2 * Bignum routines for RSA and DH and stuff.
12 #if defined __GNUC__ && defined __i386__
13 typedef unsigned long BignumInt;
14 typedef unsigned long long BignumDblInt;
15 #define BIGNUM_INT_MASK 0xFFFFFFFFUL
16 #define BIGNUM_TOP_BIT 0x80000000UL
17 #define BIGNUM_INT_BITS 32
18 #define MUL_WORD(w1, w2) ((BignumDblInt)w1 * w2)
19 #define DIVMOD_WORD(q, r, hi, lo, w) \
21 "=d" (r), "=a" (q) : \
22 "r" (w), "d" (hi), "a" (lo))
24 typedef unsigned short BignumInt;
25 typedef unsigned long BignumDblInt;
26 #define BIGNUM_INT_MASK 0xFFFFU
27 #define BIGNUM_TOP_BIT 0x8000U
28 #define BIGNUM_INT_BITS 16
29 #define MUL_WORD(w1, w2) ((BignumDblInt)w1 * w2)
30 #define DIVMOD_WORD(q, r, hi, lo, w) do { \
31 BignumDblInt n = (((BignumDblInt)hi) << BIGNUM_INT_BITS) | lo; \
37 #define BIGNUM_INT_BYTES (BIGNUM_INT_BITS / 8)
39 #define BIGNUM_INTERNAL
40 typedef BignumInt *Bignum;
44 BignumInt bnZero[1] = { 0 };
45 BignumInt bnOne[2] = { 1, 1 };
48 * The Bignum format is an array of `BignumInt'. The first
49 * element of the array counts the remaining elements. The
50 * remaining elements express the actual number, base 2^BIGNUM_INT_BITS, _least_
51 * significant digit first. (So it's trivial to extract the bit
52 * with value 2^n for any n.)
54 * All Bignums in this module are positive. Negative numbers must
55 * be dealt with outside it.
57 * INVARIANT: the most significant word of any Bignum must be
61 Bignum Zero = bnZero, One = bnOne;
63 static Bignum newbn(int length)
65 Bignum b = snewn(length + 1, BignumInt);
68 memset(b, 0, (length + 1) * sizeof(*b));
73 void bn_restore_invariant(Bignum b)
75 while (b[0] > 1 && b[b[0]] == 0)
79 Bignum copybn(Bignum orig)
81 Bignum b = snewn(orig[0] + 1, BignumInt);
84 memcpy(b, orig, (orig[0] + 1) * sizeof(*b));
91 * Burn the evidence, just in case.
93 memset(b, 0, sizeof(b[0]) * (b[0] + 1));
97 Bignum bn_power_2(int n)
99 Bignum ret = newbn(n / BIGNUM_INT_BITS + 1);
100 bignum_set_bit(ret, n, 1);
106 * Input is in the first len words of a and b.
107 * Result is returned in the first 2*len words of c.
109 static void internal_mul(BignumInt *a, BignumInt *b,
110 BignumInt *c, int len)
115 for (j = 0; j < 2 * len; j++)
118 for (i = len - 1; i >= 0; i--) {
120 for (j = len - 1; j >= 0; j--) {
121 t += MUL_WORD(a[i], (BignumDblInt) b[j]);
122 t += (BignumDblInt) c[i + j + 1];
123 c[i + j + 1] = (BignumInt) t;
124 t = t >> BIGNUM_INT_BITS;
126 c[i] = (BignumInt) t;
130 static void internal_add_shifted(BignumInt *number,
131 unsigned n, int shift)
133 int word = 1 + (shift / BIGNUM_INT_BITS);
134 int bshift = shift % BIGNUM_INT_BITS;
137 addend = (BignumDblInt)n << bshift;
140 addend += number[word];
141 number[word] = (BignumInt) addend & BIGNUM_INT_MASK;
142 addend >>= BIGNUM_INT_BITS;
149 * Input in first alen words of a and first mlen words of m.
