gnuk/src/mod.c

/*
 * mod.c -- modulo arithmetic
 *
 * Copyright (C) 2011 Free Software Initiative of Japan
 * Author: NIIBE Yutaka <gniibe@fsij.org>
 *
 * This file is a part of Gnuk, a GnuPG USB Token implementation.
 *
 * Gnuk is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Gnuk is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 * License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#include <stdint.h>
#include <string.h>
#include "bn.h"

/**
 * @brief X = A mod B (using MU=(1<<(256)+MU_lower)) (Barret reduction)
 * 
 */
void
mod_reduce (bn256 *X, const bn512 *A, const bn256 *B, const bn256 *MU_lower)
{
  bn256 q[1];
  bn512 q_big[1], tmp[1];
  uint32_t carry;
#define borrow carry
  uint32_t borrow_next;

  memset (q, 0, sizeof (bn256));
  q->words[0] = A->words[15];
  bn256_mul (tmp, q, MU_lower);
  tmp->words[8] += A->words[15];
  carry = (tmp->words[8] < A->words[15]);
  tmp->words[9] += carry;

  q->words[7] = A->words[14];
  q->words[6] = A->words[13];
  q->words[5] = A->words[12];
  q->words[4] = A->words[11];
  q->words[3] = A->words[10];
  q->words[2] = A->words[9];
  q->words[1] = A->words[8];
  q->words[0] = A->words[7];
  bn256_mul (q_big, q, MU_lower);
  bn256_add ((bn256 *)&q_big->words[8], (bn256 *)&q_big->words[8], q);

  q->words[0] = q_big->words[9] + tmp->words[1];
  carry = (q->words[0] < tmp->words[1]);

  q->words[1] = q_big->words[10] + carry;
  carry = (q->words[1] < carry);
  q->words[1] += tmp->words[2];
  carry += (q->words[1] < tmp->words[2]);

  q->words[2] = q_big->words[11] + carry;
  carry = (q->words[2] < carry);
  q->words[2] += tmp->words[3];
  carry += (q->words[2] < tmp->words[3]);

  q->words[3] = q_big->words[12] + carry;
  carry = (q->words[3] < carry);
  q->words[3] += tmp->words[4];
  carry += (q->words[3] < tmp->words[4]);

  q->words[4] = q_big->words[13] + carry;
  carry = (q->words[4] < carry);
  q->words[4] += tmp->words[5];
  carry += (q->words[4] < tmp->words[5]);

  q->words[5] = q_big->words[14] + carry;
  carry = (q->words[5] < carry);
  q->words[5] += tmp->words[6];
  carry += (q->words[5] < tmp->words[6]);

  q->words[6] = q_big->words[15] + carry;
  carry = (q->words[6] < carry);
  q->words[6] += tmp->words[7];
  carry += (q->words[6] < tmp->words[7]);

  q->words[7] = carry;
  q->words[7] += tmp->words[8];
  carry = (q->words[7] < tmp->words[8]);

  memset (q_big, 0, sizeof (bn512));
  q_big->words[8] = A->words[8];
  q_big->words[7] = A->words[7];
  q_big->words[6] = A->words[6];
  q_big->words[5] = A->words[5];
  q_big->words[4] = A->words[4];
  q_big->words[3] = A->words[3];
  q_big->words[2] = A->words[2];
  q_big->words[1] = A->words[1];
  q_big->words[0] = A->words[0];

  bn256_mul (tmp, q, B);
  if (carry)
    tmp->words[8] += B->words[0];
  tmp->words[15] = tmp->words[14] = tmp->words[13] = tmp->words[12]
    = tmp->words[11] = tmp->words[10] = tmp->words[9] = 0;

  borrow = bn256_sub (X, (bn256 *)&q_big->words[0], (bn256 *)&tmp->words[0]);
  borrow_next = (q_big->words[8] < borrow);
  q_big->words[8] -= borrow;
  borrow_next += (q_big->words[8] < tmp->words[8]);
  q_big->words[8] -= tmp->words[8];

  carry = q_big->words[8];
  while (carry)
    {
      borrow_next = bn256_sub (X, X, B);
      carry -= borrow_next;
    }

