/* mpihelp-mul.c - MPI helper functions
* Modified by No Such Labs. (C) 2015. See README.
*
* This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
* SHA256(gnupg-1.4.10.tar.gz):
* 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
* (C) 1994-2005 Free Software Foundation, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include
#include "knobs.h"
#include "mpi-internal.h"
#include "longlong.h"
#define MPN_MUL_N_RECURSE(prodp, up, vp, size, tspace) \
do { \
if( (size) < KARATSUBA_THRESHOLD ) \
mul_n_basecase (prodp, up, vp, size); \
else \
mul_n (prodp, up, vp, size, tspace); \
} while (0);
#define MPN_SQR_N_RECURSE(prodp, up, size, tspace) \
do { \
if ((size) < KARATSUBA_THRESHOLD) \
mpih_sqr_n_basecase (prodp, up, size); \
else \
mpih_sqr_n (prodp, up, size, tspace); \
} while (0);
/* Multiply the natural numbers u (pointed to by UP) and v (pointed to by VP),
* both with SIZE limbs, and store the result at PRODP. 2 * SIZE limbs are
* always stored. Return the most significant limb.
*
* Argument constraints:
* 1. PRODP != UP and PRODP != VP, i.e. the destination
* must be distinct from the multiplier and the multiplicand.
*
*
* Handle simple cases with traditional multiplication.
*
* This is the most critical code of multiplication. All multiplies rely
* on this, both small and huge. Small ones arrive here immediately. Huge
* ones arrive here as this is the base case for Karatsuba's recursive
* algorithm below.
*/
static mpi_limb_t
mul_n_basecase( mpi_ptr_t prodp, mpi_ptr_t up,
mpi_ptr_t vp, mpi_size_t size)
{
mpi_size_t i;
mpi_limb_t cy;
mpi_limb_t v_limb;
/* Multiply by the first limb in V separately, as the result can be
* stored (not added) to PROD. We also avoid a loop for zeroing. */
v_limb = vp[0];
if( v_limb <= 1 ) {
if( v_limb == 1 )
MPN_COPY( prodp, up, size );
else
MPN_ZERO( prodp, size );
cy = 0;
}
else
cy = mpihelp_mul_1( prodp, up, size, v_limb );
prodp[size] = cy;
prodp++;
/* For each iteration in the outer loop, multiply one limb from
* U with one limb from V, and add it to PROD. */
for( i = 1; i < size; i++ ) {
v_limb = vp[i];
if( v_limb <= 1 ) {
cy = 0;
if( v_limb == 1 )
cy = mpihelp_add_n(prodp, prodp, up, size);
}
else
cy = mpihelp_addmul_1(prodp, up, size, v_limb);
prodp[size] = cy;
prodp++;
}
return cy;
}
static void
mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp,
mpi_size_t size, mpi_ptr_t tspace )
{
if( size & 1 ) {
/* The size is odd, and the code below doesn't handle that.
* Multiply the least significant (size - 1) limbs with a recursive
* call, and handle the most significant limb of S1 and S2
* separately.
* A slightly faster way to do this would be to make the Karatsuba
* code below behave as if the size were even, and let it check for
* odd size in the end. I.e., in essence move this code to the end.
* Doing so would save us a recursive call, and potentially make the
* stack grow a lot less.
*/
mpi_size_t esize = size - 1; /* even size */
mpi_limb_t cy_limb;
MPN_MUL_N_RECURSE( prodp, up, vp, esize, tspace );
cy_limb = mpihelp_addmul_1( prodp + esize, up, esize, vp[esize] );
prodp[esize + esize] = cy_limb;
cy_limb = mpihelp_addmul_1( prodp + esize, vp, size, up[esize] );
prodp[esize + size] = cy_limb;
}
else {
/* Anatolij Alekseevich Karatsuba's divide-and-conquer algorithm.
*
* Split U in two pieces, U1 and U0, such that
* U = U0 + U1*(B**n),
* and V in V1 and V0, such that
* V = V0 + V1*(B**n).
*
* UV is then computed recursively using the identity
*
* 2n n n n
* UV = (B + B )U V + B (U -U )(V -V ) + (B + 1)U V
* 1 1 1 0 0 1 0 0
*
* Where B = 2**BITS_PER_MP_LIMB.
