// initializes the private variables (throws CryptographicException)
private void Initialize(BigInteger p, BigInteger g, BigInteger x, int secretLen, bool checkInput) {
if (!p.isProbablePrime() || g <= 0 || g >= p || (x != null && (x <= 0 || x > p - 2)))
throw new CryptographicException();
// default is to generate a number as large as the prime this
// is usually overkill, but it's the most secure thing we can
// do if the user doesn't specify a desired secret length ...
if (secretLen == 0)
secretLen = p.bitCount();
m_P = p;
m_G = g;
if (x == null) {
BigInteger pm1 = m_P - 1;
for(m_X = BigInteger.genRandom(secretLen); m_X >= pm1 || m_X == 0; m_X = BigInteger.genRandom(secretLen)) {}
} else {
m_X = x;
}
}
public static void PlusEq (BigInteger bi1, BigInteger bi2)
{
uint [] x, y;
uint yMax, xMax, i = 0;
bool flag = false;
// x should be bigger
if (bi1.length < bi2.length){
flag = true;
x = bi2.data;
xMax = bi2.length;
y = bi1.data;
yMax = bi1.length;
} else {
x = bi1.data;
xMax = bi1.length;
y = bi2.data;
yMax = bi2.length;
}
uint [] r = bi1.data;
ulong sum = 0;
// Add common parts of both numbers
do {
sum += ((ulong)x [i]) + ((ulong)y [i]);
r [i] = (uint)sum;
sum >>= 32;
} while (++i < yMax);
// Copy remainder of longer number while carry propagation is required
bool carry = (sum != 0);
if (carry){
if (i < xMax) {
do
carry = ((r [i] = x [i] + 1) == 0);
while (++i < xMax && carry);
}
if (carry) {
r [i] = 1;
bi1.length = ++i;
return;
}
}
// Copy the rest
if (flag && i < xMax - 1) {
do
r [i] = x [i];
while (++i < xMax);
}
bi1.length = xMax + 1;
bi1.Normalize ();
}
public BigInteger EvenPow (BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger ((BigInteger)1, mod.length << 1);
BigInteger tempNum = new BigInteger (b % mod, mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint totalBits = (uint)exp.bitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.testBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
BarrettReduction (resultNum);
}
Kernel.SquarePositive (tempNum, ref wkspace);
BarrettReduction (tempNum);
if (tempNum == 1) {
return resultNum;
}
}
return resultNum;
}
public BigInteger Difference (BigInteger a, BigInteger b)
{
Sign cmp = Kernel.Compare (a, b);
BigInteger diff;
switch (cmp) {
case Sign.Zero:
return 0;
case Sign.Positive:
diff = a - b; break;
case Sign.Negative:
diff = b - a; break;
default:
throw new Exception ();
}
if (diff >= mod) {
if (diff.length >= mod.length << 1)
diff %= mod;
else
BarrettReduction (diff);
}
if (cmp == Sign.Negative)
diff = mod - diff;
return diff;
}
public void BarrettReduction (BigInteger x)
{
BigInteger n = mod;
uint k = n.length,
kPlusOne = k+1,
kMinusOne = k-1;
// x < mod, so nothing to do.
if (x.length < k) return;
BigInteger q3;
//
// Validate pointers
//
if (x.data.Length < x.length) throw new IndexOutOfRangeException ("x out of range");
// q1 = x / b^ (k-1)
// q2 = q1 * constant
// q3 = q2 / b^ (k+1), Needs to be accessed with an offset of kPlusOne
// TODO: We should the method in HAC p 604 to do this (14.45)
q3 = new BigInteger (Sign.Positive, x.length - kMinusOne + constant.length);
Kernel.Multiply (x.data, kMinusOne, x.length - kMinusOne, constant.data, 0, constant.length, q3.data, 0);
// r1 = x mod b^ (k+1)
// i.e. keep the lowest (k+1) words
uint lengthToCopy = (x.length > kPlusOne) ? kPlusOne : x.length;
x.length = lengthToCopy;
x.Normalize ();
// r2 = (q3 * n) mod b^ (k+1)
// partial multiplication of q3 and n
BigInteger r2 = new BigInteger (Sign.Positive, kPlusOne);
Kernel.MultiplyMod2p32pmod (q3.data, (int)kPlusOne, (int)q3.length - (int)kPlusOne, n.data, 0, (int)n.length, r2.data, 0, (int)kPlusOne);
r2.Normalize ();
if (r2 < x) {
Kernel.MinusEq (x, r2);
} else {
BigInteger val = new BigInteger (Sign.Positive, kPlusOne + 1);
val.data [kPlusOne] = 0x00000001;
Kernel.MinusEq (val, r2);
Kernel.PlusEq (x, val);
}
while (x >= n)
Kernel.MinusEq (x, n);
}
/// <summary>
/// Generates the smallest prime >= bi
/// </summary>
/// <param name="bi">A BigInteger</param>
/// <returns>The smallest prime >= bi. More mathematically, if bi is prime: bi, else Prime [PrimePi [bi] + 1].</returns>
public static BigInteger NextHightestPrime (BigInteger bi)
{
NextPrimeFinder npf = new NextPrimeFinder ();
return npf.GenerateNewPrime (0, bi);
}
public BigInteger modInverse (BigInteger mod)
{
return Kernel.modInverse (this, mod);
}
public string ToString (uint radix, string charSet)
{
if (charSet.Length < radix)
throw new ArgumentException ("charSet length less than radix", "charSet");
if (radix == 1)
throw new ArgumentException ("There is no such thing as radix one notation", "radix");
if (this == 0) return "0";
if (this == 1) return "1";
string result = "";
BigInteger a = new BigInteger (this);
while (a != 0) {
uint rem = Kernel.SingleByteDivideInPlace (a, radix);
result = charSet [ (int)rem] + result;
}
return result;
}
public static BigInteger LeftShift (BigInteger bi, int n)
{
if (n == 0) return new BigInteger (bi, bi.length + 1);
int w = n >> 5;
n &= ((1 << 5) - 1);
BigInteger ret = new BigInteger (Sign.Positive, bi.length + 1 + (uint)w);
uint i = 0, l = bi.length;
if (n != 0) {
uint x, carry = 0;
while (i < l) {
x = bi.data [i];
ret.data [i + w] = (x << n) | carry;
carry = x >> (32 - n);
i++;
}
ret.data [i + w] = carry;
} else {
while (i < l) {
ret.data [i + w] = bi.data [i];
i++;
}
}
ret.Normalize ();
return ret;
}
public static BigInteger [] multiByteDivide (BigInteger bi1, BigInteger bi2)
{
if (Kernel.Compare (bi1, bi2) == Sign.Negative)
return new BigInteger [2] { 0, new BigInteger (bi1) };
bi1.Normalize (); bi2.Normalize ();
if (bi2.length == 1)
return DwordDivMod (bi1, bi2.data [0]);
uint remainderLen = bi1.length + 1;
int divisorLen = (int)bi2.length + 1;
uint mask = 0x80000000;
uint val = bi2.data [bi2.length - 1];
int shift = 0;
int resultPos = (int)bi1.length - (int)bi2.length;
while (mask != 0 && (val & mask) == 0) {
shift++; mask >>= 1;
}
BigInteger quot = new BigInteger (Sign.Positive, bi1.length - bi2.length + 1);
BigInteger rem = (bi1 << shift);
uint [] remainder = rem.data;
bi2 = bi2 << shift;
int j = (int)(remainderLen - bi2.length);
int pos = (int)remainderLen - 1;
uint firstDivisorByte = bi2.data [bi2.length-1];
ulong secondDivisorByte = bi2.data [bi2.length-2];
while (j > 0) {
ulong dividend = ((ulong)remainder [pos] << 32) + (ulong)remainder [pos-1];
ulong q_hat = dividend / (ulong)firstDivisorByte;
ulong r_hat = dividend % (ulong)firstDivisorByte;
do {
if (q_hat == 0x100000000 ||
(q_hat * secondDivisorByte) > ((r_hat << 32) + remainder [pos-2])) {
q_hat--;
r_hat += (ulong)firstDivisorByte;
if (r_hat < 0x100000000)
continue;
}
break;
} while (true);
//
// At this point, q_hat is either exact, or one too large
// (more likely to be exact) so, we attempt to multiply the
// divisor by q_hat, if we get a borrow, we just subtract
// one from q_hat and add the divisor back.
