1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2012 The Bitcoin developers
3 // Distributed under the MIT/X11 software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 #ifndef BITCOIN_BIGNUM_H
6 #define BITCOIN_BIGNUM_H
10 #include <openssl/bn.h>
13 /** Errors thrown by the bignum class */
14 class bignum_error : public std::runtime_error
17 explicit bignum_error(const std::string& str) : std::runtime_error(str) {}
21 /** RAII encapsulated BN_CTX (OpenSSL bignum context) */
26 BN_CTX* operator=(BN_CTX* pnew) { return pctx = pnew; }
33 throw bignum_error("CAutoBN_CTX : BN_CTX_new() returned NULL");
42 operator BN_CTX*() { return pctx; }
43 BN_CTX& operator*() { return *pctx; }
44 BN_CTX** operator&() { return &pctx; }
45 bool operator!() { return (pctx == NULL); }
49 /** C++ wrapper for BIGNUM (OpenSSL bignum) */
50 class CBigNum : public BIGNUM
58 CBigNum(const CBigNum& b)
61 if (!BN_copy(this, &b))
64 throw bignum_error("CBigNum::CBigNum(const CBigNum&) : BN_copy failed");
68 CBigNum& operator=(const CBigNum& b)
70 if (!BN_copy(this, &b))
71 throw bignum_error("CBigNum::operator= : BN_copy failed");
80 CBigNum(int8_t n) { BN_init(this); if (n >= 0) setuint32(n); else setint64(n); }
81 CBigNum(int16_t n) { BN_init(this); if (n >= 0) setuint32(n); else setint64(n); }
82 CBigNum(int32_t n) { BN_init(this); if (n >= 0) setuint32(n); else setint64(n); }
83 CBigNum(int64_t n) { BN_init(this); if (n >= 0) setuint64(n); else setint64(n); }
85 CBigNum(uint8_t n) { BN_init(this); setuint32(n); }
86 CBigNum(uint16_t n) { BN_init(this); setuint32(n); }
87 CBigNum(uint32_t n) { BN_init(this); setuint32(n); }
88 CBigNum(uint64_t n) { BN_init(this); setuint64(n); }
90 explicit CBigNum(uint256 n) { BN_init(this); setuint256(n); }
91 explicit CBigNum(const std::vector<unsigned char>& vch)
97 /** Generates a cryptographically secure random number between zero and range exclusive
98 * i.e. 0 < returned number < range
99 * @param range The upper bound on the number.
102 static CBigNum randBignum(const CBigNum& range) {
104 if(!BN_rand_range(&ret, &range)){
105 throw bignum_error("CBigNum:rand element : BN_rand_range failed");
110 /** Generates a cryptographically secure random k-bit number
111 * @param k The bit length of the number.
114 static CBigNum RandKBitBigum(const uint32_t k){
116 if(!BN_rand(&ret, k, -1, 0)){
117 throw bignum_error("CBigNum:rand element : BN_rand failed");
122 /**Returns the size in bits of the underlying bignum.
