Mercurial > dropbear

comparison libtommath/bn_s_mp_invmod_fast.c @ 1692:1051e4eea25a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update LibTomMath to 1.2.0 (#84) * update C files * update other files * update headers * update makefiles * remove mp_set/get_double() * use ltm 1.2.0 API * update ltm_desc * use bundled tommath if system-tommath is too old * XMALLOC etc. were changed to MP_MALLOC etc.
author Steffen Jaeckel <s@jaeckel.eu>
date Tue, 26 May 2020 17:36:47 +0200
parents
children
comparison
equal deleted inserted replaced
1691:2d3745d58843 1692:1051e4eea25a
1 #include "tommath_private.h"
2 #ifdef BN_S_MP_INVMOD_FAST_C
3 /* LibTomMath, multiple-precision integer library -- Tom St Denis */
4 /* SPDX-License-Identifier: Unlicense */
5
6 /* computes the modular inverse via binary extended euclidean algorithm,
7 * that is c = 1/a mod b
8 *
9 * Based on slow invmod except this is optimized for the case where b is
10 * odd as per HAC Note 14.64 on pp. 610
11 */
12 mp_err s_mp_invmod_fast(const mp_int *a, const mp_int *b, mp_int *c)
13 {
14 mp_int x, y, u, v, B, D;
15 mp_sign neg;
16 mp_err err;
17
18 /* 2. [modified] b must be odd */
19 if (MP_IS_EVEN(b)) {
20 return MP_VAL;
21 }
22
23 /* init all our temps */
24 if ((err = mp_init_multi(&x, &y, &u, &v, &B, &D, NULL)) != MP_OKAY) {
25 return err;
26 }
27
28 /* x == modulus, y == value to invert */
29 if ((err = mp_copy(b, &x)) != MP_OKAY) goto LBL_ERR;
30
31 /* we need y = |a| */
32 if ((err = mp_mod(a, b, &y)) != MP_OKAY) goto LBL_ERR;
33
34 /* if one of x,y is zero return an error! */
35 if (MP_IS_ZERO(&x) || MP_IS_ZERO(&y)) {
36 err = MP_VAL;
37 goto LBL_ERR;
38 }
39
40 /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
41 if ((err = mp_copy(&x, &u)) != MP_OKAY) goto LBL_ERR;
42 if ((err = mp_copy(&y, &v)) != MP_OKAY) goto LBL_ERR;
43 mp_set(&D, 1uL);
44
45 top:
46 /* 4. while u is even do */
47 while (MP_IS_EVEN(&u)) {
48 /* 4.1 u = u/2 */
49 if ((err = mp_div_2(&u, &u)) != MP_OKAY) goto LBL_ERR;
50
51 /* 4.2 if B is odd then */
52 if (MP_IS_ODD(&B)) {
53 if ((err = mp_sub(&B, &x, &B)) != MP_OKAY) goto LBL_ERR;
54 }
55 /* B = B/2 */
56 if ((err = mp_div_2(&B, &B)) != MP_OKAY) goto LBL_ERR;
57 }
58
59 /* 5. while v is even do */
60 while (MP_IS_EVEN(&v)) {
61 /* 5.1 v = v/2 */
62 if ((err = mp_div_2(&v, &v)) != MP_OKAY) goto LBL_ERR;
63
64 /* 5.2 if D is odd then */
65 if (MP_IS_ODD(&D)) {
66 /* D = (D-x)/2 */
67 if ((err = mp_sub(&D, &x, &D)) != MP_OKAY) goto LBL_ERR;
68 }
69 /* D = D/2 */
70 if ((err = mp_div_2(&D, &D)) != MP_OKAY) goto LBL_ERR;
71 }
72
73 /* 6. if u >= v then */
74 if (mp_cmp(&u, &v) != MP_LT) {
75 /* u = u - v, B = B - D */
76 if ((err = mp_sub(&u, &v, &u)) != MP_OKAY) goto LBL_ERR;
77
78 if ((err = mp_sub(&B, &D, &B)) != MP_OKAY) goto LBL_ERR;
79 } else {
80 /* v - v - u, D = D - B */
81 if ((err = mp_sub(&v, &u, &v)) != MP_OKAY) goto LBL_ERR;
82
83 if ((err = mp_sub(&D, &B, &D)) != MP_OKAY) goto LBL_ERR;
84 }
85
86 /* if not zero goto step 4 */
87 if (!MP_IS_ZERO(&u)) {
88 goto top;
89 }
90
91 /* now a = C, b = D, gcd == g*v */
92
93 /* if v != 1 then there is no inverse */
94 if (mp_cmp_d(&v, 1uL) != MP_EQ) {
95 err = MP_VAL;
96 goto LBL_ERR;
97 }
98
99 /* b is now the inverse */
100 neg = a->sign;
101 while (D.sign == MP_NEG) {
102 if ((err = mp_add(&D, b, &D)) != MP_OKAY) goto LBL_ERR;
103 }
104
105 /* too big */
106 while (mp_cmp_mag(&D, b) != MP_LT) {
107 if ((err = mp_sub(&D, b, &D)) != MP_OKAY) goto LBL_ERR;
108 }
109
110 mp_exch(&D, c);
111 c->sign = neg;
112 err = MP_OKAY;
113
114 LBL_ERR:
115 mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL);
116 return err;
117 }
118 #endif