150 * Output in first alen words of a
151 * (of which first alen-mlen words will be zero).
152 * The MSW of m MUST have its high bit set.
153 * Quotient is accumulated in the `quotient' array, which is a Bignum
154 * rather than the internal bigendian format. Quotient parts are shifted
155 * left by `qshift' before adding into quot.
157 static void internal_mod(BignumInt *a, int alen,
158 BignumInt *m, int mlen,
159 BignumInt *quot, int qshift)
171 for (i = 0; i <= alen - mlen; i++) {
173 unsigned int q, r, c, ai1;
187 /* Find q = h:a[i] / m0 */
192 * To illustrate it, suppose a BignumInt is 8 bits, and
193 * we are dividing (say) A1:23:45:67 by A1:B2:C3. Then
194 * our initial division will be 0xA123 / 0xA1, which
195 * will give a quotient of 0x100 and a divide overflow.
196 * However, the invariants in this division algorithm
197 * are not violated, since the full number A1:23:... is
198 * _less_ than the quotient prefix A1:B2:... and so the
199 * following correction loop would have sorted it out.
201 * In this situation we set q to be the largest
202 * quotient we _can_ stomach (0xFF, of course).
206 DIVMOD_WORD(q, r, h, a[i], m0);
208 /* Refine our estimate of q by looking at
209 h:a[i]:a[i+1] / m0:m1 */
211 if (t > ((BignumDblInt) r << BIGNUM_INT_BITS) + ai1) {
214 r = (r + m0) & BIGNUM_INT_MASK; /* overflow? */
215 if (r >= (BignumDblInt) m0 &&
216 t > ((BignumDblInt) r << BIGNUM_INT_BITS) + ai1) q--;
220 /* Subtract q * m from a[i...] */
222 for (k = mlen - 1; k >= 0; k--) {
223 t = MUL_WORD(q, m[k]);
225 c = t >> BIGNUM_INT_BITS;
226 if ((BignumInt) t > a[i + k])
228 a[i + k] -= (BignumInt) t;
231 /* Add back m in case of borrow */
234 for (k = mlen - 1; k >= 0; k--) {
237 a[i + k] = (BignumInt) t;
238 t = t >> BIGNUM_INT_BITS;
243 internal_add_shifted(quot, q, qshift + BIGNUM_INT_BITS * (alen - mlen - i));
248 * Compute (base ^ exp) % mod.
250 Bignum modpow(Bignum base_in, Bignum exp, Bignum mod)
252 BignumInt *a, *b, *n, *m;
258 * The most significant word of mod needs to be non-zero. It
259 * should already be, but let's make sure.
261 assert(mod[mod[0]] != 0);
264 * Make sure the base is smaller than the modulus, by reducing
265 * it modulo the modulus if not.
