Botan 3.10.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Montgomery_Int Class Referencefinal

#include <monty.h>

Public Member Functions

void _const_time_poison () const
void _const_time_unpoison () const
const Montgomery_Params_params () const
 Montgomery_Int (const Montgomery_Params &params)
 Montgomery_Int (const Montgomery_Params &params, const BigInt &v, bool redc_needed=true)
 Montgomery_Int (const Montgomery_Params &params, std::span< const word > words)
Montgomery_Int mul (const Montgomery_Int &other, secure_vector< word > &ws) const
Montgomery_Intmul_by (const Montgomery_Int &other, secure_vector< word > &ws)
Montgomery_Intmul_by (std::span< const word > other, secure_vector< word > &ws)
Montgomery_Int operator+ (const Montgomery_Int &other) const
Montgomery_Int operator- (const Montgomery_Int &other) const
const secure_vector< word > & repr () const
std::vector< uint8_t > serialize () const
Montgomery_Int square (secure_vector< word > &ws) const
Montgomery_Intsquare_this_n_times (secure_vector< word > &ws, size_t n)
BigInt value () const

Static Public Member Functions

static Montgomery_Int from_wide_int (const Montgomery_Params &params, const BigInt &x)
static Montgomery_Int one (const Montgomery_Params &params)

Detailed Description

The Montgomery representation of an integer

Definition at line 103 of file monty.h.

Constructor & Destructor Documentation

◆ Montgomery_Int() [1/3]

Botan::Montgomery_Int::Montgomery_Int ( const Montgomery_Params & params)
inlineexplicit

Create a zero-initialized Montgomery_Int

Definition at line 108 of file monty.h.

108: m_params(params) {}

Referenced by from_wide_int(), mul(), mul_by(), mul_by(), one(), operator+(), operator-(), square(), and square_this_n_times().

◆ Montgomery_Int() [2/3]

Botan::Montgomery_Int::Montgomery_Int ( const Montgomery_Params & params,
const BigInt & v,
bool redc_needed = true )

Create a Montgomery_Int from a BigInt

Definition at line 212 of file monty.cpp.

212 :
213 m_params(params), m_v(m_params.p_words()) {
214 BOTAN_ASSERT_NOMSG(v < m_params.p());
215
216 const size_t p_size = m_params.p_words();
217
218 auto v_span = v._as_span();
219
220 if(v_span.size() > p_size) {
221 // Safe to truncate the span since we already checked v < p
222 v_span = v_span.first(p_size);
223 }
224
225 BOTAN_ASSERT_NOMSG(m_v.size() >= v_span.size());
226
227 copy_mem(std::span{m_v}.first(v_span.size()), v_span);
228
229 if(redc_needed) {
230 secure_vector<word> ws;
231 this->mul_by(m_params.R2()._as_span().first(p_size), ws);
232 }
233}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::Montgomery_Int::mul_by
Montgomery_Int & mul_by(const Montgomery_Int &other, secure_vector< word > &ws)
Definition monty.cpp:311
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:145
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References Botan::BigInt::_as_span(), BOTAN_ASSERT_NOMSG, Botan::copy_mem(), and mul_by().

◆ Montgomery_Int() [3/3]

Botan::Montgomery_Int::Montgomery_Int ( const Montgomery_Params & params,
std::span< const word > words )

Create a Montgomery_Int

The span must be exactly p_words long and encoding a value less than p already in Montgomery form

Definition at line 235 of file monty.cpp.

235 :
236 m_params(params), m_v(words.begin(), words.end()) {
237 BOTAN_ARG_CHECK(m_v.size() == m_params.p_words(), "Invalid input span");
238}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

References BOTAN_ARG_CHECK.

Member Function Documentation

◆ _const_time_poison()

void Botan::Montgomery_Int::_const_time_poison ( ) const
inline

Definition at line 159 of file monty.h.

159{ CT::poison(m_v); }
Botan::CT::poison
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:54

References Botan::CT::poison().

◆ _const_time_unpoison()

void Botan::Montgomery_Int::_const_time_unpoison ( ) const
inline

Definition at line 161 of file monty.h.

161{ CT::unpoison(m_v); }
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:65

References Botan::CT::unpoison().

◆ _params()

const Montgomery_Params & Botan::Montgomery_Int::_params ( ) const
inline

Definition at line 163 of file monty.h.

163{ return m_params; }

◆ from_wide_int()

Montgomery_Int Botan::Montgomery_Int::from_wide_int ( const Montgomery_Params & params,
const BigInt & x )
static

Wide reduction - input can be at most 2*bytes long

Definition at line 206 of file monty.cpp.

