forked from yystopf/xiuos
				
			
		
			
				
	
	
		
			720 lines
		
	
	
		
			18 KiB
		
	
	
	
		
			C
		
	
	
		
			Executable File
		
	
	
			
		
		
	
	
			720 lines
		
	
	
		
			18 KiB
		
	
	
	
		
			C
		
	
	
		
			Executable File
		
	
	
| /**
 | |
| * Copyright (c) 2020 AIIT Ubiquitous Team
 | |
| * XiUOS is licensed under Mulan PSL v2.
 | |
| * You can use this software according to the terms and conditions of the Mulan PSL v2.
 | |
| * You may obtain bn1 copy of Mulan PSL v2 at:
 | |
| *        http://license.coscl.org.cn/MulanPSL2
 | |
| * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 | |
| * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 | |
| * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 | |
| * See the Mulan PSL v2 for more details.
 | |
| */
 | |
| 
 | |
| /**
 | |
| * @file bignum.c
 | |
| * @brief arithmetic of big number
 | |
| * @version 1.0 
 | |
| * @author AIIT Ubiquitous Team
 | |
| * @date 2021-04-24
 | |
| */
 | |
| 
 | |
| #include <bignum.h>
 | |
| 
 | |
| sm9curve curve;
 | |
| // used in Montgomery Mult
 | |
| uint32_t qlow_reverse = 0x2f2ee42b; // power(2, 32) - (curve.q.word[0] 's reverse under power(2, 32))
 | |
| uint32_t Nlow_reverse = 0x51974b53; // power(2, 32) - (curve.N.word[0] 's reverse under power(2, 32))
 | |
| big8w q_2k; // (2^(256*2)) mod curve.q; used in big numbers' mult(Montgomery Mult)
 | |
| big8w N_2k; // (2^(256*2)) mod curve.N; used in big numbers' mult(Montgomery Mult)
 | |
| 
 | |
| /**
 | |
|  * @brief This function is to print the big number in hex.
 | |
|  * 
 | |
|  * @param bignum pointer of a big number
 | |
|  * 
 | |
|  * @return null
 | |
|  * 
 | |
|  */
 | |
| void Big8wPrint(big8w* bignum)
 | |
| {
 | |
| 	int i = BIGNUMBER_SIZE_8WORD - 1;
 | |
| 	while (bignum->word[i] == 0 && i >= 0)
 | |
| 		i--;
 | |
| 	if (i < 0) {
 | |
| 		KPrintf("0x00\n");
 | |
| 		return;
 | |
| 	}
 | |
| 
 | |
| 	KPrintf("0x %08x", bignum->word[i]);
 | |
| 
 | |
| 	if(i--) // i > 0
 | |
| 		for (; i>=0; i--) 
 | |
| 			KPrintf(" %08x", bignum->word[i]);
 | |
| 		
 | |
| 	KPrintf("\n");
 | |
| } 
 | |
| /**
 | |
|  * @brief This function is to get the index of highest bit of highest word.
 | |
|  * 
 | |
|  * @param bignum pointer of a big number 
 | |
|  * 
 | |
|  * @return null
 | |
|  * 
 | |
| */
 | |
| uint8_t Big8wHighestbit(big8w* bignum)
 | |
| {
 | |
| 	uint8_t i = BIGNUMBER_SIZE_8WORD - 1;
 | |
| 	uint32_t elem;
 | |
| 
 | |
| 	while (bignum->word[i] == 0 && i >= 0) 
 | |
| 		i--;
 | |
| 	elem = bignum->word[i];
 | |
| 
 | |
| 	i = 32;
 | |
| 	while(--i) 
 | |
| 		if ((elem >> i) & 1) 
 | |
| 			break;
 | |
| 
 | |
| 	return i;
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief This function is to judge if a big number is zero
 | |
|  * 
 | |
|  * @param bignum pointer of a big number