267 base = bigmod(base_in, mod);
269 /* Allocate m of size mlen, copy mod to m */
270 /* We use big endian internally */
272 m = snewn(mlen, BignumInt);
273 for (j = 0; j < mlen; j++)
274 m[j] = mod[mod[0] - j];
276 /* Shift m left to make msb bit set */
277 for (mshift = 0; mshift < BIGNUM_INT_BITS-1; mshift++)
278 if ((m[0] << mshift) & BIGNUM_TOP_BIT)
281 for (i = 0; i < mlen - 1; i++)
282 m[i] = (m[i] << mshift) | (m[i + 1] >> (BIGNUM_INT_BITS - mshift));
283 m[mlen - 1] = m[mlen - 1] << mshift;
286 /* Allocate n of size mlen, copy base to n */
287 n = snewn(mlen, BignumInt);
289 for (j = 0; j < i; j++)
291 for (j = 0; j < base[0]; j++)
292 n[i + j] = base[base[0] - j];
294 /* Allocate a and b of size 2*mlen. Set a = 1 */
295 a = snewn(2 * mlen, BignumInt);
296 b = snewn(2 * mlen, BignumInt);
297 for (i = 0; i < 2 * mlen; i++)
301 /* Skip leading zero bits of exp. */
303 j = BIGNUM_INT_BITS-1;
304 while (i < exp[0] && (exp[exp[0] - i] & (1 << j)) == 0) {
308 j = BIGNUM_INT_BITS-1;
312 /* Main computation */
315 internal_mul(a + mlen, a + mlen, b, mlen);
316 internal_mod(b, mlen * 2, m, mlen, NULL, 0);
317 if ((exp[exp[0] - i] & (1 << j)) != 0) {
318 internal_mul(b + mlen, n, a, mlen);
319 internal_mod(a, mlen * 2, m, mlen, NULL, 0);
329 j = BIGNUM_INT_BITS-1;
332 /* Fixup result in case the modulus was shifted */
334 for (i = mlen - 1; i < 2 * mlen - 1; i++)
335 a[i] = (a[i] << mshift) | (a[i + 1] >> (BIGNUM_INT_BITS - mshift));
336 a[2 * mlen - 1] = a[2 * mlen - 1] << mshift;
337 internal_mod(a, mlen * 2, m, mlen, NULL, 0);
338 for (i = 2 * mlen - 1; i >= mlen; i--)
339 a[i] = (a[i] >> mshift) | (a[i - 1] << (BIGNUM_INT_BITS - mshift));
342 /* Copy result to buffer */
343 result = newbn(mod[0]);
344 for (i = 0; i < mlen; i++)
345 result[result[0] - i] = a[i + mlen];
346 while (result[0] > 1 && result[result[0]] == 0)
349 /* Free temporary arrays */
350 for (i = 0; i < 2 * mlen; i++)
353 for (i = 0; i < 2 * mlen; i++)
356 for (i = 0; i < mlen; i++)
359 for (i = 0; i < mlen; i++)
369 * Compute (p * q) % mod.
370 * The most significant word of mod MUST be non-zero.
371 * We assume that the result array is the same size as the mod array.
373 Bignum modmul(Bignum p, Bignum q, Bignum mod)
375 BignumInt *a, *n, *m, *o;
377 int pqlen, mlen, rlen, i, j;
380 /* Allocate m of size mlen, copy mod to m */
381 /* We use big endian internally */
383 m = snewn(mlen, BignumInt);
384 for (j = 0; j < mlen; j++)
385 m[j] = mod[mod[0] - j];
387 /* Shift m left to make msb bit set */
388 for (mshift = 0; mshift < BIGNUM_INT_BITS-1; mshift++)
389 if ((m[0] << mshift) & BIGNUM_TOP_BIT)
392 for (i = 0; i < mlen - 1; i++)
393 m[i] = (m[i] << mshift) | (m[i + 1] >> (BIGNUM_INT_BITS - mshift));
394 m[mlen - 1] = m[mlen - 1] << mshift;
397 pqlen = (p[0] > q[0] ? p[0] : q[0]);
399 /* Allocate n of size pqlen, copy p to n */
400 n = snewn(pqlen, BignumInt);
402 for (j = 0; j < i; j++)
404 for (j = 0; j < p[0]; j++)
405 n[i + j] = p[p[0] - j];
407 /* Allocate o of size pqlen, copy q to o */
408 o = snewn(pqlen, BignumInt);
410 for (j = 0; j < i; j++)
412 for (j = 0; j < q[0]; j++)
413 o[i + j] = q[q[0] - j];
415 /* Allocate a of size 2*pqlen for result */
416 a = snewn(2 * pqlen, BignumInt);
418 /* Main computation */
419 internal_mul(n, o, a, pqlen);
420 internal_mod(a, pqlen * 2, m, mlen, NULL, 0);
422 /* Fixup result in case the modulus was shifted */
424 for (i = 2 * pqlen - mlen - 1; i < 2 * pqlen - 1; i++)
425 a[i] = (a[i] << mshift) | (a[i + 1] >> (BIGNUM_INT_BITS - mshift));
426 a[2 * pqlen - 1] = a[2 * pqlen - 1] << mshift;
427 internal_mod(a, pqlen * 2, m, mlen, NULL, 0);
428 for (i = 2 * pqlen - 1; i >= 2 * pqlen - mlen; i--)
429 a[i] = (a[i] >> mshift) | (a[i - 1] << (BIGNUM_INT_BITS - mshift));
432 /* Copy result to buffer */
433 rlen = (mlen < pqlen * 2 ? mlen : pqlen * 2);
434 result = newbn(rlen);
435 for (i = 0; i < rlen; i++)
436 result[result[0] - i] = a[i + 2 * pqlen - rlen];
437 while (result[0] > 1 && result[result[0]] == 0)
440 /* Free temporary arrays */
441 for (i = 0; i < 2 * pqlen; i++)
444 for (i = 0; i < mlen; i++)
447 for (i = 0; i < pqlen; i++)
450 for (i = 0; i < pqlen; i++)
459 * The most significant word of mod MUST be non-zero.
