📄 bn_exp.c
字号:
}
bits=BN_num_bits(p);
if (bits == 0)
{
ret = BN_one(rr);
return ret;
}
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
if (d == NULL || r == NULL) goto err;
/* If this is not done, things will break in the montgomery
* part */
if (in_mont != NULL)
mont=in_mont;
else
{
if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
}
BN_init(&val[0]);
ts=1;
if (a->neg || BN_ucmp(a,m) >= 0)
{
if (!BN_nnmod(&(val[0]),a,m,ctx))
goto err;
aa= &(val[0]);
}
else
aa=a;
if (BN_is_zero(aa))
{
ret = BN_zero(rr);
goto err;
}
if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
if (window > 1)
{
if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
j=1<<(window-1);
for (i=1; i<j; i++)
{
BN_init(&(val[i]));
if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
goto err;
}
ts=i;
}
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
* buffer. */
wvalue=0; /* The 'value' of the window */
wstart=bits-1; /* The top bit of the window */
wend=0; /* The bottom bit of the window */
if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
for (;;)
{
if (BN_is_bit_set(p,wstart) == 0)
{
if (!start)
{
if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
goto err;
}
if (wstart == 0) break;
wstart--;
continue;
}
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
j=wstart;
wvalue=1;
wend=0;
for (i=1; i<window; i++)
{
if (wstart-i < 0) break;
if (BN_is_bit_set(p,wstart-i))
{
wvalue<<=(i-wend);
wvalue|=1;
wend=i;
}
}
/* wend is the size of the current window */
j=wend+1;
/* add the 'bytes above' */
if (!start)
for (i=0; i<j; i++)
{
if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx))
goto err;
/* move the 'window' down further */
wstart-=wend+1;
wvalue=0;
start=0;
if (wstart < 0) break;
}
if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
ret=1;
err:
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
for (i=0; i<ts; i++)
BN_clear_free(&(val[i]));
return(ret);
}
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BN_MONT_CTX *mont = NULL;
int b, bits, ret=0;
int r_is_one;
BN_ULONG w, next_w;
BIGNUM *d, *r, *t;
BIGNUM *swap_tmp;
#define BN_MOD_MUL_WORD(r, w, m) \
(BN_mul_word(r, (w)) && \
(/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
/* BN_MOD_MUL_WORD is only used with 'w' large,
* so the BN_ucmp test is probably more overhead
* than always using BN_mod (which uses BN_copy if
* a similar test returns true). */
/* We can use BN_mod and do not need BN_nnmod because our
* accumulator is never negative (the result of BN_mod does
* not depend on the sign of the modulus).
*/
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
bn_check_top(p);
bn_check_top(m);
if (m->top == 0 || !(m->d[0] & 1))
{
BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
return(0);
}
if (m->top == 1)
a %= m->d[0]; /* make sure that 'a' is reduced */
bits = BN_num_bits(p);
if (bits == 0)
{
ret = BN_one(rr);
return ret;
}
if (a == 0)
{
ret = BN_zero(rr);
return ret;
}
BN_CTX_start(ctx);
d = BN_CTX_get(ctx);
r = BN_CTX_get(ctx);
t = BN_CTX_get(ctx);
if (d == NULL || r == NULL || t == NULL) goto err;
if (in_mont != NULL)
mont=in_mont;
else
{
if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
}
r_is_one = 1; /* except for Montgomery factor */
/* bits-1 >= 0 */
/* The result is accumulated in the product r*w. */
w = a; /* bit 'bits-1' of 'p' is always set */
for (b = bits-2; b >= 0; b--)
{
/* First, square r*w. */
next_w = w*w;
if ((next_w/w) != w) /* overflow */
{
if (r_is_one)
{
if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
r_is_one = 0;
}
else
{
if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
}
next_w = 1;
}
w = next_w;
if (!r_is_one)
{
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
}
/* Second, multiply r*w by 'a' if exponent bit is set. */
if (BN_is_bit_set(p, b))
{
next_w = w*a;
if ((next_w/a) != w) /* overflow */
{
if (r_is_one)
{
if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
r_is_one = 0;
}
else
{
if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
}
next_w = a;
}
w = next_w;
}
}
/* Finally, set r:=r*w. */
if (w != 1)
{
if (r_is_one)
{
if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
r_is_one = 0;
}
else
{
if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
}
}
if (r_is_one) /* can happen only if a == 1*/
{
if (!BN_one(rr)) goto err;
}
else
{
if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
}
ret = 1;
err:
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
BN_CTX_end(ctx);
return(ret);
}
/* The old fallback, simple version :-) */
int BN_mod_exp_simple(BIGNUM *r,
const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx)
{
int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
int start=1;
BIGNUM *d;
BIGNUM val[TABLE_SIZE];
bits=BN_num_bits(p);
if (bits == 0)
{
ret = BN_one(r);
return ret;
}
BN_CTX_start(ctx);
if ((d = BN_CTX_get(ctx)) == NULL) goto err;
BN_init(&(val[0]));
ts=1;
if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */
if (BN_is_zero(&(val[0])))
{
ret = BN_zero(r);
goto err;
}
window = BN_window_bits_for_exponent_size(bits);
if (window > 1)
{
if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
goto err; /* 2 */
j=1<<(window-1);
for (i=1; i<j; i++)
{
BN_init(&(val[i]));
if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
goto err;
}
ts=i;
}
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
* buffer. */
wvalue=0; /* The 'value' of the window */
wstart=bits-1; /* The top bit of the window */
wend=0; /* The bottom bit of the window */
if (!BN_one(r)) goto err;
for (;;)
{
if (BN_is_bit_set(p,wstart) == 0)
{
if (!start)
if (!BN_mod_mul(r,r,r,m,ctx))
goto err;
if (wstart == 0) break;
wstart--;
continue;
}
/* We now have wstart on a 'set' bit, we now need to work out
* how bit a window to do. To do this we need to scan
* forward until the last set bit before the end of the
* window */
j=wstart;
wvalue=1;
wend=0;
for (i=1; i<window; i++)
{
if (wstart-i < 0) break;
if (BN_is_bit_set(p,wstart-i))
{
wvalue<<=(i-wend);
wvalue|=1;
wend=i;
}
}
/* wend is the size of the current window */
j=wend+1;
/* add the 'bytes above' */
if (!start)
for (i=0; i<j; i++)
{
if (!BN_mod_mul(r,r,r,m,ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
goto err;
/* move the 'window' down further */
wstart-=wend+1;
wvalue=0;
start=0;
if (wstart < 0) break;
}
ret=1;
err:
BN_CTX_end(ctx);
for (i=0; i<ts; i++)
BN_clear_free(&(val[i]));
return(ret);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -