libtommath/mp_prime_frobenius_underwood.c

#include "tommath_private.h"
#ifdef MP_PRIME_FROBENIUS_UNDERWOOD_C

/* LibTomMath, multiple-precision integer library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */

/*
 *  See file mp_prime_is_prime.c or the documentation in doc/bn.tex for the details
 */
#ifndef LTM_USE_ONLY_MR

/*
 * floor of positive solution of
 * (2^16)-1 = (a+4)*(2*a+5)
 * TODO: Both values are smaller than N^(1/4), would have to use a bigint
 *       for a instead but any a biger than about 120 are already so rare that
 *       it is possible to ignore them and still get enough pseudoprimes.
 *       But it is still a restriction of the set of available pseudoprimes
 *       which makes this implementation less secure if used stand-alone.
 */
#define LTM_FROBENIUS_UNDERWOOD_A 32764

mp_err mp_prime_frobenius_underwood(const mp_int *N, bool *result)
{
   mp_int T1z, T2z, Np1z, sz, tz;
   int a, ap2, i;
   mp_err err;

   if ((err = mp_init_multi(&T1z, &T2z, &Np1z, &sz, &tz, NULL)) != MP_OKAY) {
      return err;
   }

   for (a = 0; a < LTM_FROBENIUS_UNDERWOOD_A; a++) {
      int j;

      /* TODO: That's ugly! No, really, it is! */
      if ((a==2) || (a==4) || (a==7) || (a==8) || (a==10) ||
          (a==14) || (a==18) || (a==23) || (a==26) || (a==28)) {
         continue;
      }

      mp_set_i32(&T1z, (int32_t)((a * a) - 4));

      if ((err = mp_kronecker(&T1z, N, &j)) != MP_OKAY)           goto LBL_END;

      if (j == -1) {
         break;
      }

      if (j == 0) {
         /* composite */
         *result = false;
         goto LBL_END;
      }
   }
   /* Tell it a composite and set return value accordingly */
   if (a >= LTM_FROBENIUS_UNDERWOOD_A) {
      err = MP_ITER;
      goto LBL_END;
   }
   /* Composite if N and (a+4)*(2*a+5) are not coprime */
   mp_set_u32(&T1z, (uint32_t)((a+4)*((2*a)+5)));

   if ((err = mp_gcd(N, &T1z, &T1z)) != MP_OKAY)                  goto LBL_END;

   if (!((T1z.used == 1) && (T1z.dp[0] == 1u))) {
      /* composite */
      *result = false;
      goto LBL_END;
   }

   ap2 = a + 2;
   if ((err = mp_add_d(N, 1uL, &Np1z)) != MP_OKAY)                goto LBL_END;

   mp_set(&sz, 1uL);
   mp_set(&tz, 2uL);

   for (i = mp_count_bits(&Np1z) - 2; i >= 0; i--) {
      /*
       * temp = (sz*(a*sz+2*tz))%N;
       * tz   = ((tz-sz)*(tz+sz))%N;
       * sz   = temp;
       */
      if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY)                 goto LBL_END;

      /* a = 0 at about 50% of the cases (non-square and odd input) */
      if (a != 0) {
         if ((err = mp_mul_d(&sz, (mp_digit)a, &T1z)) != MP_OKAY) goto LBL_END;
         if ((err = mp_add(&T1z, &T2z, &T2z)) != MP_OKAY)         goto LBL_END;
      }

      if ((err = mp_mul(&T2z, &sz, &T1z)) != MP_OKAY)             goto LBL_END;
      if ((err = mp_sub(&tz, &sz, &T2z)) != MP_OKAY)              goto LBL_END;
      if ((err = mp_add(&sz, &tz, &sz)) != MP_OKAY)               goto LBL_END;
      if ((err = mp_mul(&sz, &T2z, &tz)) != MP_OKAY)              goto LBL_END;
      if ((err = mp_mod(&tz, N, &tz)) != MP_OKAY)                 goto LBL_END;
      if ((err = mp_mod(&T1z, N, &sz)) != MP_OKAY)                goto LBL_END;
      if (s_mp_get_bit(&Np1z, i)) {
         /*
          *  temp = (a+2) * sz + tz
          *  tz   = 2 * tz - sz
          *  sz   = temp
          */
         if (a == 0) {
            if ((err = mp_mul_2(&sz, &T1z)) != MP_OKAY)           goto LBL_END;
         } else {
            if ((err = mp_mul_d(&sz, (mp_digit)ap2, &T1z)) != MP_OKAY) goto LBL_END;
         }
         if ((err = mp_add(&T1z, &tz, &T1z)) != MP_OKAY)          goto LBL_END;
         if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY)              goto LBL_END;
         if ((err = mp_sub(&T2z, &sz, &tz)) != MP_OKAY)           goto LBL_END;
         mp_exch(&sz, &T1z);
      }
   }

   mp_set_u32(&T1z, (uint32_t)((2 * a) + 5));
   if ((err = mp_mod(&T1z, N, &T1z)) != MP_OKAY)                  goto LBL_END;

   *result = mp_iszero(&sz) && (mp_cmp(&tz, &T1z) == MP_EQ);

LBL_END:
   mp_clear_multi(&tz, &sz, &Np1z, &T2z, &T1z, NULL);
   return err;
}

#endif
#endif
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`#include "tommath_private.h"`
Execute move.sh - Rename files from bn_* to match the function names. * git blame <renamed-file> is not affected * git log --follow <renamed-file> can be used to show log across renames 2019-10-19 14:24:39 +00:00			`#ifdef MP_PRIME_FROBENIUS_UNDERWOOD_C`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
shorter headers 2019-04-07 13:29:11 +00:00			`/* LibTomMath, multiple-precision integer library -- Tom St Denis */`
			`/* SPDX-License-Identifier: Unlicense */`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00			`/*`
Execute move.sh - Rename files from bn_* to match the function names. * git blame <renamed-file> is not affected * git log --follow <renamed-file> can be used to show log across renames 2019-10-19 14:24:39 +00:00			`* See file mp_prime_is_prime.c or the documentation in doc/bn.tex for the details`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00			`*/`
Changed macro 'LTM_USE_FIPS_ONLY' to 'LTM_USE_ONLY_MR' 2019-10-14 21:05:56 +00:00			`#ifndef LTM_USE_ONLY_MR`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`/*`
			`* floor of positive solution of`
			`* (2^16)-1 = (a+4)(2a+5)`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00			`* TODO: Both values are smaller than N^(1/4), would have to use a bigint`
			`* for a instead but any a biger than about 120 are already so rare that`
			`* it is possible to ignore them and still get enough pseudoprimes.`
			`* But it is still a restriction of the set of available pseudoprimes`
			`* which makes this implementation less secure if used stand-alone.`
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`*/`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`#define LTM_FROBENIUS_UNDERWOOD_A 32764`
remove support for 8-bit (MP_8BIT) 2019-09-09 00:58:18 +00:00
replace mp_bool by stdbool * This gives the advantage that static analysis understands bool, but complains about using an enum type instead of bool. * If stdbool.h is not desired, true/false/bool can be replaced using sed as in the no-stdint-h branch. * We already include stdint.h and stdbool.h is not more harmful than this header 2019-10-24 20:02:29 +00:00			`mp_err mp_prime_frobenius_underwood(const mp_int N, bool result)`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`{`
improve indentation 2018-12-26 07:47:47 +00:00			`mp_int T1z, T2z, Np1z, sz, tz;`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`int a, ap2, i;`
always use varname err with mp_err 2019-05-19 15:16:13 +00:00			`mp_err err;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
always use varname err with mp_err 2019-05-19 15:16:13 +00:00			`if ((err = mp_init_multi(&T1z, &T2z, &Np1z, &sz, &tz, NULL)) != MP_OKAY) {`
			`return err;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`

			`for (a = 0; a < LTM_FROBENIUS_UNDERWOOD_A; a++) {`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`int j;`

changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`/* TODO: That's ugly! No, really, it is! */`
explicit operator precedence 2018-12-26 07:33:43 +00:00			`if ((a==2) \|\| (a==4) \|\| (a==7) \|\| (a==8) \|\| (a==10) \|\|`
			`(a==14) \|\| (a==18) \|\| (a==23) \|\| (a==26) \|\| (a==28)) {`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`continue;`
			`}`

removed code needed for MP_8BIT 2019-10-19 17:39:29 +00:00			`mp_set_i32(&T1z, (int32_t)((a * a) - 4));`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_kronecker(&T1z, N, &j)) != MP_OKAY) goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
			`if (j == -1) {`
			`break;`
			`}`