460 * We assume that the result array is the same size as the mod array.
461 * We optionally write out a quotient if `quotient' is non-NULL.
462 * We can avoid writing out the result if `result' is NULL.
464 static void bigdivmod(Bignum p, Bignum mod, Bignum result, Bignum quotient)
468 int plen, mlen, i, j;
470 /* Allocate m of size mlen, copy mod to m */
471 /* We use big endian internally */
473 m = snewn(mlen, BignumInt);
474 for (j = 0; j < mlen; j++)
475 m[j] = mod[mod[0] - j];
477 /* Shift m left to make msb bit set */
478 for (mshift = 0; mshift < BIGNUM_INT_BITS-1; mshift++)
479 if ((m[0] << mshift) & BIGNUM_TOP_BIT)
482 for (i = 0; i < mlen - 1; i++)
483 m[i] = (m[i] << mshift) | (m[i + 1] >> (BIGNUM_INT_BITS - mshift));
484 m[mlen - 1] = m[mlen - 1] << mshift;
488 /* Ensure plen > mlen */
492 /* Allocate n of size plen, copy p to n */
493 n = snewn(plen, BignumInt);
494 for (j = 0; j < plen; j++)
496 for (j = 1; j <= p[0]; j++)
499 /* Main computation */
500 internal_mod(n, plen, m, mlen, quotient, mshift);
502 /* Fixup result in case the modulus was shifted */
504 for (i = plen - mlen - 1; i < plen - 1; i++)
505 n[i] = (n[i] << mshift) | (n[i + 1] >> (BIGNUM_INT_BITS - mshift));
506 n[plen - 1] = n[plen - 1] << mshift;
507 internal_mod(n, plen, m, mlen, quotient, 0);
508 for (i = plen - 1; i >= plen - mlen; i--)
509 n[i] = (n[i] >> mshift) | (n[i - 1] << (BIGNUM_INT_BITS - mshift));
512 /* Copy result to buffer */
514 for (i = 1; i <= result[0]; i++) {
516 result[i] = j >= 0 ? n[j] : 0;
520 /* Free temporary arrays */
521 for (i = 0; i < mlen; i++)
524 for (i = 0; i < plen; i++)
530 * Decrement a number.
532 void decbn(Bignum bn)
535 while (i < bn[0] && bn[i] == 0)
536 bn[i++] = BIGNUM_INT_MASK;
540 Bignum bignum_from_bytes(const unsigned char *data, int nbytes)
545 w = (nbytes + BIGNUM_INT_BYTES - 1) / BIGNUM_INT_BYTES; /* bytes->words */
548 for (i = 1; i <= w; i++)
550 for (i = nbytes; i--;) {
551 unsigned char byte = *data++;
552 result[1 + i / BIGNUM_INT_BYTES] |= byte << (8*i % BIGNUM_INT_BITS);
555 while (result[0] > 1 && result[result[0]] == 0)
561 * Read an ssh1-format bignum from a data buffer. Return the number
562 * of bytes consumed, or -1 if there wasn't enough data.