*/
mpi_size_t hsize = size >> 1;
mpi_limb_t cy;
int negflg;
/* Product H. ________________ ________________
* |_____U1 x V1____||____U0 x V0_____|
* Put result in upper part of PROD and pass low part of TSPACE
* as new TSPACE.
*/
MPN_MUL_N_RECURSE(prodp + size, up + hsize, vp + hsize, hsize, tspace);
/* Product M. ________________
* |_(U1-U0)(V0-V1)_|
*/
if( mpihelp_cmp(up + hsize, up, hsize) >= 0 ) {
mpihelp_sub_n(prodp, up + hsize, up, hsize);
negflg = 0;
}
else {
mpihelp_sub_n(prodp, up, up + hsize, hsize);
negflg = 1;
}
if( mpihelp_cmp(vp + hsize, vp, hsize) >= 0 ) {
mpihelp_sub_n(prodp + hsize, vp + hsize, vp, hsize);
negflg ^= 1;
}
else {
mpihelp_sub_n(prodp + hsize, vp, vp + hsize, hsize);
/* No change of NEGFLG. */
}
/* Read temporary operands from low part of PROD.
* Put result in low part of TSPACE using upper part of TSPACE
* as new TSPACE.
*/
MPN_MUL_N_RECURSE(tspace, prodp, prodp + hsize, hsize, tspace + size);
/* Add/copy product H. */
MPN_COPY (prodp + hsize, prodp + size, hsize);
cy = mpihelp_add_n( prodp + size, prodp + size,
prodp + size + hsize, hsize);
/* Add product M (if NEGFLG M is a negative number) */
if(negflg)
cy -= mpihelp_sub_n(prodp + hsize, prodp + hsize, tspace, size);
else
cy += mpihelp_add_n(prodp + hsize, prodp + hsize, tspace, size);
/* Product L. ________________ ________________
* |________________||____U0 x V0_____|
* Read temporary operands from low part of PROD.
* Put result in low part of TSPACE using upper part of TSPACE
* as new TSPACE.
*/
MPN_MUL_N_RECURSE(tspace, up, vp, hsize, tspace + size);
/* Add/copy Product L (twice) */
cy += mpihelp_add_n(prodp + hsize, prodp + hsize, tspace, size);
if( cy )
mpihelp_add_1(prodp + hsize + size, prodp + hsize + size, hsize, cy);
MPN_COPY(prodp, tspace, hsize);
cy = mpihelp_add_n(prodp + hsize, prodp + hsize, tspace + hsize, hsize);
if( cy )
mpihelp_add_1(prodp + size, prodp + size, size, 1);
}
}
void
mpih_sqr_n_basecase( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size )
{
mpi_size_t i;
mpi_limb_t cy_limb;
mpi_limb_t v_limb;
/* Multiply by the first limb in V separately, as the result can be
* stored (not added) to PROD. We also avoid a loop for zeroing. */
v_limb = up[0];
if( v_limb <= 1 ) {
if( v_limb == 1 )
MPN_COPY( prodp, up, size );
else
MPN_ZERO(prodp, size);
cy_limb = 0;
}
else
cy_limb = mpihelp_mul_1( prodp, up, size, v_limb );
prodp[size] = cy_limb;
prodp++;
/* For each iteration in the outer loop, multiply one limb from
* U with one limb from V, and add it to PROD. */
for( i=1; i < size; i++) {
v_limb = up[i];
if( v_limb <= 1 ) {
cy_limb = 0;
if( v_limb == 1 )
cy_limb = mpihelp_add_n(prodp, prodp, up, size);
}
else
cy_limb = mpihelp_addmul_1(prodp, up, size, v_limb);
prodp[size] = cy_limb;
prodp++;
}
}
void
mpih_sqr_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size, mpi_ptr_t tspace)
{
if( size & 1 ) {
/* The size is odd, and the code below doesn't handle that.
* Multiply the least significant (size - 1) limbs with a recursive
* call, and handle the most significant limb of S1 and S2
* separately.
* A slightly faster way to do this would be to make the Karatsuba
* code below behave as if the size were even, and let it check for
* odd size in the end. I.e., in essence move this code to the end.