			`if (j == 0) {`
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`/* composite */`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`*result = false;`
			`goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`
			`}`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00			`/* Tell it a composite and set return value accordingly */`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`if (a >= LTM_FROBENIUS_UNDERWOOD_A) {`
always use varname err with mp_err 2019-05-19 15:16:13 +00:00			`err = MP_ITER;`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`/* Composite if N and (a+4)(2a+5) are not coprime */`
use u32 i64 suffix 2019-05-24 08:21:54 +00:00			`mp_set_u32(&T1z, (uint32_t)((a+4)((2a)+5)));`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_gcd(N, &T1z, &T1z)) != MP_OKAY) goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if (!((T1z.used == 1) && (T1z.dp[0] == 1u))) {`
			`/* composite */`
			`*result = false;`
			`goto LBL_END;`
			`}`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
			`ap2 = a + 2;`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_add_d(N, 1uL, &Np1z)) != MP_OKAY) goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
literal suffix 2018-12-26 07:21:51 +00:00			`mp_set(&sz, 1uL);`
			`mp_set(&tz, 2uL);`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`for (i = mp_count_bits(&Np1z) - 2; i >= 0; i--) {`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`/*`
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`* temp = (sz(asz+2*tz))%N;`
			`* tz = ((tz-sz)*(tz+sz))%N;`
			`* sz = temp;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`*/`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY) goto LBL_END;`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`/* a = 0 at about 50% of the cases (non-square and odd input) */`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`if (a != 0) {`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_mul_d(&sz, (mp_digit)a, &T1z)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_add(&T1z, &T2z, &T2z)) != MP_OKAY) goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_mul(&T2z, &sz, &T1z)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_sub(&tz, &sz, &T2z)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_add(&sz, &tz, &sz)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_mul(&sz, &T2z, &tz)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_mod(&tz, N, &tz)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_mod(&T1z, N, &sz)) != MP_OKAY) goto LBL_END;`
			`if (s_mp_get_bit(&Np1z, i)) {`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`/*`
changes and bigfixes, see pull-request #113 at https://github.com/libtom/libtommath/pull/113 for details 2018-05-21 20:17:48 +00:00			`* temp = (a+2) * sz + tz`
			`* tz = 2 * tz - sz`
			`* sz = temp`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`*/`
			`if (a == 0) {`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_mul_2(&sz, &T1z)) != MP_OKAY) goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`} else {`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_mul_d(&sz, (mp_digit)ap2, &T1z)) != MP_OKAY) goto LBL_END;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_add(&T1z, &tz, &T1z)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY) goto LBL_END;`
			`if ((err = mp_sub(&T2z, &sz, &tz)) != MP_OKAY) goto LBL_END;`
improve indentation 2018-12-26 07:47:47 +00:00			`mp_exch(&sz, &T1z);`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`
			`}`

use u32 i64 suffix 2019-05-24 08:21:54 +00:00			`mp_set_u32(&T1z, (uint32_t)((2 * a) + 5));`
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`if ((err = mp_mod(&T1z, N, &T1z)) != MP_OKAY) goto LBL_END;`

			`*result = mp_iszero(&sz) && (mp_cmp(&tz, &T1z) == MP_EQ);`
the lost files from the last commit 2018-05-03 22:01:45 +00:00
simplifications: prime functions 2019-10-29 19:07:29 +00:00			`LBL_END:`
improve indentation 2018-12-26 07:47:47 +00:00			`mp_clear_multi(&tz, &sz, &Np1z, &T2z, &T1z, NULL);`
always use varname err with mp_err 2019-05-19 15:16:13 +00:00			`return err;`
the lost files from the last commit 2018-05-03 22:01:45 +00:00			`}`

			`#endif`
fixes for MP_8BIT and mx32, prefinal design 2018-05-25 23:39:03 +00:00			`#endif`