206 {
207 secure_vector<word> ws;
208 auto redc_x = params.mul(params.redc(x, ws), params.R3(), ws);
209 return Montgomery_Int(params, redc_x, false);
210}
Botan::Montgomery_Int::Montgomery_Int
Montgomery_Int(const Montgomery_Params &params)
Definition monty.h:108

References Montgomery_Int(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::R3(), and Botan::Montgomery_Params::redc().

◆ mul()

Montgomery_Int Botan::Montgomery_Int::mul ( const Montgomery_Int & other,
secure_vector< word > & ws ) const

Definition at line 291 of file monty.cpp.

291 {
292 BOTAN_STATE_CHECK(other.m_params == m_params);
293
294 const size_t p_size = m_params.p_words();
295 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.m_v.size() == p_size);
296
297 if(ws.size() < 2 * p_size) {
298 ws.resize(2 * p_size);
299 }
300
301 secure_vector<word> z(2 * p_size);
302
303 bigint_mul(z.data(), z.size(), m_v.data(), p_size, p_size, other.m_v.data(), p_size, p_size, ws.data(), ws.size());
304
305 bigint_monty_redc_inplace(z.data(), m_params.p()._data(), p_size, m_params.p_dash(), ws.data(), ws.size());
306 z.resize(p_size); // truncate off high zero words
307
308 return Montgomery_Int(m_params, std::move(z));
309}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::bigint_mul
void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:283
Botan::bigint_monty_redc_inplace
void bigint_monty_redc_inplace(word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size)
Definition mp_core.h:866

References Botan::bigint_monty_redc_inplace(), Botan::bigint_mul(), BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, and Montgomery_Int().

Referenced by Botan::monty_multi_exp().

◆ mul_by() [1/2]

Montgomery_Int & Botan::Montgomery_Int::mul_by ( const Montgomery_Int & other,
secure_vector< word > & ws )

Definition at line 311 of file monty.cpp.

311 {
312 BOTAN_STATE_CHECK(other.m_params == m_params);
313 return this->mul_by(std::span{other.m_v}, ws);
314}

References BOTAN_STATE_CHECK, Montgomery_Int(), and mul_by().

Referenced by Montgomery_Int(), Botan::monty_multi_exp(), and mul_by().

◆ mul_by() [2/2]

Montgomery_Int & Botan::Montgomery_Int::mul_by ( std::span< const word > other,
secure_vector< word > & ws )

Definition at line 316 of file monty.cpp.

316 {
317 const size_t p_size = m_params.p_words();
318 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.size() == p_size);
319
320 if(ws.size() < 2 * p_size) {
321 ws.resize(2 * p_size);
322 }
323
324 auto do_mul_by = [&](std::span<word> z) {
325 bigint_mul(z.data(), z.size(), m_v.data(), p_size, p_size, other.data(), p_size, p_size, ws.data(), ws.size());
326
327 bigint_monty_redc_inplace(z.data(), m_params.p()._data(), p_size, m_params.p_dash(), ws.data(), ws.size());
328
329 copy_mem(m_v, z.first(p_size));
330 };
331
332 if(p_size <= MontgomeryUseStackLimit) {
333 std::array<word, 2 * MontgomeryUseStackLimit> z{};
334 do_mul_by(z);
335 } else {
336 secure_vector<word> z(2 * p_size);
337 do_mul_by(z);
338 }
339
340 return (*this);
341}

References Botan::bigint_monty_redc_inplace(), Botan::bigint_mul(), BOTAN_ASSERT_NOMSG, Botan::copy_mem(), and Montgomery_Int().

◆ one()

Montgomery_Int Botan::Montgomery_Int::one ( const Montgomery_Params & params)
static

Return the value 1 in Montgomery form

Definition at line 202 of file monty.cpp.

202 {
203 return Montgomery_Int(params, params.R1(), false);
204}

References Montgomery_Int(), and Botan::Montgomery_Params::R1().

Referenced by Botan::monty_multi_exp().

◆ operator+()

Montgomery_Int Botan::Montgomery_Int::operator+ ( const Montgomery_Int & other) const

Definition at line 256 of file monty.cpp.

256 {
257 BOTAN_STATE_CHECK(other.m_params == m_params);
258
259 const size_t p_size = m_params.p_words();
260 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.m_v.size() == p_size);
261
262 secure_vector<word> z(2 * p_size);
263
264 word* r = std::span{z}.first(p_size).data();
265 word* t = std::span{z}.last(p_size).data();
266
267 // t = this + other
268 const word carry = bigint_add3(t, m_v.data(), p_size, other.m_v.data(), p_size);
269
270 // Conditionally subtract r = t - p
271 bigint_monty_maybe_sub(p_size, r, carry, t, m_params.p()._data());
272
273 z.resize(p_size); // truncate leaving only r
274 return Montgomery_Int(m_params, std::move(z));
275}
Botan::bigint_add3
constexpr auto bigint_add3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W
Definition mp_core.h:122
Botan::bigint_monty_maybe_sub
constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[])
Definition mp_core.h:227
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:27
Botan::word
std::conditional_t< HasNative64BitRegisters, std::uint64_t, uint32_t > word
Definition types.h:119

References Botan::bigint_add3(), Botan::bigint_monty_maybe_sub(), BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::carry(), and Montgomery_Int().