  if (bn256_is_ge (X, B))
    bn256_sub (X, X, B);
}

/**
 * @brief C = X^(-1) mod N
 * 
 */
void
mod_inv (bn256 *C, const bn256 *X, const bn256 *N)
{
  bn256 u[1], v[1];
  bn256 A[1] = { { { 1, 0, 0, 0, 0, 0, 0, 0 } } };

  memset (C, 0, sizeof (bn256));
  memcpy (u, X, sizeof (bn256));
  memcpy (v, N, sizeof (bn256));

  while (!bn256_is_zero (u))
    {
      while (bn256_is_even (u))
	{
	  bn256_shift (u, u, -1);
	  if (bn256_is_even (A))
	    bn256_shift (A, A, -1);
	  else
	    {
	      int carry = bn256_add (A, A, N);

	      bn256_shift (A, A, -1);
	      if (carry)
		A->words[7] |= 0x80000000;
	    }
	}

      while (bn256_is_even (v))
	{
	  bn256_shift (v, v, -1);
	  if (bn256_is_even (C))
	    bn256_shift (C, C, -1);
	  else
	    {
	      int carry = bn256_add (C, C, N);

	      bn256_shift (C, C, -1);
	      if (carry)
		C->words[7] |= 0x80000000;
	    }
	}

      if (bn256_is_ge (u, v))
	{
	  int borrow;

	  bn256_sub (u, u, v);
	  borrow = bn256_sub (A, A, C);
	  if (borrow)
	    bn256_add (A, A, N);
	}
      else
	{
	  int borrow;

	  bn256_sub (v, v, u);
	  borrow = bn256_sub (C, C, A);
	  if (borrow)
	    bn256_add (C, C, N);
	}
    }
}
modulo arithmetic 2011-10-12 05:40:31 +00:00			`/*`
			`* mod.c -- modulo arithmetic`
			`*`
			`* Copyright (C) 2011 Free Software Initiative of Japan`
			`* Author: NIIBE Yutaka <gniibe@fsij.org>`
			`*`
			`* This file is a part of Gnuk, a GnuPG USB Token implementation.`
			`*`
			`* Gnuk is free software: you can redistribute it and/or modify it`
			`* under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* Gnuk is distributed in the hope that it will be useful, but WITHOUT`
			`* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY`
			`* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public`
			`* License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*/`

			`#include <stdint.h>`
			`#include <string.h>`
			`#include "bn.h"`

			`/**`
			`* @brief X = A mod B (using MU=(1<<(256)+MU_lower)) (Barret reduction)`
			`*`
			`*/`
			`void`
			`mod_reduce (bn256 X, const bn512 A, const bn256 B, const bn256 MU_lower)`
			`{`
			`bn256 q[1];`
			`bn512 q_big[1], tmp[1];`
			`uint32_t carry;`
			`#define borrow carry`
			`uint32_t borrow_next;`

			`memset (q, 0, sizeof (bn256));`
			`q->words[0] = A->words[15];`
			`bn256_mul (tmp, q, MU_lower);`
			`tmp->words[8] += A->words[15];`
			`carry = (tmp->words[8] < A->words[15]);`
			`tmp->words[9] += carry;`

			`q->words[7] = A->words[14];`
			`q->words[6] = A->words[13];`
			`q->words[5] = A->words[12];`
			`q->words[4] = A->words[11];`
			`q->words[3] = A->words[10];`
			`q->words[2] = A->words[9];`
			`q->words[1] = A->words[8];`
			`q->words[0] = A->words[7];`
			`bn256_mul (q_big, q, MU_lower);`
			`bn256_add ((bn256 )&q_big->words[8], (bn256 )&q_big->words[8], q);`

			`q->words[0] = q_big->words[9] + tmp->words[1];`
			`carry = (q->words[0] < tmp->words[1]);`

			`q->words[1] = q_big->words[10] + carry;`
			`carry = (q->words[1] < carry);`
			`q->words[1] += tmp->words[2];`
			`carry += (q->words[1] < tmp->words[2]);`

			`q->words[2] = q_big->words[11] + carry;`
			`carry = (q->words[2] < carry);`
			`q->words[2] += tmp->words[3];`
			`carry += (q->words[2] < tmp->words[3]);`

