Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Montgomery_Int Class Referencefinal

#include <monty.h>

Public Member Functions

void _const_time_poison () const
void _const_time_unpoison () const
const Montgomery_Params_params () const
 Montgomery_Int (const Montgomery_Params &params)
 Montgomery_Int (const Montgomery_Params &params, const BigInt &v, bool redc_needed=true)
 Montgomery_Int (const Montgomery_Params &params, std::span< const word > words)
Montgomery_Int mul (const Montgomery_Int &other, secure_vector< word > &ws) const
Montgomery_Intmul_by (const Montgomery_Int &other, secure_vector< word > &ws)
Montgomery_Intmul_by (std::span< const word > other, secure_vector< word > &ws)
Montgomery_Int operator+ (const Montgomery_Int &other) const
Montgomery_Int operator- (const Montgomery_Int &other) const
const secure_vector< word > & repr () const
std::vector< uint8_t > serialize () const
Montgomery_Int square (secure_vector< word > &ws) const
Montgomery_Intsquare_this_n_times (secure_vector< word > &ws, size_t n)
BigInt value () const

Static Public Member Functions

static Montgomery_Int from_wide_int (const Montgomery_Params &params, const BigInt &x)
static Montgomery_Int one (const Montgomery_Params &params)

Detailed Description

The Montgomery representation of an integer

Definition at line 103 of file monty.h.

Constructor & Destructor Documentation

◆ Montgomery_Int() [1/3]

Botan::Montgomery_Int::Montgomery_Int ( const Montgomery_Params & params)
inlineexplicit

Create a zero-initialized Montgomery_Int

Definition at line 108 of file monty.h.

108: m_params(params) {}

Referenced by from_wide_int(), mul(), mul_by(), mul_by(), one(), operator+(), operator-(), square(), and square_this_n_times().

◆ Montgomery_Int() [2/3]

Botan::Montgomery_Int::Montgomery_Int ( const Montgomery_Params & params,
const BigInt & v,
bool redc_needed = true )

Create a Montgomery_Int from a BigInt

Definition at line 214 of file monty.cpp.

214 :
215 m_params(params), m_v(m_params.p_words()) {
216 BOTAN_ASSERT_NOMSG(v < m_params.p());
217
218 const size_t p_size = m_params.p_words();
219
220 auto v_span = v._as_span();
221
222 if(v_span.size() > p_size) {
223 // Safe to truncate the span since we already checked v < p
224 v_span = v_span.first(p_size);
225 }
226
227 BOTAN_ASSERT_NOMSG(m_v.size() >= v_span.size());
228
229 copy_mem(std::span{m_v}.first(v_span.size()), v_span);
230
231 if(redc_needed) {
232 secure_vector<word> ws;
233 this->mul_by(m_params.R2()._as_span().first(p_size), ws);
234 }
235}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::Montgomery_Int::mul_by
Montgomery_Int & mul_by(const Montgomery_Int &other, secure_vector< word > &ws)
Definition monty.cpp:313
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

References Botan::BigInt::_as_span(), BOTAN_ASSERT_NOMSG, Botan::copy_mem(), and mul_by().

◆ Montgomery_Int() [3/3]

Botan::Montgomery_Int::Montgomery_Int ( const Montgomery_Params & params,
std::span< const word > words )

Create a Montgomery_Int

The span must be exactly p_words long and encoding a value less than p already in Montgomery form

Definition at line 237 of file monty.cpp.

237 :
238 m_params(params), m_v(words.begin(), words.end()) {
239 BOTAN_ARG_CHECK(m_v.size() == m_params.p_words(), "Invalid input span");
240}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

References BOTAN_ARG_CHECK.

Member Function Documentation

◆ _const_time_poison()

void Botan::Montgomery_Int::_const_time_poison ( ) const
inline

Definition at line 159 of file monty.h.

159{ CT::poison(m_v); }
Botan::CT::poison
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:56

References Botan::CT::poison().

◆ _const_time_unpoison()

void Botan::Montgomery_Int::_const_time_unpoison ( ) const
inline

Definition at line 161 of file monty.h.

161{ CT::unpoison(m_v); }
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:67

References Botan::CT::unpoison().

◆ _params()

const Montgomery_Params & Botan::Montgomery_Int::_params ( ) const
inline

Definition at line 163 of file monty.h.

163{ return m_params; }

◆ from_wide_int()

Montgomery_Int Botan::Montgomery_Int::from_wide_int ( const Montgomery_Params & params,
const BigInt & x )
static

Wide reduction - input can be at most 2*bytes long

Definition at line 208 of file monty.cpp.

208 {
209 secure_vector<word> ws;
210 auto redc_x = params.mul(params.redc(x, ws), params.R3(), ws);
211 return Montgomery_Int(params, redc_x, false);
212}
Botan::Montgomery_Int::Montgomery_Int
Montgomery_Int(const Montgomery_Params &params)
Definition monty.h:108

References Montgomery_Int(), Botan::Montgomery_Params::mul(), Botan::Montgomery_Params::R3(), and Botan::Montgomery_Params::redc().