◆ operator-()

Montgomery_Int Botan::Montgomery_Int::operator- ( const Montgomery_Int & other) const

Definition at line 277 of file monty.cpp.

277 {
278 BOTAN_STATE_CHECK(other.m_params == m_params);
279
280 const size_t p_size = m_params.p_words();
281 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.m_v.size() == p_size);
282
283 secure_vector<word> t(p_size);
284 const word borrow = bigint_sub3(t.data(), m_v.data(), p_size, other.m_v.data(), p_size);
285
286 bigint_cnd_add(borrow, t.data(), m_params.p()._data(), p_size);
287
288 return Montgomery_Int(m_params, std::move(t));
289}
Botan::bigint_sub3
constexpr auto bigint_sub3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W
Definition mp_core.h:194
Botan::bigint_cnd_add
constexpr W bigint_cnd_add(W cnd, W x[], const W y[], size_t size)
Definition mp_core.h:47

References Botan::bigint_cnd_add(), Botan::bigint_sub3(), BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, and Montgomery_Int().

◆ repr()

const secure_vector< word > & Botan::Montgomery_Int::repr ( ) const
inline

Return the Montgomery representation

Definition at line 143 of file monty.h.

143{ return m_v; }

◆ serialize()

std::vector< uint8_t > Botan::Montgomery_Int::serialize ( ) const

Definition at line 240 of file monty.cpp.

240 {
241 return value().serialize();
242}
Botan::BigInt::serialize
T serialize(size_t len) const
Definition bigint.h:711
Botan::Montgomery_Int::value
BigInt value() const
Definition monty.cpp:244

References Botan::BigInt::serialize(), and value().

◆ square()

Montgomery_Int Botan::Montgomery_Int::square ( secure_vector< word > & ws) const

Definition at line 372 of file monty.cpp.

372 {
373 auto z = (*this);
374 z.square_this_n_times(ws, 1);
375 return z;
376}

References Montgomery_Int(), and square_this_n_times().

Referenced by Botan::monty_multi_exp().

◆ square_this_n_times()

Montgomery_Int & Botan::Montgomery_Int::square_this_n_times ( secure_vector< word > & ws,
size_t n )

Definition at line 343 of file monty.cpp.

343 {
344 const size_t p_size = m_params.p_words();
345 BOTAN_ASSERT_NOMSG(m_v.size() == p_size);
346
347 if(ws.size() < 2 * p_size) {
348 ws.resize(2 * p_size);
349 }
350
351 auto do_sqr_n = [&](std::span<word> z) {
352 for(size_t i = 0; i != n; ++i) {
353 bigint_sqr(z.data(), 2 * p_size, m_v.data(), p_size, p_size, ws.data(), ws.size());
354
355 bigint_monty_redc_inplace(z.data(), m_params.p()._data(), p_size, m_params.p_dash(), ws.data(), ws.size());
356
357 copy_mem(m_v, std::span{z}.first(p_size));
358 }
359 };
360
361 if(p_size <= MontgomeryUseStackLimit) {
362 std::array<word, 2 * MontgomeryUseStackLimit> z{};
363 do_sqr_n(z);
364 } else {
365 secure_vector<word> z(2 * p_size);
366 do_sqr_n(z);
367 }
368
369 return (*this);
370}
Botan::bigint_sqr
void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:327

References Botan::bigint_monty_redc_inplace(), Botan::bigint_sqr(), BOTAN_ASSERT_NOMSG, Botan::copy_mem(), and Montgomery_Int().

Referenced by Botan::monty_multi_exp(), and square().

◆ value()

BigInt Botan::Montgomery_Int::value ( ) const

Return the value to normal mod-p space

Definition at line 244 of file monty.cpp.

244 {
245 secure_vector<word> ws(m_params.p_words());
246
247 secure_vector<word> z = m_v;
248 z.resize(2 * m_params.p_words()); // zero extend
249
250 bigint_monty_redc_inplace(
251 z.data(), m_params.p()._data(), m_params.p_words(), m_params.p_dash(), ws.data(), ws.size());
252
253 return BigInt::_from_words(z);
254}
Botan::BigInt::_from_words
static BigInt _from_words(secure_vector< word > &words)
Definition bigint.h:955

References Botan::BigInt::_from_words(), and Botan::bigint_monty_redc_inplace().

Referenced by Botan::DL_Group::multi_exponentiate(), Botan::passes_miller_rabin_test(), Botan::power_mod(), serialize(), and Botan::sqrt_modulo_prime().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0