/src/cryptopp/gf2n.h

Source (jump to first uncovered line)
// gf2n.h - originally written and placed in the public domain by Wei Dai

/// \file gf2n.h
/// \brief Classes and functions for schemes over GF(2^n)

#ifndef CRYPTOPP_GF2N_H
#define CRYPTOPP_GF2N_H

#include "cryptlib.h"
#include "secblock.h"
#include "algebra.h"
#include "misc.h"
#include "asn.h"

#include <iosfwd>

#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif

NAMESPACE_BEGIN(CryptoPP)

/// \brief Polynomial with Coefficients in GF(2)
/*! \nosubgrouping */
class CRYPTOPP_DLL PolynomialMod2
{
public:
  /// \name ENUMS, EXCEPTIONS, and TYPEDEFS
  //@{
    /// \brief Exception thrown when divide by zero is encountered
    class DivideByZero : public Exception
    {
    public:
      DivideByZero() : Exception(OTHER_ERROR, "PolynomialMod2: division by zero") {}
    };

    typedef unsigned int RandomizationParameter;
  //@}

  /// \name CREATORS
  //@{
    /// \brief Construct the zero polynomial
    PolynomialMod2();
    /// Copy construct a PolynomialMod2
    PolynomialMod2(const PolynomialMod2& t);

    /// \brief Construct a PolynomialMod2 from a word
    /// \details value should be encoded with the least significant bit as coefficient to x^0
    ///   and most significant bit as coefficient to x^(WORD_BITS-1)
    ///   bitLength denotes how much memory to allocate initially
    PolynomialMod2(word value, size_t bitLength=WORD_BITS);

    /// \brief Construct a PolynomialMod2 from big-endian byte array
    PolynomialMod2(const byte *encodedPoly, size_t byteCount)
      {Decode(encodedPoly, byteCount);}

    /// \brief Construct a PolynomialMod2 from big-endian form stored in a BufferedTransformation
    PolynomialMod2(BufferedTransformation &encodedPoly, size_t byteCount)
      {Decode(encodedPoly, byteCount);}

    /// \brief Create a uniformly distributed random polynomial
    /// \details Create a random polynomial uniformly distributed over all polynomials with degree less than bitcount
    PolynomialMod2(RandomNumberGenerator &rng, size_t bitcount)
      {Randomize(rng, bitcount);}

    /// \brief Provides x^i
    /// \return x^i
    static PolynomialMod2 CRYPTOPP_API Monomial(size_t i);
    /// \brief Provides x^t0 + x^t1 + x^t2
    /// \return x^t0 + x^t1 + x^t2
    /// \pre The coefficients should be provided in descending order. That is, <pre>t0 > t1 > t2<pre>.
    static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2);
    /// \brief Provides x^t0 + x^t1 + x^t2 + x^t3 + x^t4
    /// \return x^t0 + x^t1 + x^t2 + x^t3 + x^t4
    /// \pre The coefficients should be provided in descending order. That is, <pre>t0 > t1 > t2 > t3 > t4<pre>.
    static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4);
    /// \brief Provides x^(n-1) + ... + x + 1
    /// \return x^(n-1) + ... + x + 1
    static PolynomialMod2 CRYPTOPP_API AllOnes(size_t n);

    /// \brief The Zero polinomial
    /// \return the zero polynomial
    static const PolynomialMod2 & CRYPTOPP_API Zero();
    /// \brief The One polinomial
    /// \return the one polynomial
    static const PolynomialMod2 & CRYPTOPP_API One();
  //@}

  /// \name ENCODE/DECODE
  //@{
    /// minimum number of bytes to encode this polynomial
    /*! MinEncodedSize of 0 is 1 */
    unsigned int MinEncodedSize() const {return STDMAX(1U, ByteCount());}

    /// encode in big-endian format
    /// \details if outputLen < MinEncodedSize, the most significant bytes will be dropped
    ///   if outputLen > MinEncodedSize, the most significant bytes will be padded
    void Encode(byte *output, size_t outputLen) const;
    ///
    void Encode(BufferedTransformation &bt, size_t outputLen) const;

    ///
    void Decode(const byte *input, size_t inputLen);
    ///
    //* Precondition: bt.MaxRetrievable() >= inputLen
    void Decode(BufferedTransformation &bt, size_t inputLen);

    /// encode value as big-endian octet string
    void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const;
    /// decode value as big-endian octet string
    void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length);
  //@}

  /// \name ACCESSORS
  //@{
    /// number of significant bits = Degree() + 1
    unsigned int BitCount() const;
    /// number of significant bytes = ceiling(BitCount()/8)
    unsigned int ByteCount() const;
    /// number of significant words = ceiling(ByteCount()/sizeof(word))
    unsigned int WordCount() const;

    /// return the n-th bit, n=0 being the least significant bit
    bool GetBit(size_t n) const {return GetCoefficient(n)!=0;}
    /// return the n-th byte
    byte GetByte(size_t n) const;

    /// the zero polynomial will return a degree of -1
    signed int Degree() const {return (signed int)(BitCount()-1U);}
    /// degree + 1
    unsigned int CoefficientCount() const {return BitCount();}
    /// return coefficient for x^i
    int GetCoefficient(size_t i) const
      {return (i/WORD_BITS < reg.size()) ? int(reg[i/WORD_BITS] >> (i % WORD_BITS)) & 1 : 0;}
    /// return coefficient for x^i
    int operator[](unsigned int i) const {return GetCoefficient(i);}