 | |
|  * 
 | |
|  * @return true if bignum == 0; else false
 | |
|  * 
 | |
|  */
 | |
| bool Big8wIsZero(big8w* bignum)
 | |
| {
 | |
| 	char i = 0;
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++) 
 | |
| 		if (bignum->word[i]) 
 | |
| 			return false;
 | |
| 
 | |
| 	return true;
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief return bn1 >= bn2
 | |
|  * 
 | |
|  * @param bn1 the first big number
 | |
|  * @param bn2 the second big number
 | |
|  * 
 | |
|  * @return true if bn1 >= bn2; false if bn1 < bn2
 | |
|  * 
 | |
|  */
 | |
| bool Big8wBigThan(big8w* bn1, big8w* bn2)
 | |
| {
 | |
| 	uint8_t i = BIGNUMBER_SIZE_8WORD - 1;
 | |
| 
 | |
| 	for (; i; i--) {
 | |
| 		if (bn1->word[i] > bn2->word[i])
 | |
| 			return true;
 | |
| 
 | |
| 		else if (bn1->word[i] < bn2->word[i]) 
 | |
| 			return false;
 | |
| 	} 
 | |
| 
 | |
| 	return bn1->word[i] >= bn2->word[i];
 | |
| }
 | |
| /**
 | |
|  * @brief reutrn bn1 == bn2
 | |
|  * 
 | |
|  * @param bn1 the first big number
 | |
|  * @param bn2 the second big number
 | |
|  * 
 | |
|  * @return true if bn1 == bn2; else false
 | |
|  * 
 | |
|  */
 | |
| bool Big8wEqual(big8w* bn1, big8w* bn2)
 | |
| {
 | |
| 	uint8_t i = BIGNUMBER_SIZE_8WORD - 1;
 | |
| 
 | |
| 	for (; i; i--) 
 | |
| 		if (bn1->word[i] != bn2->word[i])
 | |
| 			return false; 
 | |
| 
 | |
| 	return bn1->word[i] == bn2->word[i];
 | |
| }
 | |
| /**
 | |
|  * @brief compute (bn1 - bn2)%p
 | |
|  * 
 | |
|  * @param bn1 the first big number, smaller than p
 | |
|  * @param bn2 the second big number, smaller than p
 | |
|  * @param p a big number, the module number
 | |
|  * 
 | |
|  * @return ret, a big number
 | |
|  */
 | |
| big8w Big8wMinusMod(big8w bn1, big8w bn2, big8w p)
 | |
| {
 | |
| 	bool borrow = 0;
 | |
| 	char i = 0;
 | |
| 	big8w ret;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	if (Big8wEqual(&bn2, &bn1))   
 | |
| 		return ret;
 | |
| 
 | |
| 	else if (Big8wBigThan(&bn2, &bn1)) { // p - (bn2 - bn1)
 | |
| 		ret = Big8wMinusMod(bn2, bn1, p);
 | |
| 		ret = Big8wMinusMod(p, ret, p);
 | |
| 		return ret;
 | |
| 	}
 | |
| 
 | |
| 	borrow = 0;
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++){
 | |
| 		ret.word[i] = bn1.word[i] - bn2.word[i] - borrow;
 | |
| 		borrow = (ret.word[i] < bn1.word[i] || ((ret.word[i] == bn1.word[i]) && borrow == 0)) ? 0 : 1;
 | |
| 	}
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * @brief compute (bn1 + bn2)%p
 | |
|  * 
 | |
|  * @param bn1 the first big number 
 | |
|  * @param bn2 the second big number
 | |
|  * @param p a big number, the module number
 | |
|  * 
 | |
|  * @return ret, a big number
 | |
|  * 
 | |
|  */
 | |
| big8w Big8wAddMod(big8w bn1, big8w bn2, big8w p)
 | |
| {
 | |
| 	bool flag = 0;
 | |
| 	uint8_t i = 0;
