1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2012 The Bitcoin developers
3 // Distributed under the MIT/X11 software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 #ifndef BITCOIN_BIGNUM_H
6 #define BITCOIN_BIGNUM_H
11 #include <openssl/bn.h>
13 #include "serialize.h"
17 /** Errors thrown by the bignum class */
18 class bignum_error : public std::runtime_error
21 explicit bignum_error(const std::string& str) : std::runtime_error(str) {}
25 /** RAII encapsulated BN_CTX (OpenSSL bignum context) */
30 BN_CTX* operator=(BN_CTX* pnew) { return pctx = pnew; }
37 throw bignum_error("CAutoBN_CTX : BN_CTX_new() returned NULL");
46 operator BN_CTX*() { return pctx; }
47 BN_CTX& operator*() { return *pctx; }
48 BN_CTX** operator&() { return &pctx; }
49 bool operator!() { return (pctx == NULL); }
53 /** C++ wrapper for BIGNUM (OpenSSL bignum) */
54 class CBigNum : public BIGNUM
62 CBigNum(const CBigNum& b)
65 if (!BN_copy(this, &b))
68 throw bignum_error("CBigNum::CBigNum(const CBigNum&) : BN_copy failed");
72 CBigNum& operator=(const CBigNum& b)
74 if (!BN_copy(this, &b))
75 throw bignum_error("CBigNum::operator= : BN_copy failed");
84 CBigNum(int8_t n) { BN_init(this); if (n >= 0) setuint32(n); else setint64(n); }
85 CBigNum(int16_t n) { BN_init(this); if (n >= 0) setuint32(n); else setint64(n); }
86 CBigNum(int32_t n) { BN_init(this); if (n >= 0) setuint32(n); else setint64(n); }
87 CBigNum(int64_t n) { BN_init(this); if (n >= 0) setuint64(n); else setint64(n); }
89 CBigNum(uint8_t n) { BN_init(this); setuint32(n); }
90 CBigNum(uint16_t n) { BN_init(this); setuint32(n); }
91 CBigNum(uint32_t n) { BN_init(this); setuint32(n); }
92 CBigNum(uint64_t n) { BN_init(this); setuint64(n); }
94 explicit CBigNum(uint256 n) { BN_init(this); setuint256(n); }
95 explicit CBigNum(const std::vector<uint8_t>& vch)
101 /** Generates a cryptographically secure random number between zero and range exclusive
102 * i.e. 0 < returned number < range
103 * @param range The upper bound on the number.
106 static CBigNum randBignum(const CBigNum& range) {
108 if(!BN_rand_range(&ret, &range)){
109 throw bignum_error("CBigNum:rand element : BN_rand_range failed");
114 /** Generates a cryptographically secure random k-bit number
115 * @param k The bit length of the number.
118 static CBigNum RandKBitBigum(const uint32_t k){
120 if(!BN_rand(&ret, k, -1, 0)){
121 throw bignum_error("CBigNum:rand element : BN_rand failed");
126 /**Returns the size in bits of the underlying bignum.
