Botan 3.6.1
Crypto and TLS for C&
monty.cpp
Go to the documentation of this file.
1/*
2* (C) 2018 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/internal/monty.h>
8
9#include <botan/reducer.h>
10#include <botan/internal/mp_core.h>
11
12#include <utility>
13
14namespace Botan {
15
16Montgomery_Params::Montgomery_Params(const BigInt& p, const Modular_Reducer& mod_p) {
17 if(p.is_even() || p < 3) {
18 throw Invalid_Argument("Montgomery_Params invalid modulus");
19 }
20
21 m_p = p;
22 m_p_words = m_p.sig_words();
23 m_p_dash = monty_inverse(m_p.word_at(0));
24
25 const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS);
26
27 m_r1 = mod_p.reduce(r);
28 m_r2 = mod_p.square(m_r1);
29 m_r3 = mod_p.multiply(m_r1, m_r2);
30}
31
32Montgomery_Params::Montgomery_Params(const BigInt& p) {
33 if(p.is_even() || p < 3) {
34 throw Invalid_Argument("Montgomery_Params invalid modulus");
35 }
36
37 m_p = p;
38 m_p_words = m_p.sig_words();
39 m_p_dash = monty_inverse(m_p.word_at(0));
40
41 const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS);
42
43 // It might be faster to use ct_modulo here vs setting up Barrett reduction?
44 Modular_Reducer mod_p(p);
45
46 m_r1 = mod_p.reduce(r);
47 m_r2 = mod_p.square(m_r1);
48 m_r3 = mod_p.multiply(m_r1, m_r2);
49}
50
51BigInt Montgomery_Params::inv_mod_p(const BigInt& x) const {
52 // TODO use Montgomery inverse here?
53 return inverse_mod(x, p());
54}
55
56BigInt Montgomery_Params::redc(const BigInt& x, secure_vector<word>& ws) const {
57 const size_t output_size = m_p_words + 1;
58
59 if(ws.size() < output_size) {
60 ws.resize(output_size);
61 }
62
63 BigInt z = x;
64 z.grow_to(2 * m_p_words);
65
66 bigint_monty_redc(z.mutable_data(), m_p._data(), m_p_words, m_p_dash, ws.data(), ws.size());
67
68 return z;
69}
70
71BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y, secure_vector<word>& ws) const {
72 const size_t output_size = 2 * m_p_words + 2;
73
74 if(ws.size() < output_size) {
75 ws.resize(output_size);
76 }
77
78 BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words);
79 BOTAN_DEBUG_ASSERT(y.sig_words() <= m_p_words);
80
81 BigInt z = BigInt::with_capacity(output_size);
82 bigint_mul(z.mutable_data(),
83 z.size(),
84 x._data(),
85 x.size(),
86 std::min(m_p_words, x.size()),
87 y._data(),
88 y.size(),
89 std::min(m_p_words, y.size()),
90 ws.data(),
91 ws.size());
92
93 bigint_monty_redc(z.mutable_data(), m_p._data(), m_p_words, m_p_dash, ws.data(), ws.size());
94
95 return z;
96}
97
98BigInt Montgomery_Params::mul(const BigInt& x, const secure_vector<word>& y, secure_vector<word>& ws) const {
99 const size_t output_size = 2 * m_p_words + 2;
100 if(ws.size() < output_size) {
101 ws.resize(output_size);
102 }
103 BigInt z = BigInt::with_capacity(output_size);
104
105 BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words);
106
107 bigint_mul(z.mutable_data(),
108 z.size(),
109 x._data(),
110 x.size(),
111 std::min(m_p_words, x.size()),
112 y.data(),
113 y.size(),
114 std::min(m_p_words, y.size()),
115 ws.data(),
116 ws.size());
117
118 bigint_monty_redc(z.mutable_data(), m_p._data(), m_p_words, m_p_dash, ws.data(), ws.size());
119
120 return z;
121}
122
123void Montgomery_Params::mul_by(BigInt& x, const secure_vector<word>& y, secure_vector<word>& ws) const {
124 const size_t output_size = 2 * m_p_words;
125
126 if(ws.size() < 2 * output_size) {
127 ws.resize(2 * output_size);
128 }
129
130 word* z_data = &ws[0];
131 word* ws_data = &ws[output_size];
132
133 BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words);
134
135 bigint_mul(z_data,
136 output_size,
137 x._data(),
138 x.size(),