564 int ssh1_read_bignum(const unsigned char *data, int len, Bignum * result)
566 const unsigned char *p = data;
574 for (i = 0; i < 2; i++)
576 b = (w + 7) / 8; /* bits -> bytes */
581 if (!result) /* just return length */
584 *result = bignum_from_bytes(p, b);
590 * Return the bit count of a bignum, for ssh1 encoding.
592 int bignum_bitcount(Bignum bn)
594 int bitcount = bn[0] * BIGNUM_INT_BITS - 1;
596 && (bn[bitcount / BIGNUM_INT_BITS + 1] >> (bitcount % BIGNUM_INT_BITS)) == 0) bitcount--;
601 * Return the byte length of a bignum when ssh1 encoded.
603 int ssh1_bignum_length(Bignum bn)
605 return 2 + (bignum_bitcount(bn) + 7) / 8;
609 * Return the byte length of a bignum when ssh2 encoded.
611 int ssh2_bignum_length(Bignum bn)
613 return 4 + (bignum_bitcount(bn) + 8) / 8;
617 * Return a byte from a bignum; 0 is least significant, etc.
619 int bignum_byte(Bignum bn, int i)
621 if (i >= BIGNUM_INT_BYTES * bn[0])
622 return 0; /* beyond the end */
624 return (bn[i / BIGNUM_INT_BYTES + 1] >>
625 ((i % BIGNUM_INT_BYTES)*8)) & 0xFF;
629 * Return a bit from a bignum; 0 is least significant, etc.
631 int bignum_bit(Bignum bn, int i)
633 if (i >= BIGNUM_INT_BITS * bn[0])
634 return 0; /* beyond the end */
636 return (bn[i / BIGNUM_INT_BITS + 1] >> (i % BIGNUM_INT_BITS)) & 1;
640 * Set a bit in a bignum; 0 is least significant, etc.
642 void bignum_set_bit(Bignum bn, int bitnum, int value)
644 if (bitnum >= BIGNUM_INT_BITS * bn[0])
645 abort(); /* beyond the end */
647 int v = bitnum / BIGNUM_INT_BITS + 1;
648 int mask = 1 << (bitnum % BIGNUM_INT_BITS);
657 * Write a ssh1-format bignum into a buffer. It is assumed the
658 * buffer is big enough. Returns the number of bytes used.
660 int ssh1_write_bignum(void *data, Bignum bn)
662 unsigned char *p = data;
663 int len = ssh1_bignum_length(bn);
665 int bitc = bignum_bitcount(bn);
667 *p++ = (bitc >> 8) & 0xFF;
668 *p++ = (bitc) & 0xFF;
669 for (i = len - 2; i--;)
670 *p++ = bignum_byte(bn, i);
675 * Compare two bignums. Returns like strcmp.
677 int bignum_cmp(Bignum a, Bignum b)
679 int amax = a[0], bmax = b[0];
680 int i = (amax > bmax ? amax : bmax);
682 BignumInt aval = (i > amax ? 0 : a[i]);
683 BignumInt bval = (i > bmax ? 0 : b[i]);
694 * Right-shift one bignum to form another.
696 Bignum bignum_rshift(Bignum a, int shift)
699 int i, shiftw, shiftb, shiftbb, bits;
702 bits = bignum_bitcount(a) - shift;
703 ret = newbn((bits + BIGNUM_INT_BITS - 1) / BIGNUM_INT_BITS);
706 shiftw = shift / BIGNUM_INT_BITS;
707 shiftb = shift % BIGNUM_INT_BITS;
708 shiftbb = BIGNUM_INT_BITS - shiftb;
711 for (i = 1; i <= ret[0]; i++) {
713 ai1 = (i + shiftw + 1 <= a[0] ? a[i + shiftw + 1] : 0);
714 ret[i] = ((ai >> shiftb) | (ai1 << shiftbb)) & BIGNUM_INT_MASK;
722 * Non-modular multiplication and addition.
