FCL/sf/os/security: crypto/weakcrypto/source/bigint/primes.cpp@de46a57f75fb (annotated)

72 de46a57f75fb 201023_02 hgs parents: diff changeset	1	/*
de46a57f75fb 201023_02 hgs parents: diff changeset	2	* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
de46a57f75fb 201023_02 hgs parents: diff changeset	3	* All rights reserved.
de46a57f75fb 201023_02 hgs parents: diff changeset	4	* This component and the accompanying materials are made available
de46a57f75fb 201023_02 hgs parents: diff changeset	5	* under the terms of the License "Eclipse Public License v1.0"
de46a57f75fb 201023_02 hgs parents: diff changeset	6	* which accompanies this distribution, and is available
de46a57f75fb 201023_02 hgs parents: diff changeset	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
de46a57f75fb 201023_02 hgs parents: diff changeset	8	*
de46a57f75fb 201023_02 hgs parents: diff changeset	9	* Initial Contributors:
de46a57f75fb 201023_02 hgs parents: diff changeset	10	* Nokia Corporation - initial contribution.
de46a57f75fb 201023_02 hgs parents: diff changeset	11	*
de46a57f75fb 201023_02 hgs parents: diff changeset	12	* Contributors:
de46a57f75fb 201023_02 hgs parents: diff changeset	13	*
de46a57f75fb 201023_02 hgs parents: diff changeset	14	* Description:
de46a57f75fb 201023_02 hgs parents: diff changeset	15	*
de46a57f75fb 201023_02 hgs parents: diff changeset	16	*/
de46a57f75fb 201023_02 hgs parents: diff changeset	17
de46a57f75fb 201023_02 hgs parents: diff changeset	18
de46a57f75fb 201023_02 hgs parents: diff changeset	19	#include <bigint.h>
de46a57f75fb 201023_02 hgs parents: diff changeset	20	#include <e32std.h>
de46a57f75fb 201023_02 hgs parents: diff changeset	21	#include <securityerr.h>
de46a57f75fb 201023_02 hgs parents: diff changeset	22	#include "words.h"
de46a57f75fb 201023_02 hgs parents: diff changeset	23	#include "primes.h"
de46a57f75fb 201023_02 hgs parents: diff changeset	24	#include "algorithms.h"
de46a57f75fb 201023_02 hgs parents: diff changeset	25	#include "mont.h"
de46a57f75fb 201023_02 hgs parents: diff changeset	26	#include "stackinteger.h"
de46a57f75fb 201023_02 hgs parents: diff changeset	27
de46a57f75fb 201023_02 hgs parents: diff changeset	28	static inline void EliminateComposites(TUint* aS, TUint aPrime, TUint aJ,
de46a57f75fb 201023_02 hgs parents: diff changeset	29	TUint aMaxIndex)
de46a57f75fb 201023_02 hgs parents: diff changeset	30	{
de46a57f75fb 201023_02 hgs parents: diff changeset	31	for(; aJ<aMaxIndex; aJ+=aPrime)
de46a57f75fb 201023_02 hgs parents: diff changeset	32	ArraySetBit(aS, aJ);
de46a57f75fb 201023_02 hgs parents: diff changeset	33	}
de46a57f75fb 201023_02 hgs parents: diff changeset	34
de46a57f75fb 201023_02 hgs parents: diff changeset	35	static inline TInt FindLeastSignificantZero(TUint aX)
de46a57f75fb 201023_02 hgs parents: diff changeset	36	{
de46a57f75fb 201023_02 hgs parents: diff changeset	37	aX = ~aX;
de46a57f75fb 201023_02 hgs parents: diff changeset	38	int i = 0;
de46a57f75fb 201023_02 hgs parents: diff changeset	39	if( aX << 16 == 0 ) aX>>=16, i+=16;
de46a57f75fb 201023_02 hgs parents: diff changeset	40	if( aX << 24 == 0 ) aX>>=8, i+=8;
de46a57f75fb 201023_02 hgs parents: diff changeset	41	if( aX << 28 == 0 ) aX>>=4, i+=4;
de46a57f75fb 201023_02 hgs parents: diff changeset	42	if( aX << 30 == 0 ) aX>>=2, i+=2;
de46a57f75fb 201023_02 hgs parents: diff changeset	43	if( aX << 31 == 0 ) ++i;
de46a57f75fb 201023_02 hgs parents: diff changeset	44	return i;
de46a57f75fb 201023_02 hgs parents: diff changeset	45	}
de46a57f75fb 201023_02 hgs parents: diff changeset	46
de46a57f75fb 201023_02 hgs parents: diff changeset	47	static inline TInt FindFirstPrimeCandidate(TUint* aS, TUint aBitLength)
de46a57f75fb 201023_02 hgs parents: diff changeset	48	{
de46a57f75fb 201023_02 hgs parents: diff changeset	49	assert(aBitLength % WORD_BITS == 0);
de46a57f75fb 201023_02 hgs parents: diff changeset	50	TUint i=0;
de46a57f75fb 201023_02 hgs parents: diff changeset	51	//The empty statement at the end of this is stop warnings in all compilers
de46a57f75fb 201023_02 hgs parents: diff changeset	52	for(; aS[i] == KMaxTUint && i<BitsToWords(aBitLength); i++) {;}
de46a57f75fb 201023_02 hgs parents: diff changeset	53
de46a57f75fb 201023_02 hgs parents: diff changeset	54	if(i == BitsToWords(aBitLength))
de46a57f75fb 201023_02 hgs parents: diff changeset	55	return -1;
de46a57f75fb 201023_02 hgs parents: diff changeset	56	else
de46a57f75fb 201023_02 hgs parents: diff changeset	57	{