 | |
| 	big8w ret;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++){
 | |
| 		ret.word[i] = bn1.word[i] + bn2.word[i] + flag;
 | |
| 		flag = (
 | |
| 			(ret.word[i] > bn1.word[i] && ret.word[i] > bn2.word[i] ) 
 | |
| 			|| ((ret.word[i]==bn1.word[i] ||ret.word[i]==bn2.word[i]) && flag == 0)
 | |
| 			) ? 0 : 1;
 | |
| 	}
 | |
| 
 | |
| 	if (flag) {
 | |
| 		//  (2^(32*8)) + ret - p = (2^(32*8)-1) - (p - ret) + 1
 | |
| 		// ret = p - ret
 | |
| 		ret = Big8wMinusMod(p, ret, p);
 | |
| 
 | |
| 		// ret = (2^(32*8)-1) - (p - ret)
 | |
| 		for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++) 
 | |
| 			ret.word[i] = 0xffffffff - ret.word[i];
 | |
| 
 | |
| 		// ret++
 | |
| 		i = 0;
 | |
| 		while (i < BIGNUMBER_SIZE_8WORD && ret.word[i] == 0xffffffff) 
 | |
| 			i++;
 | |
| 		ret.word[i]++; // plus one
 | |
| 		if (i) 
 | |
| 			while (--i)
 | |
| 				ret.word[i] = 0;		
 | |
| 	}
 | |
| 
 | |
| 	if (Big8wBigThan(&ret, &p))
 | |
| 		ret = Big8wMinusMod(ret, p, p);
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * @brief big number << (kround * 32 + rest), result store in big16w
 | |
|  * 
 | |
|  * @param bignum a big number
 | |
|  * @param kround (left shift bits) // 32
 | |
|  * @param rest (left shift bits) % 32
 | |
|  * @param length length of bignum, size = unsigned int 
 | |
|  * @param highestbit index of the highest bit of highest word of bignum, 0 <= highest <= 31
 | |
|  * 
 | |
|  * @return ret, 16word big number
 | |
|  * 
 | |
|  */
 | |
| big16w Big16wLeftShift(big8w bignum, uint8_t kround, uint8_t rest, uint8_t length, uint8_t highestbit)
 | |
| {
 | |
| 	char i = 0;
 | |
| 	big16w ret;
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE * 2);
 | |
| 
 | |
| 	for (i = 0; i <= length; i++) 
 | |
| 		ret.word[i + kround] = bignum.word[i];
 | |
| 	ret.length = length + kround;
 | |
| 
 | |
| 	if (rest) {
 | |
| 		if (rest + highestbit > 31) 
 | |
| 			ret.length++;
 | |
| 		for (i = ret.length; i >kround; i--) 
 | |
| 			ret.word[i] = ret.word[i] << rest | ret.word[i - 1] >> (32 - rest);
 | |
| 		ret.word[i] <<= rest;
 | |
| 	}
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * @brief This function is to get the index of highest bit of highest word of a big number of 16word size.
 | |
|  * 
 | |
|  * @param bignum16w pointer of a big number of 16word size.
 | |
|  * 
 | |
|  * @return ret, unsigned char
 | |
|  * 
 | |
|  */
 | |
| uint8_t Big16wHighestbit(big16w bignum16w) 
 | |
| {
 | |
| 	uint8_t ret = 31;
 | |
| 	uint32_t elem = bignum16w.word[bignum16w.length];
 | |
| 
 | |
| 	if (bignum16w.length == 0 && bignum16w.word[bignum16w.length] == 0) 
 | |
| 		return 0;
 | |
| 
 | |
| 	while (true) {
 | |
| 		if (((elem >> ret) & 1) == 0)
 | |
| 			ret--;
 | |
| 		else
 | |
| 			return ret;
 | |
| 	} // end while