139 std::min(m_p_words, x.size()),
140 y.data(),
141 y.size(),
142 std::min(m_p_words, y.size()),
143 ws_data,
144 output_size);
145
146 bigint_monty_redc(z_data, m_p._data(), m_p_words, m_p_dash, ws_data, output_size);
147
148 if(x.size() < output_size) {
149 x.grow_to(output_size);
150 }
151 copy_mem(x.mutable_data(), z_data, output_size);
152}
153
154void Montgomery_Params::mul_by(BigInt& x, const BigInt& y, secure_vector<word>& ws) const {
155 const size_t output_size = 2 * m_p_words;
156
157 if(ws.size() < 2 * output_size) {
158 ws.resize(2 * output_size);
159 }
160
161 word* z_data = &ws[0];
162 word* ws_data = &ws[output_size];
163
164 BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words);
165
166 bigint_mul(z_data,
167 output_size,
168 x._data(),
169 x.size(),
170 std::min(m_p_words, x.size()),
171 y._data(),
172 y.size(),
173 std::min(m_p_words, y.size()),
174 ws_data,
175 output_size);
176
177 bigint_monty_redc(z_data, m_p._data(), m_p_words, m_p_dash, ws_data, output_size);
178
179 if(x.size() < output_size) {
180 x.grow_to(output_size);
181 }
182 copy_mem(x.mutable_data(), z_data, output_size);
183}
184
185BigInt Montgomery_Params::sqr(const BigInt& x, secure_vector<word>& ws) const {
186 const size_t output_size = 2 * m_p_words;
187
188 if(ws.size() < output_size) {
189 ws.resize(output_size);
190 }
191
192 BigInt z = BigInt::with_capacity(output_size);
193
194 BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words);
195
196 bigint_sqr(z.mutable_data(), z.size(), x._data(), x.size(), std::min(m_p_words, x.size()), ws.data(), ws.size());
197
198 bigint_monty_redc(z.mutable_data(), m_p._data(), m_p_words, m_p_dash, ws.data(), ws.size());
199
200 return z;
201}
202
203void Montgomery_Params::square_this(BigInt& x, secure_vector<word>& ws) const {
204 const size_t output_size = 2 * m_p_words;
205
206 if(ws.size() < 2 * output_size) {
207 ws.resize(2 * output_size);
208 }
209
210 word* z_data = &ws[0];
211 word* ws_data = &ws[output_size];
212
213 BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words);
214
215 bigint_sqr(z_data, output_size, x._data(), x.size(), std::min(m_p_words, x.size()), ws_data, output_size);
216
217 bigint_monty_redc(z_data, m_p._data(), m_p_words, m_p_dash, ws_data, output_size);
218
219 if(x.size() < output_size) {
220 x.grow_to(output_size);
221 }
222 copy_mem(x.mutable_data(), z_data, output_size);
223}
224
225Montgomery_Int::Montgomery_Int(const std::shared_ptr<const Montgomery_Params>& params,
226 const BigInt& v,
227 bool redc_needed) :
228 m_params(params) {
229 if(redc_needed == false) {
230 m_v = v;
231 } else {
232 BOTAN_ASSERT_NOMSG(m_v < m_params->p());
233 secure_vector<word> ws;
234 m_v = m_params->mul(v, m_params->R2(), ws);
235 }
236}
237
238Montgomery_Int::Montgomery_Int(const std::shared_ptr<const Montgomery_Params>& params,
239 const uint8_t bits[],
240 size_t len,
241 bool redc_needed) :
242 m_params(params), m_v(bits, len) {
243 if(redc_needed) {
244 BOTAN_ASSERT_NOMSG(m_v < m_params->p());
245 secure_vector<word> ws;
246 m_v = m_params->mul(m_v, m_params->R2(), ws);
247 }
248}
249
250Montgomery_Int::Montgomery_Int(std::shared_ptr<const Montgomery_Params> params,
251 const word words[],
252 size_t len,
253 bool redc_needed) :
254 m_params(std::move(params)) {
255 m_v.set_words(words, len);
256
257 if(redc_needed) {
258 BOTAN_ASSERT_NOMSG(m_v < m_params->p());
259 secure_vector<word> ws;
260 m_v = m_params->mul(m_v, m_params->R2(), ws);
261 }
262}
263
264void Montgomery_Int::fix_size() {
265 const size_t p_words = m_params->p_words();
266
267 if(m_v.sig_words() > p_words) {