131 return BN_num_bits(this);
135 void setuint32(uint32_t n)
137 if (!BN_set_word(this, n))
138 throw bignum_error("CBigNum conversion from uint32_t : BN_set_word failed");
141 uint32_t getuint32() const
143 return BN_get_word(this);
146 int32_t getint32() const
148 uint64_t n = BN_get_word(this);
149 if (!BN_is_negative(this))
150 return (n > (uint64_t)std::numeric_limits<int32_t>::max() ? std::numeric_limits<int32_t>::max() : (int32_t)n);
152 return (n > (uint64_t)std::numeric_limits<int32_t>::max() ? std::numeric_limits<int32_t>::min() : -(int32_t)n);
155 void setint64(int64_t sn)
157 uint8_t pch[sizeof(sn) + 6];
158 uint8_t* p = pch + 4;
164 // Since the minimum signed integer cannot be represented as positive so long as its type is signed, and it's not well-defined what happens if you make it unsigned before negating it, we instead increment the negative integer by 1, convert it, then increment the (now positive) unsigned integer by 1 to compensate
173 bool fLeadingZeroes = true;
174 for (int i = 0; i < 8; i++)
176 uint8_t c = (n >> 56) & 0xff;
183 *p++ = (fNegative ? 0x80 : 0);
186 fLeadingZeroes = false;
190 uint32_t nSize = (uint32_t) (p - (pch + 4));
191 pch[0] = (nSize >> 24) & 0xff;
192 pch[1] = (nSize >> 16) & 0xff;
193 pch[2] = (nSize >> 8) & 0xff;
194 pch[3] = (nSize) & 0xff;
195 BN_mpi2bn(pch, (int)(p - pch), this);
200 return (int64_t) getuint64();
205 size_t nSize = BN_bn2mpi(this, NULL);
208 std::vector<uint8_t> vch(nSize);
209 BN_bn2mpi(this, &vch[0]);
213 for (size_t i = 0, j = vch.size()-1; i < sizeof(n) && j >= 4; i++, j--)
214 ((uint8_t*)&n)[i] = vch[j];
218 //supress msvc C4127: conditional expression is constant
219 inline bool check(bool value) {return value;}
221 void setuint64(uint64_t n)
223 // Use BN_set_word if word size is sufficient for uint64_t
224 if (check(sizeof(n) <= sizeof(BN_ULONG)))
226 if (!BN_set_word(this, (BN_ULONG)n))
227 throw bignum_error("CBigNum conversion from uint64_t : BN_set_word failed");
231 uint8_t pch[sizeof(n) + 6];
232 uint8_t* p = pch + 4;
233 bool fLeadingZeroes = true;
234 for (int i = 0; i < 8; i++)
236 uint8_t c = (n >> 56) & 0xff;
244 fLeadingZeroes = false;
248 uint32_t nSize = (uint32_t) (p - (pch + 4));
249 pch[0] = (nSize >> 24) & 0xff;
250 pch[1] = (nSize >> 16) & 0xff;
251 pch[2] = (nSize >> 8) & 0xff;
252 pch[3] = (nSize) & 0xff;
253 BN_mpi2bn(pch, (int)(p - pch), this);
256 void setuint160(uint160 n)
258 uint8_t pch[sizeof(n) + 6];
259 uint8_t* p = pch + 4;
260 bool fLeadingZeroes = true;
261 uint8_t* pbegin = (uint8_t*)&n;
262 uint8_t* psrc = pbegin + sizeof(n);
263 while (psrc != pbegin)
265 uint8_t c = *(--psrc);
272 fLeadingZeroes = false;
276 uint32_t nSize = (uint32_t) (p - (pch + 4));
277 pch[0] = (nSize >> 24) & 0xff;
278 pch[1] = (nSize >> 16) & 0xff;
279 pch[2] = (nSize >> 8) & 0xff;
280 pch[3] = (nSize >> 0) & 0xff;
281 BN_mpi2bn(pch, (int) (p - pch), this);
284 uint160 getuint160() const
286 unsigned int nSize = BN_bn2mpi(this, NULL);
289 std::vector<uint8_t> vch(nSize);
290 BN_bn2mpi(this, &vch[0]);