//
uint t;
uint dPos = 0;
int nPos = pos - divisorLen + 1;
ulong mc = 0;
uint uint_q_hat = (uint)q_hat;
do {
mc += (ulong)bi2.data [dPos] * (ulong)uint_q_hat;
t = remainder [nPos];
remainder [nPos] -= (uint)mc;
mc >>= 32;
if (remainder [nPos] > t) mc++;
dPos++; nPos++;
} while (dPos < divisorLen);
nPos = pos - divisorLen + 1;
dPos = 0;
// Overestimate
if (mc != 0) {
uint_q_hat--;
ulong sum = 0;
do {
sum = ((ulong)remainder [nPos]) + ((ulong)bi2.data [dPos]) + sum;
remainder [nPos] = (uint)sum;
sum >>= 32;
dPos++; nPos++;
} while (dPos < divisorLen);
}
quot.data [resultPos--] = (uint)uint_q_hat;
pos--;
j--;
}
quot.Normalize ();
rem.Normalize ();
BigInteger [] ret = new BigInteger [2] { quot, rem };
if (shift != 0)
ret [1] >>= shift;
return ret;
}
public static BigInteger [] DwordDivMod (BigInteger n, uint d)
{
BigInteger ret = new BigInteger (Sign.Positive , n.length);
ulong r = 0;
uint i = n.length;
while (i-- > 0) {
r <<= 32;
r |= n.data [i];
ret.data [i] = (uint)(r / d);
r %= d;
}
ret.Normalize ();
BigInteger rem = (uint)r;
return new BigInteger [] {ret, rem};
}
public static uint DwordMod (BigInteger n, uint d)
{
ulong r = 0;
uint i = n.length;
while (i-- > 0) {
r <<= 32;
r |= n.data [i];
r %= d;
}
return (uint)r;
}
public static BigInteger Parse(string number) {
if (number == null)
throw new ArgumentNullException(number);
int i = 0, len = number.Length;
char c;
bool digits_seen = false;
BigInteger val = new BigInteger(0);
if (number[i] == '+') {
i++;
} else if(number[i] == '-') {
throw new FormatException("Only positive integers are allowed.");
}
for(; i < len; i++) {
c = number[i];
if (c == '\0') {
i = len;
continue;
}
if (c >= '0' && c <= '9'){
val = val * 10 + (c - '0');
digits_seen = true;
} else {
if (Char.IsWhiteSpace(c)){
for (i++; i < len; i++){
if (!Char.IsWhiteSpace (number[i]))
throw new FormatException();
}
break;
} else
throw new FormatException();
}
}
if (!digits_seen)
throw new FormatException();
return val;
}
/// <summary>
/// Performs n / d and n % d in one operation.
/// </summary>
/// <param name="n">A BigInteger, upon exit this will hold n / d</param>
/// <param name="d">The divisor</param>
/// <returns>n % d</returns>
public static uint SingleByteDivideInPlace (BigInteger n, uint d)
{
ulong r = 0;
uint i = n.length;
while (i-- > 0) {
r <<= 32;
r |= n.data [i];
n.data [i] = (uint)(r / d);
r %= d;
}
n.Normalize ();
return (uint)r;
}
/// <summary>
/// Compares two BigInteger
/// </summary>
/// <param name="bi1">A BigInteger</param>
/// <param name="bi2">A BigInteger</param>
/// <returns>The sign of bi1 - bi2</returns>
public static Sign Compare (BigInteger bi1, BigInteger bi2)
{
//
// Step 1. Compare the lengths
//
uint l1 = bi1.length, l2 = bi2.length;
while (l1 > 0 && bi1.data [l1-1] == 0) l1--;
while (l2 > 0 && bi2.data [l2-1] == 0) l2--;
if (l1 == 0 && l2 == 0) return Sign.Zero;
// bi1 len < bi2 len
if (l1 < l2) return Sign.Negative;
// bi1 len > bi2 len
else if (l1 > l2) return Sign.Positive;
//
// Step 2. Compare the bits
//
uint pos = l1 - 1;
while (pos != 0 && bi1.data [pos] == bi2.data [pos]) pos--;
if (bi1.data [pos] < bi2.data [pos])
return Sign.Negative;
else if (bi1.data [pos] > bi2.data [pos])
return Sign.Positive;
else
return Sign.Zero;
}
/// <summary>
/// Generates a new, random BigInteger of the specified length.
