "mul2")) {
++mul2_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_mul_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("mul_2 %lu failure\n", mul2_n);
draw(&a);
draw(&b);
draw(&c);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "add_d")) {
++add_d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &ix);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_add_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("add_d %lu failure\n", add_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "sub_d")) {
++sub_d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &ix);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_sub_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sub_d %lu failure\n", sub_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "exit")) {
printf("\nokay, exiting now\n");
break;
}
}
#endif
return 0;
}
/* Store non-zero to ret if arg is square, and zero if not */
int mp_is_square(mp_int *arg,int *ret)
{
int res;
mp_digit c;
mp_int t;
unsigned long r;
/* Default to Non-square :) */
*ret = MP_NO;
if (arg->sign == MP_NEG) {
return MP_VAL;
}
/* digits used? (TSD) */
if (arg->used == 0) {
return MP_OKAY;
}
/* First check mod 128 (suppose that DIGIT_BIT is at least 7) */
if (rem_128[127 & DIGIT(arg,0)] == 1) {
return MP_OKAY;
}
/* Next check mod 105 (3*5*7) */
if ((res = mp_mod_d(arg,105,&c)) != MP_OKAY) {
return res;
}
if (rem_105[c] == 1) {
return MP_OKAY;
}
/* product of primes less than 2^31 */
if ((res = mp_init_set_int(&t,11L*13L*17L*19L*23L*29L*31L)) != MP_OKAY) {
return res;
}
if ((res = mp_mod(arg,&t,&t)) != MP_OKAY) {
goto ERR;
}
r = mp_get_int(&t);
/* Check for other prime modules, note it's not an ERROR but we must
* free "t" so the easiest way is to goto ERR. We know that res
* is already equal to MP_OKAY from the mp_mod call
*/
if ( (1L<<(r%11)) & 0x5C4L ) goto ERR;
if ( (1L<<(r%13)) & 0x9E4L ) goto ERR;
if ( (1L<<(r%17)) & 0x5CE8L ) goto ERR;
if ( (1L<<(r%19)) & 0x4F50CL ) goto ERR;
if ( (1L<<(r%23)) & 0x7ACCA0L ) goto ERR;
if ( (1L<<(r%29)) & 0xC2EDD0CL ) goto ERR;
if ( (1L<<(r%31)) & 0x6DE2B848L ) goto ERR;
/* Final check - is sqr(sqrt(arg)) == arg ? */
if ((res = mp_sqrt(arg,&t)) != MP_OKAY) {
goto ERR;
}
if ((res = mp_sqr(&t,&t)) != MP_OKAY) {
goto ERR;
}
*ret = (mp_cmp_mag(&t,arg) == MP_EQ) ? MP_YES : MP_NO;
ERR:mp_clear(&t);
return res;
}
int main(int argc, char *argv[])
{
int ix;
mp_int a, b, c, d;
mp_digit r;
mp_err res;
if(argc < 3) {
fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
return 1;
}
printf("Test 3: Multiplication and division\n\n");
srand(time(NULL));
mp_init(&a);
mp_init(&b);
mp_read_radix(&a, argv[1], 10);
mp_read_radix(&b, argv[2], 10);
printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
mp_init(&c);
printf("\nc = a * b\n");
mp_mul(&a, &b, &c);
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
printf("\nc = b * 32523\n");
mp_mul_d(&b, 32523, &c);
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
mp_init(&d);
printf("\nc = a / b, d = a mod b\n");
mp_div(&a, &b, &c, &d);
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
ix = rand() % 256;
printf("\nc = a / %d, r = a mod %d\n", ix, ix);
mp_div_d(&a, (mp_digit)ix, &c, &r);
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
printf("r = %04X\n", r);
#if EXPT
printf("\nc = a ** b\n");
mp_expt(&a, &b, &c);
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
#endif
ix = rand() % 256;
printf("\nc = 2^%d\n", ix);
mp_2expt(&c, ix);
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
#if SQRT
printf("\nc = sqrt(a)\n");
if((res = mp_sqrt(&a, &c)) != MP_OKAY) {
printf("mp_sqrt: %s\n", mp_strerror(res));
} else {
printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
mp_sqr(&c, &c);
printf("c^2 = "); mp_print(&c, stdout); fputc('\n', stdout);
}
#endif
mp_clear(&d);
mp_clear(&c);
mp_clear(&b);
mp_clear(&a);
return 0;
}
/**
Double an ECC point
@param P The point to double
@param R [out] The destination of the double
@param modulus The modulus of the field the ECC curve is in
@param mp The "b" value from montgomery_setup()
@return CRYPT_OK on success
*/
int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp)
{
void *t1, *t2;
int err;
LTC_ARGCHK(P != NULL);
LTC_ARGCHK(R != NULL);
LTC_ARGCHK(modulus != NULL);
LTC_ARGCHK(mp != NULL);
if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
return err;
}
if (P != R) {
if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; }
}
/* t1 = Z * Z */
if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* Z = Y * Z */
if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; }
/* Z = 2Z */
if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; }
if (mp_cmp(R->z, modulus) != LTC_MP_LT) {
if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; }
}
/* T2 = X - T1 */
if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* T1 = X + T1 */
if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* T2 = T1 * T2 */
if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = 2T2 */
if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* T1 = T1 + T2 */
if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* Y = 2Y */
if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; }
if (mp_cmp(R->y, modulus) != LTC_MP_LT) {