* Doing so would save us a recursive call, and potentially make the
* stack grow a lot less.
*/
mpi_size_t esize = size - 1; /* even size */
mpi_limb_t cy_limb;
MPN_SQR_N_RECURSE( prodp, up, esize, tspace );
cy_limb = mpihelp_addmul_1( prodp + esize, up, esize, up[esize] );
prodp[esize + esize] = cy_limb;
cy_limb = mpihelp_addmul_1( prodp + esize, up, size, up[esize] );
prodp[esize + size] = cy_limb;
}
else {
mpi_size_t hsize = size >> 1;
mpi_limb_t cy;
/* Product H. ________________ ________________
* |_____U1 x U1____||____U0 x U0_____|
* Put result in upper part of PROD and pass low part of TSPACE
* as new TSPACE.
*/
MPN_SQR_N_RECURSE(prodp + size, up + hsize, hsize, tspace);
/* Product M. ________________
* |_(U1-U0)(U0-U1)_|
*/
if( mpihelp_cmp( up + hsize, up, hsize) >= 0 )
mpihelp_sub_n( prodp, up + hsize, up, hsize);
else
mpihelp_sub_n (prodp, up, up + hsize, hsize);
/* Read temporary operands from low part of PROD.
* Put result in low part of TSPACE using upper part of TSPACE
* as new TSPACE. */
MPN_SQR_N_RECURSE(tspace, prodp, hsize, tspace + size);
/* Add/copy product H */
MPN_COPY(prodp + hsize, prodp + size, hsize);
cy = mpihelp_add_n(prodp + size, prodp + size,
prodp + size + hsize, hsize);
/* Add product M (if NEGFLG M is a negative number). */
cy -= mpihelp_sub_n (prodp + hsize, prodp + hsize, tspace, size);
/* Product L. ________________ ________________
* |________________||____U0 x U0_____|
* Read temporary operands from low part of PROD.
* Put result in low part of TSPACE using upper part of TSPACE
* as new TSPACE. */
MPN_SQR_N_RECURSE (tspace, up, hsize, tspace + size);
/* Add/copy Product L (twice). */
cy += mpihelp_add_n (prodp + hsize, prodp + hsize, tspace, size);
if( cy )
mpihelp_add_1(prodp + hsize + size, prodp + hsize + size,
hsize, cy);
MPN_COPY(prodp, tspace, hsize);
cy = mpihelp_add_n (prodp + hsize, prodp + hsize, tspace + hsize, hsize);
if( cy )
mpihelp_add_1 (prodp + size, prodp + size, size, 1);
}
}
/* This should be made into an inline function in gmp.h. */
void
mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size)
{
int secure;
if( up == vp ) {
if( size < KARATSUBA_THRESHOLD )
mpih_sqr_n_basecase( prodp, up, size );
else {
mpi_ptr_t tspace;
secure = m_is_secure( up );
tspace = mpi_alloc_limb_space( 2 * size, secure );
mpih_sqr_n( prodp, up, size, tspace );
mpi_free_limb_space( tspace );
}
}
else {
if( size < KARATSUBA_THRESHOLD )
mul_n_basecase( prodp, up, vp, size );
else {
mpi_ptr_t tspace;
secure = m_is_secure( up ) || m_is_secure( vp );
tspace = mpi_alloc_limb_space( 2 * size, secure );
mul_n (prodp, up, vp, size, tspace);
mpi_free_limb_space( tspace );
}
}
}
void
mpihelp_mul_karatsuba_case( mpi_ptr_t prodp,
mpi_ptr_t up, mpi_size_t usize,
mpi_ptr_t vp, mpi_size_t vsize,
struct karatsuba_ctx *ctx )
{
mpi_limb_t cy;
if( !ctx->tspace || ctx->tspace_size < vsize ) {
if( ctx->tspace )
mpi_free_limb_space( ctx->tspace );
ctx->tspace = mpi_alloc_limb_space( 2 * vsize,
m_is_secure( up ) || m_is_secure( vp ) );
ctx->tspace_size = vsize;
}
MPN_MUL_N_RECURSE( prodp, up, vp, vsize, ctx->tspace );
