1
/* mpihelp-div.c - MPI helper functions
2
* Copyright (C) 1994, 1996 Free Software Foundation, Inc.
3
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21
* Note: This code is heavily based on the GNU MP Library.
22
* Actually it's the same code with only minor changes in the
23
* way the data is stored; this is to support the abstraction
24
* of an optional secure memory allocation which may be used
25
* to avoid revealing of sensitive data due to paging etc.
26
* The GNU MP Library itself is published under the LGPL;
27
* however I decided to publish this code under the plain GPL.
33
#include "mpi-internal.h"
40
#define UDIV_TIME UMUL_TIME
43
/* FIXME: We should be using invert_limb (or invert_normalized_limb)
44
* here (not udiv_qrnnd).
48
mpihelp_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
49
mpi_limb_t divisor_limb)
55
/* Botch: Should this be handled at all? Rely on callers? */
59
/* If multiplication is much faster than division, and the
60
* dividend is large, pre-invert the divisor, and use
61
* only multiplications in the inner loop.
63
* This test should be read:
64
* Does it ever help to use udiv_qrnnd_preinv?
65
* && Does what we save compensate for the inversion overhead?
67
if( UDIV_TIME > (2 * UMUL_TIME + 6)
68
&& (UDIV_TIME - (2 * UMUL_TIME + 6)) * dividend_size > UDIV_TIME ) {
69
int normalization_steps;
71
count_leading_zeros( normalization_steps, divisor_limb );
72
if( normalization_steps ) {
73
mpi_limb_t divisor_limb_inverted;
75
divisor_limb <<= normalization_steps;
77
/* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
78
* result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
79
* most significant bit (with weight 2**N) implicit.
81
* Special case for DIVISOR_LIMB == 100...000.
83
if( !(divisor_limb << 1) )
84
divisor_limb_inverted = ~(mpi_limb_t)0;
86
udiv_qrnnd(divisor_limb_inverted, dummy,
87
-divisor_limb, 0, divisor_limb);
89
n1 = dividend_ptr[dividend_size - 1];
90
r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
92
/* Possible optimization:
94
* && divisor_limb > ((n1 << normalization_steps)
95
* | (dividend_ptr[dividend_size - 2] >> ...)))
96
* ...one division less...
98
for( i = dividend_size - 2; i >= 0; i--) {
100
UDIV_QRNND_PREINV(dummy, r, r,
101
((n1 << normalization_steps)
102
| (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
103
divisor_limb, divisor_limb_inverted);
106
UDIV_QRNND_PREINV(dummy, r, r,
107
n1 << normalization_steps,
108
divisor_limb, divisor_limb_inverted);
109
return r >> normalization_steps;
112
mpi_limb_t divisor_limb_inverted;
114
/* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
115
* result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
116
* most significant bit (with weight 2**N) implicit.
118
* Special case for DIVISOR_LIMB == 100...000.
120
if( !(divisor_limb << 1) )
121
divisor_limb_inverted = ~(mpi_limb_t)0;
123
udiv_qrnnd(divisor_limb_inverted, dummy,
124
-divisor_limb, 0, divisor_limb);
126
i = dividend_size - 1;
129
if( r >= divisor_limb )
134
for( ; i >= 0; i--) {
135
n0 = dividend_ptr[i];
136
UDIV_QRNND_PREINV(dummy, r, r,
137
n0, divisor_limb, divisor_limb_inverted);
143
if( UDIV_NEEDS_NORMALIZATION ) {
144
int normalization_steps;
146
count_leading_zeros(normalization_steps, divisor_limb);
147
if( normalization_steps ) {
148
divisor_limb <<= normalization_steps;
150
n1 = dividend_ptr[dividend_size - 1];
151
r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
153
/* Possible optimization:
155
* && divisor_limb > ((n1 << normalization_steps)
156
* | (dividend_ptr[dividend_size - 2] >> ...)))
157
* ...one division less...