294 for (size_t i = 0, j = vch.size()-1; i < sizeof(n) && j >= 4; i++, j--)
295 ((uint8_t*)&n)[i] = vch[j];
299 void setuint256(uint256 n)
301 uint8_t pch[sizeof(n) + 6];
302 uint8_t* p = pch + 4;
303 bool fLeadingZeroes = true;
304 uint8_t* pbegin = (uint8_t*)&n;
305 uint8_t* psrc = pbegin + sizeof(n);
306 while (psrc != pbegin)
308 uint8_t c = *(--psrc);
315 fLeadingZeroes = false;
319 uint32_t nSize = (uint32_t) (p - (pch + 4));
320 pch[0] = (nSize >> 24) & 0xff;
321 pch[1] = (nSize >> 16) & 0xff;
322 pch[2] = (nSize >> 8) & 0xff;
323 pch[3] = (nSize >> 0) & 0xff;
324 BN_mpi2bn(pch, (int) (p - pch), this);
327 uint256 getuint256() const
329 unsigned int nSize = BN_bn2mpi(this, NULL);
332 std::vector<uint8_t> vch(nSize);
333 BN_bn2mpi(this, &vch[0]);
337 for (size_t i = 0, j = vch.size()-1; i < sizeof(n) && j >= 4; i++, j--)
338 ((uint8_t*)&n)[i] = vch[j];
342 void setBytes(const std::vector<uint8_t>& vchBytes)
344 BN_bin2bn(&vchBytes[0], (int) vchBytes.size(), this);
347 std::vector<uint8_t> getBytes() const
349 int nBytes = BN_num_bytes(this);
351 std::vector<uint8_t> vchBytes(nBytes);
353 int n = BN_bn2bin(this, &vchBytes[0]);
355 throw bignum_error("CBigNum::getBytes : BN_bn2bin failed");
361 void setvch(const std::vector<uint8_t>& vch)
363 std::vector<uint8_t> vch2(vch.size() + 4);
364 uint32_t nSize = (uint32_t) vch.size();
365 // BIGNUM's byte stream format expects 4 bytes of
366 // big endian size data info at the front
367 vch2[0] = (nSize >> 24) & 0xff;
368 vch2[1] = (nSize >> 16) & 0xff;
369 vch2[2] = (nSize >> 8) & 0xff;
370 vch2[3] = (nSize >> 0) & 0xff;
371 // swap data to big endian
372 reverse_copy(vch.begin(), vch.end(), vch2.begin() + 4);
373 BN_mpi2bn(&vch2[0], (int) vch2.size(), this);
376 std::vector<uint8_t> getvch() const
378 unsigned int nSize = BN_bn2mpi(this, NULL);
380 return std::vector<uint8_t>();
381 std::vector<uint8_t> vch(nSize);
382 BN_bn2mpi(this, &vch[0]);
383 vch.erase(vch.begin(), vch.begin() + 4);
384 reverse(vch.begin(), vch.end());
388 CBigNum& SetCompact(uint32_t nCompact)
390 uint32_t nSize = nCompact >> 24;
391 std::vector<uint8_t> vch(4 + nSize);
393 if (nSize >= 1) vch[4] = (nCompact >> 16) & 0xff;
394 if (nSize >= 2) vch[5] = (nCompact >> 8) & 0xff;
395 if (nSize >= 3) vch[6] = (nCompact >> 0) & 0xff;
396 BN_mpi2bn(&vch[0], (int) vch.size(), this);
400 uint32_t GetCompact() const
402 uint32_t nSize = BN_bn2mpi(this, NULL);
403 std::vector<uint8_t> vch(nSize);
405 BN_bn2mpi(this, &vch[0]);
406 uint32_t nCompact = nSize << 24;
407 if (nSize >= 1) nCompact |= (vch[4] << 16);
408 if (nSize >= 2) nCompact |= (vch[5] << 8);
409 if (nSize >= 3) nCompact |= (vch[6] << 0);
413 void SetHex(const std::string& str)
416 const char* psz = str.c_str();
417 while (isspace(*psz))
419 bool fNegative = false;
425 if (psz[0] == '0' && tolower(psz[1]) == 'x')
427 while (isspace(*psz))
430 // hex string to bignum
431 static const signed char phexdigit[256] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,1,2,3,4,5,6,7,8,9,0,0,0,0,0,0, 0,0xa,0xb,0xc,0xd,0xe,0xf,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0xa,0xb,0xc,0xd,0xe,0xf,0,0,0,0,0,0,0,0,0 };
