modeco80
/
singrdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
singrdk/base/Libraries/Crypto/Modulus.cs

325 lines
15 KiB
C#
Raw Blame History

///////////////////////////////////////////////////////////////////////////////
//
// Microsoft Research Singularity
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
///////////////////////////////////////////////////////////////////////////////
using System;
using System.Diagnostics;
namespace Microsoft.Singularity.Crypto.PublicKey {
class Modulus {
internal readonly int _digitN;
readonly int _scaleBitN;
readonly bool _fromRight;
readonly Reciprocal _leftRecip;
readonly Digit _rightRecip;
internal readonly Digits _mod;
readonly Digits _multiplier1;
readonly Digits _multiplier2;
internal readonly Digits _one;
MulAlgorithm _algorithm;
internal Modulus(Digits mod, int digitN, bool fromRight) {
if (digitN == 0 || mod[digitN - 1] == 0) {
throw new ArgumentException();
}
_mod = mod;
_digitN = digitN;
_fromRight = fromRight;
_one = new Digits(digitN);
_multiplier1 = new Digits(digitN);
_multiplier2 = new Digits(digitN);
// this.mod.Set(this.mod, _digitN);
_leftRecip = new Reciprocal();
Digits.DivPrecondition(mod, digitN, _leftRecip);
Digit mod0inv = 0;
if ((mod[0] & 1) != 0) { mod0inv = Digit.TwoAdicInverse(mod[0]); }
_rightRecip = mod0inv;
int digitN2 = (digitN + 1) / 2;
Digits temp = new Digits(digitN + digitN2);
if (!fromRight) {
_algorithm = new MulAlgorithm(_MulFromLeft);
int dividendN = digitN + digitN2;
_scaleBitN = 0;
for (int i = 0; i != dividendN; i++) {
temp[i] = Digit.MaxValue;
}
temp[dividendN - 1] = Digit.MaxValue >> _leftRecip._shiftBitN;
Digits q = new Digits(digitN2 + 1);
Digits r = new Digits(digitN);
Digits.Div(temp, dividendN, mod, digitN, _leftRecip, q, r);
Debug.Assert(q[digitN2] == 1, "internal error");
Digits.Add(r, 1U, r, digitN);
Digits.Sub(mod, r, r, digitN);
} else {
_algorithm = new MulAlgorithm(_MulFromRight);
_scaleBitN = Digit.BitN * digitN;
if (mod0inv == 0) { throw new ArgumentException(); }
_multiplier2[0] = mod0inv;
temp[digitN] = Digits.Mul(mod, mod0inv, temp, digitN);
Debug.Assert(temp[0] == 1, "internal error");
for (int i = 1; i != digitN2; i++) {
Digit mul = unchecked(0 - mod0inv * temp[i]);
_multiplier2[i] = mul;
temp[i + digitN]
= Digits.Accumulate(mod, mul, temp + i, digitN);
Debug.Assert(temp[i] == 0, "internal error");
}
_multiplier1._Set(temp + digitN2, digitN);
}
_ToModular(new Digits(new Digit[] { 1 }), 1, _one);
}
void _BasePowerSquaring(Digits basepower) {
_Mul(basepower, basepower, basepower);
}
class Temps2000 {
internal Modulus _modulus;
internal Digits[] _bucket = new Digits[1L << 5];
internal bool[] _bucketBusy = new bool[1L << 5];
}
void _BucketMul(UInt32 ibucket, Digits mult, Temps2000 temps) {
Digits bloc = temps._bucket[ibucket];
if (temps._bucketBusy[ibucket]) {
_Mul(bloc, mult, bloc);
} else {
temps._bucketBusy[ibucket] = true;
bloc._Set(mult, _digitN);
}
}
internal void
_Exp(Digits @base, Digits exp, int expDigitN, Digits answer) {
int expBitNUsed = Digits.SigBitN(exp, expDigitN);
ushort[] widthCutoffs = new ushort[] { 6, 24, 80, 240, 672 };
Digits basepower = answer;
int bucketWidth = 1;
while (
bucketWidth < 5 && widthCutoffs[bucketWidth - 1] < expBitNUsed