prodp += vsize;
up += vsize;
usize -= vsize;
if( usize >= vsize ) {
if( !ctx->tp || ctx->tp_size < vsize ) {
if( ctx->tp )
mpi_free_limb_space( ctx->tp );
ctx->tp = mpi_alloc_limb_space( 2 * vsize, m_is_secure( up )
|| m_is_secure( vp ) );
ctx->tp_size = vsize;
}
do {
MPN_MUL_N_RECURSE( ctx->tp, up, vp, vsize, ctx->tspace );
cy = mpihelp_add_n( prodp, prodp, ctx->tp, vsize );
mpihelp_add_1( prodp + vsize, ctx->tp + vsize, vsize, cy );
prodp += vsize;
up += vsize;
usize -= vsize;
} while( usize >= vsize );
}
if( usize ) {
if( usize < KARATSUBA_THRESHOLD ) {
mpihelp_mul( ctx->tspace, vp, vsize, up, usize );
}
else {
if( !ctx->next ) {
ctx->next = xmalloc_clear( sizeof *ctx );
}
mpihelp_mul_karatsuba_case( ctx->tspace,
vp, vsize,
up, usize,
ctx->next );
}
cy = mpihelp_add_n( prodp, prodp, ctx->tspace, vsize);
mpihelp_add_1( prodp + vsize, ctx->tspace + vsize, usize, cy );
}
}
void
mpihelp_release_karatsuba_ctx( struct karatsuba_ctx *ctx )
{
struct karatsuba_ctx *ctx2;
if( ctx->tp )
mpi_free_limb_space( ctx->tp );
if( ctx->tspace )
mpi_free_limb_space( ctx->tspace );
for( ctx=ctx->next; ctx; ctx = ctx2 ) {
ctx2 = ctx->next;
if( ctx->tp )
mpi_free_limb_space( ctx->tp );
if( ctx->tspace )
mpi_free_limb_space( ctx->tspace );
xfree( ctx );
}
}
/* Multiply the natural numbers u (pointed to by UP, with USIZE limbs)
* and v (pointed to by VP, with VSIZE limbs), and store the result at
* PRODP. USIZE + VSIZE limbs are always stored, but if the input
* operands are normalized. Return the most significant limb of the
* result.
*
* NOTE: The space pointed to by PRODP is overwritten before finished
* with U and V, so overlap is an error.
*
* Argument constraints:
* 1. USIZE >= VSIZE.
* 2. PRODP != UP and PRODP != VP, i.e. the destination
* must be distinct from the multiplier and the multiplicand.
*/
mpi_limb_t
mpihelp_mul( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t usize,
mpi_ptr_t vp, mpi_size_t vsize)
{
mpi_ptr_t prod_endp = prodp + usize + vsize - 1;
mpi_limb_t cy;
struct karatsuba_ctx ctx;
if( vsize < KARATSUBA_THRESHOLD ) {
mpi_size_t i;
mpi_limb_t v_limb;
if( !vsize )
return 0;
/* Multiply by the first limb in V separately, as the result can be
* stored (not added) to PROD. We also avoid a loop for zeroing. */
v_limb = vp[0];
if( v_limb <= 1 ) {
if( v_limb == 1 )
MPN_COPY( prodp, up, usize );
else
MPN_ZERO( prodp, usize );
cy = 0;
}
else
cy = mpihelp_mul_1( prodp, up, usize, v_limb );
prodp[usize] = cy;
prodp++;
/* For each iteration in the outer loop, multiply one limb from
* U with one limb from V, and add it to PROD. */
for( i = 1; i < vsize; i++ ) {
v_limb = vp[i];
if( v_limb <= 1 ) {
cy = 0;
if( v_limb == 1 )
cy = mpihelp_add_n(prodp, prodp, up, usize);
}
else
cy = mpihelp_addmul_1(prodp, up, usize, v_limb);
prodp[usize] = cy;
prodp++;
}
return cy;
}
memset( &ctx, 0, sizeof ctx );
mpihelp_mul_karatsuba_case( prodp, up, usize, vp, vsize, &ctx );
mpihelp_release_karatsuba_ctx( &ctx );
return *prod_endp;
}
/* mpihelp-mul_1.c - MPI helper functions
* Modified by No Such Labs. (C) 2015. See README.
