| blob | 4e47a76ce2970e6e277fb3e76641115290170f8d |
1 /*
2 Name: imath.c
3 Purpose: Arbitrary precision integer arithmetic routines.
4 Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
5 Info: $Id: imath.c 826 2009-02-11 16:21:04Z sting $
7 Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved.
9 Permission is hereby granted, free of charge, to any person
10 obtaining a copy of this software and associated documentation files
11 (the "Software"), to deal in the Software without restriction,
12 including without limitation the rights to use, copy, modify, merge,
13 publish, distribute, sublicense, and/or sell copies of the Software,
14 and to permit persons to whom the Software is furnished to do so,
15 subject to the following conditions:
17 The above copyright notice and this permission notice shall be
18 included in all copies or substantial portions of the Software.
20 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
24 BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
25 ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
26 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
27 SOFTWARE.
28 */
32 #if DEBUG
33 #include <stdio.h>
34 #endif
36 #include <stdlib.h>
37 #include <string.h>
38 #include <ctype.h>
40 #include <assert.h>
42 #if DEBUG
44 #else
45 #define STATIC static
46 #endif
48 /* {{{ Constants */
72 NULL
73 };
75 /* }}} */
77 /* Argument checking macros
78 Use CHECK() where a return value is required; NRCHECK() elsewhere */
79 #define CHECK(TEST) assert(TEST)
80 #define NRCHECK(TEST) assert(TEST)
82 /* {{{ Logarithm table for computing output sizes */
84 /* The ith entry of this table gives the value of log_i(2).
86 An integer value n requires ceil(log_i(n)) digits to be represented
87 in base i. Since it is easy to compute lg(n), by counting bits, we
88 can compute log_i(n) = lg(n) * log_i(2).
90 The use of this table eliminates a dependency upon linkage against
91 the standard math libraries.
92 */
104 };
106 /* }}} */
107 /* {{{ Various macros */
109 /* Return the number of digits needed to represent a static value */
110 #define MP_VALUE_DIGITS(V) \
111 ((sizeof(V)+(sizeof(mp_digit)-1))/sizeof(mp_digit))
113 /* Round precision P to nearest word boundary */
114 #define ROUND_PREC(P) ((mp_size)(2*(((P)+1)/2)))
116 /* Set array P of S digits to zero */
117 #define ZERO(P, S) \
118 do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P);memset(p__,0,i__);}while(0)
120 /* Copy S digits from array P to array Q */
121 #define COPY(P, Q, S) \
122 do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P),*q__=(Q);\
123 memcpy(q__,p__,i__);}while(0)
125 /* Reverse N elements of type T in array A */
126 #define REV(T, A, N) \
127 do{T *u_=(A),*v_=u_+(N)-1;while(u_<v_){T xch=*u_;*u_++=*v_;*v_--=xch;}}while(0)
129 #define CLAMP(Z) \
130 do{mp_int z_=(Z);mp_size uz_=MP_USED(z_);mp_digit *dz_=MP_DIGITS(z_)+uz_-1;\
131 while(uz_ > 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0)
133 /* Select min/max. Do not provide expressions for which multiple
134 evaluation would be problematic, e.g. x++ */
135 #define MIN(A, B) ((B)<(A)?(B):(A))
136 #define MAX(A, B) ((B)>(A)?(B):(A))
138 /* Exchange lvalues A and B of type T, e.g.
