diff options
Diffstat (limited to 'crypto/bn/test.c')
-rw-r--r-- | crypto/bn/test.c | 252 |
1 files changed, 252 insertions, 0 deletions
diff --git a/crypto/bn/test.c b/crypto/bn/test.c new file mode 100644 index 0000000000..e23f21583f --- /dev/null +++ b/crypto/bn/test.c @@ -0,0 +1,252 @@ +#include <stdio.h> +#include "cryptlib.h" +#include "bn_lcl.h" + +#define SIZE 32 + +#define BN_MONT_CTX_set bn_mcs +#define BN_from_montgomery bn_fm +#define BN_mod_mul_montgomery bn_mmm +#undef BN_to_montgomery +#define BN_to_montgomery(r,a,mont,ctx) bn_mmm(\ + r,a,(mont)->RR,(mont),ctx) + +main() + { + BIGNUM prime,a,b,r,A,B,R; + BN_MONT_CTX *mont; + BN_CTX *ctx; + int i; + + ctx=BN_CTX_new(); + BN_init(&prime); + BN_init(&a); BN_init(&b); BN_init(&r); + BN_init(&A); BN_init(&B); BN_init(&R); + + BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL); + BN_rand(&A,SIZE,1,0); + BN_rand(&B,SIZE,1,0); + BN_mod(&A,&A,&prime,ctx); + BN_mod(&B,&B,&prime,ctx); + + i=A.top; + BN_mul(&R,&A,&B,ctx); + BN_mask_bits(&R,i*BN_BITS2); + + + BN_print_fp(stdout,&A); printf(" <- a\n"); + BN_print_fp(stdout,&B); printf(" <- b\n"); + BN_mul_high(&r,&A,&B,&R,i); + BN_print_fp(stdout,&r); printf(" <- high(BA*DC)\n"); + + BN_mask_bits(&A,i*32); + BN_mask_bits(&B,i*32); + + BN_mul(&R,&A,&B); + BN_rshift(&R,&R,i*32); + BN_print_fp(stdout,&R); printf(" <- norm BA*DC\n"); + BN_sub(&R,&R,&r); + BN_print_fp(stdout,&R); printf(" <- diff\n"); + } + +#if 0 +int bn_mul_high(r,a,b,low,words) +BIGNUM *r,*a,*b,*low; +int words; + { + int i; + BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1; + + BN_init(&al); BN_init(&ah); + BN_init(&bl); BN_init(&bh); + BN_init(&t1); BN_init(&t2); BN_init(&t3); + BN_init(&s0); BN_init(&s1); + BN_init(&h); BN_init(&m); + + i=a->top; + if (i >= words) + { + al.top=words; + ah.top=a->top-words; + ah.d= &(a->d[ah.top]); + } + else + al.top=i; + al.d=a->d; + + i=b->top; + if (i >= words) + { + bl.top=words; + bh.top=i-words; + bh.d= &(b->d[bh.top]); + } + else + bl.top=i; + bl.d=b->d; + + i=low->top; + if (i >= words) + { + s0.top=words; + s1.top=i-words; + s1.d= &(low->d[s1.top]); + } + else + s0.top=i; + s0.d=low->d; + +al.max=al.top; ah.max=ah.top; +bl.max=bl.top; bh.max=bh.top; +s0.max=bl.top; s1.max=bh.top; + + /* Calculate (al-ah)*(bh-bl) */ + BN_sub(&t1,&al,&ah); + BN_sub(&t2,&bh,&bl); + BN_mul(&m,&t1,&t2); + + /* Calculate ah*bh */ + BN_mul(&h,&ah,&bh); + + /* s0 == low(al*bl) + * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) + * We know s0 and s1 so the only unknown is high(al*bl) + * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0) + */ + BN_add(&m,&m,&h); + BN_add(&t2,&m,&s0); + /* Quick and dirty mask off of high words */ + t3.d=t2.d; + t3.top=(t2.top > words)?words:t2.top; + t3.neg=t2.neg; +t3.max=t3.top; +// BN_print_fp(stdout,&s1); printf(" s1\n"); +// BN_print_fp(stdout,&t2); printf(" middle