127 return BN_num_bits(this);
131 void setuint32(uint32_t n)
133 if (!BN_set_word(this, n))
134 throw bignum_error("CBigNum conversion from uint32_t : BN_set_word failed");
137 uint32_t getuint32() const
139 return BN_get_word(this);
142 int32_t getint32() const
144 uint64_t n = BN_get_word(this);
145 if (!BN_is_negative(this))
146 return (n > (uint64_t)std::numeric_limits<int32_t>::max() ? std::numeric_limits<int32_t>::max() : n);
148 return (n > (uint64_t)std::numeric_limits<int32_t>::max() ? std::numeric_limits<int32_t>::min() : -(int32_t)n);
151 void setint64(int64_t sn)
153 unsigned char pch[sizeof(sn) + 6];
154 unsigned char* p = pch + 4;
160 // Since the minimum signed integer cannot be represented as positive so long as its type is signed, and it's not well-defined what happens if you make it unsigned before negating it, we instead increment the negative integer by 1, convert it, then increment the (now positive) unsigned integer by 1 to compensate
169 bool fLeadingZeroes = true;
170 for (int i = 0; i < 8; i++)
172 unsigned char c = (n >> 56) & 0xff;
179 *p++ = (fNegative ? 0x80 : 0);
182 fLeadingZeroes = false;
186 uint32_t nSize = p - (pch + 4);
187 pch[0] = (nSize >> 24) & 0xff;
188 pch[1] = (nSize >> 16) & 0xff;
189 pch[2] = (nSize >> 8) & 0xff;
190 pch[3] = (nSize) & 0xff;
191 BN_mpi2bn(pch, p - pch, this);
196 unsigned int nSize = BN_bn2mpi(this, NULL);
199 std::vector<unsigned char> vch(nSize);
200 BN_bn2mpi(this, &vch[0]);
204 for (unsigned int i = 0, j = vch.size()-1; i < sizeof(n) && j >= 4; i++, j--)
205 ((unsigned char*)&n)[i] = vch[j];
209 void setuint64(uint64_t n)
211 if (sizeof(n) == sizeof(size_t))
213 if (!BN_set_word(this, n))
214 throw bignum_error("CBigNum conversion from uint64_t : BN_set_word failed");
218 unsigned char pch[sizeof(n) + 6];
219 unsigned char* p = pch + 4;
220 bool fLeadingZeroes = true;
221 for (int i = 0; i < 8; i++)
223 unsigned char c = (n >> 56) & 0xff;
231 fLeadingZeroes = false;
235 uint32_t nSize = p - (pch + 4);
236 pch[0] = (nSize >> 24) & 0xff;
237 pch[1] = (nSize >> 16) & 0xff;
238 pch[2] = (nSize >> 8) & 0xff;
239 pch[3] = (nSize) & 0xff;
240 BN_mpi2bn(pch, p - pch, this);
243 void setuint160(uint160 n)
245 unsigned char pch[sizeof(n) + 6];
246 unsigned char* p = pch + 4;
247 bool fLeadingZeroes = true;
248 unsigned char* pbegin = (unsigned char*)&n;
249 unsigned char* psrc = pbegin + sizeof(n);
250 while (psrc != pbegin)
252 unsigned char c = *(--psrc);
259 fLeadingZeroes = false;
263 uint32_t nSize = p - (pch + 4);
264 pch[0] = (nSize >> 24) & 0xff;
265 pch[1] = (nSize >> 16) & 0xff;
266 pch[2] = (nSize >> 8) & 0xff;
267 pch[3] = (nSize >> 0) & 0xff;
268 BN_mpi2bn(pch, p - pch, this);
271 uint160 getuint160() const
273 unsigned int nSize = BN_bn2mpi(this, NULL);
276 std::vector<unsigned char> vch(nSize);
277 BN_bn2mpi(this, &vch[0]);
281 for (unsigned int i = 0, j = vch.size()-1; i < sizeof(n) && j >= 4; i++, j--)
282 ((unsigned char*)&n)[i] = vch[j];
286 void setuint256(uint256 n)
288 unsigned char pch[sizeof(n) + 6];