433 while (isxdigit(*psz))
436 int n = phexdigit[(uint8_t)*psz++];
443 std::string ToString(int nBase=10) const
446 CBigNum bnBase = nBase;
450 BN_set_negative(&bn, false);
453 if (BN_cmp(&bn, &bn0) == 0)
455 while (BN_cmp(&bn, &bn0) > 0)
457 if (!BN_div(&dv, &rem, &bn, &bnBase, pctx))
458 throw bignum_error("CBigNum::ToString() : BN_div failed");
460 uint32_t c = rem.getuint32();
461 str += "0123456789abcdef"[c];
463 if (BN_is_negative(this))
465 reverse(str.begin(), str.end());
469 std::string GetHex() const
474 unsigned int GetSerializeSize(int nType=0, int nVersion=PROTOCOL_VERSION) const
476 return ::GetSerializeSize(getvch(), nType, nVersion);
479 template<typename Stream>
480 void Serialize(Stream& s, int nType=0, int nVersion=PROTOCOL_VERSION) const
482 ::Serialize(s, getvch(), nType, nVersion);
485 template<typename Stream>
486 void Unserialize(Stream& s, int nType=0, int nVersion=PROTOCOL_VERSION)
488 std::vector<uint8_t> vch;
489 ::Unserialize(s, vch, nType, nVersion);
494 * exponentiation with an int. this^e
495 * @param e the exponent as an int
498 CBigNum pow(const int e) const {
499 return this->pow(CBigNum(e));
503 * exponentiation this^e
504 * @param e the exponent
507 CBigNum pow(const CBigNum& e) const {
510 if (!BN_exp(&ret, this, &e, pctx))
511 throw bignum_error("CBigNum::pow : BN_exp failed");
516 * modular multiplication: (this * b) mod m
520 CBigNum mul_mod(const CBigNum& b, const CBigNum& m) const {
523 if (!BN_mod_mul(&ret, this, &b, &m, pctx))
524 throw bignum_error("CBigNum::mul_mod : BN_mod_mul failed");
530 * modular exponentiation: this^e mod n
534 CBigNum pow_mod(const CBigNum& e, const CBigNum& m) const {
539 CBigNum inv = this->inverse(m);
540 CBigNum posE = e * -1;
541 if (!BN_mod_exp(&ret, &inv, &posE, &m, pctx))
542 throw bignum_error("CBigNum::pow_mod: BN_mod_exp failed on negative exponent");
544 if (!BN_mod_exp(&ret, this, &e, &m, pctx))
545 throw bignum_error("CBigNum::pow_mod : BN_mod_exp failed");
551 * Calculates the inverse of this element mod m.
552 * i.e. i such this*i = 1 mod m
554 * @return the inverse
556 CBigNum inverse(const CBigNum& m) const {
559 if (!BN_mod_inverse(&ret, this, &m, pctx))
560 throw bignum_error("CBigNum::inverse*= :BN_mod_inverse");
565 * Generates a random (safe) prime of numBits bits
566 * @param numBits the number of bits
567 * @param safe true for a safe prime
570 static CBigNum generatePrime(const unsigned int numBits, bool safe = false) {
572 if(!BN_generate_prime_ex(&ret, numBits, (safe == true), NULL, NULL, NULL))
573 throw bignum_error("CBigNum::generatePrime*= :BN_generate_prime_ex");
578 * Calculates the greatest common divisor (GCD) of two numbers.
579 * @param m the second element
582 CBigNum gcd( const CBigNum& b) const{
585 if (!BN_gcd(&ret, this, &b, pctx))
586 throw bignum_error("CBigNum::gcd*= :BN_gcd");
591 * Miller-Rabin primality test on this element
592 * @param checks: optional, the number of Miller-Rabin tests to run
593 * default causes error rate of 2^-80.