de46a57f75fb 201023_02 hgs parents: diff changeset	58	assert( FindLeastSignificantZero((TUint)(aS[i])) >= 0 );
de46a57f75fb 201023_02 hgs parents: diff changeset	59	assert( FindLeastSignificantZero((TUint)(aS[i])) <= 31 );
de46a57f75fb 201023_02 hgs parents: diff changeset	60	return i*WORD_BITS + FindLeastSignificantZero((TUint32)(aS[i]));
de46a57f75fb 201023_02 hgs parents: diff changeset	61	}
de46a57f75fb 201023_02 hgs parents: diff changeset	62	}
de46a57f75fb 201023_02 hgs parents: diff changeset	63
de46a57f75fb 201023_02 hgs parents: diff changeset	64	static inline TUint FindSmallestIndex(TUint aPrime, TUint aRemainder)
de46a57f75fb 201023_02 hgs parents: diff changeset	65	{
de46a57f75fb 201023_02 hgs parents: diff changeset	66	TUint& j = aRemainder;
de46a57f75fb 201023_02 hgs parents: diff changeset	67	if(j)
de46a57f75fb 201023_02 hgs parents: diff changeset	68	{
de46a57f75fb 201023_02 hgs parents: diff changeset	69	j = aPrime - aRemainder;
de46a57f75fb 201023_02 hgs parents: diff changeset	70	if( j & 0x1L )
de46a57f75fb 201023_02 hgs parents: diff changeset	71	{
de46a57f75fb 201023_02 hgs parents: diff changeset	72	//if j is odd then this + j is even so we actually want
de46a57f75fb 201023_02 hgs parents: diff changeset	73	//the next number for which (this + j % p == 0) st this + j is odd
de46a57f75fb 201023_02 hgs parents: diff changeset	74	//that is: this + j + p == 0 mod p
de46a57f75fb 201023_02 hgs parents: diff changeset	75	j += aPrime;
de46a57f75fb 201023_02 hgs parents: diff changeset	76	}
de46a57f75fb 201023_02 hgs parents: diff changeset	77	//Turn j into an index for a bit array representing odd numbers only
de46a57f75fb 201023_02 hgs parents: diff changeset	78	j>>=1;
de46a57f75fb 201023_02 hgs parents: diff changeset	79	}
de46a57f75fb 201023_02 hgs parents: diff changeset	80	return j;
de46a57f75fb 201023_02 hgs parents: diff changeset	81	}
de46a57f75fb 201023_02 hgs parents: diff changeset	82
de46a57f75fb 201023_02 hgs parents: diff changeset	83	static TBool IsSmallPrime(TUint aK)
de46a57f75fb 201023_02 hgs parents: diff changeset	84	{
de46a57f75fb 201023_02 hgs parents: diff changeset	85	//This is just a binary search of our small prime table.
de46a57f75fb 201023_02 hgs parents: diff changeset	86	TUint l = 0;
de46a57f75fb 201023_02 hgs parents: diff changeset	87	TUint u = KPrimeTableSize;
de46a57f75fb 201023_02 hgs parents: diff changeset	88	while( u > l )
de46a57f75fb 201023_02 hgs parents: diff changeset	89	{
de46a57f75fb 201023_02 hgs parents: diff changeset	90	TUint m = (l+u)>>1;
de46a57f75fb 201023_02 hgs parents: diff changeset	91	TUint p = KPrimeTable[m];
de46a57f75fb 201023_02 hgs parents: diff changeset	92	if(aK < p)
de46a57f75fb 201023_02 hgs parents: diff changeset	93	u = m;
de46a57f75fb 201023_02 hgs parents: diff changeset	94	else if (aK > p)
de46a57f75fb 201023_02 hgs parents: diff changeset	95	l = m + 1;
de46a57f75fb 201023_02 hgs parents: diff changeset	96	else
de46a57f75fb 201023_02 hgs parents: diff changeset	97	return ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	98	}
de46a57f75fb 201023_02 hgs parents: diff changeset	99	return EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	100	}
de46a57f75fb 201023_02 hgs parents: diff changeset	101
de46a57f75fb 201023_02 hgs parents: diff changeset	102	static inline TUint RabinMillerRounds(TUint aBits)
de46a57f75fb 201023_02 hgs parents: diff changeset	103	{
de46a57f75fb 201023_02 hgs parents: diff changeset	104	//See HAC Table 4.4
de46a57f75fb 201023_02 hgs parents: diff changeset	105	if(aBits > 1300)
de46a57f75fb 201023_02 hgs parents: diff changeset	106	return 2;
de46a57f75fb 201023_02 hgs parents: diff changeset	107	if (aBits > 850)
de46a57f75fb 201023_02 hgs parents: diff changeset	108	return 3;
de46a57f75fb 201023_02 hgs parents: diff changeset	109	if (aBits > 650)
de46a57f75fb 201023_02 hgs parents: diff changeset	110	return 4;
de46a57f75fb 201023_02 hgs parents: diff changeset	111	if (aBits > 550)
de46a57f75fb 201023_02 hgs parents: diff changeset	112	return 5;
de46a57f75fb 201023_02 hgs parents: diff changeset	113	if (aBits > 450)
de46a57f75fb 201023_02 hgs parents: diff changeset	114	return 6;
de46a57f75fb 201023_02 hgs parents: diff changeset	115	if (aBits > 400)
de46a57f75fb 201023_02 hgs parents: diff changeset	116	return 7;
de46a57f75fb 201023_02 hgs parents: diff changeset	117	if (aBits > 350)
de46a57f75fb 201023_02 hgs parents: diff changeset	118	return 8;
de46a57f75fb 201023_02 hgs parents: diff changeset	119	if (aBits > 300)
de46a57f75fb 201023_02 hgs parents: diff changeset	120	return 9;