139 SWAP(int, x, y) where x and y are variables of type int. */
140 #define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0)
142 /* Used to set up and access simple temp stacks within functions. */
143 #define TEMP(K) (temp + (K))
144 #define SETUP(E, C) \
145 do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0)
147 /* Compare value to zero. */
148 #define CMPZ(Z) \
149 (((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1)
151 /* Multiply X by Y into Z, ignoring signs. Requires that Z have
152 enough storage preallocated to hold the result. */
153 #define UMUL(X, Y, Z) \
154 do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\
155 ZERO(MP_DIGITS(Z),o_);\
156 (void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\
157 MP_USED(Z)=o_;CLAMP(Z);}while(0)
159 /* Square X into Z. Requires that Z have enough storage to hold the
160 result. */
161 #define USQR(X, Z) \
162 do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\
163 (void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0)
165 #define UPPER_HALF(W) ((mp_word)((W) >> MP_DIGIT_BIT))
166 #define LOWER_HALF(W) ((mp_digit)(W))
167 #define HIGH_BIT_SET(W) ((W) >> (MP_WORD_BIT - 1))
168 #define ADD_WILL_OVERFLOW(W, V) ((MP_WORD_MAX - (V)) < (W))
170 /* }}} */
171 /* {{{ Default configuration settings */
173 /* Default number of digits allocated to a new mp_int */
174 #if IMATH_TEST
176 #else
178 #endif
180 /* Minimum number of digits to invoke recursive multiply */
181 #if IMATH_TEST
183 #else
185 #endif
187 /* }}} */
189 /* Allocate a buffer of (at least) num digits, or return
190 NULL if that couldn't be done. */
193 /* Release a buffer of digits allocated by s_alloc(). */
196 /* Insure that z has at least min digits allocated, resizing if
197 necessary. Returns true if successful, false if out of memory. */
200 /* Fill in a "fake" mp_int on the stack with a given value */
203 /* Compare two runs of digits of given length, returns <0, 0, >0 */
206 /* Pack the unsigned digits of v into array t */
209 /* Compare magnitudes of a and b, returns <0, 0, >0 */
212 /* Compare magnitudes of a and v, returns <0, 0, >0 */
215 /* Unsigned magnitude addition; assumes dc is big enough.
216 Carry out is returned (no memory allocated). */
220 /* Unsigned magnitude subtraction. Assumes dc is big enough. */
224 /* Unsigned recursive multiplication. Assumes dc is big enough. */
228 /* Unsigned magnitude multiplication. Assumes dc is big enough. */
232 /* Unsigned recursive squaring. Assumes dc is big enough. */
235 /* Unsigned magnitude squaring. Assumes dc is big enough. */
238 /* Single digit addition. Assumes a is big enough. */
241 /* Single digit multiplication. Assumes a is big enough. */
244 /* Single digit multiplication on buffers; assumes dc is big enough. */
246 mp_size size_a);
248 /* Single digit division. Replaces a with the quotient,
249 returns the remainder. */
252 /* Quick division by a power of 2, replaces z (no allocation) */
255 /* Quick remainder by a power of 2, replaces z (no allocation) */
258 /* Quick multiplication by a power of 2, replaces z.
259 Allocates if necessary; returns false in case this fails. */
262 /* Quick subtraction from a power of 2, replaces z.
263 Allocates if necessary; returns false in case this fails. */
266 /* Return maximum k such that 2^k divides z. */
269 /* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */
272 /* Set z to 2^k. May allocate; returns false in case this fails. */
275 /* Normalize a and b for division, returns normalization constant */
278 /* Compute constant mu for Barrett reduction, given modulus m, result
279 replaces z, m is untouched. */
282 /* Reduce a modulo m, using Barrett's algorithm. */
285 /* Modular exponentiation, using Barrett reduction */
288 /* Unsigned magnitude division. Assumes |a| > |b|. Allocates
289 temporaries; overwrites a with quotient, b with remainder. */
292 /* Compute the number of digits in radix r required to represent the
293 given value. Does not account for sign flags, terminators, etc. */
296 /* Guess how many digits of precision will be needed to represent a
297 radix r value of the specified number of digits. Returns a value
298 guaranteed to be no smaller than the actual number required. */
301 /* Convert a character to a digit value in radix r, or
302 -1 if out of range */
305 /* Convert a digit value to a character */
308 /* Take 2's complement of a buffer in place */
311 /* Convert a value to binary, ignoring sign. On input, *limpos is the
312 bound on how many bytes should be written to buf; on output, *limpos
313 is set to the number of bytes actually written. */
316 #if DEBUG
317 /* Dump a representation of the mp_int to standard output */
320 #endif
322 /* {{{ mp_int_init(z) */
325 {
336 }
338 /* }}} */
340 /* {{{ mp_int_alloc() */
343 {
350 }
352 /* }}} */
354 /* {{{ mp_int_init_size(z, prec) */
357 {
364 else
376 }
378 /* }}} */
380 /* {{{ mp_int_init_copy(z, old) */
383 {
384 mp_result res;
385 mp_size uold;
392 }
398 }
405 }
407 /* }}} */
409 /* {{{ mp_int_init_value(z, value) */
412 {
413 mpz_t vtmp;
418 }
420 /* }}} */
422 /* {{{ mp_int_set_value(z, value) */
425 {
426 mpz_t vtmp;
431 }
433 /* }}} */
435 /* {{{ mp_int_clear(z) */
438 {
447 }
448 }
450 /* }}} */
452 /* {{{ mp_int_free(z) */
455 {
460 }
462 /* }}} */
464 /* {{{ mp_int_copy(a, c) */
467 {
482 }
485 }
487 /* }}} */
489 /* {{{ mp_int_swap(a, c) */
492 {
498 }
499 }
501 /* }}} */
503 /* {{{ mp_int_zero(z) */
506 {
512 }
514 /* }}} */
516 /* {{{ mp_int_abs(a, c) */
519 {
520 mp_result res;
529 }
531 /* }}} */
533 /* {{{ mp_int_neg(a, c) */
536 {
537 mp_result res;
548 }
550 /* }}} */
552 /* {{{ mp_int_add(a, b, c) */
555 {
564 /* Same sign -- add magnitudes, preserve sign of addends */
565 mp_digit carry;
566 mp_size uc;
580 }
585 }
587 /* Different signs -- subtract magnitudes, preserve sign of greater */
591 /* Set x to max(a, b), y to min(a, b) to simplify later code.