724 Bignum bigmuladd(Bignum a, Bignum b, Bignum addend)
726 int alen = a[0], blen = b[0];
727 int mlen = (alen > blen ? alen : blen);
728 int rlen, i, maxspot;
729 BignumInt *workspace;
732 /* mlen space for a, mlen space for b, 2*mlen for result */
733 workspace = snewn(mlen * 4, BignumInt);
734 for (i = 0; i < mlen; i++) {
735 workspace[0 * mlen + i] = (mlen - i <= a[0] ? a[mlen - i] : 0);
736 workspace[1 * mlen + i] = (mlen - i <= b[0] ? b[mlen - i] : 0);
739 internal_mul(workspace + 0 * mlen, workspace + 1 * mlen,
740 workspace + 2 * mlen, mlen);
742 /* now just copy the result back */
743 rlen = alen + blen + 1;
744 if (addend && rlen <= addend[0])
745 rlen = addend[0] + 1;
748 for (i = 1; i <= ret[0]; i++) {
749 ret[i] = (i <= 2 * mlen ? workspace[4 * mlen - i] : 0);
755 /* now add in the addend, if any */
757 BignumDblInt carry = 0;
758 for (i = 1; i <= rlen; i++) {
759 carry += (i <= ret[0] ? ret[i] : 0);
760 carry += (i <= addend[0] ? addend[i] : 0);
761 ret[i] = (BignumInt) carry & BIGNUM_INT_MASK;
762 carry >>= BIGNUM_INT_BITS;
763 if (ret[i] != 0 && i > maxspot)
774 * Non-modular multiplication.
776 Bignum bigmul(Bignum a, Bignum b)
778 return bigmuladd(a, b, NULL);
782 * Create a bignum which is the bitmask covering another one. That
783 * is, the smallest integer which is >= N and is also one less than
786 Bignum bignum_bitmask(Bignum n)
788 Bignum ret = copybn(n);
793 while (n[i] == 0 && i > 0)
796 return ret; /* input was zero */
802 ret[i] = BIGNUM_INT_MASK;
807 * Convert a (max 32-bit) long into a bignum.
809 Bignum bignum_from_long(unsigned long nn)
815 ret[1] = (BignumInt)(n & BIGNUM_INT_MASK);
816 ret[2] = (BignumInt)((n >> BIGNUM_INT_BITS) & BIGNUM_INT_MASK);
818 ret[0] = (ret[2] ? 2 : 1);
823 * Add a long to a bignum.
825 Bignum bignum_add_long(Bignum number, unsigned long addendx)
827 Bignum ret = newbn(number[0] + 1);
829 BignumDblInt carry = 0, addend = addendx;
831 for (i = 1; i <= ret[0]; i++) {
832 carry += addend & BIGNUM_INT_MASK;
833 carry += (i <= number[0] ? number[i] : 0);
834 addend >>= BIGNUM_INT_BITS;
835 ret[i] = (BignumInt) carry & BIGNUM_INT_MASK;
836 carry >>= BIGNUM_INT_BITS;
845 * Compute the residue of a bignum, modulo a (max 16-bit) short.
847 unsigned short bignum_mod_short(Bignum number, unsigned short modulus)
854 for (i = number[0]; i > 0; i--)
855 r = (r * (BIGNUM_TOP_BIT % mod) * 2 + number[i] % mod) % mod;
856 return (unsigned short) r;
860 void diagbn(char *prefix, Bignum md)
862 int i, nibbles, morenibbles;
863 static const char hex[] = "0123456789ABCDEF";
865 debug(("%s0x", prefix ? prefix : ""));
867 nibbles = (3 + bignum_bitcount(md)) / 4;
870 morenibbles = 4 * md[0] - nibbles;
871 for (i = 0; i < morenibbles; i++)
873 for (i = nibbles; i--;)
875 hex[(bignum_byte(md, i / 2) >> (4 * (i % 2))) & 0xF]));
885 Bignum bigdiv(Bignum a, Bignum b)
887 Bignum q = newbn(a[0]);
888 bigdivmod(a, b, NULL, q);
895 Bignum bigmod(Bignum a, Bignum b)
897 Bignum r = newbn(b[0]);
898 bigdivmod(a, b, r, NULL);
903 * Greatest common divisor.