268 throw Internal_Error("Montgomery_Int::fix_size v too large");
269 }
270
271 m_v.grow_to(p_words);
272}
273
274bool Montgomery_Int::operator==(const Montgomery_Int& other) const {
275 return m_v == other.m_v && m_params->p() == other.m_params->p();
276}
277
278std::vector<uint8_t> Montgomery_Int::serialize() const {
279 return value().serialize();
280}
281
282size_t Montgomery_Int::size() const {
283 return m_params->p().bytes();
284}
285
286bool Montgomery_Int::is_one() const {
287 return m_v == m_params->R1();
288}
289
290bool Montgomery_Int::is_zero() const {
291 return m_v.is_zero();
292}
293
294BigInt Montgomery_Int::value() const {
295 secure_vector<word> ws;
296 return m_params->redc(m_v, ws);
297}
298
299Montgomery_Int Montgomery_Int::operator+(const Montgomery_Int& other) const {
300 secure_vector<word> ws;
301 BigInt z = m_v;
302 z.mod_add(other.m_v, m_params->p(), ws);
303 return Montgomery_Int(m_params, z, false);
304}
305
306Montgomery_Int Montgomery_Int::operator-(const Montgomery_Int& other) const {
307 secure_vector<word> ws;
308 BigInt z = m_v;
309 z.mod_sub(other.m_v, m_params->p(), ws);
310 return Montgomery_Int(m_params, z, false);
311}
312
313Montgomery_Int& Montgomery_Int::operator+=(const Montgomery_Int& other) {
314 secure_vector<word> ws;
315 return this->add(other, ws);
316}
317
318Montgomery_Int& Montgomery_Int::add(const Montgomery_Int& other, secure_vector<word>& ws) {
319 m_v.mod_add(other.m_v, m_params->p(), ws);
320 return (*this);
321}
322
323Montgomery_Int& Montgomery_Int::operator-=(const Montgomery_Int& other) {
324 secure_vector<word> ws;
325 return this->sub(other, ws);
326}
327
328Montgomery_Int& Montgomery_Int::sub(const Montgomery_Int& other, secure_vector<word>& ws) {
329 m_v.mod_sub(other.m_v, m_params->p(), ws);
330 return (*this);
331}
332
333Montgomery_Int Montgomery_Int::operator*(const Montgomery_Int& other) const {
334 secure_vector<word> ws;
335 return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v, ws), false);
336}
337
338Montgomery_Int Montgomery_Int::mul(const Montgomery_Int& other, secure_vector<word>& ws) const {
339 return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v, ws), false);
340}
341
342Montgomery_Int& Montgomery_Int::mul_by(const Montgomery_Int& other, secure_vector<word>& ws) {
343 m_params->mul_by(m_v, other.m_v, ws);
344 return (*this);
345}
346
347Montgomery_Int& Montgomery_Int::mul_by(const secure_vector<word>& other, secure_vector<word>& ws) {
348 m_params->mul_by(m_v, other, ws);
349 return (*this);
350}
351
352Montgomery_Int& Montgomery_Int::operator*=(const Montgomery_Int& other) {
353 secure_vector<word> ws;
354 return mul_by(other, ws);
355}
356
361
362Montgomery_Int& Montgomery_Int::square_this_n_times(secure_vector<word>& ws, size_t n) {
363 for(size_t i = 0; i != n; ++i) {
364 m_params->square_this(m_v, ws);
365 }
366 return (*this);
367}
368
369Montgomery_Int& Montgomery_Int::square_this(secure_vector<word>& ws) {
370 m_params->square_this(m_v, ws);
371 return (*this);
372}
373
374Montgomery_Int Montgomery_Int::square(secure_vector<word>& ws) const {
375 return Montgomery_Int(m_params, m_params->sqr(m_v, ws), false);
376}
377
378Montgomery_Int Montgomery_Int::cube(secure_vector<word>& ws) const {
379 return Montgomery_Int(m_params, m_params->sqr(m_v, ws), false);
380}
381
382Montgomery_Int Montgomery_Int::multiplicative_inverse() const {
383 secure_vector<word> ws;
384 const BigInt iv = m_params->mul(m_params->inv_mod_p(m_v), m_params->R3(), ws);
385 return Montgomery_Int(m_params, iv, false);
386}
387
388Montgomery_Int Montgomery_Int::additive_inverse() const {
