public void DefaultRandom ()
{
// based on bugzilla entry #68452
BigInteger bi = new BigInteger ();
Assert.AreEqual (0, bi.BitCount (), "before randomize");
bi.Randomize ();
// Randomize returns a random number of BitCount length
// so in this case it will ALWAYS return 0
Assert.AreEqual (0, bi.BitCount (), "after randomize");
Assert.AreEqual (new BigInteger (0), bi, "Zero");
}
private void GenerateKeyPair()
{
// p and q values should have a length of half the strength in bits
int pbitlength = ((KeySize + 1) >> 1);
int qbitlength = (KeySize - pbitlength);
const uint uint_e = 17;
e = uint_e; // fixed
// generate p, prime and (p-1) relatively prime to e
for (; ; )
{
p = BigInteger.GeneratePseudoPrime(pbitlength);
if (p % uint_e != 1)
break;
}
// generate a modulus of the required length
for (; ; )
{
// generate q, prime and (q-1) relatively prime to e,
// and not equal to p
for (; ; )
{
q = BigInteger.GeneratePseudoPrime(qbitlength);
if ((q % uint_e != 1) && (p != q))
break;
}
// calculate the modulus
n = p * q;
if (n.BitCount() == KeySize)
break;
// if we get here our primes aren't big enough, make the largest
// of the two p and try again
if (p < q)
p = q;
}
BigInteger pSub1 = (p - 1);
BigInteger qSub1 = (q - 1);
BigInteger phi = pSub1 * qSub1;
// calculate the private exponent
d = e.ModInverse(phi);
// calculate the CRT factors
dp = d % pSub1;
dq = d % qSub1;
qInv = q.ModInverse(p);
keypairGenerated = true;
isCRTpossible = true;
if (KeyGenerated != null)
KeyGenerated(this, null);
}
private unsafe BigInteger OddModTwoPow (BigInteger exp)
{
uint [] wkspace = new uint [mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont ((BigInteger)2, this.mod);
resultNum = new BigInteger (resultNum, mod.length << 1 +1);
uint mPrime = Montgomery.Inverse (mod.data [0]);
//
// TODO: eat small bits, the ones we can do with no modular reduction
//
uint pos = (uint)exp.BitCount () - 2;
do {
Kernel.SquarePositive (resultNum, ref wkspace);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
if (exp.TestBit (pos)) {
//
// resultNum = (resultNum * 2) % mod
//
fixed (uint* u = resultNum.data) {
//
// Double
//
uint* uu = u;
uint* uuE = u + resultNum.length;
uint x, carry = 0;
while (uu < uuE) {
x = *uu;
*uu = (x << 1) | carry;
carry = x >> (32 - 1);
uu++;
}
// subtraction inlined because we know it is square
if (carry != 0 || resultNum >= mod) {
fixed (uint* s = mod.data) {
uu = u;
uint c = 0;
uint* ss = s;
do {
uint a = *ss++;
if (((a += c) < c) | ((* (uu++) -= a) > ~a))
c = 1;
else
c = 0;
} while (uu < uuE);
}
}
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
private unsafe BigInteger EvenPow (uint b, BigInteger exp)
{
exp.Normalize ();
uint [] wkspace = new uint [mod.length << 1 + 1];
BigInteger resultNum = new BigInteger ((BigInteger)b, mod.length << 1 + 1);
uint pos = (uint)exp.BitCount () - 2;
//
// We know that the first itr will make the val b
//
do {
//
// r = r ^ 2 % m
//
Kernel.SquarePositive (resultNum, ref wkspace);
if (!(resultNum.length < mod.length))
BarrettReduction (resultNum);
if (exp.TestBit (pos)) {
//
// r = r * b % m
//
// TODO: Is Unsafe really speeding things up?
fixed (uint* u = resultNum.data) {
uint i = 0;
ulong mc = 0;
do {
mc += (ulong)u [i] * (ulong)b;
u [i] = (uint)mc;
mc >>= 32;
} while (++i < resultNum.length);
if (resultNum.length < mod.length) {
if (mc != 0) {
u [i] = (uint)mc;
resultNum.length++;
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
}
} else if (mc != 0) {
//
// First, we estimate the quotient by dividing
// the first part of each of the numbers. Then
// we correct this, if necessary, with a subtraction.
