/* *********************************************************************

 *

 * Sun elects to have this file available under and governed by the

 * Mozilla Public License Version 1.1 ("MPL") (see

 * http://www.mozilla.org/MPL/ for full license text). For the avoidance

 * of doubt and subject to the following, Sun also elects to allow

 * licensees to use this file under the MPL, the GNU General Public

 * License version 2 only or the Lesser General Public License version

 * 2.1 only. Any references to the "GNU General Public License version 2

 * or later" or "GPL" in the following shall be construed to mean the

 * GNU General Public License version 2 only. Any references to the "GNU

 * Lesser General Public License version 2.1 or later" or "LGPL" in the

 * following shall be construed to mean the GNU Lesser General Public

 * License version 2.1 only. However, the following notice accompanied

 * the original version of this file:

 *

 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

 *

 * The contents of this file are subject to the Mozilla Public License Version

 * 1.1 (the "License"); you may not use this file except in compliance with

 * the License. You may obtain a copy of the License at

 * http://www.mozilla.org/MPL/

 *

 * Software distributed under the License is distributed on an "AS IS" basis,

 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

 * for the specific language governing rights and limitations under the

 * License.

 *

 * The Original Code is the Netscape security libraries.

 *

 * The Initial Developer of the Original Code is

 * Netscape Communications Corporation.

 * Portions created by the Initial Developer are Copyright (C) 2000

 * the Initial Developer. All Rights Reserved.

 *

 * Contributor(s):

 *   Sheueling Chang Shantz <sheueling.chang@sun.com>,

 *   Stephen Fung <stephen.fung@sun.com>, and

 *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.

 *

 * Alternatively, the contents of this file may be used under the terms of

 * either the GNU General Public License Version 2 or later (the "GPL"), or

 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),

 * in which case the provisions of the GPL or the LGPL are applicable instead

 * of those above. If you wish to allow use of your version of this file only

 * under the terms of either the GPL or the LGPL, and not to allow others to

 * use your version of this file under the terms of the MPL, indicate your

 * decision by deleting the provisions above and replace them with the notice

 * and other provisions required by the GPL or the LGPL. If you do not delete

 * the provisions above, a recipient may use your version of this file under

 * the terms of any one of the MPL, the GPL or the LGPL.

 *

 *********************************************************************** */

/*

 * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.

 * Use is subject to license terms.

 */

#pragma ident   "%Z%%M% %I%     %E% SMI"

/* $Id: mpmontg.c,v 1.20 2006/08/29 02:41:38 nelson%bolyard.com Exp $ */

/* This file implements moduluar exponentiation using Montgomery's

 * method for modular reduction.  This file implements the method

 * described as "Improvement 1" in the paper "A Cryptogrpahic Library for

 * the Motorola DSP56000" by Stephen R. Dusse' and Burton S. Kaliski Jr.

 * published in "Advances in Cryptology: Proceedings of EUROCRYPT '90"

 * "Lecture Notes in Computer Science" volume 473, 1991, pg 230-244,

 * published by Springer Verlag.

 */

#define MP_USING_CACHE_SAFE_MOD_EXP 1

#ifndef _KERNEL

#include <string.h>

#include <stddef.h> /* ptrdiff_t */

#endif

#include "mpi-priv.h"

#include "mplogic.h"

#include "mpprime.h"

#ifdef MP_USING_MONT_MULF

#include "montmulf.h"

#endif

/* if MP_CHAR_STORE_SLOW is defined, we  */

/* need to know endianness of this platform. */

#ifdef MP_CHAR_STORE_SLOW

#if !defined(MP_IS_BIG_ENDIAN) && !defined(MP_IS_LITTLE_ENDIAN)

#error "You must define MP_IS_BIG_ENDIAN or MP_IS_LITTLE_ENDIAN\n" \

       "  if you define MP_CHAR_STORE_SLOW."

#endif

#endif

#ifndef STATIC

#define STATIC

#endif

#define MAX_ODD_INTS    32   /* 2 ** (WINDOW_BITS - 1) */

#ifndef _KERNEL

#if defined(_WIN32_WCE)

#define ABORT  res = MP_UNDEF; goto CLEANUP

#else

#define ABORT abort()

#endif

#else

#define ABORT  res = MP_UNDEF; goto CLEANUP

#endif /* _KERNEL */

/* computes T = REDC(T), 2^b == R */

mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm)

{

  mp_err res;

  mp_size i;

  i = MP_USED(T) + MP_USED(&mmm->N) + 2;

  MP_CHECKOK( s_mp_pad(T, i) );

  for (i = 0; i < MP_USED(&mmm->N); ++i ) {

    mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;

    /* T += N * m_i * (MP_RADIX ** i); */

    MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) );

  }

  s_mp_clamp(T);

  /* T /= R */

  s_mp_div_2d(T, mmm->b);

  if ((res = s_mp_cmp(T, &mmm->N)) >= 0) {

    /* T = T - N */

    MP_CHECKOK( s_mp_sub(T, &mmm->N) );

#ifdef DEBUG

    if ((res = mp_cmp(T, &mmm->N)) >= 0) {

      res = MP_UNDEF;

      goto CLEANUP;

    }

#endif

  }

  res = MP_OKAY;

CLEANUP:

  return res;

}

#if !defined(MP_ASSEMBLY_MUL_MONT) && !defined(MP_MONT_USE_MP_MUL)

mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,

                   mp_mont_modulus *mmm)

{

  mp_digit *pb;

  mp_digit m_i;

  mp_err   res;

  mp_size  ib;

  mp_size  useda, usedb;

  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);

  if (MP_USED(a) < MP_USED(b)) {

    const mp_int *xch = b;      /* switch a and b, to do fewer outer loops */

    b = a;

    a = xch;

  }

  MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;

  ib = MP_USED(a) + MP_MAX(MP_USED(b), MP_USED(&mmm->N)) + 2;

  if((res = s_mp_pad(c, ib)) != MP_OKAY)

    goto CLEANUP;

  useda = MP_USED(a);

  pb = MP_DIGITS(b);

  s_mpv_mul_d(MP_DIGITS(a), useda, *pb++, MP_DIGITS(c));

  s_mp_setz(MP_DIGITS(c) + useda + 1, ib - (useda + 1));

  m_i = MP_DIGIT(c, 0) * mmm->n0prime;

  s_mp_mul_d_add_offset(&mmm->N, m_i, c, 0);

  /* Outer loop:  Digits of b */

  usedb = MP_USED(b);

  for (ib = 1; ib < usedb; ib++) {

    mp_digit b_i    = *pb++;

    /* Inner product:  Digits of a */

    if (b_i)

      s_mpv_mul_d_add_prop(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);

    m_i = MP_DIGIT(c, ib) * mmm->n0prime;

    s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);

  }

  if (usedb < MP_USED(&mmm->N)) {

    for (usedb = MP_USED(&mmm->N); ib < usedb; ++ib ) {

      m_i = MP_DIGIT(c, ib) * mmm->n0prime;

      s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);

    }

  }

  s_mp_clamp(c);

  s_mp_div_2d(c, mmm->b);

  if (s_mp_cmp(c, &mmm->N) >= 0) {

    MP_CHECKOK( s_mp_sub(c, &mmm->N) );

  }

  res = MP_OKAY;

CLEANUP:

  return res;

}

#endif