			`q->words[3] = q_big->words[12] + carry;`
			`carry = (q->words[3] < carry);`
			`q->words[3] += tmp->words[4];`
			`carry += (q->words[3] < tmp->words[4]);`

			`q->words[4] = q_big->words[13] + carry;`
			`carry = (q->words[4] < carry);`
			`q->words[4] += tmp->words[5];`
			`carry += (q->words[4] < tmp->words[5]);`

			`q->words[5] = q_big->words[14] + carry;`
			`carry = (q->words[5] < carry);`
			`q->words[5] += tmp->words[6];`
			`carry += (q->words[5] < tmp->words[6]);`

			`q->words[6] = q_big->words[15] + carry;`
			`carry = (q->words[6] < carry);`
			`q->words[6] += tmp->words[7];`
			`carry += (q->words[6] < tmp->words[7]);`

			`q->words[7] = carry;`
			`q->words[7] += tmp->words[8];`
			`carry = (q->words[7] < tmp->words[8]);`

			`memset (q_big, 0, sizeof (bn512));`
			`q_big->words[8] = A->words[8];`
			`q_big->words[7] = A->words[7];`
			`q_big->words[6] = A->words[6];`
			`q_big->words[5] = A->words[5];`
			`q_big->words[4] = A->words[4];`
			`q_big->words[3] = A->words[3];`
			`q_big->words[2] = A->words[2];`
			`q_big->words[1] = A->words[1];`
			`q_big->words[0] = A->words[0];`

			`bn256_mul (tmp, q, B);`
			`if (carry)`
			`tmp->words[8] += B->words[0];`
			`tmp->words[15] = tmp->words[14] = tmp->words[13] = tmp->words[12]`
			`= tmp->words[11] = tmp->words[10] = tmp->words[9] = 0;`

			`borrow = bn256_sub (X, (bn256 )&q_big->words[0], (bn256 )&tmp->words[0]);`
			`borrow_next = (q_big->words[8] < borrow);`
			`q_big->words[8] -= borrow;`
			`borrow_next += (q_big->words[8] < tmp->words[8]);`
			`q_big->words[8] -= tmp->words[8];`

			`carry = q_big->words[8];`
			`while (carry)`
			`{`
			`borrow_next = bn256_sub (X, X, B);`
			`carry -= borrow_next;`
			`}`

			`if (bn256_is_ge (X, B))`
			`bn256_sub (X, X, B);`
			`}`

			`/**`
			`* @brief C = X^(-1) mod N`
			`*`
			`*/`
			`void`
			`mod_inv (bn256 C, const bn256 X, const bn256 *N)`
			`{`
			`bn256 u[1], v[1];`
			`bn256 A[1] = { { { 1, 0, 0, 0, 0, 0, 0, 0 } } };`

			`memset (C, 0, sizeof (bn256));`
			`memcpy (u, X, sizeof (bn256));`
			`memcpy (v, N, sizeof (bn256));`

			`while (!bn256_is_zero (u))`
			`{`
			`while (bn256_is_even (u))`
			`{`
			`bn256_shift (u, u, -1);`
			`if (bn256_is_even (A))`
			`bn256_shift (A, A, -1);`
			`else`
			`{`
			`int carry = bn256_add (A, A, N);`

			`bn256_shift (A, A, -1);`
			`if (carry)`
			`A->words[7] \|= 0x80000000;`
			`}`
			`}`

			`while (bn256_is_even (v))`
			`{`
			`bn256_shift (v, v, -1);`
			`if (bn256_is_even (C))`
			`bn256_shift (C, C, -1);`
			`else`
			`{`
			`int carry = bn256_add (C, C, N);`

			`bn256_shift (C, C, -1);`
			`if (carry)`
			`C->words[7] \|= 0x80000000;`
			`}`
			`}`

			`if (bn256_is_ge (u, v))`
			`{`
			`int borrow;`

			`bn256_sub (u, u, v);`
			`borrow = bn256_sub (A, A, C);`
			`if (borrow)`
			`bn256_add (A, A, N);`
			`}`
			`else`
			`{`
			`int borrow;`

			`bn256_sub (v, v, u);`
			`borrow = bn256_sub (C, C, A);`
			`if (borrow)`
			`bn256_add (C, C, N);`
			`}`
			`}`
			`}`