//
uint cc = (uint)mc;
// We would rather have this estimate overshoot,
// so we add one to the divisor
uint divEstimate = (uint) ((((ulong)cc << 32) | (ulong) u [i -1]) /
(mod.data [mod.length-1] + 1));
uint t;
i = 0;
mc = 0;
do {
mc += (ulong)mod.data [i] * (ulong)divEstimate;
t = u [i];
u [i] -= (uint)mc;
mc >>= 32;
if (u [i] > t) mc++;
i++;
} while (i < resultNum.length);
cc -= (uint)mc;
if (cc != 0) {
uint sc = 0, j = 0;
uint [] s = mod.data;
do {
uint a = s [j];
if (((a += sc) < sc) | ((u [j] -= a) > ~a)) sc = 1;
else sc = 0;
j++;
} while (j < resultNum.length);
cc -= sc;
}
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
} else {
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
}
}
}
} while (pos-- > 0);
return resultNum;
}
private BigInteger OddPow (BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger (Montgomery.ToMont (1, mod), mod.length << 1);
BigInteger tempNum = new BigInteger (Montgomery.ToMont (b, mod), mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint mPrime = Montgomery.Inverse (mod.data [0]);
uint totalBits = (uint)exp.BitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.TestBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
Montgomery.Reduce (resultNum, mod, mPrime);
}
// the value of tempNum is required in the last loop
if (pos < totalBits - 1) {
Kernel.SquarePositive (tempNum, ref wkspace);
Montgomery.Reduce (tempNum, mod, mPrime);
}
}
Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
public BigInteger EvenPow (BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger ((BigInteger)1, mod.length << 1);
BigInteger tempNum = new BigInteger (b % mod, mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint totalBits = (uint)exp.BitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.TestBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
BarrettReduction (resultNum);
}
Kernel.SquarePositive (tempNum, ref wkspace);
BarrettReduction (tempNum);
if (tempNum == 1) {
return resultNum;
}
}
return resultNum;
}
public BigInteger Pow (BigInteger a, BigInteger k)
{
BigInteger b = new BigInteger (1);
if (k == 0)
return b;
BigInteger A = a;
if (k.TestBit (0))
b = a;
for (int i = 1; i < k.BitCount (); i++) {
A = Multiply (A, A);
if (k.TestBit (i))
b = Multiply (A, b);
}
return b;
}
// initializes the private variables (throws CryptographicException)
private void Initialize(BigInteger p, BigInteger g, BigInteger x, int secretLen, bool checkInput)
{
if (!p.IsProbablePrime() || g <= 0 || g >= p || (x != null && (x <= 0 || x > p - 2)))
throw new CryptographicException();
// default is to generate a number as large as the prime this
// is usually overkill, but it's the most secure thing we can
// do if the user doesn't specify a desired secret length ...
if (secretLen == 0)
secretLen = p.BitCount();
m_P = p;
m_G = g;
if (x == null) {
BigInteger pm1 = m_P - 1;
for(m_X = BigInteger.GenerateRandom(secretLen); m_X >= pm1 || m_X == 0; m_X = BigInteger.GenerateRandom(secretLen)) {}
} else {
m_X = x;
}
}
public BigInteger Pow (BigInteger a, BigInteger k)
{
#if false
BigInteger b = new BigInteger (1);
if (k == 0)
return b;
BigInteger A = a;
if (k.TestBit (0))
b = a;
for (int i = 1; i < k.BitCount (); i++) {
A = Multiply (A, A);
if (k.TestBit (i))
b = Multiply (A, b);
}
return b;
#endif
var result = System.Numerics.BigInteger.ModPow(
EncodeBigInteger(a),
EncodeBigInteger(k),
EncodeBigInteger(mod)
);
return DecodeBigInteger(result);
}
public void DefaultBitCount ()
{
BigInteger bi = new BigInteger ();
Assert.AreEqual (0, bi.BitCount (), "default BitCount");
// note: not bit are set so BitCount is zero
}
private BigInteger OddPow(uint b, BigInteger exp)
{
exp.Normalize();
uint[] wkspace = new uint[mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont((BigInteger)b, this.mod);
resultNum = new BigInteger(resultNum, mod.length << 1 + 1);
uint mPrime = Montgomery.Inverse(mod.data[0]);
int bc = exp.BitCount () - 2;
uint pos = (bc > 1 ? (uint) bc : 1);
//
// We know that the first itr will make the val b
//
do
{
//
// r = r ^ 2 % m
//
Kernel.SquarePositive(resultNum, ref wkspace);
resultNum = Montgomery.Reduce(resultNum, mod, mPrime);
if (exp.TestBit(pos))
{
//
// r = r * b % m
//
uint u = 0;
uint i = 0;
ulong mc = 0;
do
{
mc += (ulong)resultNum.data[u + i] * (ulong)b;
resultNum.data[u + i] = (uint)mc;
mc >>= 32;
} while (++i < resultNum.length);
if (resultNum.length < mod.length)
{
if (mc != 0)
{
resultNum.data[u + i] = (uint)mc;
resultNum.length++;
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
}
else if (mc != 0)
{
//
// First, we estimate the quotient by dividing
// the first part of each of the numbers. Then
// we correct this, if necessary, with a subtraction.
//
uint cc = (uint)mc;
// We would rather have this estimate overshoot,
// so we add one to the divisor
uint divEstimate;
if (mod.data [mod.length - 1] < UInt32.MaxValue) {
divEstimate = (uint) ((((ulong)cc << 32) | (ulong)resultNum.data[u + i - 1]) /
(mod.data [mod.length-1] + 1));
}
else {
// guess but don't divide by 0
divEstimate = (uint) ((((ulong)cc << 32) | (ulong)resultNum.data[i - 1]) /
(mod.data [mod.length-1]));
}
uint t;
i = 0;
mc = 0;
do
{
mc += (ulong)mod.data[i] * (ulong)divEstimate;
t = resultNum.data[u + i];
resultNum.data[u + i] -= (uint)mc;
mc >>= 32;
if (resultNum.data[u + i] > t)
mc++;
i++;
} while (i < resultNum.length);
cc -= (uint)mc;
if (cc != 0)
{
uint sc = 0, j = 0;
uint[] s = mod.data;
do
{
uint a = s[j];
if (((a += sc) < sc) | ((resultNum.data[u + j] -= a) > ~a))
sc = 1;
else
sc = 0;
j++;
} while (j < resultNum.length);
cc -= sc;
}
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
else
{
while (resultNum >= mod)
Kernel.MinusEq(resultNum, mod);
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce(resultNum, mod, mPrime);
return resultNum;
}
public BigInteger Pow(BigInteger a, BigInteger k)
{
var b = new BigInteger(1);
if (k == 0)
return b;
var A = a;
if (k.TestBit(0))
b = a;
var bitCount = k.BitCount();
for (var i = 1; i < bitCount; i++)
{
A = Multiply(A, A);
if (k.TestBit(i))
b = Multiply(A, b);
}
return b;
}