 | |
| 
 | |
| }
 | |
| /**
 | |
|  * @brief return bn1 >= bn2
 | |
|  * 
 | |
|  * @param bn1 the first big number of 16word size.
 | |
|  * @param bn2 the second big number of 16word size.
 | |
|  * 
 | |
|  * @return true if bn1 >= bn2; else false
 | |
|  * 
 | |
|  */
 | |
| bool Big16wBigThan(big16w bn1, big16w bn2)
 | |
| {
 | |
| 	uint8_t i;
 | |
| 
 | |
| 	if (bn1.length > bn2.length) 
 | |
| 		return true;
 | |
| 	else if (bn1.length < bn2.length) 
 | |
| 		return false;
 | |
| 
 | |
| 	for (i = bn1.length; i > 0; i--){
 | |
| 		if (bn1.word[i] > bn2.word[i]) 
 | |
| 			return true;
 | |
| 		else if (bn1.word[i] < bn2.word[i]) 
 | |
| 			return false;
 | |
| 	}
 | |
| 
 | |
| 	return bn1.word[0] >= bn2.word[0];
 | |
| }
 | |
| /**
 | |
|  * @brief return (bn1 - bn2)
 | |
|  * 
 | |
|  * @param bn1 the first big number of 16word size.
 | |
|  * @param bn2 the second big number of 16word size.
 | |
|  * 
 | |
|  * @return (bn1 - bn2), a big numbe of 16word size
 | |
|  * 
 | |
|  */
 | |
| big16w Big16wMinus(big16w bn1, big16w bn2)
 | |
| {
 | |
| 	bool borrow;
 | |
| 	char len = bn1.length;
 | |
| 	int i = 0;
 | |
| 	big16w ret;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE * 2);
 | |
| 
 | |
| 	borrow = 0;
 | |
| 	for (i = 0; i <= bn1.length; i++){
 | |
| 		ret.word[i] = bn1.word[i] - bn2.word[i] - borrow;
 | |
| 		borrow = (ret.word[i] < bn1.word[i] || ((ret.word[i] == bn1.word[i]) && borrow == 0)) ? 0 : 1;
 | |
| 	}
 | |
| 
 | |
| 	i = bn1.length;
 | |
| 	while (ret.word[i] == 0) 
 | |
| 		i--;
 | |
| 	ret.length = i;
 | |
| 	if (i < 0) 
 | |
| 		ret.length = 0;
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief This function is only called by function H(), which is in topfunc.h
 | |
|  * 		while(bignum16w.length > 7) // bignum16w > p
 | |
|  * 				bignum16w = bignum16w - (p << gap)  or bignum16w = (p << gap) - bignum16w, turn = !turn
 | |
|  * 
 | |
|  * 		if (turn) // bignum16w == (p - bignum16w) mod p,  bignum16w == (- ret) mod p
 | |
|  * 			bignum16w = p - bignum16w 
 | |
|  * 
 | |
|  * @param bignum16w big number of 16word size.
 | |
|  * @param p big number, the module number.
 | |
|  * 
 | |
|  * @return bignum16w % p.
 | |
|  *
 | |
|  */
 | |
| big8w Big16wmod8w(big16w bignum16w, big8w p)
 | |
| {
 | |
| 	bool turn = false;
 | |
| 	char plen = 7;
 | |
| 	char pbit = Big8wHighestbit(&p);
 | |
| 	int gap;
 | |
| 	big8w ret;
 | |
| 	big16w temp;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	while (p.word[plen] == 0) 
 | |
| 		plen--;
 | |
| 
 | |
| 	while (bignum16w.length > 7){
 | |
| 		gap = bignum16w.length * 32 + Big16wHighestbit(bignum16w) - 255; // 255 = bitlen of p
 | |
| 		temp = Big16wLeftShift(p, gap >> 5, gap & 0x1f, plen, pbit);
 | |
| 		if (Big16wBigThan(bignum16w, temp)) 
 | |
