// initializes the private variables (throws CryptographicException)
private void Initialize(BigInteger p, BigInteger g, BigInteger x, int secretLen, bool checkInput) {
if (!p.isProbablePrime() || g <= 0 || g >= p || (x != null && (x <= 0 || x > p - 2)))
throw new CryptographicException();
// default is to generate a number as large as the prime this
// is usually overkill, but it's the most secure thing we can
// do if the user doesn't specify a desired secret length ...
if (secretLen == 0)
secretLen = p.bitCount();
m_P = p;
m_G = g;
if (x == null) {
BigInteger pm1 = m_P - 1;
for(m_X = BigInteger.genRandom(secretLen); m_X >= pm1 || m_X == 0; m_X = BigInteger.genRandom(secretLen)) {}
} else {
m_X = x;
}
}
public BigInteger EvenPow(BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger((BigInteger)1, mod.length << 1);
BigInteger tempNum = new BigInteger(b % mod, mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint totalBits = (uint)exp.bitCount();
uint[] wkspace = new uint[mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++)
{
if (exp.testBit(pos))
{
Array.Clear(wkspace, 0, wkspace.Length);
Kernel.Multiply(resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint[] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
BarrettReduction(resultNum);
}
Kernel.SquarePositive(tempNum, ref wkspace);
BarrettReduction(tempNum);
if (tempNum == 1)
{
return resultNum;
}
}
return resultNum;
}
private unsafe BigInteger OddModTwoPow(BigInteger exp)
{
uint[] wkspace = new uint[mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont((BigInteger)2, this.mod);
resultNum = new BigInteger(resultNum, mod.length << 1 + 1);
uint mPrime = Montgomery.Inverse(mod.data[0]);
//
// TODO: eat small bits, the ones we can do with no modular reduction
//
uint pos = (uint)exp.bitCount() - 2;
do
{
Kernel.SquarePositive(resultNum, ref wkspace);
resultNum = Montgomery.Reduce(resultNum, mod, mPrime);
if (exp.testBit(pos))
{
//
// resultNum = (resultNum * 2) % mod
//
fixed (uint* u = resultNum.data)
{
//
// Double
//
uint* uu = u;
uint* uuE = u + resultNum.length;
uint x, carry = 0;
while (uu < uuE)
{
x = *uu;
*uu = (x << 1) | carry;
carry = x >> (32 - 1);
uu++;
}
// subtraction inlined because we know it is square
if (carry != 0 || resultNum >= mod)
{
fixed (uint* s = mod.data)
{
uu = u;
uint c = 0;
uint* ss = s;
do
{
uint a = *ss++;
if (((a += c) < c) | ((*(uu++) -= a) > ~a))
c = 1;
else
c = 0;
} while (uu < uuE);
}
}
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce(resultNum, mod, mPrime);
return resultNum;
}
private unsafe BigInteger EvenPow(uint b, BigInteger exp)
{
exp.Normalize();
uint[] wkspace = new uint[mod.length << 1 + 1];
BigInteger resultNum = new BigInteger((BigInteger)b, mod.length << 1 + 1);
uint pos = (uint)exp.bitCount() - 2;
//
// We know that the first itr will make the val b
//
do
{
//
// r = r ^ 2 % m
//
Kernel.SquarePositive(resultNum, ref wkspace);
if (!(resultNum.length < mod.length))
BarrettReduction(resultNum);
if (exp.testBit(pos))
{
//
// r = r * b % m
//
// TODO: Is Unsafe really speeding things up?
fixed (uint* u = resultNum.data)
{
uint i = 0;
ulong mc = 0;
do
{
mc += (ulong)u[i] * (ulong)b;
u[i] = (uint)mc;
mc >>= 32;
} while (++i < resultNum.length);
if (resultNum.length < mod.length)
{
if (mc != 0)
{
u[i] = (uint)mc;
resultNum.length++;
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
}
else if (mc != 0)
{
//
// First, we estimate the quotient by dividing
// the first part of each of the numbers. Then
// we correct this, if necessary, with a subtraction.
//
uint cc = (uint)mc;
// We would rather have this estimate overshoot,
// so we add one to the divisor
uint divEstimate = (uint)((((ulong)cc << 32) | (ulong)u[i - 1]) /
(mod.data[mod.length - 1] + 1));
uint t;
i = 0;
mc = 0;
do
{
mc += (ulong)mod.data[i] * (ulong)divEstimate;
t = u[i];
u[i] -= (uint)mc;
mc >>= 32;
if (u[i] > t) mc++;
i++;
} while (i < resultNum.length);
cc -= (uint)mc;
if (cc != 0)
{
uint sc = 0, j = 0;
uint[] s = mod.data;
do
{
uint a = s[j];
if (((a += sc) < sc) | ((u[j] -= a) > ~a)) sc = 1;
else sc = 0;
j++;
} while (j < resultNum.length);
cc -= sc;
}
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
else
{
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
}
}
} while (pos-- > 0);
return resultNum;
}
private BigInteger OddPow(BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger(Montgomery.ToMont(1, mod), mod.length << 1);
BigInteger tempNum = new BigInteger(Montgomery.ToMont(b, mod), mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint mPrime = Montgomery.Inverse(mod.data[0]);
uint totalBits = (uint)exp.bitCount();
uint[] wkspace = new uint[mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++)
{
if (exp.testBit(pos))
{
Array.Clear(wkspace, 0, wkspace.Length);
Kernel.Multiply(resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint[] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
Montgomery.Reduce(resultNum, mod, mPrime);
}
Kernel.SquarePositive(tempNum, ref wkspace);
Montgomery.Reduce(tempNum, mod, mPrime);
}
Montgomery.Reduce(resultNum, mod, mPrime);
return resultNum;
}
private void Initialize(BigInteger p, BigInteger g, BigInteger x)
{
if (!p.isProbablePrime() || g <= 0 || g >= p)
throw new CryptographicException("Inputs p or g are not as expected. P probably isn't a prime or G is less than zero or more than P.");
if(x != null) {
_x = x;
} else {
var pMinus1 = p - 1;
var secretLen = p.bitCount();
for (_x = BigInteger.genRandom(secretLen); _x >= pMinus1 || _x == 0; _x = BigInteger.genRandom(secretLen)) { }
}
_p = p;
_g = g;
}
