/* -*-c-*-
*
- * $Id: mpmont.c,v 1.15 2001/06/16 13:00:20 mdw Exp $
+ * $Id: mpmont.c,v 1.18 2004/04/03 03:32:05 mdw Exp $
*
* Montgomery reduction
*
/*----- Revision history --------------------------------------------------*
*
* $Log: mpmont.c,v $
+ * Revision 1.18 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
+ * Revision 1.17 2004/04/01 12:50:09 mdw
+ * Add cyclic group abstraction, with test code. Separate off exponentation
+ * functions for better static linking. Fix a buttload of bugs on the way.
+ * Generally ensure that negative exponents do inversion correctly. Add
+ * table of standard prime-field subgroups. (Binary field subgroups are
+ * currently unimplemented but easy to add if anyone ever finds a good one.)
+ *
+ * Revision 1.16 2002/01/13 13:40:31 mdw
+ * Avoid trashing arguments before we've used them.
+ *
* Revision 1.15 2001/06/16 13:00:20 mdw
* Use the generic exponentiation functions.
*
#include "mp.h"
#include "mpmont.h"
-#include "mpmont-exp.h"
/*----- Tweakables --------------------------------------------------------*/
mp *r2 = mp_new(2 * n + 1, 0);
mp r;
- /* --- Validate the arguments --- */
-
- assert(((void)"Montgomery modulus must be positive",
- (m->f & MP_NEG) == 0));
- assert(((void)"Montgomery modulus must be odd", m->v[0] & 1));
-
/* --- Take a copy of the modulus --- */
- mp_shrink(m);
+ assert(MP_ISPOS(m) && MP_ISODD(m));
mm->m = MP_COPY(m);
/* --- Determine %$R^2$% --- */
#endif
-/*----- Exponentiation ----------------------------------------------------*/
-
-/* --- @mpmont_expr@ --- *
- *
- * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
- * @mp *d@ = fake destination
- * @mp *a@ = base
- * @mp *e@ = exponent
- *
- * Returns: Result, %$(a R^{-1})^e R \bmod m$%.
- */
-
-mp *mpmont_expr(mpmont *mm, mp *d, mp *a, mp *e)
-{
- mp *x = MP_COPY(mm->r);
- mp *spare = (e->f & MP_BURN) ? MP_NEWSEC : MP_NEW;
-
- MP_SHRINK(e);
- if (MP_LEN(e) == 0)
- ;
- else if (MP_LEN(e) < EXP_THRESH)
- EXP_SIMPLE(x, a, e);
- else
- EXP_WINDOW(x, a, e);
- mp_drop(d);
- mp_drop(spare);
- return (x);
-}
-
-/* --- @mpmont_exp@ --- *
- *
- * Arguments: @mpmont *mm@ = pointer to Montgomery reduction context
- * @mp *d@ = fake destination
- * @mp *a@ = base
- * @mp *e@ = exponent
- *
- * Returns: Result, %$a^e \bmod m$%.
- */
-
-mp *mpmont_exp(mpmont *mm, mp *d, mp *a, mp *e)
-{
- d = mpmont_mul(mm, d, a, mm->r2);
- d = mpmont_expr(mm, d, d, e);
- d = mpmont_reduce(mm, d, d);
- return (d);
-}
-
/*----- Test rig ----------------------------------------------------------*/
#ifdef TEST_RIG
return ok;
}
-static int texp(dstr *v)
-{
- mp *m = *(mp **)v[0].buf;
- mp *a = *(mp **)v[1].buf;
- mp *b = *(mp **)v[2].buf;
- mp *r = *(mp **)v[3].buf;
- mp *mr;
- int ok = 1;
-
- mpmont mm;
- mpmont_create(&mm, m);
-
- mr = mpmont_exp(&mm, MP_NEW, a, b);
-
- if (!MP_EQ(mr, r)) {
- fputs("\n*** montgomery modexp failed", stderr);
- fputs("\n m = ", stderr); mp_writefile(m, stderr, 10);
- fputs("\n a = ", stderr); mp_writefile(a, stderr, 10);
- fputs("\n e = ", stderr); mp_writefile(b, stderr, 10);
- fputs("\n r = ", stderr); mp_writefile(r, stderr, 10);
- fputs("\nmr = ", stderr); mp_writefile(mr, stderr, 10);
- fputc('\n', stderr);
- ok = 0;
- }
-
- MP_DROP(m);
- MP_DROP(a);
- MP_DROP(b);
- MP_DROP(r);
- MP_DROP(mr);
- mpmont_destroy(&mm);
- assert(mparena_count(MPARENA_GLOBAL) == 0);
- return ok;
-}
-
-
static test_chunk tests[] = {
{ "create", tcreate, { &type_mp, &type_mp, &type_mp, &type_mp, 0 } },
{ "mul", tmul, { &type_mp, &type_mp, &type_mp, &type_mp, 0 } },
- { "exp", texp, { &type_mp, &type_mp, &type_mp, &type_mp, 0 } },
{ 0, 0, { 0 } },
};
projects / u / mdw / catacomb / blobdiff