592 A special case yields zero for equal magnitudes.
593 */
597 }
600 }
603 }
608 /* Subtract smaller from larger */
613 /* Give result the sign of the larger */
615 }
618 }
620 /* }}} */
622 /* {{{ mp_int_add_value(a, value, c) */
625 {
626 mpz_t vtmp;
632 }
634 /* }}} */
636 /* {{{ mp_int_sub(a, b, c) */
639 {
648 /* Different signs -- add magnitudes and keep sign of a */
649 mp_digit carry;
650 mp_size uc;
664 }
669 }
671 /* Same signs -- subtract magnitudes */
673 mp_sign osign;
681 }
684 }
694 }
697 }
699 /* }}} */
701 /* {{{ mp_int_sub_value(a, value, c) */
704 {
705 mpz_t vtmp;
711 }
713 /* }}} */
715 /* {{{ mp_int_mul(a, b, c) */
718 {
721 mp_sign osign;
725 /* If either input is zero, we can shortcut multiplication */
729 }
731 /* Output is positive if inputs have same sign, otherwise negative */
734 /* If the output is not identical to any of the inputs, we'll write
735 the results directly; otherwise, allocate a temporary space. */
746 }
752 }
758 /* If we allocated a new buffer, get rid of whatever memory c was
759 already using, and fix up its fields to reflect that.
760 */
766 }
773 }
775 /* }}} */
777 /* {{{ mp_int_mul_value(a, value, c) */
780 {
781 mpz_t vtmp;
787 }
789 /* }}} */
791 /* {{{ mp_int_mul_pow2(a, p2, c) */
794 {
795 mp_result res;
803 else
805 }
807 /* }}} */
809 /* {{{ mp_int_sqr(a, c) */
812 {
818 /* Get a temporary buffer big enough to hold the result */
826 }
832 }
837 /* Get rid of whatever memory c was already using, and fix up its
838 fields to reflect the new digit array it's using
839 */
845 }
852 }
854 /* }}} */
856 /* {{{ mp_int_div(a, b, q, r) */
859 {
871 /* If |a| < |b|, no division is required:
872 q = 0, r = a
873 */
881 }
883 /* If |a| = |b|, no division is required:
884 q = 1 or -1, r = 0
885 */
895 }
898 }
900 /* When |a| > |b|, real division is required. We need someplace to
901 store quotient and remainder, but q and r are allowed to be NULL
902 or to overlap with the inputs.