289 unsigned char* p = pch + 4;
290 bool fLeadingZeroes = true;
291 unsigned char* pbegin = (unsigned char*)&n;
292 unsigned char* psrc = pbegin + sizeof(n);
293 while (psrc != pbegin)
295 unsigned char c = *(--psrc);
302 fLeadingZeroes = false;
306 uint32_t nSize = p - (pch + 4);
307 pch[0] = (nSize >> 24) & 0xff;
308 pch[1] = (nSize >> 16) & 0xff;
309 pch[2] = (nSize >> 8) & 0xff;
310 pch[3] = (nSize >> 0) & 0xff;
311 BN_mpi2bn(pch, p - pch, this);
314 uint256 getuint256() const
316 unsigned int nSize = BN_bn2mpi(this, NULL);
319 std::vector<unsigned char> vch(nSize);
320 BN_bn2mpi(this, &vch[0]);
324 for (unsigned int i = 0, j = vch.size()-1; i < sizeof(n) && j >= 4; i++, j--)
325 ((unsigned char*)&n)[i] = vch[j];
329 void setBytes(const std::vector<unsigned char>& vchBytes)
331 BN_bin2bn(&vchBytes[0], vchBytes.size(), this);
334 std::vector<unsigned char> getBytes() const
336 int nBytes = BN_num_bytes(this);
338 std::vector<unsigned char> vchBytes(nBytes);
340 int n = BN_bn2bin(this, &vchBytes[0]);
342 throw bignum_error("CBigNum::getBytes : BN_bn2bin failed");
348 void setvch(const std::vector<unsigned char>& vch)
350 std::vector<unsigned char> vch2(vch.size() + 4);
351 uint32_t nSize = vch.size();
352 // BIGNUM's byte stream format expects 4 bytes of
353 // big endian size data info at the front
354 vch2[0] = (nSize >> 24) & 0xff;
355 vch2[1] = (nSize >> 16) & 0xff;
356 vch2[2] = (nSize >> 8) & 0xff;
357 vch2[3] = (nSize >> 0) & 0xff;
358 // swap data to big endian
359 reverse_copy(vch.begin(), vch.end(), vch2.begin() + 4);
360 BN_mpi2bn(&vch2[0], vch2.size(), this);
363 std::vector<unsigned char> getvch() const
365 unsigned int nSize = BN_bn2mpi(this, NULL);
367 return std::vector<unsigned char>();
368 std::vector<unsigned char> vch(nSize);
369 BN_bn2mpi(this, &vch[0]);
370 vch.erase(vch.begin(), vch.begin() + 4);
371 reverse(vch.begin(), vch.end());
375 CBigNum& SetCompact(uint32_t nCompact)
377 uint32_t nSize = nCompact >> 24;
378 std::vector<unsigned char> vch(4 + nSize);
380 if (nSize >= 1) vch[4] = (nCompact >> 16) & 0xff;
381 if (nSize >= 2) vch[5] = (nCompact >> 8) & 0xff;
382 if (nSize >= 3) vch[6] = (nCompact >> 0) & 0xff;
383 BN_mpi2bn(&vch[0], vch.size(), this);
387 uint32_t GetCompact() const
389 uint32_t nSize = BN_bn2mpi(this, NULL);
390 std::vector<unsigned char> vch(nSize);
392 BN_bn2mpi(this, &vch[0]);
393 uint32_t nCompact = nSize << 24;
394 if (nSize >= 1) nCompact |= (vch[4] << 16);
395 if (nSize >= 2) nCompact |= (vch[5] << 8);
396 if (nSize >= 3) nCompact |= (vch[6] << 0);
400 void SetHex(const std::string& str)
403 const char* psz = str.c_str();
404 while (isspace(*psz))
406 bool fNegative = false;
412 if (psz[0] == '0' && tolower(psz[1]) == 'x')
414 while (isspace(*psz))
417 // hex string to bignum
418 static const signed char phexdigit[256] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,1,2,3,4,5,6,7,8,9,0,0,0,0,0,0, 0,0xa,0xb,0xc,0xd,0xe,0xf,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0xa,0xb,0xc,0xd,0xe,0xf,0,0,0,0,0,0,0,0,0 };