389 return Montgomery_Int(m_params, m_params->p()) - (*this);
390}
391
392Montgomery_Int& Montgomery_Int::mul_by_2(secure_vector<word>& ws) {
393 m_v.mod_mul(2, m_params->p(), ws);
394 return (*this);
395}
396
397Montgomery_Int& Montgomery_Int::mul_by_3(secure_vector<word>& ws) {
398 m_v.mod_mul(3, m_params->p(), ws);
399 return (*this);
400}
401
402Montgomery_Int& Montgomery_Int::mul_by_4(secure_vector<word>& ws) {
403 m_v.mod_mul(4, m_params->p(), ws);
404 return (*this);
405}
406
407Montgomery_Int& Montgomery_Int::mul_by_8(secure_vector<word>& ws) {
408 m_v.mod_mul(8, m_params->p(), ws);
409 return (*this);
410}
411
412} // namespace Botan
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
BOTAN_DEBUG_ASSERT
#define BOTAN_DEBUG_ASSERT(expr)
Definition assert.h:98
Botan::BigInt::mod_mul
BigInt & mod_mul(uint8_t y, const BigInt &mod, secure_vector< word > &ws)
Definition big_ops2.cpp:119
Botan::BigInt::sig_words
size_t sig_words() const
Definition bigint.h:616
Botan::BigInt::mutable_data
word * mutable_data()
Definition bigint.h:641
Botan::BigInt::size
size_t size() const
Definition bigint.h:610
Botan::BigInt::grow_to
void grow_to(size_t n) const
Definition bigint.h:667
Botan::BigInt::set_words
void set_words(const word w[], size_t len)
Definition bigint.h:552
Botan::BigInt::mod_add
BigInt & mod_add(const BigInt &y, const BigInt &mod, secure_vector< word > &ws)
Definition big_ops2.cpp:45
Botan::BigInt::word_at
word word_at(size_t n) const
Definition bigint.h:548
Botan::BigInt::mod_sub
BigInt & mod_sub(const BigInt &y, const BigInt &mod, secure_vector< word > &ws)
Definition big_ops2.cpp:90
Botan::BigInt::is_even
bool is_even() const
Definition bigint.h:440
Botan::BigInt::power_of_2
static BigInt power_of_2(size_t n)
Definition bigint.h:830
Botan::BigInt::_data
const word * _data() const
Definition bigint.h:936
Botan::BigInt::is_zero
bool is_zero() const
Definition bigint.h:458
Botan::BigInt::serialize
T serialize(size_t len) const
Definition bigint.h:712
Botan::BigInt::with_capacity
static BigInt with_capacity(size_t n)
Definition bigint.cpp:58
Botan::Internal_Error
Definition exceptn.h:321
Botan::Invalid_Argument
Definition exceptn.h:131
Botan::Modular_Reducer
Definition reducer.h:20
Botan::Modular_Reducer::square
BigInt square(const BigInt &x) const
Definition reducer.h:45
Botan::Modular_Reducer::multiply
BigInt multiply(const BigInt &x, const BigInt &y) const
Definition reducer.h:32
Botan::Modular_Reducer::reduce
BigInt reduce(const BigInt &x) const
Definition reducer.cpp:37
Botan::Montgomery_Int
Definition monty.h:23
Botan::Montgomery_Int::size
size_t size() const
Definition monty.cpp:282
Botan::Montgomery_Int::operator*=
Montgomery_Int & operator*=(const Montgomery_Int &other)
Definition monty.cpp:352
Botan::Montgomery_Int::Montgomery_Int
Montgomery_Int(std::shared_ptr< const Montgomery_Params > params)
Definition monty.h:28
Botan::Montgomery_Int::operator==
bool operator==(const Montgomery_Int &other) const
Definition monty.cpp:274
Botan::Montgomery_Int::is_one
bool is_one() const
Definition monty.cpp:286
Botan::Montgomery_Int::add
Montgomery_Int & add(const Montgomery_Int &other, secure_vector< word > &ws)
Definition monty.cpp:318
Botan::Montgomery_Int::operator+=
Montgomery_Int & operator+=(const Montgomery_Int &other)
Definition monty.cpp:313
Botan::Montgomery_Int::operator-=
Montgomery_Int & operator-=(const Montgomery_Int &other)
Definition monty.cpp:323
Botan::Montgomery_Int::square
Montgomery_Int square(secure_vector< word > &ws) const
Definition monty.cpp:374
Botan::Montgomery_Int::cube
Montgomery_Int cube(secure_vector< word > &ws) const
Definition monty.cpp:378
