bn_recp.c 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237
  1. /* crypto/bn/bn_recp.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #define OPENSSL_FIPSAPI
  59. #include <stdio.h>
  60. #include "cryptlib.h"
  61. #include "bn_lcl.h"
  62. void BN_RECP_CTX_init(BN_RECP_CTX *recp)
  63. {
  64. BN_init(&(recp->N));
  65. BN_init(&(recp->Nr));
  66. recp->num_bits=0;
  67. recp->flags=0;
  68. }
  69. BN_RECP_CTX *BN_RECP_CTX_new(void)
  70. {
  71. BN_RECP_CTX *ret;
  72. if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
  73. return(NULL);
  74. BN_RECP_CTX_init(ret);
  75. ret->flags=BN_FLG_MALLOCED;
  76. return(ret);
  77. }
  78. void BN_RECP_CTX_free(BN_RECP_CTX *recp)
  79. {
  80. if(recp == NULL)
  81. return;
  82. BN_free(&(recp->N));
  83. BN_free(&(recp->Nr));
  84. if (recp->flags & BN_FLG_MALLOCED)
  85. OPENSSL_free(recp);
  86. }
  87. int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
  88. {
  89. if (!BN_copy(&(recp->N),d)) return 0;
  90. BN_zero(&(recp->Nr));
  91. recp->num_bits=BN_num_bits(d);
  92. recp->shift=0;
  93. return(1);
  94. }
  95. int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
  96. BN_RECP_CTX *recp, BN_CTX *ctx)
  97. {
  98. int ret=0;
  99. BIGNUM *a;
  100. const BIGNUM *ca;
  101. BN_CTX_start(ctx);
  102. if ((a = BN_CTX_get(ctx)) == NULL) goto err;
  103. if (y != NULL)
  104. {
  105. if (x == y)
  106. { if (!BN_sqr(a,x,ctx)) goto err; }
  107. else
  108. { if (!BN_mul(a,x,y,ctx)) goto err; }
  109. ca = a;
  110. }
  111. else
  112. ca=x; /* Just do the mod */
  113. ret = BN_div_recp(NULL,r,ca,recp,ctx);
  114. err:
  115. BN_CTX_end(ctx);
  116. bn_check_top(r);
  117. return(ret);
  118. }
  119. int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
  120. BN_RECP_CTX *recp, BN_CTX *ctx)
  121. {
  122. int i,j,ret=0;
  123. BIGNUM *a,*b,*d,*r;
  124. BN_CTX_start(ctx);
  125. a=BN_CTX_get(ctx);
  126. b=BN_CTX_get(ctx);
  127. if (dv != NULL)
  128. d=dv;
  129. else
  130. d=BN_CTX_get(ctx);
  131. if (rem != NULL)
  132. r=rem;
  133. else
  134. r=BN_CTX_get(ctx);
  135. if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
  136. if (BN_ucmp(m,&(recp->N)) < 0)
  137. {
  138. BN_zero(d);
  139. if (!BN_copy(r,m)) return 0;
  140. BN_CTX_end(ctx);
  141. return(1);
  142. }
  143. /* We want the remainder
  144. * Given input of ABCDEF / ab
  145. * we need multiply ABCDEF by 3 digests of the reciprocal of ab
  146. *
  147. */
  148. /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
  149. i=BN_num_bits(m);
  150. j=recp->num_bits<<1;
  151. if (j>i) i=j;
  152. /* Nr := round(2^i / N) */
  153. if (i != recp->shift)
  154. recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
  155. i,ctx); /* BN_reciprocal returns i, or -1 for an error */
  156. if (recp->shift == -1) goto err;
  157. /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
  158. * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
  159. * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
  160. * = |m/N|
  161. */
  162. if (!BN_rshift(a,m,recp->num_bits)) goto err;
  163. if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
  164. if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
  165. d->neg=0;
  166. if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
  167. if (!BN_usub(r,m,b)) goto err;
  168. r->neg=0;
  169. #if 1
  170. j=0;
  171. while (BN_ucmp(r,&(recp->N)) >= 0)
  172. {
  173. if (j++ > 2)
  174. {
  175. BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
  176. goto err;
  177. }
  178. if (!BN_usub(r,r,&(recp->N))) goto err;
  179. if (!BN_add_word(d,1)) goto err;
  180. }
  181. #endif
  182. r->neg=BN_is_zero(r)?0:m->neg;
  183. d->neg=m->neg^recp->N.neg;
  184. ret=1;
  185. err:
  186. BN_CTX_end(ctx);
  187. bn_check_top(dv);
  188. bn_check_top(rem);
  189. return(ret);
  190. }
  191. /* len is the expected size of the result
  192. * We actually calculate with an extra word of precision, so
  193. * we can do faster division if the remainder is not required.
  194. */
  195. /* r := 2^len / m */
  196. int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
  197. {
  198. int ret= -1;
  199. BIGNUM *t;
  200. BN_CTX_start(ctx);
  201. if((t = BN_CTX_get(ctx)) == NULL) goto err;
  202. if (!BN_set_bit(t,len)) goto err;
  203. if (!BN_div(r,NULL,t,m,ctx)) goto err;
  204. ret=len;
  205. err:
  206. bn_check_top(r);
  207. BN_CTX_end(ctx);
  208. return(ret);
  209. }