de46a57f75fb 201023_02 hgs parents: diff changeset	121	if (aBits > 250)
de46a57f75fb 201023_02 hgs parents: diff changeset	122	return 12;
de46a57f75fb 201023_02 hgs parents: diff changeset	123	if (aBits > 200)
de46a57f75fb 201023_02 hgs parents: diff changeset	124	return 15;
de46a57f75fb 201023_02 hgs parents: diff changeset	125	if (aBits > 150)
de46a57f75fb 201023_02 hgs parents: diff changeset	126	return 18;
de46a57f75fb 201023_02 hgs parents: diff changeset	127	if (aBits > 100)
de46a57f75fb 201023_02 hgs parents: diff changeset	128	return 27;
de46a57f75fb 201023_02 hgs parents: diff changeset	129	//All of the above are optimisations on the worst case. The worst case
de46a57f75fb 201023_02 hgs parents: diff changeset	130	//chance of odd composite integers being declared prime by Rabin-Miller is
de46a57f75fb 201023_02 hgs parents: diff changeset	131	//(1/4)^t where t is the number of rounds. Thus, t = 40 means that the
de46a57f75fb 201023_02 hgs parents: diff changeset	132	//chance of declaring a composite integer prime is less than 2^(-80). See
de46a57f75fb 201023_02 hgs parents: diff changeset	133	//HAC Fact 4.25 and most of chapter 4 for more details.
de46a57f75fb 201023_02 hgs parents: diff changeset	134	return 40;
de46a57f75fb 201023_02 hgs parents: diff changeset	135	}
de46a57f75fb 201023_02 hgs parents: diff changeset	136
de46a57f75fb 201023_02 hgs parents: diff changeset	137	static TBool HasSmallDivisorL(const TInteger& aPossiblePrime)
de46a57f75fb 201023_02 hgs parents: diff changeset	138	{
de46a57f75fb 201023_02 hgs parents: diff changeset	139	assert(aPossiblePrime.IsOdd());
de46a57f75fb 201023_02 hgs parents: diff changeset	140	//Start checking at the first odd prime, whether it is even should have
de46a57f75fb 201023_02 hgs parents: diff changeset	141	//already been checked
de46a57f75fb 201023_02 hgs parents: diff changeset	142	for( TUint i=1; i < KPrimeTableSize; i++ )
de46a57f75fb 201023_02 hgs parents: diff changeset	143	{
de46a57f75fb 201023_02 hgs parents: diff changeset	144	if( aPossiblePrime.ModuloL(KPrimeTable[i]) == 0 )
de46a57f75fb 201023_02 hgs parents: diff changeset	145	{
de46a57f75fb 201023_02 hgs parents: diff changeset	146	return ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	147	}
de46a57f75fb 201023_02 hgs parents: diff changeset	148	}
de46a57f75fb 201023_02 hgs parents: diff changeset	149	return EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	150	}
de46a57f75fb 201023_02 hgs parents: diff changeset	151
de46a57f75fb 201023_02 hgs parents: diff changeset	152	static TBool RabinMillerIterationL(const CMontgomeryStructure& aMont,
de46a57f75fb 201023_02 hgs parents: diff changeset	153	const TInteger& aProbablePrime, const TInteger& aBase)
de46a57f75fb 201023_02 hgs parents: diff changeset	154	{
de46a57f75fb 201023_02 hgs parents: diff changeset	155	//see HAC 4.24
de46a57f75fb 201023_02 hgs parents: diff changeset	156	const TInteger& n = aProbablePrime;
de46a57f75fb 201023_02 hgs parents: diff changeset	157	assert(n > KLastSmallPrimeSquared);
de46a57f75fb 201023_02 hgs parents: diff changeset	158	assert(n.IsOdd());
de46a57f75fb 201023_02 hgs parents: diff changeset	159	assert(aBase > TInteger::One());
de46a57f75fb 201023_02 hgs parents: diff changeset	160
de46a57f75fb 201023_02 hgs parents: diff changeset	161	RInteger nminus1 = n.MinusL(TInteger::One());
de46a57f75fb 201023_02 hgs parents: diff changeset	162	CleanupStack::PushL(nminus1);
de46a57f75fb 201023_02 hgs parents: diff changeset	163	assert(aBase < nminus1);
de46a57f75fb 201023_02 hgs parents: diff changeset	164
de46a57f75fb 201023_02 hgs parents: diff changeset	165	// 1) find (s \| 2^s*r == n-1) where r is odd
de46a57f75fb 201023_02 hgs parents: diff changeset	166	// we want the largest power of 2 that divides n-1
de46a57f75fb 201023_02 hgs parents: diff changeset	167	TUint s=0;
de46a57f75fb 201023_02 hgs parents: diff changeset	168	for(;;s++)
de46a57f75fb 201023_02 hgs parents: diff changeset	169	{
de46a57f75fb 201023_02 hgs parents: diff changeset	170	if(nminus1.Bit(s))
de46a57f75fb 201023_02 hgs parents: diff changeset	171	{
de46a57f75fb 201023_02 hgs parents: diff changeset	172	break;
de46a57f75fb 201023_02 hgs parents: diff changeset	173	}
de46a57f75fb 201023_02 hgs parents: diff changeset	174	}
de46a57f75fb 201023_02 hgs parents: diff changeset	175	// (r = (n-1) / 2^s) which is equiv to (n-1 >>= s)
de46a57f75fb 201023_02 hgs parents: diff changeset	176	RInteger r = RInteger::NewL(nminus1);