◆ mul()

Montgomery_Int Botan::Montgomery_Int::mul ( const Montgomery_Int & other,
secure_vector< word > & ws ) const

Definition at line 293 of file monty.cpp.

293 {
294 BOTAN_STATE_CHECK(other.m_params == m_params);
295
296 const size_t p_size = m_params.p_words();
297 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.m_v.size() == p_size);
298
299 if(ws.size() < 2 * p_size) {
300 ws.resize(2 * p_size);
301 }
302
303 secure_vector<word> z(2 * p_size);
304
305 bigint_mul(z.data(), z.size(), m_v.data(), p_size, p_size, other.m_v.data(), p_size, p_size, ws.data(), ws.size());
306
307 bigint_monty_redc_inplace(z.data(), m_params.p()._data(), p_size, m_params.p_dash(), ws.data(), ws.size());
308 z.resize(p_size); // truncate off high zero words
309
310 return Montgomery_Int(m_params, std::move(z));
311}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::bigint_mul
void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:283
Botan::bigint_monty_redc_inplace
void bigint_monty_redc_inplace(word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size)
Definition mp_core.h:931

References Botan::bigint_monty_redc_inplace(), Botan::bigint_mul(), BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, and Montgomery_Int().

Referenced by Botan::monty_multi_exp().

◆ mul_by() [1/2]

Montgomery_Int & Botan::Montgomery_Int::mul_by ( const Montgomery_Int & other,
secure_vector< word > & ws )

Definition at line 313 of file monty.cpp.

313 {
314 BOTAN_STATE_CHECK(other.m_params == m_params);
315 return this->mul_by(std::span{other.m_v}, ws);
316}

References BOTAN_STATE_CHECK, Montgomery_Int(), and mul_by().

Referenced by Montgomery_Int(), Botan::monty_multi_exp(), and mul_by().

◆ mul_by() [2/2]

Montgomery_Int & Botan::Montgomery_Int::mul_by ( std::span< const word > other,
secure_vector< word > & ws )

Definition at line 318 of file monty.cpp.

318 {
319 const size_t p_size = m_params.p_words();
320 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.size() == p_size);
321
322 if(ws.size() < 2 * p_size) {
323 ws.resize(2 * p_size);
324 }
325
326 auto do_mul_by = [&](std::span<word> z) {
327 bigint_mul(z.data(), z.size(), m_v.data(), p_size, p_size, other.data(), p_size, p_size, ws.data(), ws.size());
328
329 bigint_monty_redc_inplace(z.data(), m_params.p()._data(), p_size, m_params.p_dash(), ws.data(), ws.size());
330
331 copy_mem(m_v, z.first(p_size));
332 };
333
334 if(p_size <= MontgomeryUseStackLimit) {
335 std::array<word, 2 * MontgomeryUseStackLimit> z{};
336 do_mul_by(z);
337 } else {
338 secure_vector<word> z(2 * p_size);
339 do_mul_by(z);
340 }
341
342 return (*this);
343}

References Botan::bigint_monty_redc_inplace(), Botan::bigint_mul(), BOTAN_ASSERT_NOMSG, Botan::copy_mem(), and Montgomery_Int().

◆ one()

Montgomery_Int Botan::Montgomery_Int::one ( const Montgomery_Params & params)
static

Return the value 1 in Montgomery form

Definition at line 204 of file monty.cpp.

204 {
205 return Montgomery_Int(params, params.R1(), false);
206}

References Montgomery_Int(), and Botan::Montgomery_Params::R1().

Referenced by Botan::monty_multi_exp().

◆ operator+()

Montgomery_Int Botan::Montgomery_Int::operator+ ( const Montgomery_Int & other) const

Definition at line 258 of file monty.cpp.

258 {
259 BOTAN_STATE_CHECK(other.m_params == m_params);
260
261 const size_t p_size = m_params.p_words();
262 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.m_v.size() == p_size);
263
264 secure_vector<word> z(2 * p_size);
265
266 word* r = std::span{z}.first(p_size).data();
267 word* t = std::span{z}.last(p_size).data();
268
269 // t = this + other
270 const word carry = bigint_add3(t, m_v.data(), p_size, other.m_v.data(), p_size);
271
272 // Conditionally subtract r = t - p
273 bigint_monty_maybe_sub(p_size, r, carry, t, m_params.p()._data());
274
275 z.resize(p_size); // truncate leaving only r
276 return Montgomery_Int(m_params, std::move(z));
277}
Botan::bigint_add3
constexpr auto bigint_add3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W
Definition mp_core.h:120
Botan::bigint_monty_maybe_sub
constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[])
Definition mp_core.h:225
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:27
Botan::word
std::conditional_t< HasNative64BitRegisters, std::uint64_t, uint32_t > word
Definition types.h:119

References Botan::bigint_add3(), Botan::bigint_monty_maybe_sub(), BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::carry(), and Montgomery_Int().