159
for(i = dividend_size - 2; i >= 0; i--) {
160
n0 = dividend_ptr[i];
161
udiv_qrnnd (dummy, r, r,
162
((n1 << normalization_steps)
163
| (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
167
udiv_qrnnd (dummy, r, r,
168
n1 << normalization_steps,
170
return r >> normalization_steps;
173
/* No normalization needed, either because udiv_qrnnd doesn't require
174
* it, or because DIVISOR_LIMB is already normalized. */
175
i = dividend_size - 1;
178
if(r >= divisor_limb)
184
n0 = dividend_ptr[i];
185
udiv_qrnnd (dummy, r, r, n0, divisor_limb);
191
/* Divide num (NP/NSIZE) by den (DP/DSIZE) and write
192
* the NSIZE-DSIZE least significant quotient limbs at QP
193
* and the DSIZE long remainder at NP. If QEXTRA_LIMBS is
194
* non-zero, generate that many fraction bits and append them after the
195
* other quotient limbs.
196
* Return the most significant limb of the quotient, this is always 0 or 1.
200
* 1. The most significant bit of the divisor must be set.
201
* 2. QP must either not overlap with the input operands at all, or
202
* QP + DSIZE >= NP must hold true. (This means that it's
203
* possible to put the quotient in the high part of NUM, right after the
205
* 3. NSIZE >= DSIZE, even if QEXTRA_LIMBS is non-zero.
209
mpihelp_divrem( mpi_ptr_t qp, mpi_size_t qextra_limbs,
210
mpi_ptr_t np, mpi_size_t nsize,
211
mpi_ptr_t dp, mpi_size_t dsize)
213
mpi_limb_t most_significant_q_limb = 0;
217
/* We are asked to divide by zero, so go ahead and do it! (To make
218
the compiler not remove this statement, return the value.) */
232
most_significant_q_limb = 1;
236
for( i = nsize - 2; i >= 0; i--)
237
udiv_qrnnd( qp[i], n1, n1, np[i], d );
240
for( i = qextra_limbs - 1; i >= 0; i-- )
241
udiv_qrnnd (qp[i], n1, n1, 0, d);
250
mpi_limb_t n1, n0, n2;
259
if( n1 >= d1 && (n1 > d1 || n0 >= d0) ) {
260
sub_ddmmss (n1, n0, n1, n0, d1, d0);
261
most_significant_q_limb = 1;
264
for( i = qextra_limbs + nsize - 2 - 1; i >= 0; i-- ) {
268
if( i >= qextra_limbs )
274
/* Q should be either 111..111 or 111..110. Need special
275
* treatment of this rare case as normal division would
280
if( r < d1 ) { /* Carry in the addition? */
281
add_ssaaaa( n1, n0, r - d0, np[0], 0, d0 );
285
n1 = d0 - (d0 != 0?1:0);
289
udiv_qrnnd (q, r, n1, n0, d1);
290
umul_ppmm (n1, n0, d0, q);
295
if( n1 > r || (n1 == r && n0 > n2) ) {
296
/* The estimated Q was too large. */
298
sub_ddmmss (n1, n0, n1, n0, 0, d0);
300
if( r >= d1 ) /* If not carry, test Q again. */
305
sub_ddmmss (n1, n0, r, n2, n1, n0);
315
mpi_limb_t dX, d1, n0;
323
if(n0 > dX || mpihelp_cmp(np, dp, dsize - 1) >= 0 ) {
324
mpihelp_sub_n(np, np, dp, dsize);
326
most_significant_q_limb = 1;
330
for( i = qextra_limbs + nsize - dsize - 1; i >= 0; i--) {
335
if( i >= qextra_limbs ) {
341
MPN_COPY_DECR (np + 1, np, dsize - 1);
346
/* This might over-estimate q, but it's probably not worth
347
* the extra code here to find out. */
353
udiv_qrnnd(q, r, n0, np[dsize - 1], dX);
354
umul_ppmm(n1, n0, d1, q);
356
while( n1 > r || (n1 == r && n0 > np[dsize - 2])) {
359
if( r < dX ) /* I.e. "carry in previous addition?" */
366
/* Possible optimization: We already have (q * n0) and (1 * n1)
367
* after the calculation of q. Taking advantage of that, we
368
* could make this loop make two iterations less. */
369
cy_limb = mpihelp_submul_1(np, dp, dsize, q);
371
if( n2 != cy_limb ) {
372
mpihelp_add_n(np, np, dp, dsize);
382
return most_significant_q_limb;
387
* Divide (DIVIDEND_PTR,,DIVIDEND_SIZE) by DIVISOR_LIMB.