| 			bignum16w = Big16wMinus(bignum16w, temp);
 | |
| 		else {
 | |
| 			bignum16w = Big16wMinus(temp, bignum16w);
 | |
| 			turn = !turn;
 | |
| 		}// end else
 | |
| 	}
 | |
| 
 | |
| 	for (gap = 7; gap >= 0; gap--) 
 | |
| 		ret.word[gap] = bignum16w.word[gap];
 | |
| 	while (Big8wBigThan(&ret, &p)) 
 | |
| 		ret = Big8wMinusMod(ret, p, p);
 | |
| 	if (turn) 
 | |
| 		ret = Big8wMinusMod(p, ret, p);
 | |
| 	
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * @brief big number right shift
 | |
|  * 
 | |
|  * @param bignum big number
 | |
|  * @param round bit length of big number to right shift
 | |
|  * 
 | |
|  * @return big number = (bignum >> round)
 | |
|  * 
 | |
|  */
 | |
| big8w Big8wRightShift(big8w bignum, uint8_t round)
 | |
| {
 | |
| 	uint8_t kround = round >> 5;
 | |
| 	uint8_t rest = round & 0x1f;
 | |
| 	char i;
 | |
| 	big8w ret;
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD - kround; i++) 
 | |
| 		ret.word[i] = bignum.word[i + kround];
 | |
| 
 | |
| 	if (rest) {
 | |
| 		if (kround) {
 | |
| 			for (i = 0; i < BIGNUMBER_SIZE_8WORD - kround; i++) {
 | |
| 				ret.word[i] = (ret.word[i] >> rest) | (ret.word[i + 1] << (32 - rest));
 | |
| 			} // end for
 | |
| 		}else {
 | |
| 			for (i = 0; i < BIGNUMBER_SIZE_8WORD - 1; i++) {
 | |
| 				ret.word[i] = (ret.word[i] >> rest) | (ret.word[i + 1] << (32 - rest));
 | |
| 			} // end for
 | |
| 			ret.word[7] >>= rest;
 | |
| 		}
 | |
| 	} // end if 
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief return (bignum + N)>>1. (bignum + N) is even. only called by Big8wReverse, more in Big8wReverse
 | |
|  * 
 | |
|  * @param bignum the first big number
 | |
|  * @param N the second big number
 | |
|  * 
 | |
|  * @return a big number = (bignum + N) >> 1. 
 | |
|  * 
 | |
|  */
 | |
| big8w PlusAndRightShiftOne(big8w bignum, big8w N)
 | |
| {
 | |
| 	bool flag = 0;
 | |
| 	uint8_t i = 0;
 | |
| 	big8w ret;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++) {
 | |
| 		ret.word[i] = bignum.word[i] + N.word[i] + flag;
 | |
| 
 | |
| 		flag = (
 | |
| 			(ret.word[i] > bignum.word[i] && ret.word[i] > N.word[i]) 
 | |
| 			|| ((ret.word[i] == bignum.word[i] || ret.word[i] == N.word[i]) && flag == 0)
 | |
| 			) ? 0 : 1;
 | |
| 	}
 | |
| 
 | |
| 	ret = Big8wRightShift(ret, 1);
 | |
| 	if (flag) 
 | |
| 		ret.word[7] |= 0x80000000;
 | |
| 	
 | |
| 	return ret;
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief get reverse of bignum under N; implemented with Stein algorithm.  
 | |
|  * Calls: Big8wRightShift, PlusAndRightShiftOne, Big8wEqual, Big8wMinusMod
 | |
|  * 
 | |
|  * @param bignum a big number
 | |
|  * @param N a big prime number
 | |
|  * 
 | |
|  * @return a big number = (bignum)^(-1) mod N
 | |
|  * 
 | |
|  */
 | |
| big8w Big8wReverse(big8w bignum, big8w N)