) {
bucketWidth++;
}
Modular.ValidateData(@base, _mod, _digitN);
UInt32 bucketMask = (1U << bucketWidth) - 1;
UInt32 maxBucket = bucketMask;
Digits bucketData = new Digits((int)(_digitN * maxBucket));
Temps2000 temps = new Temps2000();
temps._modulus = this;
temps._bucket[0] = null;
Modular.Add(_one, _one, bucketData, _mod, _digitN);
bool base2 = Digits.Compare(@base, bucketData, _digitN) == 0;
if (base2 && expBitNUsed != 0) {
int shiftMax
= Digit.BitN * _digitN > 1024 ? 1024 : Digit.BitN * _digitN;
int highExponBitN = 0;
bool bighBitNProcessed = false;
Digits temp = bucketData;
for (int i = expBitNUsed; i-- != 0; ) {
Digit expBit = Digits.GetBit(exp, i);
if (bighBitNProcessed) {
_Mul(temp, temp, temp);
if (expBit != 0) {
Modular.Add(temp, temp, temp, _mod, _digitN);
}
} else {
highExponBitN = (int)(2 * highExponBitN + expBit);
if (i == 0 || 2 * highExponBitN >= shiftMax) {
bighBitNProcessed = true;
_Shift(_one, highExponBitN, temp);
}
}
}
temps._bucket[1] = temp;
Debug.Assert(bighBitNProcessed, "internal error");
} else {
UInt32 ibucket;
for (ibucket = 1; ibucket <= maxBucket; ibucket++) {
Digits bloc = bucketData
+ (int)(_digitN
* (ibucket
- 1
+ ((ibucket & 1) == 0 ? maxBucket : 0))
/ 2);
temps._bucket[ibucket] = bloc;
temps._bucketBusy[ibucket] = false;
bloc._Set(_one, _digitN);
}
basepower._Set(@base, _digitN);
Digit carried = 0;
int ndoubling = 0;
for (int i = 0; i != expBitNUsed; i++) {
Digit bitNow = Digits.GetBit(exp, i);
Debug.Assert(carried >> bucketWidth + 2 == 0
, "internal error");
if (bitNow != 0) {
while (ndoubling >= bucketWidth + 1) {
if ((carried & 1) != 0) {
ibucket = carried & bucketMask;
carried -= ibucket;
temps._modulus
._BucketMul(ibucket, basepower, temps);
}
temps._modulus._BasePowerSquaring(basepower);
carried /= 2;
ndoubling--;
}
carried |= 1U << ndoubling;
}
ndoubling++;
}
while (carried != 0) {
bool squareNow = false;
if (carried <= maxBucket) {
ibucket = carried;
} else if ((carried & 1) == 0) {
squareNow = true;
} else if (carried <= 3 * maxBucket) {
ibucket = maxBucket;
} else {
Debug.Assert(false, "untested code");
ibucket = carried & bucketMask;
}
if (squareNow) {
carried /= 2;
temps._modulus._BasePowerSquaring(basepower);
} else {
carried -= ibucket;
temps._modulus._BucketMul(ibucket, basepower, temps);
}
}
for (ibucket = maxBucket; ibucket >= 2; ibucket--) {
if (temps._bucketBusy[ibucket]) {
bool found = false;
UInt32 jbucket, jbucketMax, kbucket;
Digits bloci;
if ((ibucket & 1) == 0) {
jbucketMax = ibucket / 2;
} else {
jbucketMax = 1;
}
for (
jbucket = ibucket >> 1;
jbucket != ibucket && !found;
jbucket++
) {
if (temps._bucketBusy[jbucket]) {
jbucketMax = jbucket;
found = temps._bucketBusy[ibucket - jbucket];
}
}
jbucket = jbucketMax;
kbucket = ibucket - jbucket;
bloci = temps._bucket[ibucket];
temps._modulus._BucketMul(jbucket, bloci, temps);
temps._modulus._BucketMul(kbucket, bloci, temps);
}
}
}
answer._Set(temps._bucket[1], _digitN);
}
void _MulFromLeft(Digits a, Digits b, Digits c) {
Digits product = new Digits(2 * _digitN);
Digits.Mul(a, _digitN, b, _digitN, product);
Digits
.Div(product, 2 * _digitN, _mod, _digitN, _leftRecip, null, c);
}
void _MulFromRight(Digits a, Digits b, Digits c) {