903 */
908 else
910 }
914 }
919 else
921 }
925 }
928 }
935 }
937 /* Recompute signs for output */
942 }
947 }
952 CLEANUP:
957 }
959 /* }}} */
961 /* {{{ mp_int_mod(a, m, c) */
964 {
965 mp_result res;
966 mpz_t tmp;
967 mp_int out;
972 }
975 }
982 else
985 CLEANUP:
990 }
992 /* }}} */
994 /* {{{ mp_int_div_value(a, value, q, r) */
997 {
1000 mp_result res;
1011 CLEANUP:
1014 }
1016 /* }}} */
1018 /* {{{ mp_int_div_pow2(a, p2, q, r) */
1021 {
1033 }
1035 /* }}} */
1037 /* {{{ mp_int_expt(a, b, c) */
1040 {
1041 mpz_t t;
1042 mp_result res;
1055 }
1062 }
1064 CLEANUP:
1067 }
1069 /* }}} */
1071 /* {{{ mp_int_expt_value(a, b, c) */
1074 {
1075 mpz_t t;
1076 mp_result res;
1089 }
1096 }
1098 CLEANUP:
1101 }
1103 /* }}} */
1105 /* {{{ mp_int_compare(a, b) */
1108 {
1109 mp_sign sa;
1117 /* If they're both zero or positive, the normal comparison
1118 applies; if both negative, the sense is reversed. */
1121 else
1124 }
1128 else
1130 }
1131 }
1133 /* }}} */
1135 /* {{{ mp_int_compare_unsigned(a, b) */
1138 {
1142 }
1144 /* }}} */
1146 /* {{{ mp_int_compare_zero(z) */
1149 {
1156 else
1158 }
1160 /* }}} */
1162 /* {{{ mp_int_compare_value(z, value) */
1165 {
1176 else
1178 }
1182 else
1184 }
1185 }
1187 /* }}} */
1189 /* {{{ mp_int_exptmod(a, b, m, c) */
1192 {
1193 mp_result res;
1194 mp_size um;
1196 mp_int s;
1201 /* Zero moduli and negative exponents are not considered. */
1214 }
1217 }
1228 CLEANUP:
1233 }
1235 /* }}} */
1237 /* {{{ mp_int_exptmod_evalue(a, value, m, c) */
1240 {
1241 mpz_t vtmp;
1247 }
1249 /* }}} */
1251 /* {{{ mp_int_exptmod_bvalue(v, b, m, c) */
1255 {
1256 mpz_t vtmp;
1262 }
1264 /* }}} */
1266 /* {{{ mp_int_exptmod_known(a, b, m, mu, c) */
1269 {
1270 mp_result res;
1271 mp_size um;
1273 mp_int s;
1278 /* Zero moduli and negative exponents are not considered. */
1290 }
1293 }
1302 CLEANUP:
1307 }
1309 /* }}} */
1311 /* {{{ mp_int_redux_const(m, c) */
1314 {
1318 }
1320 /* }}} */
1322 /* {{{ mp_int_invmod(a, m, c) */
1325 {
1326 mp_result res;
1327 mp_sign sa;
1347 }
1349 /* It is first necessary to constrain the value to the proper range */
1353 /* Now, if 'a' was originally negative, the value we have is
1354 actually the magnitude of the negative representative; to get the
1355 positive value we have to subtract from the modulus. Otherwise,
1356 the value is okay as it stands.
1357 */
1360 else
1363 CLEANUP:
1368 }
1370 /* }}} */
1372 /* {{{ mp_int_gcd(a, b, c) */
1374 /* Binary GCD algorithm due to Josef Stein, 1961 */
1376 {
1379 mp_result res;
1406 }
1411 }
1415 }
1423 }
1427 }
1434 }
1441 CLEANUP:
1447 }
1449 /* }}} */
1451 /* {{{ mp_int_egcd(a, b, c, x, y) */
1453 /* This is the binary GCD algorithm again, but this time we keep track
1454 of the elementary matrix operations as we go, so we can get values
1455 x and y satisfying c = ax + by.
1456 */
1459 {
1462 mp_result res;
1474 }
1478 }
1480 /* Initialize temporaries:
1481 A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */
1490 /* We will work with absolute values here */
1500 }
1514 }
1518 }
1528 }
1532 }
1538 }
1543 }
1552 }
1555 }
1558 }
1559 }
1561 CLEANUP:
1566 }
1568 /* }}} */
1570 /* {{{ mp_int_lcm(a, b, c) */
1573 {
1574 mpz_t lcm;
1575 mp_result res;
1579 /* Since a * b = gcd(a, b) * lcm(a, b), we can compute
1580 lcm(a, b) = (a / gcd(a, b)) * b.
1582 This formulation insures everything works even if the input
1583 variables share space.
1584 */
1596 CLEANUP:
1600 }
1602 /* }}} */
1604 /* {{{ mp_int_divisible_value(a, v) */
1607 {
1614 }
1616 /* }}} */
1618 /* {{{ mp_int_is_pow2(z) */
1621 {
1625 }
1627 /* }}} */
1629 /* {{{ mp_int_root(a, b, c) */
1631 /* Implementation of Newton's root finding method, based loosely on a
1632 patch contributed by Hal Finkel <half@halssoftware.com>
1633 modified by M. J. Fromberger.