*
* This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
* SHA256(gnupg-1.4.10.tar.gz):
* 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
* (C) 1994-2005 Free Software Foundation, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include "knobs.h"
#include "mpi-internal.h"
#include "longlong.h"
mpi_limb_t
mpihelp_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_limb_t s2_limb)
{
mpi_limb_t cy_limb;
mpi_size_t j;
mpi_limb_t prod_high, prod_low;
/* The loop counter and index J goes from -S1_SIZE to -1. This way
* the loop becomes faster. */
j = -s1_size;
/* Offset the base pointers to compensate for the negative indices. */
s1_ptr -= j;
res_ptr -= j;
cy_limb = 0;
do {
umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb );
prod_low += cy_limb;
cy_limb = (prod_low < cy_limb?1:0) + prod_high;
res_ptr[j] = prod_low;
} while( ++j );
return cy_limb;
}
/* mpihelp-mul_2.c - MPI helper functions
* Modified by No Such Labs. (C) 2015. See README.
*
* This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
* SHA256(gnupg-1.4.10.tar.gz):
* 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
* (C) 1994-2005 Free Software Foundation, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include "knobs.h"
#include "mpi-internal.h"
#include "longlong.h"
mpi_limb_t
mpihelp_addmul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb)
{
mpi_limb_t cy_limb;
mpi_size_t j;
mpi_limb_t prod_high, prod_low;
mpi_limb_t x;
/* The loop counter and index J goes from -SIZE to -1. This way
* the loop becomes faster. */
j = -s1_size;
res_ptr -= j;
s1_ptr -= j;
cy_limb = 0;
do {
umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb );
prod_low += cy_limb;
cy_limb = (prod_low < cy_limb?1:0) + prod_high;
x = res_ptr[j];
prod_low = x + prod_low;
cy_limb += prod_low < x?1:0;
res_ptr[j] = prod_low;
} while ( ++j );
return cy_limb;
}
/* mpihelp-mul_3.c - MPI helper functions
* Modified by No Such Labs. (C) 2015. See README.
*
* This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
* SHA256(gnupg-1.4.10.tar.gz):
* 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
* (C) 1994-2005 Free Software Foundation, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include "knobs.h"
#include "mpi-internal.h"
#include "longlong.h"
mpi_limb_t
mpihelp_submul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb)
{
mpi_limb_t cy_limb;
mpi_size_t j;
mpi_limb_t prod_high, prod_low;
mpi_limb_t x;
/* The loop counter and index J goes from -SIZE to -1. This way
* the loop becomes faster. */
j = -s1_size;
res_ptr -= j;
s1_ptr -= j;
cy_limb = 0;
do {
umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb);
prod_low += cy_limb;
cy_limb = (prod_low < cy_limb?1:0) + prod_high;
x = res_ptr[j];
prod_low = x - prod_low;
cy_limb += prod_low > x?1:0;
res_ptr[j] = prod_low;
} while( ++j );
return cy_limb;
}
/* mpi-mul.c - MPI functions
* Modified by No Such Labs. (C) 2015. See README.
