1*14675a02SAndroid Build Coastguard Worker /*
2*14675a02SAndroid Build Coastguard Worker * Copyright 2018 Google LLC
3*14675a02SAndroid Build Coastguard Worker *
4*14675a02SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*14675a02SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*14675a02SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*14675a02SAndroid Build Coastguard Worker *
8*14675a02SAndroid Build Coastguard Worker * https://www.apache.org/licenses/LICENSE-2.0
9*14675a02SAndroid Build Coastguard Worker *
10*14675a02SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*14675a02SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*14675a02SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*14675a02SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*14675a02SAndroid Build Coastguard Worker * limitations under the License.
15*14675a02SAndroid Build Coastguard Worker */
16*14675a02SAndroid Build Coastguard Worker
17*14675a02SAndroid Build Coastguard Worker // This class contains some simple inline math methods commonly used elsewhere
18*14675a02SAndroid Build Coastguard Worker // within SecAgg. No error checking or bounds checking is performed. The calling
19*14675a02SAndroid Build Coastguard Worker // code is responsible for making sure the operations do not overflow, except as
20*14675a02SAndroid Build Coastguard Worker // noted.
21*14675a02SAndroid Build Coastguard Worker
22*14675a02SAndroid Build Coastguard Worker #ifndef FCP_SECAGG_SHARED_MATH_H_
23*14675a02SAndroid Build Coastguard Worker #define FCP_SECAGG_SHARED_MATH_H_
24*14675a02SAndroid Build Coastguard Worker
25*14675a02SAndroid Build Coastguard Worker #include <cstdint>
26*14675a02SAndroid Build Coastguard Worker #include <string>
27*14675a02SAndroid Build Coastguard Worker
28*14675a02SAndroid Build Coastguard Worker #include "absl/base/internal/endian.h"
29*14675a02SAndroid Build Coastguard Worker #include "absl/numeric/int128.h"
30*14675a02SAndroid Build Coastguard Worker #include "fcp/base/monitoring.h"
31*14675a02SAndroid Build Coastguard Worker
32*14675a02SAndroid Build Coastguard Worker namespace fcp {
33*14675a02SAndroid Build Coastguard Worker namespace secagg {
34*14675a02SAndroid Build Coastguard Worker
35*14675a02SAndroid Build Coastguard Worker // Integer division rounded up.
DivideRoundUp(uint32_t a,uint32_t b)36*14675a02SAndroid Build Coastguard Worker static inline uint32_t DivideRoundUp(uint32_t a, uint32_t b) {
37*14675a02SAndroid Build Coastguard Worker return (a + b - 1) / b;
38*14675a02SAndroid Build Coastguard Worker }
39*14675a02SAndroid Build Coastguard Worker
40*14675a02SAndroid Build Coastguard Worker // Addition modulo non-zero integer z.
AddMod(uint64_t a,uint64_t b,uint64_t z)41*14675a02SAndroid Build Coastguard Worker static inline uint64_t AddMod(uint64_t a, uint64_t b, uint64_t z) {
42*14675a02SAndroid Build Coastguard Worker return (a + b) % z;
43*14675a02SAndroid Build Coastguard Worker }
44*14675a02SAndroid Build Coastguard Worker
45*14675a02SAndroid Build Coastguard Worker // Optimized version of AddMod that assumes that a and b are smaller than mod.
46*14675a02SAndroid Build Coastguard Worker // This version produces a code with branchless CMOVB instruction and is at
47*14675a02SAndroid Build Coastguard Worker // least 2x faster than AddMod on x64.
48*14675a02SAndroid Build Coastguard Worker // TODO(team): Eventually this should replace AddMod.
AddModOpt(uint64_t a,uint64_t b,uint64_t mod)49*14675a02SAndroid Build Coastguard Worker inline uint64_t AddModOpt(uint64_t a, uint64_t b, uint64_t mod) {
50*14675a02SAndroid Build Coastguard Worker #ifndef NDEBUG
51*14675a02SAndroid Build Coastguard Worker // Verify assumption that a and b are smaller than mod to start with.
52*14675a02SAndroid Build Coastguard Worker FCP_CHECK(a < mod && b < mod);
53*14675a02SAndroid Build Coastguard Worker // Make sure there is no overflow when adding a and b.
54*14675a02SAndroid Build Coastguard Worker FCP_CHECK(a <= (a + b) && b <= (a + b));
55*14675a02SAndroid Build Coastguard Worker #endif
56*14675a02SAndroid Build Coastguard Worker uint64_t sum = a + b;
57*14675a02SAndroid Build Coastguard Worker return sum < mod ? sum : sum - mod;
58*14675a02SAndroid Build Coastguard Worker }
59*14675a02SAndroid Build Coastguard Worker
60*14675a02SAndroid Build Coastguard Worker // Subtraction modulo non-zero integer z. Handles underflow correctly if b > a.
SubtractMod(uint64_t a,uint64_t b,uint64_t z)61*14675a02SAndroid Build Coastguard Worker static inline uint64_t SubtractMod(uint64_t a, uint64_t b, uint64_t z) {
62*14675a02SAndroid Build Coastguard Worker return ((a - b) + z) % z;
63*14675a02SAndroid Build Coastguard Worker }
64*14675a02SAndroid Build Coastguard Worker
65*14675a02SAndroid Build Coastguard Worker // Optimized version of SubtractMod that assumes that a and b are smaller than
66*14675a02SAndroid Build Coastguard Worker // mod. This version produces a code with branchless CMOVB instruction and is
67*14675a02SAndroid Build Coastguard Worker // at least 2x faster than SubtractMod on x64.