Botan::Montgomery_Int::additive_inverse
Montgomery_Int additive_inverse() const
Definition monty.cpp:388
Botan::Montgomery_Int::operator*
Montgomery_Int operator*(const Montgomery_Int &other) const
Definition monty.cpp:333
Botan::Montgomery_Int::mul_by_3
Montgomery_Int & mul_by_3(secure_vector< word > &ws)
Definition monty.cpp:397
Botan::Montgomery_Int::mul_by_8
Montgomery_Int & mul_by_8(secure_vector< word > &ws)
Definition monty.cpp:407
Botan::Montgomery_Int::mul_by_2
Montgomery_Int & mul_by_2(secure_vector< word > &ws)
Definition monty.cpp:392
Botan::Montgomery_Int::sub
Montgomery_Int & sub(const Montgomery_Int &other, secure_vector< word > &ws)
Definition monty.cpp:328
Botan::Montgomery_Int::operator-
Montgomery_Int operator-(const Montgomery_Int &other) const
Definition monty.cpp:306
Botan::Montgomery_Int::operator+
Montgomery_Int operator+(const Montgomery_Int &other) const
Definition monty.cpp:299
Botan::Montgomery_Int::is_zero
bool is_zero() const
Definition monty.cpp:290
Botan::Montgomery_Int::value
BigInt value() const
Definition monty.cpp:294
Botan::Montgomery_Int::square_this_n_times
Montgomery_Int & square_this_n_times(secure_vector< word > &ws, size_t n)
Definition monty.cpp:362
Botan::Montgomery_Int::mul_by_4
Montgomery_Int & mul_by_4(secure_vector< word > &ws)
Definition monty.cpp:402
Botan::Montgomery_Int::fix_size
void fix_size()
Definition monty.cpp:264
Botan::Montgomery_Int::square_this
Montgomery_Int & square_this(secure_vector< word > &ws)
Definition monty.cpp:369
Botan::Montgomery_Int::multiplicative_inverse
Montgomery_Int multiplicative_inverse() const
Definition monty.cpp:382
Botan::Montgomery_Int::mul
Montgomery_Int mul(const Montgomery_Int &other, secure_vector< word > &ws) const
Definition monty.cpp:338
Botan::Montgomery_Int::mul_by
Montgomery_Int & mul_by(const Montgomery_Int &other, secure_vector< word > &ws)
Definition monty.cpp:342
Botan::Montgomery_Int::serialize
std::vector< uint8_t > serialize() const
Definition monty.cpp:278
Botan::Montgomery_Params::redc
BigInt redc(const BigInt &x, secure_vector< word > &ws) const
Definition monty.cpp:56
Botan::Montgomery_Params::mul_by
void mul_by(BigInt &x, const secure_vector< word > &y, secure_vector< word > &ws) const
Definition monty.cpp:123
Botan::Montgomery_Params::mul
BigInt mul(const BigInt &x, const BigInt &y, secure_vector< word > &ws) const
Definition monty.cpp:71
Botan::Montgomery_Params::sqr
BigInt sqr(const BigInt &x, secure_vector< word > &ws) const
Definition monty.cpp:185
Botan::Montgomery_Params::inv_mod_p
BigInt inv_mod_p(const BigInt &x) const
Definition monty.cpp:51
Botan::Montgomery_Params::Montgomery_Params
Montgomery_Params(const BigInt &p, const Modular_Reducer &mod_p)
Definition monty.cpp:16
Botan::Montgomery_Params::square_this
void square_this(BigInt &x, secure_vector< word > &ws) const
Definition monty.cpp:203
Botan::Montgomery_Params::p
const BigInt & p() const
Definition monty.h:143
BOTAN_MP_WORD_BITS
#define BOTAN_MP_WORD_BITS
Definition build.h:71
Botan::bigint_monty_redc
void bigint_monty_redc(word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size)
Definition mp_core.h:1047
Botan::bigint_sqr
void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:326
Botan::monty_inverse
constexpr auto monty_inverse(W a) -> W
Definition mp_core.h:832
Botan::bigint_mul
void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, word workspace[], size_t ws_size)
Definition mp_karat.cpp:282
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146
Botan::inverse_mod
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition mod_inv.cpp:179
Generated by doxygen 1.12.0