sshbn.c: Some number-theoretic utilities.

sshbn.c: Some number-theoretic utilities.

The `kronecker' function computes the Kronecker symbol (a|n), which is
an extension of the Jacobi symbol (itself an extension of the Legendre
symbol) with three useful properties.

  * It's fairly fast to compute -- a little slower than a GCD using
    Euclid's algorithm.

  * It's well-defined on all inputs (unlike the Jacobi and Legendre
    symbols), so it's safe to call.

  * When n is prime, the result tells you whether a is a quadratic
    residue mod n.

The code doesn't describe the algorithm in detail, but it basically
follows from Gauss's work on quadratic residues in `Disquisitiones
Arithmeticae'.  The relevant theory is part of most introductory number
theory texts; I like Shoup, `A Computational Introduction to Number
Theory and Algebra', <http://shoup.net/ntb/>.

The `modsqrt' function calculates square roots in a prime field.  It
takes a bit longer than a `modpow' call.  The algorithm is basically the
same as described in Menezes, van Oorschott and Vanstone, `Handbook of
Applied Cryptography', <http://cacr.uwaterloo.ca/hac/>; but the
explanation is based on Crandall and Pomerance, `Primes: A Computational
Introduction'.

The `kronecker' function is currently untested (except via `modsqrt');
`modsqrt' itself is tested via `testdata/bignum-fixed.txt' which will
gather more non-randomized tests with time.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>