de46a57f75fb 201023_02 hgs parents: diff changeset	177	CleanupStack::PushL(r);
de46a57f75fb 201023_02 hgs parents: diff changeset	178	r >>= s;
de46a57f75fb 201023_02 hgs parents: diff changeset	179
de46a57f75fb 201023_02 hgs parents: diff changeset	180	//At no point do we own y, aMont owns it
de46a57f75fb 201023_02 hgs parents: diff changeset	181	const TInteger* y = &(aMont.ExponentiateL(aBase, r));
de46a57f75fb 201023_02 hgs parents: diff changeset	182
de46a57f75fb 201023_02 hgs parents: diff changeset	183	TBool probablePrime = EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	184
de46a57f75fb 201023_02 hgs parents: diff changeset	185	TUint j=1;
de46a57f75fb 201023_02 hgs parents: diff changeset	186	if( y == TInteger::One() \|\| y == nminus1 )
de46a57f75fb 201023_02 hgs parents: diff changeset	187	{
de46a57f75fb 201023_02 hgs parents: diff changeset	188	probablePrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	189	}
de46a57f75fb 201023_02 hgs parents: diff changeset	190	else
de46a57f75fb 201023_02 hgs parents: diff changeset	191	{
de46a57f75fb 201023_02 hgs parents: diff changeset	192	for(j=1; j<s; j++)
de46a57f75fb 201023_02 hgs parents: diff changeset	193	{
de46a57f75fb 201023_02 hgs parents: diff changeset	194	y = &(aMont.SquareL(*y));
de46a57f75fb 201023_02 hgs parents: diff changeset	195	if(*y == nminus1)
de46a57f75fb 201023_02 hgs parents: diff changeset	196	{
de46a57f75fb 201023_02 hgs parents: diff changeset	197	probablePrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	198	break;
de46a57f75fb 201023_02 hgs parents: diff changeset	199	}
de46a57f75fb 201023_02 hgs parents: diff changeset	200	if(*y == TInteger::One())
de46a57f75fb 201023_02 hgs parents: diff changeset	201	{
de46a57f75fb 201023_02 hgs parents: diff changeset	202	assert(probablePrime == EFalse);
de46a57f75fb 201023_02 hgs parents: diff changeset	203	break;
de46a57f75fb 201023_02 hgs parents: diff changeset	204	}
de46a57f75fb 201023_02 hgs parents: diff changeset	205	}
de46a57f75fb 201023_02 hgs parents: diff changeset	206	}
de46a57f75fb 201023_02 hgs parents: diff changeset	207	CleanupStack::PopAndDestroy(&r);
de46a57f75fb 201023_02 hgs parents: diff changeset	208	CleanupStack::PopAndDestroy(&nminus1);//y,r,nminus1
de46a57f75fb 201023_02 hgs parents: diff changeset	209	return probablePrime;
de46a57f75fb 201023_02 hgs parents: diff changeset	210	}
de46a57f75fb 201023_02 hgs parents: diff changeset	211
de46a57f75fb 201023_02 hgs parents: diff changeset	212	static TBool RabinMillerTestL(const CMontgomeryStructure& aMont,
de46a57f75fb 201023_02 hgs parents: diff changeset	213	const TInteger& aProbablePrime, TUint aRounds)
de46a57f75fb 201023_02 hgs parents: diff changeset	214	{
de46a57f75fb 201023_02 hgs parents: diff changeset	215	const TInteger& n = aProbablePrime;
de46a57f75fb 201023_02 hgs parents: diff changeset	216	assert(n > KLastSmallPrimeSquared);
de46a57f75fb 201023_02 hgs parents: diff changeset	217
de46a57f75fb 201023_02 hgs parents: diff changeset	218	RInteger nminus2 = n.MinusL(TInteger::Two());
de46a57f75fb 201023_02 hgs parents: diff changeset	219	CleanupStack::PushL(nminus2);
de46a57f75fb 201023_02 hgs parents: diff changeset	220
de46a57f75fb 201023_02 hgs parents: diff changeset	221	for(TUint i=0; i<aRounds; i++)
de46a57f75fb 201023_02 hgs parents: diff changeset	222	{
de46a57f75fb 201023_02 hgs parents: diff changeset	223	RInteger base = RInteger::NewRandomL(TInteger::Two(), nminus2);
de46a57f75fb 201023_02 hgs parents: diff changeset	224	CleanupStack::PushL(base);
de46a57f75fb 201023_02 hgs parents: diff changeset	225	if(!RabinMillerIterationL(aMont, n, base))
de46a57f75fb 201023_02 hgs parents: diff changeset	226	{
de46a57f75fb 201023_02 hgs parents: diff changeset	227	CleanupStack::PopAndDestroy(2, &nminus2);//base, nminus2
de46a57f75fb 201023_02 hgs parents: diff changeset	228	return EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	229	}
de46a57f75fb 201023_02 hgs parents: diff changeset	230	CleanupStack::PopAndDestroy(&base);
de46a57f75fb 201023_02 hgs parents: diff changeset	231	}
de46a57f75fb 201023_02 hgs parents: diff changeset	232	CleanupStack::PopAndDestroy(&nminus2);
de46a57f75fb 201023_02 hgs parents: diff changeset	233	return ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	234	}
de46a57f75fb 201023_02 hgs parents: diff changeset	235
de46a57f75fb 201023_02 hgs parents: diff changeset	236	static TBool IsStrongProbablePrimeL(const TInteger& aPrime)
de46a57f75fb 201023_02 hgs parents: diff changeset	237	{