420 while (isxdigit(*psz))
423 int n = phexdigit[(unsigned char)*psz++];
430 std::string ToString(int nBase=10) const
433 CBigNum bnBase = nBase;
437 BN_set_negative(&bn, false);
440 if (BN_cmp(&bn, &bn0) == 0)
442 while (BN_cmp(&bn, &bn0) > 0)
444 if (!BN_div(&dv, &rem, &bn, &bnBase, pctx))
445 throw bignum_error("CBigNum::ToString() : BN_div failed");
447 unsigned int c = rem.getuint32();
448 str += "0123456789abcdef"[c];
450 if (BN_is_negative(this))
452 reverse(str.begin(), str.end());
456 std::string GetHex() const
461 unsigned int GetSerializeSize(int nType=0, int nVersion=PROTOCOL_VERSION) const
463 return ::GetSerializeSize(getvch(), nType, nVersion);
466 template<typename Stream>
467 void Serialize(Stream& s, int nType=0, int nVersion=PROTOCOL_VERSION) const
469 ::Serialize(s, getvch(), nType, nVersion);
472 template<typename Stream>
473 void Unserialize(Stream& s, int nType=0, int nVersion=PROTOCOL_VERSION)
475 std::vector<unsigned char> vch;
476 ::Unserialize(s, vch, nType, nVersion);
481 * exponentiation with an int. this^e
482 * @param e the exponent as an int
485 CBigNum pow(const int e) const {
486 return this->pow(CBigNum(e));
490 * exponentiation this^e
491 * @param e the exponent
494 CBigNum pow(const CBigNum& e) const {
497 if (!BN_exp(&ret, this, &e, pctx))
498 throw bignum_error("CBigNum::pow : BN_exp failed");
503 * modular multiplication: (this * b) mod m
507 CBigNum mul_mod(const CBigNum& b, const CBigNum& m) const {
510 if (!BN_mod_mul(&ret, this, &b, &m, pctx))
511 throw bignum_error("CBigNum::mul_mod : BN_mod_mul failed");
517 * modular exponentiation: this^e mod n
521 CBigNum pow_mod(const CBigNum& e, const CBigNum& m) const {
526 CBigNum inv = this->inverse(m);
527 CBigNum posE = e * -1;
528 if (!BN_mod_exp(&ret, &inv, &posE, &m, pctx))
529 throw bignum_error("CBigNum::pow_mod: BN_mod_exp failed on negative exponent");
531 if (!BN_mod_exp(&ret, this, &e, &m, pctx))
532 throw bignum_error("CBigNum::pow_mod : BN_mod_exp failed");
538 * Calculates the inverse of this element mod m.
539 * i.e. i such this*i = 1 mod m
541 * @return the inverse
543 CBigNum inverse(const CBigNum& m) const {
546 if (!BN_mod_inverse(&ret, this, &m, pctx))
547 throw bignum_error("CBigNum::inverse*= :BN_mod_inverse");
552 * Generates a random (safe) prime of numBits bits
553 * @param numBits the number of bits
554 * @param safe true for a safe prime
557 static CBigNum generatePrime(const unsigned int numBits, bool safe = false) {
559 if(!BN_generate_prime_ex(&ret, numBits, (safe == true), NULL, NULL, NULL))
560 throw bignum_error("CBigNum::generatePrime*= :BN_generate_prime_ex");
565 * Calculates the greatest common divisor (GCD) of two numbers.
566 * @param m the second element
569 CBigNum gcd( const CBigNum& b) const{
572 if (!BN_gcd(&ret, this, &b, pctx))
573 throw bignum_error("CBigNum::gcd*= :BN_gcd");
578 * Miller-Rabin primality test on this element
579 * @param checks: optional, the number of Miller-Rabin tests to run
580 * default causes error rate of 2^-80.