1634 */
1636 {
1646 }
1650 else
1652 }
1684 }
1687 }
1692 /* If the original value of a was negative, flip the output sign. */
1696 CLEANUP:
1701 }
1703 /* }}} */
1705 /* {{{ mp_int_to_int(z, out) */
1708 {
1710 mp_size uz;
1712 mp_sign sz;
1716 /* Make sure the value is representable as an int */
1729 }
1735 }
1737 /* }}} */
1739 /* {{{ mp_int_to_uint(z, *out) */
1742 {
1744 mp_size uz;
1746 mp_sign sz;
1750 /* Make sure the value is representable as an int */
1762 }
1768 }
1770 /* }}} */
1772 /* {{{ mp_int_to_string(z, radix, str, limit) */
1776 {
1777 mp_result res;
1787 }
1789 mpz_t tmp;
1798 }
1801 /* Generate digits in reverse order until finished or limit reached */
1803 mp_digit d;
1810 }
1813 /* Put digits back in correct output order */
1818 }
1821 }
1826 else
1828 }
1830 /* }}} */
1832 /* {{{ mp_int_string_len(z, radix) */
1835 {
1845 /* Allow for sign marker on negatives */
1850 }
1852 /* }}} */
1854 /* {{{ mp_int_read_string(z, radix, *str) */
1856 /* Read zero-terminated string into z */
1858 {
1861 }
1863 /* }}} */
1865 /* {{{ mp_int_read_cstring(z, radix, *str, **end) */
1868 {
1876 /* Skip leading whitespace */
1880 /* Handle leading sign tag (+/-, positive default) */
1891 }
1893 /* Skip leading zeroes */
1897 /* Make sure there is enough space for the value */
1907 }
1911 /* Override sign for zero, even if negative specified. */
1918 /* Return a truncation error if the string has unprocessed
1919 characters remaining, so the caller can tell if the whole string
1920 was done */
1923 else
1925 }
1927 /* }}} */
1929 /* {{{ mp_int_count_bits(z) */
1932 {
1934 mp_digit d;
1949 }
1952 }
1954 /* }}} */
1956 /* {{{ mp_int_to_binary(z, buf, limit) */
1959 {
1962 mp_result res;
1973 }
1975 /* }}} */
1977 /* {{{ mp_int_read_binary(z, buf, len) */
1980 {
1987 /* Figure out how many digits are needed to represent this value */
1994 /* If the high-order bit is set, take the 2's complement before
1995 reading the value (it will be restored afterward) */
1999 }
2005 }
2007 /* Restore 2's complement if we took it before */
2012 }
2014 /* }}} */
2016 /* {{{ mp_int_binary_len(z) */
2019 {
2028 /* If the highest-order bit falls exactly on a byte boundary, we
2029 need to pad with an extra byte so that the sign will be read
2030 correctly when reading it back in. */
2035 }
2037 /* }}} */
2039 /* {{{ mp_int_to_unsigned(z, buf, limit) */
2042 {
2048 }
2050 /* }}} */
2052 /* {{{ mp_int_read_unsigned(z, buf, len) */
2055 {
2062 /* Figure out how many digits are needed to represent this value */
2073 }
2076 }
2078 /* }}} */
2080 /* {{{ mp_int_unsigned_len(z) */
2083 {
2093 }
2095 /* }}} */
2097 /* {{{ mp_error_string(res) */
2100 {
2107 ;
2111 else
2113 }
2115 /* }}} */
2117 /*------------------------------------------------------------------------*/
2118 /* Private functions for internal use. These make assumptions. */
2120 /* {{{ s_alloc(num) */
2123 {
2127 #if DEBUG > 1
2128 {
2134 }
2135 #endif
2138 }
2140 /* }}} */
2142 /* {{{ s_realloc(old, osize, nsize) */
2145 {
2146 #if DEBUG > 1
2154 #else
2158 #endif
2160 }
2162 /* }}} */
2164 /* {{{ s_free(ptr) */
2167 {
2169 }
2171 /* }}} */
2173 /* {{{ s_pad(z, min) */
2176 {
2186 }
2192 }
2195 }
2197 /* }}} */
2199 /* {{{ s_fake(z, value, vbuf) */
2202 {
2209 }
2211 /* }}} */
2213 /* {{{ s_cdig(da, db, len) */
2216 {
2224 }
2227 }
2229 /* }}} */
2231 /* {{{ s_vpack(v, t[]) */
2234 {
2245 }
2246 }
2249 }
2251 /* }}} */