de46a57f75fb 201023_02 hgs parents: diff changeset	238	CMontgomeryStructure* mont = CMontgomeryStructure::NewLC(aPrime);
de46a57f75fb 201023_02 hgs parents: diff changeset	239	//This should be using short circuit evaluation
de46a57f75fb 201023_02 hgs parents: diff changeset	240	TBool probablePrime = RabinMillerIterationL(*mont, aPrime, TInteger::Two())
de46a57f75fb 201023_02 hgs parents: diff changeset	241	&& RabinMillerTestL(*mont, aPrime,RabinMillerRounds(aPrime.BitCount()));
de46a57f75fb 201023_02 hgs parents: diff changeset	242	CleanupStack::PopAndDestroy(mont);
de46a57f75fb 201023_02 hgs parents: diff changeset	243	return probablePrime;
de46a57f75fb 201023_02 hgs parents: diff changeset	244	}
de46a57f75fb 201023_02 hgs parents: diff changeset	245
de46a57f75fb 201023_02 hgs parents: diff changeset	246	/* In the _vast_ majority of cases this simply checks that your chosen random
de46a57f75fb 201023_02 hgs parents: diff changeset	247	* number is >= KLastSmallPrimeSquared and return EFalse and lets the normal
de46a57f75fb 201023_02 hgs parents: diff changeset	248	* prime generation routines handle the situation. In the case where it is
de46a57f75fb 201023_02 hgs parents: diff changeset	249	* smaller, it generates a provable prime and returns ETrue. The algorithm for
de46a57f75fb 201023_02 hgs parents: diff changeset	250	* finding a provable prime < KLastPrimeSquared is not the most efficient in the
de46a57f75fb 201023_02 hgs parents: diff changeset	251	* world, but two points come to mind
de46a57f75fb 201023_02 hgs parents: diff changeset	252	* 1) The two if statements hardly _ever_ evaluate to ETrue in real life.
de46a57f75fb 201023_02 hgs parents: diff changeset	253	* 2) Even when it is, the distribution of primes < KLastPrimeSquared is pretty
de46a57f75fb 201023_02 hgs parents: diff changeset	254	* dense, so you aren't going to have check many.
de46a57f75fb 201023_02 hgs parents: diff changeset	255	* This function is essentially here for two reasons:
de46a57f75fb 201023_02 hgs parents: diff changeset	256	* 1) Ensures that it is possible to generate primes < KLastPrimeSquared (the
de46a57f75fb 201023_02 hgs parents: diff changeset	257	* test code does this)
de46a57f75fb 201023_02 hgs parents: diff changeset	258	* 2) Ensures that if you request a prime of a large bit size that there is an
de46a57f75fb 201023_02 hgs parents: diff changeset	259	* even probability distribution across all integers < 2^aBits
de46a57f75fb 201023_02 hgs parents: diff changeset	260	*/
de46a57f75fb 201023_02 hgs parents: diff changeset	261	TBool TInteger::SmallPrimeRandomizeL(void)
de46a57f75fb 201023_02 hgs parents: diff changeset	262	{
de46a57f75fb 201023_02 hgs parents: diff changeset	263	TBool foundPrime = EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	264	//If the random number we've chosen is less than KLastSmallPrime,
de46a57f75fb 201023_02 hgs parents: diff changeset	265	//testing for primality is easy.
de46a57f75fb 201023_02 hgs parents: diff changeset	266	if(*this <= KLastSmallPrime)
de46a57f75fb 201023_02 hgs parents: diff changeset	267	{
de46a57f75fb 201023_02 hgs parents: diff changeset	268	//If Zero or One, or two, next prime number is two
de46a57f75fb 201023_02 hgs parents: diff changeset	269	if(IsZero() \|\| this == One() \|\| this == Two())
de46a57f75fb 201023_02 hgs parents: diff changeset	270	{
de46a57f75fb 201023_02 hgs parents: diff changeset	271	CopyL(TInteger::Two());
de46a57f75fb 201023_02 hgs parents: diff changeset	272	foundPrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	273	}
de46a57f75fb 201023_02 hgs parents: diff changeset	274	else
de46a57f75fb 201023_02 hgs parents: diff changeset	275	{
de46a57f75fb 201023_02 hgs parents: diff changeset	276	//Make sure any number we bother testing is at least odd
de46a57f75fb 201023_02 hgs parents: diff changeset	277	SetBit(0);
de46a57f75fb 201023_02 hgs parents: diff changeset	278	//Binary search the small primes.
de46a57f75fb 201023_02 hgs parents: diff changeset	279	while(!IsSmallPrime(ConvertToUnsignedLong()))
de46a57f75fb 201023_02 hgs parents: diff changeset	280	{
de46a57f75fb 201023_02 hgs parents: diff changeset	281	//If not prime, add two and try the next odd number.
de46a57f75fb 201023_02 hgs parents: diff changeset	282
de46a57f75fb 201023_02 hgs parents: diff changeset	283	//will never carry as the minimum size of an RInteger is 2
de46a57f75fb 201023_02 hgs parents: diff changeset	284	//words. Much bigger than KLastSmallPrime on 32bit
de46a57f75fb 201023_02 hgs parents: diff changeset	285	//architectures.