/// </summary>
/// <param name="bits">The number of bits for the new number.</param>
/// <param name="rng">A random number generator to use to obtain the bits.</param>
/// <returns>A random number of the specified length.</returns>
public static BigInteger genRandom (int bits, RandomNumberGenerator rng)
{
int dwords = bits >> 5;
int remBits = bits & 0x1F;
if (remBits != 0)
dwords++;
BigInteger ret = new BigInteger (Sign.Positive, (uint)dwords + 1);
byte [] random = new byte [dwords << 2];
rng.GetBytes (random);
Buffer.BlockCopy (random, 0, ret.data, 0, (int)dwords << 2);
if (remBits != 0) {
uint mask = (uint)(0x01 << (remBits-1));
ret.data [dwords-1] |= mask;
mask = (uint)(0xFFFFFFFF >> (32 - remBits));
ret.data [dwords-1] &= mask;
}
else
ret.data [dwords-1] |= 0x80000000;
ret.Normalize ();
return ret;
}
public Sign Compare (BigInteger bi)
{
return Kernel.Compare (this, bi);
}
public static BigInteger RightShift (BigInteger bi, int n)
{
if (n == 0) return new BigInteger (bi);
int w = n >> 5;
int s = n & ((1 << 5) - 1);
BigInteger ret = new BigInteger (Sign.Positive, bi.length - (uint)w + 1);
uint l = (uint)ret.data.Length - 1;
if (s != 0) {
uint x, carry = 0;
while (l-- > 0) {
x = bi.data [l + w];
ret.data [l] = (x >> n) | carry;
carry = x << (32 - n);
}
} else {
while (l-- > 0)
ret.data [l] = bi.data [l + w];
}
ret.Normalize ();
return ret;
}
public BigInteger gcd (BigInteger bi)
{
return Kernel.gcd (this, bi);
}
public static BigInteger MultiplyByDword (BigInteger n, uint f)
{
BigInteger ret = new BigInteger (Sign.Positive, n.length + 1);
uint i = 0;
ulong c = 0;
do {
c += (ulong)n.data [i] * (ulong)f;
ret.data [i] = (uint)c;
c >>= 32;
} while (++i < n.length);
ret.data [i] = (uint)c;
ret.Normalize ();
return ret;
}
public BigInteger modPow (BigInteger exp, BigInteger n)
{
ModulusRing mr = new ModulusRing (n);
return mr.Pow (this, exp);
}
public static unsafe void SquarePositive (BigInteger bi, ref uint [] wkSpace)
{
uint [] t = wkSpace;
wkSpace = bi.data;
uint [] d = bi.data;
uint dl = bi.length;
bi.data = t;
fixed (uint* dd = d, tt = t) {
uint* ttE = tt + t.Length;
// Clear the dest
for (uint* ttt = tt; ttt < ttE; ttt++)
*ttt = 0;
uint* dP = dd, tP = tt;
for (uint i = 0; i < dl; i++, dP++) {
if (*dP == 0)
continue;
ulong mcarry = 0;
uint bi1val = *dP;
uint* dP2 = dP + 1, tP2 = tP + 2*i + 1;
for (uint j = i + 1; j < dl; j++, tP2++, dP2++) {
// k = i + j
mcarry += ((ulong)bi1val * (ulong)*dP2) + *tP2;
*tP2 = (uint)mcarry;
mcarry >>= 32;
}
if (mcarry != 0)
*tP2 = (uint)mcarry;
}
// Double t. Inlined for speed.
tP = tt;
uint x, carry = 0;
while (tP < ttE) {
x = *tP;
*tP = (x << 1) | carry;
carry = x >> (32 - 1);
tP++;
}
if (carry != 0) *tP = carry;
// Add in the diagnals
dP = dd;
tP = tt;
for (uint* dE = dP + dl; (dP < dE); dP++, tP++) {
ulong val = (ulong)*dP * (ulong)*dP + *tP;
*tP = (uint)val;
val >>= 32;
*(++tP) += (uint)val;
if (*tP < (uint)val) {
uint* tP3 = tP;
// Account for the first carry
(*++tP3)++;
// Keep adding until no carry
while ((*tP3++) == 0x0)
(*tP3)++;
}
}
bi.length <<= 1;
// Normalize length
while (tt [bi.length-1] == 0 && bi.length > 1) bi.length--;
}
}
public ModulusRing (BigInteger mod)
{
this.mod = mod;
// calculate constant = b^ (2k) / m
uint i = mod.length << 1;
constant = new BigInteger (Sign.Positive, i + 1);
constant.data [i] = 0x00000001;
constant = constant / mod;
}
public static BigInteger gcd (BigInteger a, BigInteger b)
{
BigInteger x = a;
BigInteger y = b;
BigInteger g = y;
while (x.length > 1) {
g = x;
x = y % x;
y = g;
}
if (x == 0) return g;
// TODO: should we have something here if we can convert to long?