2253 /* {{{ s_ucmp(a, b) */
2256 {
2263 else
2265 }
2267 /* }}} */
2269 /* {{{ s_vcmp(a, v) */
2272 {
2283 else
2285 }
2287 /* }}} */
2289 /* {{{ s_uadd(da, db, dc, size_a, size_b) */
2293 {
2294 mp_size pos;
2297 /* Insure that da is the longer of the two to simplify later code */
2301 }
2303 /* Add corresponding digits until the shorter number runs out */
2308 }
2310 /* Propagate carries as far as necessary */
2316 }
2318 /* Return carry out */
2320 }
2322 /* }}} */
2324 /* {{{ s_usub(da, db, dc, size_a, size_b) */
2328 {
2329 mp_size pos;
2332 /* We assume that |a| >= |b| so this should definitely hold */
2335 /* Subtract corresponding digits and propagate borrow */
2342 }
2344 /* Finish the subtraction for remaining upper digits of da */
2351 }
2353 /* If there is a borrow out at the end, it violates the precondition */
2355 }
2357 /* }}} */
2359 /* {{{ s_kmul(da, db, dc, size_a, size_b) */
2363 {
2364 mp_size bot_size;
2366 /* Make sure b is the smaller of the two input values */
2370 }
2372 /* Insure that the bottom is the larger half in an odd-length split;
2373 the code below relies on this being true.
2374 */
2377 /* If the values are big enough to bother with recursion, use the
2378 Karatsuba algorithm to compute the product; otherwise use the
2379 normal multiplication algorithm
2380 */
2394 /* Do a single allocation for all three temporary buffers needed;
2395 each buffer must be big enough to hold the product of two
2396 bottom halves, and one buffer needs space for the completed
2397 product; twice the space is plenty.
2398 */
2404 /* t1 and t2 are initially used as temporaries to compute the inner product
2405 (a1 + a0)(b1 + b0) = a1b1 + a1b0 + a0b1 + a0b0
2406 */
2415 /* Now we'll get t1 = a0b0 and t2 = a1b1, and subtract them out so that
2416 we're left with only the pieces we want: t3 = a1b0 + a0b1
2417 */
2423 /* Subtract out t1 and t2 to get the inner product */
2427 /* Assemble the output value */
2438 }
2441 }
2444 }
2446 /* }}} */
2448 /* {{{ s_umul(da, db, dc, size_a, size_b) */
2452 {
2454 mp_word w;
2469 }
2472 }
2473 }
2475 /* }}} */
2477 /* {{{ s_ksqr(da, dc, size_a) */
2480 {
2498 /* Quick multiply t3 by 2, shifting left (can't overflow) */
2499 {
2508 }
2510 }
2512 /* Assemble the output value */
2524 }
2527 }
2530 }
2532 /* }}} */
2534 /* {{{ s_usqr(da, dc, size_a) */
2537 {
2539 mp_word w;
2547 /* Take care of the first digit, no rollover */
2557 /* Check if doubling t will overflow a word */
2563 /* Check if adding u to w will overflow a word */
2574 }
2575 }
2582 }
2585 }
2586 }
2588 /* }}} */
2590 /* {{{ s_dadd(a, b) */
2593 {
2607 }
2612 }
2613 }
2615 /* }}} */
2617 /* {{{ s_dmul(a, b) */
2620 {
2630 }
2635 }
2636 }
2638 /* }}} */
2640 /* {{{ s_dbmul(da, b, dc, size_a) */
2643 {
2652 }
2656 }
2658 /* }}} */
2660 /* {{{ s_ddiv(da, d, dc, size_a) */
2663 {
2674 }
2677 }
2680 }
2684 }
2686 /* }}} */
2688 /* {{{ s_qdiv(z, p2) */
2691 {
2696 mp_size mark;
2702 }
2710 }
2724 }
2727 }
2731 }
2733 /* }}} */
2735 /* {{{ s_qmod(z, p2) */
2738 {
2747 }
2748 }
2750 /* }}} */
2752 /* {{{ s_qmul(z, p2) */
2755 {
2765 /* Figure out if we need an extra digit at the top end; this occurs
2766 if the topmost `rest' bits of the high-order digit of z are not
2767 zero, meaning they will be shifted off the end if not preserved */
2774 }
2779 /* If we need to shift by whole digits, do that in one pass, then
2780 to back and shift by partial digits.