de46a57f75fb 201023_02 hgs parents: diff changeset	286	IncrementNoCarry(Ptr(), Size(), 2);
de46a57f75fb 201023_02 hgs parents: diff changeset	287	}
de46a57f75fb 201023_02 hgs parents: diff changeset	288	assert(IsSmallPrime(ConvertToUnsignedLong()));
de46a57f75fb 201023_02 hgs parents: diff changeset	289	foundPrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	290	}
de46a57f75fb 201023_02 hgs parents: diff changeset	291	}
de46a57f75fb 201023_02 hgs parents: diff changeset	292	else if(*this <= KLastSmallPrimeSquared)
de46a57f75fb 201023_02 hgs parents: diff changeset	293	{
de46a57f75fb 201023_02 hgs parents: diff changeset	294	//Make sure any number we bother testing is at least odd
de46a57f75fb 201023_02 hgs parents: diff changeset	295	SetBit(0);
de46a57f75fb 201023_02 hgs parents: diff changeset	296
de46a57f75fb 201023_02 hgs parents: diff changeset	297	while(HasSmallDivisorL(this) && this <= KLastSmallPrimeSquared)
de46a57f75fb 201023_02 hgs parents: diff changeset	298	{
de46a57f75fb 201023_02 hgs parents: diff changeset	299	//If not prime, add two and try the next odd number.
de46a57f75fb 201023_02 hgs parents: diff changeset	300
de46a57f75fb 201023_02 hgs parents: diff changeset	301	//will never carry as the minimum size of an RInteger is 2
de46a57f75fb 201023_02 hgs parents: diff changeset	302	//words. Much bigger than KLastSmallPrime on 32bit
de46a57f75fb 201023_02 hgs parents: diff changeset	303	//architectures.
de46a57f75fb 201023_02 hgs parents: diff changeset	304	IncrementNoCarry(Ptr(), Size(), 2);
de46a57f75fb 201023_02 hgs parents: diff changeset	305	}
de46a57f75fb 201023_02 hgs parents: diff changeset	306	//If we exited while loop because it had no small divisor then it is
de46a57f75fb 201023_02 hgs parents: diff changeset	307	//prime. Otherwise, we've exceeded the limit of what we can provably
de46a57f75fb 201023_02 hgs parents: diff changeset	308	//generate. Therefore the normal prime gen routines will be run on it
de46a57f75fb 201023_02 hgs parents: diff changeset	309	//now.
de46a57f75fb 201023_02 hgs parents: diff changeset	310	if(*this < KLastSmallPrimeSquared)
de46a57f75fb 201023_02 hgs parents: diff changeset	311	{
de46a57f75fb 201023_02 hgs parents: diff changeset	312	foundPrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	313	}
de46a57f75fb 201023_02 hgs parents: diff changeset	314	else
de46a57f75fb 201023_02 hgs parents: diff changeset	315	{
de46a57f75fb 201023_02 hgs parents: diff changeset	316	assert(foundPrime == EFalse);
de46a57f75fb 201023_02 hgs parents: diff changeset	317	}
de46a57f75fb 201023_02 hgs parents: diff changeset	318	}
de46a57f75fb 201023_02 hgs parents: diff changeset	319	//This doesn't mean there is no such prime, simply means that the number
de46a57f75fb 201023_02 hgs parents: diff changeset	320	//wasn't less than KSmallPrimeSquared and needs to be handled by the normal
de46a57f75fb 201023_02 hgs parents: diff changeset	321	//prime generation routines.
de46a57f75fb 201023_02 hgs parents: diff changeset	322	return foundPrime;
de46a57f75fb 201023_02 hgs parents: diff changeset	323	}
de46a57f75fb 201023_02 hgs parents: diff changeset	324
de46a57f75fb 201023_02 hgs parents: diff changeset	325	void TInteger::PrimeRandomizeL(TUint aBits, TRandomAttribute aAttr)
de46a57f75fb 201023_02 hgs parents: diff changeset	326	{
de46a57f75fb 201023_02 hgs parents: diff changeset	327	assert(aBits > 1);
de46a57f75fb 201023_02 hgs parents: diff changeset	328
de46a57f75fb 201023_02 hgs parents: diff changeset	329	//"this" is "empty" currently. Consists of Size() words of 0's. This is just
de46a57f75fb 201023_02 hgs parents: diff changeset	330	//checking that sign flag is positive as we don't set it later.
de46a57f75fb 201023_02 hgs parents: diff changeset	331	assert(NotNegative());
de46a57f75fb 201023_02 hgs parents: diff changeset	332
de46a57f75fb 201023_02 hgs parents: diff changeset	333	//Flag for the whole function saying if we've found a prime
de46a57f75fb 201023_02 hgs parents: diff changeset	334	TBool foundProbablePrime = EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	335
de46a57f75fb 201023_02 hgs parents: diff changeset	336	//Find 2^aBits + 1 -- any prime we find must be less than this.