//
// Now we can just do it with single precision. I am using the binary gcd method,
// as it should be faster.
//
uint yy = x.data [0];
uint xx = y % yy;
int t = 0;
while (((xx | yy) & 1) == 0) {
xx >>= 1; yy >>= 1; t++;
}
while (xx != 0) {
while ((xx & 1) == 0) xx >>= 1;
while ((yy & 1) == 0) yy >>= 1;
if (xx >= yy)
xx = (xx - yy) >> 1;
else
yy = (yy - xx) >> 1;
}
return yy << t;
}
public BigInteger Multiply (BigInteger a, BigInteger b)
{
if (a == 0 || b == 0) return 0;
if (a.length >= mod.length << 1)
a %= mod;
if (b.length >= mod.length << 1)
b %= mod;
if (a.length >= mod.length)
BarrettReduction (a);
if (b.length >= mod.length)
BarrettReduction (b);
BigInteger ret = new BigInteger (a * b);
BarrettReduction (ret);
return ret;
}
public static uint modInverse (BigInteger bi, uint modulus)
{
uint a = modulus, b = bi % modulus;
uint p0 = 0, p1 = 1;
while (b != 0) {
if (b == 1)
return p1;
p0 += (a / b) * p1;
a %= b;
if (a == 0)
break;
if (a == 1)
return modulus-p0;
p1 += (b / a) * p0;
b %= a;
}
return 0;
}
public BigInteger Pow (BigInteger b, BigInteger exp)
{
if ((mod.data [0] & 1) == 1) return OddPow (b, exp);
else return EvenPow (b, exp);
}
public static BigInteger modInverse (BigInteger bi, BigInteger modulus)
{
if (modulus.length == 1) return modInverse (bi, modulus.data [0]);
BigInteger [] p = { 0, 1 };
BigInteger [] q = new BigInteger [2]; // quotients
BigInteger [] r = { 0, 0 }; // remainders
int step = 0;
BigInteger a = modulus;
BigInteger b = bi;
ModulusRing mr = new ModulusRing (modulus);
while (b != 0) {
if (step > 1) {
BigInteger pval = mr.Difference (p [0], p [1] * q [0]);
p [0] = p [1]; p [1] = pval;
}
BigInteger [] divret = multiByteDivide (a, b);
q [0] = q [1]; q [1] = divret [0];
r [0] = r [1]; r [1] = divret [1];
a = b;
b = divret [1];
step++;
}
if (r [0] != 1)
throw (new ArithmeticException ("No inverse!"));
return mr.Difference (p [0], p [1] * q [0]);
}
private BigInteger OddPow (BigInteger b, BigInteger exp)
{
BigInteger resultNum = new BigInteger (Montgomery.ToMont (1, mod), mod.length << 1);
BigInteger tempNum = new BigInteger (Montgomery.ToMont (b, mod), mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint mPrime = Montgomery.Inverse (mod.data [0]);
uint totalBits = (uint)exp.bitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.testBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
Montgomery.Reduce (resultNum, mod, mPrime);
}
Kernel.SquarePositive (tempNum, ref wkspace);
Montgomery.Reduce (tempNum, mod, mPrime);
}
Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
public static BigInteger operator * (BigInteger bi1, BigInteger bi2)
{
if (bi1 == 0 || bi2 == 0) return 0;
//
// Validate pointers
//
if (bi1.data.Length < bi1.length) throw new IndexOutOfRangeException ("bi1 out of range");
if (bi2.data.Length < bi2.length) throw new IndexOutOfRangeException ("bi2 out of range");
BigInteger ret = new BigInteger (Sign.Positive, bi1.length + bi2.length);
Kernel.Multiply (bi1.data, 0, bi1.length, bi2.data, 0, bi2.length, ret.data, 0);
ret.Normalize ();
return ret;
}
