首頁 探索 說明
登入
HSD
/
putty
镜像来自 https://git.tartarus.org/simon/putty.git
關註 1
讚好 0
複刻 0
檔案
目錄樹: 6ec424059c
分支列表 標籤列表
putty
/
crypto
/
smallmoduli.h

smallmoduli.h 2.0 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. /*
    2. 

  2.  * Shared code between algorithms whose state consists of a large
    3. 

  3.  * collection of residues mod a small prime.
    4. 

  4.  */
    5. 

  5. 

  6. /*
    7. 

  7.  * We need to do modular arithmetic on small values (considerably
    8. 

  8.  * smaller than 2^16), and we need to do it without using integer
    9. 

  9.  * division which might not be time-safe. Input values might not fit
    10. 

  10.  * in a 16-bit int, because we'll also be multiplying mod q.
    11. 

  11.  *
    12. 

  12.  * The strategy for this is the same as I used in
    13. 

  13.  * mp_mod_known_integer: see there for the proofs. The basic idea is
    14. 

  14.  * that we precompute the reciprocal of our modulus as a fixed-point
    15. 

  15.  * number, and use that to get an approximate quotient which we
    16. 

  16.  * subtract off. For these integer sizes, precomputing a fixed-point
    17. 

  17.  * reciprocal of the form (2^48 / modulus) leaves us at most off by 1
    18. 

  18.  * in the quotient, so there's a single (time-safe) trial subtraction
    19. 

  19.  * at the end.
    20. 

  20.  *
    21. 

  21.  * (It's possible that some speed could be gained by not reducing
    22. 

  22.  * fully at every step. But then you'd have to carefully identify all
    23. 

  23.  * the places in the algorithm where things are compared to zero. This
    24. 

  24.  * was the easiest way to get it all working in the first place.)
    25. 

  25.  */
    26. 

  26. 

  27. /* Precompute the reciprocal */
    28. 

  28. static inline uint64_t reciprocal_for_reduction(uint16_t q)
    29. 

  29. {
    30. 

  30.     return ((uint64_t)1 << 48) / q;
    31. 

  31. }
    32. 

  32. 

  33. /* Reduce x mod q, assuming qrecip == reciprocal_for_reduction(q) */
    34. 

  34. static inline uint16_t reduce(uint32_t x, uint16_t q, uint64_t qrecip)
    35. 

  35. {
    36. 

  36.     uint64_t unshifted_quot = x * qrecip;
    37. 

  37.     uint64_t quot = unshifted_quot >> 48;
    38. 

  38.     uint16_t reduced = x - quot * q;
    39. 

  39.     reduced -= q * (1 & ((q-1 - reduced) >> 15));
    40. 

  40.     return reduced;
    41. 

  41. }
    42. 

  42. 

  43. /* Reduce x mod q as above, but also return the quotient */
    44. 

  44. static inline uint16_t reduce_with_quot(uint32_t x, uint32_t *quot_out,
    45. 

  45.                                         uint16_t q, uint64_t qrecip)
    46. 

  46. {
    47. 

  47.     uint64_t unshifted_quot = x * qrecip;
    48. 

  48.     uint64_t quot = unshifted_quot >> 48;
    49. 

  49.     uint16_t reduced = x - quot * q;
    50. 

  50.     uint64_t extraquot = (1 & ((q-1 - reduced) >> 15));
    51. 

  51.     reduced -= extraquot * q;
    52. 

  52.     *quot_out = quot + extraquot;
    53. 

  53.     return reduced;
    54. 

  54. }
    55. 

  55.