de46a57f75fb 201023_02 hgs parents: diff changeset	337	RInteger max = RInteger::NewEmptyL(BitsToWords(aBits)+1);
de46a57f75fb 201023_02 hgs parents: diff changeset	338	CleanupStack::PushL(max);
de46a57f75fb 201023_02 hgs parents: diff changeset	339	max.SetBit(aBits);
de46a57f75fb 201023_02 hgs parents: diff changeset	340	assert(max.BitCount()-1 == aBits);
de46a57f75fb 201023_02 hgs parents: diff changeset	341
de46a57f75fb 201023_02 hgs parents: diff changeset	342	// aBits \| approx number of odd numbers you must try to have a 50%
de46a57f75fb 201023_02 hgs parents: diff changeset	343	// chance of finding a prime
de46a57f75fb 201023_02 hgs parents: diff changeset	344	//---------------------------------------------------------
de46a57f75fb 201023_02 hgs parents: diff changeset	345	// 512 \| 122
de46a57f75fb 201023_02 hgs parents: diff changeset	346	// 1024 \| 245
de46a57f75fb 201023_02 hgs parents: diff changeset	347	// 2048 \| 1023
de46a57f75fb 201023_02 hgs parents: diff changeset	348	//Therefore if we are generating larger than 1024 bit numbers we'll use a
de46a57f75fb 201023_02 hgs parents: diff changeset	349	//bigger bit array to have a better chance of avoiding re-generating it.
de46a57f75fb 201023_02 hgs parents: diff changeset	350	TUint sLength = aBits > 1024 ? 1024 : 512;
de46a57f75fb 201023_02 hgs parents: diff changeset	351	RInteger S = RInteger::NewEmptyL(BitsToWords(sLength));
de46a57f75fb 201023_02 hgs parents: diff changeset	352	CleanupStack::PushL(S);
de46a57f75fb 201023_02 hgs parents: diff changeset	353
de46a57f75fb 201023_02 hgs parents: diff changeset	354	while(!foundProbablePrime)
de46a57f75fb 201023_02 hgs parents: diff changeset	355	{
de46a57f75fb 201023_02 hgs parents: diff changeset	356	//Randomly choose aBits
de46a57f75fb 201023_02 hgs parents: diff changeset	357	RandomizeL(aBits, aAttr);
de46a57f75fb 201023_02 hgs parents: diff changeset	358
de46a57f75fb 201023_02 hgs parents: diff changeset	359	//If the random number chosen is less than KSmallPrimeSquared, we have a
de46a57f75fb 201023_02 hgs parents: diff changeset	360	//special set of routines.
de46a57f75fb 201023_02 hgs parents: diff changeset	361	if(SmallPrimeRandomizeL())
de46a57f75fb 201023_02 hgs parents: diff changeset	362	{
de46a57f75fb 201023_02 hgs parents: diff changeset	363	foundProbablePrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	364	}
de46a57f75fb 201023_02 hgs parents: diff changeset	365	else
de46a57f75fb 201023_02 hgs parents: diff changeset	366	{
de46a57f75fb 201023_02 hgs parents: diff changeset	367	//if it was <= KLastSmallPrimeSquared then it would have been
de46a57f75fb 201023_02 hgs parents: diff changeset	368	//handled by SmallPrimeRandomizeL()
de46a57f75fb 201023_02 hgs parents: diff changeset	369	assert(*this > KLastSmallPrimeSquared);
de46a57f75fb 201023_02 hgs parents: diff changeset	370
de46a57f75fb 201023_02 hgs parents: diff changeset	371	//Make sure any number we bother testing is at least odd
de46a57f75fb 201023_02 hgs parents: diff changeset	372	SetBit(0);
de46a57f75fb 201023_02 hgs parents: diff changeset	373
de46a57f75fb 201023_02 hgs parents: diff changeset	374	//Ensure that this + 2*sLength < max
de46a57f75fb 201023_02 hgs parents: diff changeset	375	RInteger temp = max.MinusL(*this);
de46a57f75fb 201023_02 hgs parents: diff changeset	376	CleanupStack::PushL(temp);
de46a57f75fb 201023_02 hgs parents: diff changeset	377	++temp;
de46a57f75fb 201023_02 hgs parents: diff changeset	378	temp >>=1;
de46a57f75fb 201023_02 hgs parents: diff changeset	379	if(temp < sLength)
de46a57f75fb 201023_02 hgs parents: diff changeset	380	{
de46a57f75fb 201023_02 hgs parents: diff changeset	381	//if this + 2*sLength >= max then we use a smaller sLength to
de46a57f75fb 201023_02 hgs parents: diff changeset	382	//ensure we don't find a number that is outside of our bounds
de46a57f75fb 201023_02 hgs parents: diff changeset	383	//(and bigger than our allocated memory for this)
de46a57f75fb 201023_02 hgs parents: diff changeset	384
de46a57f75fb 201023_02 hgs parents: diff changeset	385	//temp must be less than KMaxTUint as sLength is a TUint
de46a57f75fb 201023_02 hgs parents: diff changeset	386	sLength = temp.ConvertToUnsignedLong();
de46a57f75fb 201023_02 hgs parents: diff changeset	387	}
de46a57f75fb 201023_02 hgs parents: diff changeset	388	CleanupStack::PopAndDestroy(&temp);
de46a57f75fb 201023_02 hgs parents: diff changeset	389
de46a57f75fb 201023_02 hgs parents: diff changeset	390	//Start at 1 as no point in checking against 2 (all odd numbers)
de46a57f75fb 201023_02 hgs parents: diff changeset	391	for(TUint i=1; i<KPrimeTableSize; i++)
de46a57f75fb 201023_02 hgs parents: diff changeset	392	{
de46a57f75fb 201023_02 hgs parents: diff changeset	393	//no need to call ModuloL as we know KPrimeTable[i] is not 0
de46a57f75fb 201023_02 hgs parents: diff changeset	394	TUint remainder = Modulo(*this, KPrimeTable[i]);
de46a57f75fb 201023_02 hgs parents: diff changeset	395	TUint index = FindSmallestIndex(KPrimeTable[i], remainder);
de46a57f75fb 201023_02 hgs parents: diff changeset	396	EliminateComposites(S.Ptr(), KPrimeTable[i], index, sLength);
de46a57f75fb 201023_02 hgs parents: diff changeset	397	}
de46a57f75fb 201023_02 hgs parents: diff changeset	398	TInt j = FindFirstPrimeCandidate(S.Ptr(), sLength);
de46a57f75fb 201023_02 hgs parents: diff changeset	399	TInt prev = 0;
de46a57f75fb 201023_02 hgs parents: diff changeset	400	for(; j>=0; j=FindFirstPrimeCandidate(S.Ptr(), sLength))
de46a57f75fb 201023_02 hgs parents: diff changeset	401	{
de46a57f75fb 201023_02 hgs parents: diff changeset	402	ArraySetBit(S.Ptr(), j);
de46a57f75fb 201023_02 hgs parents: diff changeset	403
de46a57f75fb 201023_02 hgs parents: diff changeset	404	//should never carry as we earlier made sure that 2*j + this < max
de46a57f75fb 201023_02 hgs parents: diff changeset	405	//where max is 1 bit more than we asked for.