 | |
| {
 | |
| 	bool flag1, flag2;
 | |
| 	big8w ret, zero, one, x1, y1, x2, y2, temp;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 	memset(zero.word, 0x00, BIG8W_BYTESIZE);
 | |
| 	memset(one.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	one.word[0] = 1;
 | |
| 
 | |
| 	x1 = bignum, y1 = one;
 | |
| 	x2 = N, y2 = zero;
 | |
| 
 | |
| 	while (true){
 | |
| 		flag1 = ((x1.word[0]&1) == 0), flag2 = ((y1.word[0]&1) == 0);
 | |
| 		if (flag1 && flag2) {
 | |
| 			x1 = Big8wRightShift(x1, 1);
 | |
| 			y1 = Big8wRightShift(y1, 1);
 | |
| 		}
 | |
| 		else if (flag1 && !flag2) {
 | |
| 			x1 = Big8wRightShift(x1, 1);
 | |
| 			y1 = PlusAndRightShiftOne(y1, N);
 | |
| 		}
 | |
| 		if (Big8wEqual(&x1, &one))
 | |
| 			return y1;
 | |
| 
 | |
| 		flag1 = ((x2.word[0]&1) == 0), flag2 = ((y2.word[0]&1) == 0);
 | |
| 		if (flag1 && flag2) {
 | |
| 			x2 = Big8wRightShift(x2, 1);
 | |
| 			y2 = Big8wRightShift(y2, 1);
 | |
| 		}
 | |
| 		else if (flag1 && !flag2) {
 | |
| 			x2 = Big8wRightShift(x2, 1);
 | |
| 			y2 = PlusAndRightShiftOne(y2, N);
 | |
| 		}
 | |
| 		if (Big8wEqual(&x2, &one))
 | |
| 			return y2;
 | |
| 
 | |
| 		if (Big8wBigThan(&x1, &x2)) {
 | |
| 			x1 = Big8wMinusMod(x1, x2, N);
 | |
| 			y1 = Big8wMinusMod(y1, y2, N);
 | |
| 			if (Big8wEqual(&x1, &one)) 
 | |
| 				return y1;
 | |
| 		}
 | |
| 		else {
 | |
| 			x2 = Big8wMinusMod(x2, x1, N);
 | |
| 			y2 = Big8wMinusMod(y2, y1, N);
 | |
| 			if (Big8wEqual(&x2, &one))
 | |
| 				return y2;
 | |
| 		}
 | |
| 
 | |
| 	} // end while
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief return bn1 >= bn2
 | |
|  * 
 | |
|  * @param bn1 string of unsigned int, length <= BIGNUMBER_SIZE + 1.
 | |
|  * @param bn2  string of unsigned int, length <= BIGNUMBER_SIZE + 1.
 | |
|  * 
 | |
|  * @return true if bn1 >= bn2; else false
 | |
|  * 
 | |
|  */
 | |
| bool U32CMP(uint32_t* bn1, uint32_t* bn2)
 | |
| {
 | |
| 	int i;
 | |
| 
 | |
| 	for (i = BIGNUMBER_SIZE_8WORD + 1; i; i--) {
 | |
| 		if (bn1[i] > bn2[i]) 
 | |
| 			return true;
 | |
| 		else if (bn1[i] < bn2[i]) 
 | |
| 			return false;
 | |
| 	}
 | |
| 
 | |
| 	return bn1[0] >= bn2[0];
 | |
| }
 | |
| /**
 | |
|  * @brief This function is to compute a big number multiply a unsinged int number.
 | |
|  * 
 | |
|  * @param bignum  big number
 | |
|  * @param elem unsigned int
 | |
|  * @param ret  pointer of a string of unsigned int, length <= BIGNUMBER_SIZE_WORD + 2. store the result.
 | |
|  * 
 | |
|  * @result ret = bignum * elem,
 | |
|  * 
 | |
|  */
 | |
| void Big8wMultNum(big8w bignum, uint32_t elem, uint32_t* ret)
 | |
| {
 | |
| 	char i = 0;
 | |
| 	uint32_t overflow = 0;
 | |
| 	uint64_t temp;
 | |
| 
 | |
| 	memset(ret, 0x00, sizeof(uint32_t) * (BIGNUMBER_SIZE_8WORD + 2));