Digit minv = _rightRecip
, minva0 = unchecked(minv * a[0])
, mul1 = b[0]
, mul2 = unchecked(minva0 * mul1)
, carry1 = Digit2.Hi((UInt64)mul1 * a[0])
, carry2 = Digit2.Hi((UInt64)mul2 * _mod[0]);
UInt64 prod1, prod2;
Debug.Assert(unchecked(mul1 * a[0]) == unchecked(mul2 * _mod[0])
, "internal error");
Digits temp1 = new Digits(_digitN), temp2 = new Digits(_digitN);
for (int i = 1; i != _digitN; i++) {
prod1 = (UInt64)mul1 * a[i] + carry1;
prod2 = (UInt64)mul2 * _mod[i] + carry2;
temp1[i - 1] = Digit2.Lo(prod1);
temp2[i - 1] = Digit2.Lo(prod2);
carry1 = Digit2.Hi(prod1);
carry2 = Digit2.Hi(prod2);
}
temp1[_digitN - 1] = carry1;
temp2[_digitN - 1] = carry2;
for (int j = 1; j != _digitN; j++) {
mul1 = b[j];
mul2 = unchecked(minva0 * mul1 + minv * (temp1[0] - temp2[0]));
prod1 = (UInt64)mul1 * a[0] + temp1[0];
prod2 = (UInt64)mul2 * _mod[0] + temp2[0];
Debug.Assert(Digit2.Lo(prod1) == Digit2.Lo(prod2)
, "internal error");
carry1 = Digit2.Hi(prod1);
carry2 = Digit2.Hi(prod2);
for (int i = 1; i != _digitN; i++) {
prod1 = (UInt64)mul1 * a[i] + temp1[i] + carry1;
prod2 = (UInt64)mul2 * _mod[i] + temp2[i] + carry2;
temp1[i - 1] = Digit2.Lo(prod1);
temp2[i - 1] = Digit2.Lo(prod2);
carry1 = Digit2.Hi(prod1);
carry2 = Digit2.Hi(prod2);
}
temp1[_digitN - 1] = carry1;
temp2[_digitN - 1] = carry2;
}
Modular.Sub(temp1, temp2, c, _mod, _digitN);
}
internal void _FromModular(Digits a, Digits b) {
Modular.ValidateData(a, _mod, _digitN);
_Shift(a, -_scaleBitN, b);
}
internal void _Mul(Digits a, Digits b, Digits c) {
Modular.ValidateData(a, _mod, _digitN);
if (a != b) { Modular.ValidateData(b, _mod, _digitN); }
_algorithm(a, b, c);
}
void _Shift(Digits a, int n, Digits b) {
if (a != b) { b._Set(a, _digitN); }
Modular.ValidateData(a, _mod, _digitN);
if (n < 0 && (_mod[0] & 1) == 0) { throw new ArgumentException(); }
while (n > 0) {
int shiftNow = n > Digit.BitN ? Digit.BitN : n;
Digit carryOut = Digits.ShiftLost(b, shiftNow, b, _digitN)
, qest = _leftRecip
.EstQuotient(carryOut
, b[_digitN - 1]
, _digitN >= 2 ? b[_digitN - 2] : 0);
carryOut -= Digits.Decumulate(_mod, qest, b, _digitN);
if (carryOut != 0 || Digits.Compare(b, _mod, _digitN) >= 0) {
carryOut -= Digits.Sub(b, _mod, b, _digitN);
}
Debug.Assert(carryOut == 0, "internal error");
n -= shiftNow;
}
while (n < 0) {
int shiftNow = -n > Digit.BitN ? Digit.BitN : -n;
Digit mul = unchecked(0 - _rightRecip * b[0])
& Digit.MaxValue >> Digit.BitN - shiftNow
, carry = Digits.Accumulate(_mod, mul, b, _digitN)
, lowBitNLost = Digits.ShiftLost(b, -shiftNow, b, _digitN);
b[_digitN - 1] |= carry << Digit.BitN - shiftNow;
Debug.Assert(lowBitNLost == 0, "internal error");
n += shiftNow;
}
}
internal void _ToModular(Digits a, int aDigitN, Digits b) {
Digits aR;
int aRDigitN;
if (Digits.Compare(a, aDigitN, _mod, _digitN) >= 0) {
aR = new Digits(_digitN);
Digits.Div(a, aDigitN, _mod, _digitN, _leftRecip, null, aR);
aRDigitN = _digitN;
} else {
aR = a;
aRDigitN = aDigitN;
}
aRDigitN = Digits.SigDigitN(aR, aRDigitN);
Digits.Set(aR, aRDigitN, b, _digitN);
_Shift(b, _scaleBitN, b);
}
delegate void MulAlgorithm(Digits arg0, Digits arg1, Digits arg2);
}
}
Reference in New Issue View Git Blame Copy Permalink