594 * @return true if prime
596 bool isPrime(const int checks=BN_prime_checks) const {
598 int ret = BN_is_prime(this, checks, NULL, pctx, NULL);
600 throw bignum_error("CBigNum::isPrime :BN_is_prime");
606 return BN_is_one(this);
610 bool operator!() const
612 return BN_is_zero(this);
615 CBigNum& operator+=(const CBigNum& b)
617 if (!BN_add(this, this, &b))
618 throw bignum_error("CBigNum::operator+= : BN_add failed");
622 CBigNum& operator-=(const CBigNum& b)
628 CBigNum& operator*=(const CBigNum& b)
631 if (!BN_mul(this, this, &b, pctx))
632 throw bignum_error("CBigNum::operator*= : BN_mul failed");
636 CBigNum& operator/=(const CBigNum& b)
642 CBigNum& operator%=(const CBigNum& b)
648 CBigNum& operator<<=(unsigned int shift)
650 if (!BN_lshift(this, this, shift))
651 throw bignum_error("CBigNum:operator<<= : BN_lshift failed");
655 CBigNum& operator>>=(unsigned int shift)
657 // Note: BN_rshift segfaults on 64-bit if 2^shift is greater than the number
658 // if built on ubuntu 9.04 or 9.10, probably depends on version of OpenSSL
661 if (BN_cmp(&a, this) > 0)
667 if (!BN_rshift(this, this, shift))
668 throw bignum_error("CBigNum:operator>>= : BN_rshift failed");
673 CBigNum& operator++()
676 if (!BN_add(this, this, BN_value_one()))
677 throw bignum_error("CBigNum::operator++ : BN_add failed");
681 const CBigNum operator++(int)
684 const CBigNum ret = *this;
689 CBigNum& operator--()
693 if (!BN_sub(&r, this, BN_value_one()))
694 throw bignum_error("CBigNum::operator-- : BN_sub failed");
699 const CBigNum operator--(int)
702 const CBigNum ret = *this;
708 friend inline const CBigNum operator-(const CBigNum& a, const CBigNum& b);
709 friend inline const CBigNum operator/(const CBigNum& a, const CBigNum& b);
710 friend inline const CBigNum operator%(const CBigNum& a, const CBigNum& b);
711 friend inline const CBigNum operator*(const CBigNum& a, const CBigNum& b);
712 friend inline bool operator<(const CBigNum& a, const CBigNum& b);
717 inline const CBigNum operator+(const CBigNum& a, const CBigNum& b)
720 if (!BN_add(&r, &a, &b))
721 throw bignum_error("CBigNum::operator+ : BN_add failed");
725 inline const CBigNum operator-(const CBigNum& a, const CBigNum& b)
728 if (!BN_sub(&r, &a, &b))
729 throw bignum_error("CBigNum::operator- : BN_sub failed");
733 inline const CBigNum operator-(const CBigNum& a)
736 BN_set_negative(&r, !BN_is_negative(&r));
740 inline const CBigNum operator*(const CBigNum& a, const CBigNum& b)
744 if (!BN_mul(&r, &a, &b, pctx))
745 throw bignum_error("CBigNum::operator* : BN_mul failed");
749 inline const CBigNum operator/(const CBigNum& a, const CBigNum& b)
753 if (!BN_div(&r, NULL, &a, &b, pctx))
754 throw bignum_error("CBigNum::operator/ : BN_div failed");
758 inline const CBigNum operator%(const CBigNum& a, const CBigNum& b)
762 if (!BN_nnmod(&r, &a, &b, pctx))
763 throw bignum_error("CBigNum::operator% : BN_div failed");
767 inline const CBigNum operator<<(const CBigNum& a, unsigned int shift)
770 if (!BN_lshift(&r, &a, shift))
771 throw bignum_error("CBigNum:operator<< : BN_lshift failed");
775 inline const CBigNum operator>>(const CBigNum& a, unsigned int shift)
782 inline bool operator==(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) == 0); }
783 inline bool operator!=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) != 0); }
784 inline bool operator<=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) <= 0); }
785 inline bool operator>=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) >= 0); }
786 inline bool operator<(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) < 0); }
787 inline bool operator>(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) > 0); }
789 inline std::ostream& operator<<(std::ostream &strm, const CBigNum &b) { return strm << b.ToString(10); }
791 typedef CBigNum Bignum;