*
* This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
* SHA256(gnupg-1.4.10.tar.gz):
* 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
* (C) 1994-2005 Free Software Foundation, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include "knobs.h"
#include "mpi-internal.h"
void
mpi_mul_ui( MPI prod, MPI mult, unsigned long small_mult )
{
mpi_size_t size, prod_size;
mpi_ptr_t prod_ptr;
mpi_limb_t cy;
int sign;
size = mult->nlimbs;
sign = mult->sign;
if( !size || !small_mult ) {
prod->nlimbs = 0;
prod->sign = 0;
return;
}
prod_size = size + 1;
if( prod->alloced < prod_size )
mpi_resize( prod, prod_size );
prod_ptr = prod->d;
cy = mpihelp_mul_1( prod_ptr, mult->d, size, (mpi_limb_t)small_mult );
if( cy )
prod_ptr[size++] = cy;
prod->nlimbs = size;
prod->sign = sign;
}
void
mpi_mul_2exp( MPI w, MPI u, unsigned long cnt)
{
mpi_size_t usize, wsize, limb_cnt;
mpi_ptr_t wp;
mpi_limb_t wlimb;
int usign, wsign;
usize = u->nlimbs;
usign = u->sign;
if( !usize ) {
w->nlimbs = 0;
w->sign = 0;
return;
}
limb_cnt = cnt / BITS_PER_MPI_LIMB;
wsize = usize + limb_cnt + 1;
if( w->alloced < wsize )
mpi_resize(w, wsize );
wp = w->d;
wsize = usize + limb_cnt;
wsign = usign;
cnt %= BITS_PER_MPI_LIMB;
if( cnt ) {
wlimb = mpihelp_lshift( wp + limb_cnt, u->d, usize, cnt );
if( wlimb ) {
wp[wsize] = wlimb;
wsize++;
}
}
else {
MPN_COPY_DECR( wp + limb_cnt, u->d, usize );
}
/* Zero all whole limbs at low end. Do it here and not before calling
* mpn_lshift, not to lose for U == W. */
MPN_ZERO( wp, limb_cnt );
w->nlimbs = wsize;
w->sign = wsign;
}
void
mpi_mul( MPI w, MPI u, MPI v)
{
mpi_size_t usize, vsize, wsize;
mpi_ptr_t up, vp, wp;
mpi_limb_t cy;
int usign, vsign, usecure, vsecure, sign_product;
int assign_wp=0;
mpi_ptr_t tmp_limb=NULL;
if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */
usize = v->nlimbs;
usign = v->sign;
usecure = mpi_is_secure(v);
up = v->d;
vsize = u->nlimbs;
vsign = u->sign;
vsecure = mpi_is_secure(u);
vp = u->d;
}
else {
usize = u->nlimbs;
usign = u->sign;
usecure = mpi_is_secure(u);
up = u->d;
vsize = v->nlimbs;
vsign = v->sign;
vsecure = mpi_is_secure(v);
vp = v->d;
}
sign_product = usign ^ vsign;
wp = w->d;
/* Ensure W has space enough to store the result. */
wsize = usize + vsize;
if ( !mpi_is_secure (w) && (mpi_is_secure (u) || mpi_is_secure (v)) ) {
/* w is not allocated in secure space but u or v is. To make sure
* that no temporray results are stored in w, we temporary use
* a newly allocated limb space for w */
wp = mpi_alloc_limb_space( wsize, 1 );
assign_wp = 2; /* mark it as 2 so that we can later copy it back to
* mormal memory */
}
else if( w->alloced < wsize ) {
if( wp == up || wp == vp ) {
wp = mpi_alloc_limb_space( wsize, mpi_is_secure(w) );
assign_wp = 1;
}
else {
mpi_resize(w, wsize );
wp = w->d;
}
}
else { /* Make U and V not overlap with W. */
if( wp == up ) {
/* W and U are identical. Allocate temporary space for U. */
up = tmp_limb = mpi_alloc_limb_space( usize, usecure );
/* Is V identical too? Keep it identical with U. */
if( wp == vp )
vp = up;
/* Copy to the temporary space. */
MPN_COPY( up, wp, usize );
}
else if( wp == vp ) {
/* W and V are identical. Allocate temporary space for V. */
vp = tmp_limb = mpi_alloc_limb_space( vsize, vsecure );
/* Copy to the temporary space. */
MPN_COPY( vp, wp, vsize );
}
}
if( !vsize )
wsize = 0;
else {
cy = mpihelp_mul( wp, up, usize, vp, vsize );
wsize -= cy? 0:1;
}
if( assign_wp ) {
if (assign_wp == 2) {
/* copy the temp wp from secure memory back to normal memory */
mpi_ptr_t tmp_wp = mpi_alloc_limb_space (wsize, 0);
MPN_COPY (tmp_wp, wp, wsize);
mpi_free_limb_space (wp);
wp = tmp_wp;
}
mpi_assign_limb_space( w, wp, wsize );
}
w->nlimbs = wsize;
w->sign = sign_product;
if( tmp_limb )
mpi_free_limb_space( tmp_limb );
}
void
mpi_mulm( MPI w, MPI u, MPI v, MPI m)
{
mpi_mul(w, u, v);
mpi_fdiv_r( w, w, m );
}