136 lines
2.9 KiB
C
136 lines
2.9 KiB
C
#include <stdio.h>
|
|
#include "cryptlib.h"
|
|
#include "bn_lcl.h"
|
|
|
|
#undef BN_MUL_HIGH_DEBUG
|
|
|
|
#ifdef BN_MUL_HIGH_DEBUG
|
|
#define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
|
|
#else
|
|
#define debug_BN_print(a,b,c)
|
|
#endif
|
|
|
|
int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
|
|
|
|
#undef t1
|
|
#undef t2
|
|
|
|
int BN_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
|
|
{
|
|
int w2,borrow=0,full=0;
|
|
BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
|
|
BN_ULONG ul1,ul2;
|
|
|
|
BN_mul(r,a,b);
|
|
BN_rshift(r,r,words*BN_BITS2);
|
|
return(1);
|
|
|
|
w2=(words+1)/2;
|
|
|
|
#ifdef BN_MUL_HIGH_DEBUG
|
|
fprintf(stdout,"words=%d w2=%d\n",words,w2);
|
|
#endif
|
|
debug_BN_print(stdout,a," a\n");
|
|
debug_BN_print(stdout,b," b\n");
|
|
debug_BN_print(stdout,low," low\n");
|
|
BN_init(&al); BN_init(&ah);
|
|
BN_init(&bl); BN_init(&bh);
|
|
BN_init(&t1); BN_init(&t2); BN_init(&t3);
|
|
BN_init(&s0); BN_init(&s1);
|
|
BN_init(&h); BN_init(&m);
|
|
|
|
bn_set_low (&al,a,w2);
|
|
bn_set_high(&ah,a,w2);
|
|
bn_set_low (&bl,b,w2);
|
|
bn_set_high(&bh,b,w2);
|
|
|
|
bn_set_low(&s0,low,w2);
|
|
bn_set_high(&s1,low,w2);
|
|
|
|
debug_BN_print(stdout,&al," al\n");
|
|
debug_BN_print(stdout,&ah," ah\n");
|
|
debug_BN_print(stdout,&bl," bl\n");
|
|
debug_BN_print(stdout,&bh," bh\n");
|
|
debug_BN_print(stdout,&s0," s0\n");
|
|
debug_BN_print(stdout,&s1," s1\n");
|
|
|
|
/* Calculate (al-ah)*(bh-bl) */
|
|
BN_sub(&t1,&al,&ah);
|
|
BN_sub(&t2,&bh,&bl);
|
|
BN_mul(&m,&t1,&t2);
|
|
|
|
/* Calculate ah*bh */
|
|
BN_mul(&h,&ah,&bh);
|
|
|
|
/* s0 == low(al*bl)
|
|
* s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
|
|
* We know s0 and s1 so the only unknown is high(al*bl)
|
|
* high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
|
|
*/
|
|
BN_add(&m,&m,&h);
|
|
BN_add(&t2,&m,&s0);
|
|
|
|
debug_BN_print(stdout,&t2," middle value\n");
|
|
|
|
/* Quick and dirty mask off of high words */
|
|
if (w2 < t2.top) t2.top=w2;
|
|
#if 0
|
|
bn_set_low(&t3,&t2,w2);
|
|
#endif
|
|
|
|
debug_BN_print(stdout,&t2," low middle value\n");
|
|
BN_sub(&t1,&s1,&t2);
|
|
|
|
if (t1.neg)
|
|
{
|
|
debug_BN_print(stdout,&t1," before\n");
|
|
BN_zero(&t2);
|
|
BN_set_bit(&t2,w2*BN_BITS2);
|
|
BN_add(&t1,&t2,&t1);
|
|
/* BN_mask_bits(&t1,w2*BN_BITS2); */
|
|
/* if (words < t1.top) t1.top=words; */
|
|
debug_BN_print(stdout,&t1," after\n");
|
|
borrow=1;
|
|
}
|
|
|
|
/* XXXXX SPEED THIS UP */
|
|
/* al*bl == high(al*bl)<<words+s0 */
|
|
BN_lshift(&t1,&t1,w2*BN_BITS2);
|
|
BN_add(&t1,&t1,&s0);
|
|
if (w2*2 < t1.top) t1.top=w2*2; /* This should not happen? */
|
|
|
|
/* We now have
|
|
* al*bl - t1
|
|
* (al-ah)*(bh-bl)+ah*bh - m
|
|
* ah*bh - h
|
|
*/
|
|
#if 0
|
|
BN_add(&m,&m,&t1);
|
|
debug_BN_print(stdout,&t1," s10\n");
|
|
debug_BN_print(stdout,&m," s21\n");
|
|
debug_BN_print(stdout,&h," s32\n");
|
|
BN_lshift(&m,&m,w2*BN_BITS2);
|
|
BN_lshift(&h,&h,w2*2*BN_BITS2);
|
|
BN_add(r,&m,&t1);
|
|
BN_add(r,r,&h);
|
|
BN_rshift(r,r,w2*2*BN_BITS2);
|
|
#else
|
|
BN_add(&m,&m,&t1); /* Do a cmp then +1 if needed? */
|
|
bn_set_high(&t3,&t1,w2);
|
|
BN_add(&m,&m,&t3);
|
|
bn_set_high(&t3,&m,w2);
|
|
BN_add(r,&h,&t3);
|
|
#endif
|
|
|
|
#ifdef BN_MUL_HIGH_DEBUG
|
|
printf("carry=%d\n",borrow);
|
|
#endif
|
|
debug_BN_print(stdout,r," ret\n");
|
|
BN_free(&t1); BN_free(&t2);
|
|
BN_free(&m); BN_free(&h);
|
|
return(1);
|
|
}
|
|
|
|
|
|
|