388
* Write DIVIDEND_SIZE limbs of quotient at QUOT_PTR.
389
* Return the single-limb remainder.
390
* There are no constraints on the value of the divisor.
392
* QUOT_PTR and DIVIDEND_PTR might point to the same limb.
396
mpihelp_divmod_1( mpi_ptr_t quot_ptr,
397
mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
398
mpi_limb_t divisor_limb)
401
mpi_limb_t n1, n0, r;
407
/* If multiplication is much faster than division, and the
408
* dividend is large, pre-invert the divisor, and use
409
* only multiplications in the inner loop.
411
* This test should be read:
412
* Does it ever help to use udiv_qrnnd_preinv?
413
* && Does what we save compensate for the inversion overhead?
415
if( UDIV_TIME > (2 * UMUL_TIME + 6)
416
&& (UDIV_TIME - (2 * UMUL_TIME + 6)) * dividend_size > UDIV_TIME ) {
417
int normalization_steps;
419
count_leading_zeros( normalization_steps, divisor_limb );
420
if( normalization_steps ) {
421
mpi_limb_t divisor_limb_inverted;
423
divisor_limb <<= normalization_steps;
425
/* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
426
* result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
427
* most significant bit (with weight 2**N) implicit.
429
/* Special case for DIVISOR_LIMB == 100...000. */
430
if( !(divisor_limb << 1) )
431
divisor_limb_inverted = ~(mpi_limb_t)0;
433
udiv_qrnnd(divisor_limb_inverted, dummy,
434
-divisor_limb, 0, divisor_limb);
436
n1 = dividend_ptr[dividend_size - 1];
437
r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
439
/* Possible optimization:
441
* && divisor_limb > ((n1 << normalization_steps)
442
* | (dividend_ptr[dividend_size - 2] >> ...)))
443
* ...one division less...
445
for( i = dividend_size - 2; i >= 0; i--) {
446
n0 = dividend_ptr[i];
447
UDIV_QRNND_PREINV( quot_ptr[i + 1], r, r,
448
((n1 << normalization_steps)
449
| (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
450
divisor_limb, divisor_limb_inverted);
453
UDIV_QRNND_PREINV( quot_ptr[0], r, r,
454
n1 << normalization_steps,
455
divisor_limb, divisor_limb_inverted);
456
return r >> normalization_steps;
459
mpi_limb_t divisor_limb_inverted;
461
/* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
462
* result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
463
* most significant bit (with weight 2**N) implicit.
465
/* Special case for DIVISOR_LIMB == 100...000. */
466
if( !(divisor_limb << 1) )
467
divisor_limb_inverted = ~(mpi_limb_t) 0;
469
udiv_qrnnd(divisor_limb_inverted, dummy,
470
-divisor_limb, 0, divisor_limb);
472
i = dividend_size - 1;
475
if( r >= divisor_limb )
480
for( ; i >= 0; i-- ) {
481
n0 = dividend_ptr[i];
482
UDIV_QRNND_PREINV( quot_ptr[i], r, r,
483
n0, divisor_limb, divisor_limb_inverted);
489
if(UDIV_NEEDS_NORMALIZATION) {
490
int normalization_steps;
492
count_leading_zeros (normalization_steps, divisor_limb);
493
if( normalization_steps ) {
494
divisor_limb <<= normalization_steps;
496
n1 = dividend_ptr[dividend_size - 1];
497
r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
499
/* Possible optimization:
501
* && divisor_limb > ((n1 << normalization_steps)
502
* | (dividend_ptr[dividend_size - 2] >> ...)))
503
* ...one division less...
505
for( i = dividend_size - 2; i >= 0; i--) {
506
n0 = dividend_ptr[i];
507
udiv_qrnnd (quot_ptr[i + 1], r, r,
508
((n1 << normalization_steps)
509
| (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
513
udiv_qrnnd (quot_ptr[0], r, r,
514
n1 << normalization_steps,
516
return r >> normalization_steps;
519
/* No normalization needed, either because udiv_qrnnd doesn't require
520
* it, or because DIVISOR_LIMB is already normalized. */
521
i = dividend_size - 1;
524
if(r >= divisor_limb)
530
n0 = dividend_ptr[i];
531
udiv_qrnnd( quot_ptr[i], r, r, n0, divisor_limb );
added
removed
mpi/mpih-div.c