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++) {
 | |
| 		temp = ((uint64_t)elem * (uint64_t)bignum.word[i]) + (uint64_t)overflow;
 | |
| 		ret[i] = temp;
 | |
| 		overflow = temp >> 32;
 | |
| 	}
 | |
| 
 | |
| 	ret[BIGNUMBER_SIZE_8WORD] = overflow;
 | |
| }
 | |
| /**
 | |
|  * @brief add two unsigned int strings.
 | |
|  * 
 | |
|  * @param bn1 string of unsigned int, lenght < BIGNUMBER_SIZE_8WORD + 2
 | |
|  * @param bn2 string of unsigned int, lenght < BIGNUMBER_SIZE_8WORD + 2
 | |
|  * @param ret string of unsigned int, lenght < BIGNUMBER_SIZE_8WORD + 2, store the result
 | |
|  * 
 | |
|  * @result ret, string of unsigned int
 | |
|  */
 | |
| void U32Add(uint32_t* bn1, uint32_t* bn2, uint32_t* ret)
 | |
| {
 | |
| 	char i;
 | |
| 	bool overflow = 0;
 | |
| 	uint64_t temp;
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD + 2; i++){
 | |
| 		temp = (uint64_t)bn1[i] + (uint64_t)bn2[i] + (uint64_t)overflow;
 | |
| 		ret[i] = temp;
 | |
| 		overflow = temp >> 32;
 | |
| 	}
 | |
| }
 | |
| /**
 | |
|  * @brief two unsigned int strings run minus.
 | |
|  * 
 | |
|  * @param bn1 the first string of unsigned int, lenght <= BIGNUMBER_SIZE_8WORD + 2
 | |
|  * @param bn2 the second string of unsigned int, lenght <= BIGNUMBER_SIZE_8WORD + 2
 | |
|  * @param ret the result string of unsigned int, lenght <= BIGNUMBER_SIZE_8WORD + 2, store the result
 | |
|  * 
 | |
|  * @result ret
 | |
|  */
 | |
| void U32Minus(uint32_t* bn1, uint32_t* bn2, uint32_t* ret)
 | |
| {
 | |
| 	char i;
 | |
| 	bool borrow = 0, newborrow;
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD + 2; i++){
 | |
| 		newborrow = (uint64_t)bn1[i] < ((uint64_t)bn2[i] + borrow);
 | |
| 		ret[i] = bn1[i] - bn2[i] - borrow;
 | |
| 		borrow = newborrow;
 | |
| 	}
 | |
| }
 | |
| /**
 | |
|  *
 | |
|  * @brief Montogery multyply algorithm; Calls: Big8wMultNum, U32CMP, U32Add, U32Minus; Called By: Big8wMultMod
 | |
|  * 		  montmult(bn1, bn2, p) = bn1 * bn2 * (2^(32*8)) mod p
 | |
|  * 
 | |
|  * @param bn1 the first big number 
 | |
|  * @param bn2 the second big number
 | |
|  * @param p big number, the module number
 | |
|  * @param fill unsigned int, precomputed number
 | |
|  * @param ret pointer of a string of unsigned int, store the result
 | |
|  * 
 | |
|  * @result ret
 | |
|  * 
 | |
|  */
 | |
| void Big8wMontMult(big8w bn1, big8w bn2, big8w p, uint32_t fill, uint32_t* ret)
 | |
| {
 | |
| 	int i;
 | |
| 	int numindex = BIGNUMBER_SIZE_8WORD - 1;
 | |
| 	uint32_t temp[BIGNUMBER_SIZE_8WORD + 1 + 1]; // big8w mult uint32_t  and add overflow
 | |
| 	uint32_t elem, time;
 | |
| 
 | |
| 	memset(temp, 0x00, sizeof(uint32_t) * (BIGNUMBER_SIZE_8WORD + 1 + 1));
 | |
| 	memset(ret, 0x00, sizeof(uint32_t) * (BIGNUMBER_SIZE_8WORD + 1 + 1));
 | |
| 
 | |
| 	while (bn2.word[numindex] == 0)
 | |