◆ operator-()

Montgomery_Int Botan::Montgomery_Int::operator- ( const Montgomery_Int & other) const

Definition at line 279 of file monty.cpp.

279 {
280 BOTAN_STATE_CHECK(other.m_params == m_params);
281
282 const size_t p_size = m_params.p_words();
283 BOTAN_ASSERT_NOMSG(m_v.size() == p_size && other.m_v.size() == p_size);
284
285 secure_vector<word> t(p_size);
286 const word borrow = bigint_sub3(t.data(), m_v.data(), p_size, other.m_v.data(), p_size);
287
288 bigint_cnd_add(borrow, t.data(), m_params.p()._data(), p_size);
289
290 return Montgomery_Int(m_params, std::move(t));
291}
Botan::bigint_sub3
constexpr auto bigint_sub3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W
Definition mp_core.h:192
Botan::bigint_cnd_add
constexpr W bigint_cnd_add(W cnd, W x[], const W y[], size_t size)
Definition mp_core.h:45

References Botan::bigint_cnd_add(), Botan::bigint_sub3(), BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, and Montgomery_Int().

◆ repr()

const secure_vector< word > & Botan::Montgomery_Int::repr ( ) const
inline

Return the Montgomery representation

Definition at line 143 of file monty.h.

143{ return m_v; }

◆ serialize()

std::vector< uint8_t > Botan::Montgomery_Int::serialize ( ) const

Definition at line 242 of file monty.cpp.

242 {
243 return value().serialize();
244}
Botan::BigInt::serialize
T serialize(size_t len) const
Definition bigint.h:727
Botan::Montgomery_Int::value
BigInt value() const
Definition monty.cpp:246

References Botan::BigInt::serialize(), and value().

◆ square()

Montgomery_Int Botan::Montgomery_Int::square ( secure_vector< word > & ws) const

Definition at line 374 of file monty.cpp.

374 {
375 auto z = (*this);
376 z.square_this_n_times(ws, 1);
377 return z;
378}

References Montgomery_Int(), and square_this_n_times().

Referenced by Botan::monty_multi_exp().

◆ square_this_n_times()

Montgomery_Int & Botan::Montgomery_Int::square_this_n_times ( secure_vector< word > & ws,
size_t n )

Definition at line 345 of file monty.cpp.

345 {
346 const size_t p_size = m_params.p_words();
347 BOTAN_ASSERT_NOMSG(m_v.size() == p_size);
348
349 if(ws.size() < 2 * p_size) {
350 ws.resize(2 * p_size);
351 }
352
353 auto do_sqr_n = [&](std::span<word> z) {
354 for(size_t i = 0; i != n; ++i) {
355 bigint_sqr(z.data(), 2 * p_size, m_v.data(), p_size, p_size, ws.data(), ws.size());
356
357 bigint_monty_redc_inplace(z.data(), m_params.p()._data(), p_size, m_params.p_dash(), ws.data(), ws.size());
358
359 copy_mem(m_v, std::span{z}.first(p_size));
360 }
361 };
362
363 if(p_size <= MontgomeryUseStackLimit) {
364 std::array<word, 2 * MontgomeryUseStackLimit> z{};
365 do_sqr_n(z);
366 } else {
367 secure_vector<word> z(2 * p_size);
368 do_sqr_n(z);
369 }
370
371 return (*this);
372}
Botan::bigint_sqr
void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:327

References Botan::bigint_monty_redc_inplace(), Botan::bigint_sqr(), BOTAN_ASSERT_NOMSG, Botan::copy_mem(), and Montgomery_Int().

Referenced by Botan::monty_multi_exp(), and square().

◆ value()

BigInt Botan::Montgomery_Int::value ( ) const

Return the value to normal mod-p space

Definition at line 246 of file monty.cpp.

246 {
247 secure_vector<word> ws(m_params.p_words());
248
249 secure_vector<word> z = m_v;
250 z.resize(2 * m_params.p_words()); // zero extend
251
252 bigint_monty_redc_inplace(
253 z.data(), m_params.p()._data(), m_params.p_words(), m_params.p_dash(), ws.data(), ws.size());
254
255 return BigInt::_from_words(z);
256}
Botan::BigInt::_from_words
static BigInt _from_words(secure_vector< word > &words)
Definition bigint.h:971

References Botan::BigInt::_from_words(), and Botan::bigint_monty_redc_inplace().

Referenced by Botan::DL_Group::multi_exponentiate(), Botan::passes_miller_rabin_test(), Botan::power_mod(), serialize(), and Botan::sqrt_modulo_prime().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0