de46a57f75fb 201023_02 hgs parents: diff changeset	406	IncrementNoCarry(Ptr(), Size(), 2*(j-prev));
de46a57f75fb 201023_02 hgs parents: diff changeset	407
de46a57f75fb 201023_02 hgs parents: diff changeset	408	assert(*this < max);
de46a57f75fb 201023_02 hgs parents: diff changeset	409	assert(!HasSmallDivisorL(*this));
de46a57f75fb 201023_02 hgs parents: diff changeset	410
de46a57f75fb 201023_02 hgs parents: diff changeset	411	prev = j;
de46a57f75fb 201023_02 hgs parents: diff changeset	412
de46a57f75fb 201023_02 hgs parents: diff changeset	413	if( IsStrongProbablePrimeL(*this) )
de46a57f75fb 201023_02 hgs parents: diff changeset	414	{
de46a57f75fb 201023_02 hgs parents: diff changeset	415	foundProbablePrime = ETrue;
de46a57f75fb 201023_02 hgs parents: diff changeset	416	break;
de46a57f75fb 201023_02 hgs parents: diff changeset	417	}
de46a57f75fb 201023_02 hgs parents: diff changeset	418	}
de46a57f75fb 201023_02 hgs parents: diff changeset	419	//This clears the memory
de46a57f75fb 201023_02 hgs parents: diff changeset	420	S.CopyL(0, EFalse);
de46a57f75fb 201023_02 hgs parents: diff changeset	421	}
de46a57f75fb 201023_02 hgs parents: diff changeset	422	}
de46a57f75fb 201023_02 hgs parents: diff changeset	423	CleanupStack::PopAndDestroy(2, &max);
de46a57f75fb 201023_02 hgs parents: diff changeset	424	}
de46a57f75fb 201023_02 hgs parents: diff changeset	425
de46a57f75fb 201023_02 hgs parents: diff changeset	426	TBool TInteger::IsPrimeL(void) const
de46a57f75fb 201023_02 hgs parents: diff changeset	427	{
de46a57f75fb 201023_02 hgs parents: diff changeset	428	if( NotPositive() )
de46a57f75fb 201023_02 hgs parents: diff changeset	429	{
de46a57f75fb 201023_02 hgs parents: diff changeset	430	return EFalse;
de46a57f75fb 201023_02 hgs parents: diff changeset	431	}
de46a57f75fb 201023_02 hgs parents: diff changeset	432	else if( IsEven() )
de46a57f75fb 201023_02 hgs parents: diff changeset	433	{
de46a57f75fb 201023_02 hgs parents: diff changeset	434	return *this == Two();
de46a57f75fb 201023_02 hgs parents: diff changeset	435	}
de46a57f75fb 201023_02 hgs parents: diff changeset	436	else if( *this <= KLastSmallPrime )
de46a57f75fb 201023_02 hgs parents: diff changeset	437	{
de46a57f75fb 201023_02 hgs parents: diff changeset	438	assert(KLastSmallPrime < KMaxTUint);
de46a57f75fb 201023_02 hgs parents: diff changeset	439	return IsSmallPrime(this->ConvertToUnsignedLong());
de46a57f75fb 201023_02 hgs parents: diff changeset	440	}
de46a57f75fb 201023_02 hgs parents: diff changeset	441	else if( *this <= KLastSmallPrimeSquared )
de46a57f75fb 201023_02 hgs parents: diff changeset	442	{
de46a57f75fb 201023_02 hgs parents: diff changeset	443	return !HasSmallDivisorL(*this);
de46a57f75fb 201023_02 hgs parents: diff changeset	444	}
de46a57f75fb 201023_02 hgs parents: diff changeset	445	else
de46a57f75fb 201023_02 hgs parents: diff changeset	446	{
de46a57f75fb 201023_02 hgs parents: diff changeset	447	return !HasSmallDivisorL(this) && IsStrongProbablePrimeL(this);
de46a57f75fb 201023_02 hgs parents: diff changeset	448	}
de46a57f75fb 201023_02 hgs parents: diff changeset	449	}

author	hgs
	Thu, 24 Jun 2010 15:39:07 +0530
changeset 72	de46a57f75fb
permissions	-rw-r--r--