value\n"); +// BN_print_fp(stdout,&t3); printf(" low middle value\n"); + BN_sub(&t1,&s1,&t3); + + if (t1.neg) + { +//printf("neg fixup\n"); //BN_print_fp(stdout,&t1); printf(" before\n"); + BN_lshift(&t2,BN_value_one(),words*32); + BN_add(&t1,&t2,&t1); + BN_mask_bits(&t1,words*32); +// BN_print_fp(stdout,&t1); printf(" after\n"); + } + /* al*bl == high(al*bl)<<words+s0 */ + BN_lshift(&t1,&t1,words*32); + BN_add(&t1,&t1,&s0); + + /* We now have + * al*bl - t1 + * (al-ah)*(bh-bl)+ah*bh - m + * ah*bh - h + */ + BN_copy(r,&t1); + BN_mask_bits(r,words*32*2); + + /*BN_lshift(&m,&m,words*/ + + BN_free(&t1); BN_free(&t2); + BN_free(&m); BN_free(&h); + } + +int BN_mod_mul_montgomery(r,a,b,mont,ctx) +BIGNUM *r,*a,*b; +BN_MONT_CTX *mont; +BN_CTX *ctx; + { + BIGNUM *tmp; + + tmp= &(ctx->bn[ctx->tos++]); + + if (a == b) + { + if (!BN_sqr(tmp,a,ctx)) goto err; + } + else + { + if (!BN_mul(tmp,a,b)) goto err; + } + /* reduce from aRR to aR */ + if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; + ctx->tos--; + return(1); +err: + return(0); + } + +int BN_from_montgomery(r,a,mont,ctx) +BIGNUM *r; +BIGNUM *a; +BN_MONT_CTX *mont; +BN_CTX *ctx; + { + BIGNUM z1; + BIGNUM *t1,*t2; + BN_ULONG *ap,*bp,*rp; + int j,i,bl,al; + + BN_init(&z1); + t1= &(ctx->bn[ctx->tos]); + t2= &(ctx->bn[ctx->tos+1]); + + if (!BN_copy(t1,a)) goto err; + /* can cheat */ + BN_mask_bits(t1,mont->ri); + if (!BN_mul(t2,t1,mont->Ni)) goto err; + BN_mask_bits(t2,mont->ri); + + if (!BN_mul(t1,t2,mont->N)) goto err; + if (!BN_add(t2,t1,a)) goto err; + + /* At this point, t2 has the bottom ri bits set to zero. + * This means that the bottom ri bits == the 1^ri minus the bottom + * ri bits of a. + * This means that only the bits above 'ri' in a need to be added, + * and XXXXXXXXXXXXXXXXXXXXXXXX + */ +BN_print_fp(stdout,t2); printf("\n"); + BN_rshift(r,t2,mont->ri); + + if (BN_ucmp(r,mont->N) >= 0) + BN_usub(r,r,mont->N); + + return(1); +err: + return(0); + } + +int BN_MONT_CTX_set(mont,mod,ctx) +BN_MONT_CTX *mont; +BIGNUM *mod; +BN_CTX *ctx; + { + BIGNUM *Ri=NULL,*R=NULL; + + if (mont->RR == NULL) mont->RR=BN_new(); + if (mont->N == NULL) mont->N=BN_new(); + + R=mont->RR; /* grab RR as a temp */ + BN_copy(mont->N,mod); /* Set N */ + + mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; + BN_lshift(R,BN_value_one(),mont->ri); /* R */ + if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */ + BN_lshift(Ri,Ri,mont->ri); /* R*Ri */ + BN_usub(Ri,Ri,BN_value_one()); /* R*Ri - 1 */ + BN_div(Ri,NULL,Ri,mod,ctx); + if (mont->Ni != NULL) BN_free(mont->Ni); + mont->Ni=Ri; /* Ni=(R*Ri-1)/N */ + + /* setup RR for conversions */ + BN_lshift(mont->RR,BN_value_one(),mont->ri*2); + BN_mod(mont->RR,mont->RR,mont->N,ctx); + + return(1); +err: + return(0); + } + + +#endif |