if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
}
/* Y = Y * Y */
if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
/* T2 = Y * Y */
if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
/* T2 = T2/2 */
if (mp_isodd(t2)) {
if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; }
/* Y = Y * X */
if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = T1 * T1 */
if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = X - Y */
if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(R->x, 0) == LTC_MP_LT) {
if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; }
}
/* X = X - Y */
if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(R->x, 0) == LTC_MP_LT) {
if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; }
}
/* Y = Y - X */
if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(R->y, 0) == LTC_MP_LT) {
if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
}
/* Y = Y * T1 */
if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
/* Y = Y - T2 */
if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(R->y, 0) == LTC_MP_LT) {
if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
}
err = CRYPT_OK;
done:
mp_clear_multi(t1, t2, NULL);
return err;
}
/**
Add two ECC points
@param P The point to add
@param Q The point to add
@param R [out] The destination of the double
@param modulus The modulus of the field the ECC curve is in
@param mp The "b" value from montgomery_setup()
@return CRYPT_OK on success
*/
int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp)
{
void *t1, *t2, *x, *y, *z;
int err;
LTC_ARGCHK(P != NULL);
LTC_ARGCHK(Q != NULL);
LTC_ARGCHK(R != NULL);
LTC_ARGCHK(modulus != NULL);
LTC_ARGCHK(mp != NULL);
if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) {
return err;
}
/* should we dbl instead? */
if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; }
if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) &&
(Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) &&
(mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) {
mp_clear_multi(t1, t2, x, y, z, NULL);
return ltc_ecc_projective_dbl_point(P, R, modulus, mp);
}
if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; }
/* if Z is one then these are no-operations */
if (Q->z != NULL) {
/* T1 = Z' * Z' */
if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = X * T1 */
if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = Z' * T1 */
if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* Y = Y * T1 */
if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; }
}
/* T1 = Z*Z */
if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* T2 = X' * T1 */
if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = Z * T1 */
if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = Y' * T1 */
if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* Y = Y - T1 */
if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(y, 0) == LTC_MP_LT) {
if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
}
/* T1 = 2T1 */
if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* T1 = Y + T1 */
if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; }
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
}
/* X = X - T2 */
if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(x, 0) == LTC_MP_LT) {
if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
}
/* T2 = 2T2 */
if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp(t2, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* T2 = X + T2 */
if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp(t2, modulus) != LTC_MP_LT) {
if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* if Z' != 1 */
if (Q->z != NULL) {
/* Z = Z * Z' */
if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; }
}
/* Z = Z * X */
if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = T1 * X */
if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = X * X */
if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
/* T2 = T2 * x */
if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
/* T1 = T1 * X */
if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = Y*Y */
if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
/* X = X - T2 */
if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(x, 0) == LTC_MP_LT) {
if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
}
/* T2 = T2 - X */
if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* T2 = T2 - X */
if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
}
/* T2 = T2 * Y */
if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; }
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
/* Y = T2 - T1 */
if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; }
if (mp_cmp_d(y, 0) == LTC_MP_LT) {
if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
}
/* Y = Y/2 */
if (mp_isodd(y)) {
if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
}
if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; }
if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; }
err = CRYPT_OK;
done:
mp_clear_multi(t1, t2, x, y, z, NULL);
return err;
}
/* Karatsuba squaring, computes b = a*a using three
* half size squarings
*
* See comments of karatsuba_mul for details. It
* is essentially the same algorithm but merely
* tuned to perform recursive squarings.