581 * @return true if prime
583 bool isPrime(const int checks=BN_prime_checks) const {
585 int ret = BN_is_prime(this, checks, NULL, pctx, NULL);
587 throw bignum_error("CBigNum::isPrime :BN_is_prime");
593 return BN_is_one(this);
597 bool operator!() const
599 return BN_is_zero(this);
602 CBigNum& operator+=(const CBigNum& b)
604 if (!BN_add(this, this, &b))
605 throw bignum_error("CBigNum::operator+= : BN_add failed");
609 CBigNum& operator-=(const CBigNum& b)
615 CBigNum& operator*=(const CBigNum& b)
618 if (!BN_mul(this, this, &b, pctx))
619 throw bignum_error("CBigNum::operator*= : BN_mul failed");
623 CBigNum& operator/=(const CBigNum& b)
629 CBigNum& operator%=(const CBigNum& b)
635 CBigNum& operator<<=(unsigned int shift)
637 if (!BN_lshift(this, this, shift))
638 throw bignum_error("CBigNum:operator<<= : BN_lshift failed");
642 CBigNum& operator>>=(unsigned int shift)
644 // Note: BN_rshift segfaults on 64-bit if 2^shift is greater than the number
645 // if built on ubuntu 9.04 or 9.10, probably depends on version of OpenSSL
648 if (BN_cmp(&a, this) > 0)
654 if (!BN_rshift(this, this, shift))
655 throw bignum_error("CBigNum:operator>>= : BN_rshift failed");
660 CBigNum& operator++()
663 if (!BN_add(this, this, BN_value_one()))
664 throw bignum_error("CBigNum::operator++ : BN_add failed");
668 const CBigNum operator++(int)
671 const CBigNum ret = *this;
676 CBigNum& operator--()
680 if (!BN_sub(&r, this, BN_value_one()))
681 throw bignum_error("CBigNum::operator-- : BN_sub failed");
686 const CBigNum operator--(int)
689 const CBigNum ret = *this;
695 friend inline const CBigNum operator-(const CBigNum& a, const CBigNum& b);
696 friend inline const CBigNum operator/(const CBigNum& a, const CBigNum& b);
697 friend inline const CBigNum operator%(const CBigNum& a, const CBigNum& b);
698 friend inline const CBigNum operator*(const CBigNum& a, const CBigNum& b);
699 friend inline bool operator<(const CBigNum& a, const CBigNum& b);
704 inline const CBigNum operator+(const CBigNum& a, const CBigNum& b)
707 if (!BN_add(&r, &a, &b))
708 throw bignum_error("CBigNum::operator+ : BN_add failed");
712 inline const CBigNum operator-(const CBigNum& a, const CBigNum& b)
715 if (!BN_sub(&r, &a, &b))
716 throw bignum_error("CBigNum::operator- : BN_sub failed");
720 inline const CBigNum operator-(const CBigNum& a)
723 BN_set_negative(&r, !BN_is_negative(&r));
727 inline const CBigNum operator*(const CBigNum& a, const CBigNum& b)
731 if (!BN_mul(&r, &a, &b, pctx))
732 throw bignum_error("CBigNum::operator* : BN_mul failed");
736 inline const CBigNum operator/(const CBigNum& a, const CBigNum& b)
740 if (!BN_div(&r, NULL, &a, &b, pctx))
741 throw bignum_error("CBigNum::operator/ : BN_div failed");
745 inline const CBigNum operator%(const CBigNum& a, const CBigNum& b)
749 if (!BN_nnmod(&r, &a, &b, pctx))
750 throw bignum_error("CBigNum::operator% : BN_div failed");
754 inline const CBigNum operator<<(const CBigNum& a, unsigned int shift)
757 if (!BN_lshift(&r, &a, shift))
758 throw bignum_error("CBigNum:operator<< : BN_lshift failed");
762 inline const CBigNum operator>>(const CBigNum& a, unsigned int shift)
769 inline bool operator==(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) == 0); }
770 inline bool operator!=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) != 0); }
771 inline bool operator<=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) <= 0); }
772 inline bool operator>=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) >= 0); }
773 inline bool operator<(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) < 0); }
774 inline bool operator>(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) > 0); }
776 inline std::ostream& operator<<(std::ostream &strm, const CBigNum &b) { return strm << b.ToString(10); }
778 typedef CBigNum Bignum;