68*14675a02SAndroid Build Coastguard Worker // TODO(team): Eventually this should replace SubtractMod.
SubtractModOpt(uint64_t a,uint64_t b,uint64_t mod)69*14675a02SAndroid Build Coastguard Worker inline uint64_t SubtractModOpt(uint64_t a, uint64_t b, uint64_t mod) {
70*14675a02SAndroid Build Coastguard Worker #ifndef NDEBUG
71*14675a02SAndroid Build Coastguard Worker // Verify assumption that a and b are smaller than mod to start with.
72*14675a02SAndroid Build Coastguard Worker FCP_CHECK(a < mod && b < mod);
73*14675a02SAndroid Build Coastguard Worker #endif
74*14675a02SAndroid Build Coastguard Worker return a >= b ? a - b : mod - b + a;
75*14675a02SAndroid Build Coastguard Worker }
76*14675a02SAndroid Build Coastguard Worker
77*14675a02SAndroid Build Coastguard Worker // Multiplication of 32-bit integers modulo a non-zero integer z.
78*14675a02SAndroid Build Coastguard Worker // Guarantees the output is a 32-bit integer and avoids overflow by casting both
79*14675a02SAndroid Build Coastguard Worker // factors to uint64_t first.
MultiplyMod(uint32_t a,uint32_t b,uint64_t z)80*14675a02SAndroid Build Coastguard Worker static inline uint32_t MultiplyMod(uint32_t a, uint32_t b, uint64_t z) {
81*14675a02SAndroid Build Coastguard Worker return static_cast<uint32_t>((uint64_t{a} * uint64_t{b}) % z);
82*14675a02SAndroid Build Coastguard Worker }
83*14675a02SAndroid Build Coastguard Worker
84*14675a02SAndroid Build Coastguard Worker // Multiplication of 64-bit integers modulo a non-zero integer z.
85*14675a02SAndroid Build Coastguard Worker // Guarantees the output is a 64-bit integer and avoids overflow by casting both
86*14675a02SAndroid Build Coastguard Worker // factors to uint128 first.
MultiplyMod64(uint64_t a,uint64_t b,uint64_t z)87*14675a02SAndroid Build Coastguard Worker static inline uint64_t MultiplyMod64(uint64_t a, uint64_t b, uint64_t z) {
88*14675a02SAndroid Build Coastguard Worker return absl::Uint128Low64((absl::uint128(a) * absl::uint128(b)) %
89*14675a02SAndroid Build Coastguard Worker absl::uint128(z));
90*14675a02SAndroid Build Coastguard Worker }
91*14675a02SAndroid Build Coastguard Worker
92*14675a02SAndroid Build Coastguard Worker // Modular inverse of a 64-bit integer modulo a prime z via Fermat's little
93*14675a02SAndroid Build Coastguard Worker // theorem. Assumes that z is prime.
InverseModPrime(uint64_t a,uint64_t z)94*14675a02SAndroid Build Coastguard Worker static inline uint64_t InverseModPrime(uint64_t a, uint64_t z) {
95*14675a02SAndroid Build Coastguard Worker uint64_t inverse = 1;
96*14675a02SAndroid Build Coastguard Worker uint64_t exponent = z - 2;
97*14675a02SAndroid Build Coastguard Worker
98*14675a02SAndroid Build Coastguard Worker while (exponent > 0) {
99*14675a02SAndroid Build Coastguard Worker if (exponent & 1) {
100*14675a02SAndroid Build Coastguard Worker inverse = MultiplyMod64(inverse, a, z);
101*14675a02SAndroid Build Coastguard Worker }
102*14675a02SAndroid Build Coastguard Worker
103*14675a02SAndroid Build Coastguard Worker exponent >>= 1;
104*14675a02SAndroid Build Coastguard Worker a = MultiplyMod64(a, a, z);
105*14675a02SAndroid Build Coastguard Worker }
106*14675a02SAndroid Build Coastguard Worker
107*14675a02SAndroid Build Coastguard Worker return inverse;
108*14675a02SAndroid Build Coastguard Worker }
109*14675a02SAndroid Build Coastguard Worker
110*14675a02SAndroid Build Coastguard Worker // Converts ints to big-endian byte string representation. Provides platform-
111*14675a02SAndroid Build Coastguard Worker // independence only in converting known integer values to byte strings for use
112*14675a02SAndroid Build Coastguard Worker // in cryptographic methods, not for general processing of binary data.
IntToByteString(uint32_t input)113*14675a02SAndroid Build Coastguard Worker static inline std::string IntToByteString(uint32_t input) {
114*14675a02SAndroid Build Coastguard Worker char bytes[4];
115*14675a02SAndroid Build Coastguard Worker absl::big_endian::Store32(bytes, input);
116*14675a02SAndroid Build Coastguard Worker return std::string(bytes, 4);
117*14675a02SAndroid Build Coastguard Worker }
118*14675a02SAndroid Build Coastguard Worker
119*14675a02SAndroid Build Coastguard Worker } // namespace secagg
120*14675a02SAndroid Build Coastguard Worker } // namespace fcp
121*14675a02SAndroid Build Coastguard Worker
122*14675a02SAndroid Build Coastguard Worker #endif // FCP_SECAGG_SHARED_MATH_H_
123