| 		numindex--;
 | |
| 	if (numindex < 0)
 | |
| 		return;
 | |
| 
 | |
| 	for (numindex = 0; numindex < BIGNUMBER_SIZE_8WORD; numindex++){
 | |
| 		elem = bn2.word[numindex];
 | |
| 		Big8wMultNum(bn1, elem, temp);
 | |
| 		U32Add(temp, ret, ret);
 | |
| 		Big8wMultNum(p, fill*ret[0], temp);
 | |
| 		U32Add(temp, ret, ret);
 | |
| 
 | |
| 		for (i = 0; i < BIGNUMBER_SIZE_8WORD + 1; i++) 
 | |
| 		{ // ret.word[0] = 0,  (ret >> 32) == ret * (2^(-32)) mod p
 | |
| 			ret[i] = ret[i + 1];
 | |
| 		}
 | |
| 		ret[i] = 0;
 | |
| 	}
 | |
| 
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++)
 | |
| 		temp[i] = p.word[i];
 | |
| 	temp[i] = 0, temp[i + 1] = 0;
 | |
| 
 | |
| 	if (U32CMP(ret, temp)) 
 | |
| 		U32Minus(ret, temp, ret);
 | |
| }
 | |
| /**
 | |
|  * 
 | |
|  * @brief  return (bn1*bn2 mod p); call twice Montogery multiply algorithm. Only suitable for sm9, the input big8w p is q or N.
 | |
|  * montmult(A, B, p) = A * B * (2^(-32*8)) mod p, which can be computed fastly.
 | |
|  * so multmod(A, B, p) can be computed by:
 | |
|  * ret = montmult(A, B, p) = A*B*(2^(-256)) mod p
 | |
|  * ret = montmult(ret, 2^(256*2), p) = ret * 2^(256*2) * (2^(-256)) mod p    (computed fastly)
 | |
|  *     = A * B * (2^(-256)) * (2^(256*2)) * (2^(-256)) mod p = A * B mod p   (verify the algorithm)
 | |
|  * N_2k = (2^(256*2)) mod curve.N; q_2k = (2^(256*2)) mod curve.q
 | |
|  * fill = (2^32 - ((p.word[0])^(-1) mod (2^32))).
 | |
|  * fill is precalculated, module number p could be prime number curve.q or curve.N 
 | |
|  * more details see the theory of Montogery multiply algorithm
 | |
|  * 
 | |
|  * @param bn1 the first big number
 | |
|  * @param bn2 the second big number
 | |
|  * @param p big number, the module number.
 | |
|  * 
 | |
|  * @return ret, big number, ret = bn1 * bn2 mod p.
 | |
|  * 
 | |
|  */
 | |
| big8w Big8wMultMod(big8w bn1, big8w bn2, big8w p)
 | |
| {
 | |
| 	bool flag; // to decide use N_2k or q_2k
 | |
| 	char i;
 | |
| 	uint32_t res[BIGNUMBER_SIZE_8WORD + 1 + 1];
 | |
| 	uint32_t fill;
 | |
| 	big8w ret;
 | |
| 
 | |
| 	memset(ret.word, 0x00, BIG8W_BYTESIZE);
 | |
| 
 | |
| 	if (Big8wEqual(&p, &curve.q)){
 | |
| 		fill = qlow_reverse; 
 | |
| 		flag = 1;
 | |
| 	}
 | |
| 	else {
 | |
| 		fill = Nlow_reverse;
 | |
| 		flag = 0;
 | |
| 	}
 | |
| 
 | |
| 	if (Big8wIsZero(&bn1) || Big8wIsZero(&bn2))
 | |
| 		return ret;
 | |
| 
 | |
| 	Big8wMontMult(bn1, bn2, p, fill, res);
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++) 
 | |
| 		ret.word[i] = res[i];
 | |
| 	
 | |
| 	if (flag) 
 | |
| 		Big8wMontMult(ret, q_2k, p, fill, res);
 | |
| 	else 
 | |
| 		Big8wMontMult(ret, N_2k, p, fill, res);
 | |
| 	
 | |
| 	for (i = 0; i < BIGNUMBER_SIZE_8WORD; i++)
 | |
| 		ret.word[i] = res[i];
 | |
| 
 | |
| 	return ret;
 | |
| }
 |