905 Bignum biggcd(Bignum av, Bignum bv)
907 Bignum a = copybn(av);
908 Bignum b = copybn(bv);
910 while (bignum_cmp(b, Zero) != 0) {
911 Bignum t = newbn(b[0]);
912 bigdivmod(a, b, t, NULL);
913 while (t[0] > 1 && t[t[0]] == 0)
925 * Modular inverse, using Euclid's extended algorithm.
927 Bignum modinv(Bignum number, Bignum modulus)
929 Bignum a = copybn(modulus);
930 Bignum b = copybn(number);
931 Bignum xp = copybn(Zero);
932 Bignum x = copybn(One);
935 while (bignum_cmp(b, One) != 0) {
936 Bignum t = newbn(b[0]);
937 Bignum q = newbn(a[0]);
938 bigdivmod(a, b, t, q);
939 while (t[0] > 1 && t[t[0]] == 0)
946 x = bigmuladd(q, xp, t);
956 /* now we know that sign * x == 1, and that x < modulus */
958 /* set a new x to be modulus - x */
959 Bignum newx = newbn(modulus[0]);
964 for (i = 1; i <= newx[0]; i++) {
965 BignumInt aword = (i <= modulus[0] ? modulus[i] : 0);
966 BignumInt bword = (i <= x[0] ? x[i] : 0);
967 newx[i] = aword - bword - carry;
969 carry = carry ? (newx[i] >= bword) : (newx[i] > bword);
983 * Render a bignum into decimal. Return a malloced string holding
984 * the decimal representation.
986 char *bignum_decimal(Bignum x)
992 BignumInt *workspace;
995 * First, estimate the number of digits. Since log(10)/log(2)
996 * is just greater than 93/28 (the joys of continued fraction
997 * approximations...) we know that for every 93 bits, we need
998 * at most 28 digits. This will tell us how much to malloc.
1000 * Formally: if x has i bits, that means x is strictly less
1001 * than 2^i. Since 2 is less than 10^(28/93), this is less than
1002 * 10^(28i/93). We need an integer power of ten, so we must
1003 * round up (rounding down might make it less than x again).
1004 * Therefore if we multiply the bit count by 28/93, rounding
1005 * up, we will have enough digits.
1007 i = bignum_bitcount(x);
1008 ndigits = (28 * i + 92) / 93; /* multiply by 28/93 and round up */
1009 ndigits++; /* allow for trailing \0 */
1010 ret = snewn(ndigits, char);
1013 * Now allocate some workspace to hold the binary form as we
1014 * repeatedly divide it by ten. Initialise this to the
1015 * big-endian form of the number.
1017 workspace = snewn(x[0], BignumInt);
1018 for (i = 0; i < x[0]; i++)
1019 workspace[i] = x[x[0] - i];
1022 * Next, write the decimal number starting with the last digit.
1023 * We use ordinary short division, dividing 10 into the
1026 ndigit = ndigits - 1;
1031 for (i = 0; i < x[0]; i++) {
1032 carry = (carry << BIGNUM_INT_BITS) + workspace[i];
1033 workspace[i] = (BignumInt) (carry / 10);
1038 ret[--ndigit] = (char) (carry + '0');
1042 * There's a chance we've fallen short of the start of the
1043 * string. Correct if so.
1046 memmove(ret, ret + ndigit, ndigits - ndigit);
projects / PuTTY.git / blob