*/
int mp_karatsuba_sqr(const mp_int *a, mp_int *b)
{
mp_int x0, x1, t1, t2, x0x0, x1x1;
int B, err;
err = MP_MEM;
/* min # of digits */
B = a->used;
/* now divide in two */
B = B >> 1;
/* init copy all the temps */
if (mp_init_size(&x0, B) != MP_OKAY)
goto LBL_ERR;
if (mp_init_size(&x1, a->used - B) != MP_OKAY)
goto X0;
/* init temps */
if (mp_init_size(&t1, a->used * 2) != MP_OKAY)
goto X1;
if (mp_init_size(&t2, a->used * 2) != MP_OKAY)
goto T1;
if (mp_init_size(&x0x0, B * 2) != MP_OKAY)
goto T2;
if (mp_init_size(&x1x1, (a->used - B) * 2) != MP_OKAY)
goto X0X0;
{
int x;
mp_digit *dst, *src;
src = a->dp;
/* now shift the digits */
dst = x0.dp;
for (x = 0; x < B; x++) {
*dst++ = *src++;
}
dst = x1.dp;
for (x = B; x < a->used; x++) {
*dst++ = *src++;
}
}
x0.used = B;
x1.used = a->used - B;
mp_clamp(&x0);
/* now calc the products x0*x0 and x1*x1 */
if (mp_sqr(&x0, &x0x0) != MP_OKAY)
goto X1X1; /* x0x0 = x0*x0 */
if (mp_sqr(&x1, &x1x1) != MP_OKAY)
goto X1X1; /* x1x1 = x1*x1 */
/* now calc (x1+x0)**2 */
if (s_mp_add(&x1, &x0, &t1) != MP_OKAY)
goto X1X1; /* t1 = x1 - x0 */
if (mp_sqr(&t1, &t1) != MP_OKAY)
goto X1X1; /* t1 = (x1 - x0) * (x1 - x0) */
/* add x0y0 */
if (s_mp_add(&x0x0, &x1x1, &t2) != MP_OKAY)
goto X1X1; /* t2 = x0x0 + x1x1 */
if (s_mp_sub(&t1, &t2, &t1) != MP_OKAY)
goto X1X1; /* t1 = (x1+x0)**2 - (x0x0 + x1x1) */
/* shift by B */
if (mp_lshd(&t1, B) != MP_OKAY)
goto X1X1; /* t1 = (x0x0 + x1x1 - (x1-x0)*(x1-x0))<<B */
if (mp_lshd(&x1x1, B * 2) != MP_OKAY)
goto X1X1; /* x1x1 = x1x1 << 2*B */
if (mp_add(&x0x0, &t1, &t1) != MP_OKAY)
goto X1X1; /* t1 = x0x0 + t1 */
if (mp_add(&t1, &x1x1, b) != MP_OKAY)
goto X1X1; /* t1 = x0x0 + t1 + x1x1 */
err = MP_OKAY;
X1X1:
mp_clear(&x1x1);
X0X0:
mp_clear(&x0x0);
T2:
mp_clear(&t2);
T1:
mp_clear(&t1);
X1:
mp_clear(&x1);
X0:
mp_clear(&x0);
LBL_ERR:
return err;
}
int main(int argc, char *argv[])
{
int ntests, prec, ix;
unsigned int seed;
clock_t start, stop;
double multime, sqrtime;
mp_int a, c;
seed = (unsigned int)time(NULL);
if(argc < 3) {
fprintf(stderr, "Usage: %s <ntests> <nbits>\n", argv[0]);
return 1;
}
if((ntests = abs(atoi(argv[1]))) == 0) {
fprintf(stderr, "%s: must request at least 1 test.\n", argv[0]);
return 1;
}
if((prec = abs(atoi(argv[2]))) < CHAR_BIT) {
fprintf(stderr, "%s: must request at least %d bits.\n", argv[0],
CHAR_BIT);
return 1;
}
prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
mp_init_size(&a, prec);
mp_init_size(&c, 2 * prec);
/* Test multiplication by self */
srand(seed);
start = clock();
for(ix = 0; ix < ntests; ix++) {
mpp_random_size(&a, prec);
mp_mul(&a, &a, &c);
}
stop = clock();
multime = (double)(stop - start) / CLOCKS_PER_SEC;
/* Test squaring */
srand(seed);
start = clock();
for(ix = 0; ix < ntests; ix++) {
mpp_random_size(&a, prec);
mp_sqr(&a, &c);
}
stop = clock();
sqrtime = (double)(stop - start) / CLOCKS_PER_SEC;
printf("Multiply: %.4f\n", multime);
printf("Square: %.4f\n", sqrtime);
if(multime < sqrtime) {
printf("Speedup: %.1f%%\n", 100.0 * (1.0 - multime / sqrtime));
printf("Prefer: multiply\n");
} else {
printf("Speedup: %.1f%%\n", 100.0 * (1.0 - sqrtime / multime));
printf("Prefer: square\n");
}
mp_clear(&a); mp_clear(&c);
return 0;
}