2781 */
2791 }
2800 }
2806 }
2807 }
2813 }
2815 /* }}} */
2817 /* {{{ s_qsub(z, p2) */
2819 /* Compute z = 2^p2 - |z|; requires that 2^p2 >= |z|
2820 The sign of the result is always zero/positive.
2821 */
2823 {
2836 }
2847 }
2849 /* }}} */
2851 /* {{{ s_dp2k(z) */
2854 {
2864 }
2870 }
2873 }
2875 /* }}} */
2877 /* {{{ s_isp2(z) */
2880 {
2889 }
2896 }
2899 }
2901 /* }}} */
2903 /* {{{ s_2expt(z, k) */
2906 {
2922 }
2924 /* }}} */
2926 /* {{{ s_norm(a, b) */
2929 {
2936 }
2938 /* These multiplications can't fail */
2942 }
2945 }
2947 /* }}} */
2949 /* {{{ s_brmu(z, m) */
2952 {
2960 }
2962 /* }}} */
2964 /* {{{ s_reduce(x, m, mu, q1, q2) */
2967 {
2976 /* Compute q2 = floor((floor(x / b^(k-1)) * mu) / b^(k+1)) */
2981 /* Set x = x mod b^(k+1) */
2984 /* Now, q is a guess for the quotient a / m.
2985 Compute x - q * m mod b^(k+1), replacing x. This may be off
2986 by a factor of 2m, but no more than that.
2987 */
2992 /* The result may be < 0; if it is, add b^(k+1) to pin it in the
2993 proper range. */
2997 /* If x > m, we need to back it off until it is in range.
2998 This will be required at most twice. */
3003 }
3005 /* At this point, x has been properly reduced. */
3007 }
3009 /* }}} */
3011 /* {{{ s_embar(a, b, m, mu, c) */
3013 /* Perform modular exponentiation using Barrett's method, where mu is
3014 the reduction constant for m. Assumes a < m, b > 0. */
3016 {
3019 mp_result res;
3027 }
3031 /* Take care of low-order digits */
3037 /* The use of a second temporary avoids allocation */
3041 }
3043 }
3050 }
3055 }
3058 }
3060 /* Take care of highest-order digit */
3067 }
3069 }
3077 }
3079 }
3081 CLEANUP:
3086 }
3088 /* }}} */
3090 /* {{{ s_udiv(a, b) */
3092 /* Precondition: a >= b and b > 0
3093 Postcondition: a' = a / b, b' = a % b
3094 */
3096 {
3103 /* Force signs to positive */
3107 /* Normalize, per Knuth */
3121 /* Solve for quotient digits, store in q.digits in reverse order */
3133 }
3136 mp_word qdigit;
3142 }
3147 }
3154 }
3162 }
3163 }
3165 /* Put quotient digits in the correct order, and discard extra zeroes */
3170 /* Denormalize the remainder */
3179 CLEANUP:
3182 }
3184 /* }}} */
3186 /* {{{ s_outlen(z, r) */
3189 {
3190 mp_result bits;
3199 }
3201 /* }}} */
3203 /* {{{ s_inlen(len, r) */
3206 {
3211 }
3213 /* }}} */
3215 /* {{{ s_ch2val(c, r) */
3218 {
3225 else
3229 }
3231 /* }}} */
3233 /* {{{ s_val2ch(v, caps) */
3236 {
3246 else
3248 }
3249 }
3251 /* }}} */
3253 /* {{{ s_2comp(buf, len) */
3256 {
3268 }
3270 /* last carry out is ignored */
3271 }
3273 /* }}} */
3275 /* {{{ s_tobin(z, buf, *limpos) */
3278 {
3279 mp_size uz;
3292 /* Don't write leading zeroes */
3295 }
3297 /* Detect truncation (loop exited with pos >= limit) */
3301 }
3306 else
3308 }
3310 /* Digits are in reverse order, fix that */
3313 /* Return the number of bytes actually written */
3317 }
3319 /* }}} */
3321 /* {{{ s_print(tag, z) */
3323 #if DEBUG
3325 {
3336 }
3339 {
3348 }
3349 #endif
3351 /* }}} */
3353 /* HERE THERE BE DRAGONS */