    ///
    bool IsZero() const {return !*this;}
    ///
    bool Equals(const PolynomialMod2 &rhs) const;
  //@}

  /// \name MANIPULATORS
  //@{
    ///
    PolynomialMod2&  operator=(const PolynomialMod2& t);
    ///
    PolynomialMod2&  operator&=(const PolynomialMod2& t);
    ///
    PolynomialMod2&  operator^=(const PolynomialMod2& t);
    ///
    PolynomialMod2&  operator+=(const PolynomialMod2& t) {return *this ^= t;}
    ///
    PolynomialMod2&  operator-=(const PolynomialMod2& t) {return *this ^= t;}
    ///
    PolynomialMod2&  operator*=(const PolynomialMod2& t);
    ///
    PolynomialMod2&  operator/=(const PolynomialMod2& t);
    ///
    PolynomialMod2&  operator%=(const PolynomialMod2& t);
    ///
    PolynomialMod2&  operator<<=(unsigned int);
    ///
    PolynomialMod2&  operator>>=(unsigned int);

    ///
    void Randomize(RandomNumberGenerator &rng, size_t bitcount);

    ///
    void SetBit(size_t i, int value = 1);
    /// set the n-th byte to value
    void SetByte(size_t n, byte value);

    ///
    void SetCoefficient(size_t i, int value) {SetBit(i, value);}

    ///
    void swap(PolynomialMod2 &a) {reg.swap(a.reg);}
  //@}

  /// \name UNARY OPERATORS
  //@{
    ///
    bool      operator!() const;
    ///
    PolynomialMod2  operator+() const {return *this;}
    ///
    PolynomialMod2  operator-() const {return *this;}
  //@}

  /// \name BINARY OPERATORS
  //@{
    ///
    PolynomialMod2 And(const PolynomialMod2 &b) const;
    ///
    PolynomialMod2 Xor(const PolynomialMod2 &b) const;
    ///
    PolynomialMod2 Plus(const PolynomialMod2 &b) const {return Xor(b);}
    ///
    PolynomialMod2 Minus(const PolynomialMod2 &b) const {return Xor(b);}
    ///
    PolynomialMod2 Times(const PolynomialMod2 &b) const;
    ///
    PolynomialMod2 DividedBy(const PolynomialMod2 &b) const;
    ///
    PolynomialMod2 Modulo(const PolynomialMod2 &b) const;

    ///
    PolynomialMod2 operator>>(unsigned int n) const;
    ///
    PolynomialMod2 operator<<(unsigned int n) const;
  //@}

  /// \name OTHER ARITHMETIC FUNCTIONS
  //@{
    /// sum modulo 2 of all coefficients
    unsigned int Parity() const;

    /// check for irreducibility
    bool IsIrreducible() const;

    /// is always zero since we're working modulo 2
    PolynomialMod2 Doubled() const {return Zero();}
    ///
    PolynomialMod2 Squared() const;

    /// only 1 is a unit
    bool IsUnit() const {return Equals(One());}
    /// return inverse if *this is a unit, otherwise return 0
    PolynomialMod2 MultiplicativeInverse() const {return IsUnit() ? One() : Zero();}

    /// greatest common divisor
    static PolynomialMod2 CRYPTOPP_API Gcd(const PolynomialMod2 &a, const PolynomialMod2 &n);
    /// calculate multiplicative inverse of *this mod n
    PolynomialMod2 InverseMod(const PolynomialMod2 &) const;

    /// calculate r and q such that (a == d*q + r) && (deg(r) < deg(d))
    static void CRYPTOPP_API Divide(PolynomialMod2 &r, PolynomialMod2 &q, const PolynomialMod2 &a, const PolynomialMod2 &d);
  //@}

  /// \name INPUT/OUTPUT
  //@{
    ///
    friend std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a);
  //@}

private:
  friend class GF2NT;
  friend class GF2NT233;

  SecWordBlock reg;
};

///
inline bool operator==(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
{return a.Equals(b);}
///
inline bool operator!=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
{return !(a==b);}
/// compares degree
inline bool operator> (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
{return a.Degree() > b.Degree();}
/// compares degree
inline bool operator>=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
{return a.Degree() >= b.Degree();}
/// compares degree
inline bool operator< (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
{return a.Degree() < b.Degree();}
/// compares degree
inline bool operator<=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
{return a.Degree() <= b.Degree();}
///
inline CryptoPP::PolynomialMod2 operator&(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.And(b);}
///
inline CryptoPP::PolynomialMod2 operator^(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Xor(b);}
///
inline CryptoPP::PolynomialMod2 operator+(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Plus(b);}
///
inline CryptoPP::PolynomialMod2 operator-(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Minus(b);}
///
inline CryptoPP::PolynomialMod2 operator*(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Times(b);}
///
inline CryptoPP::PolynomialMod2 operator/(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.DividedBy(b);}
///
inline CryptoPP::PolynomialMod2 operator%(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Modulo(b);}

// CodeWarrior 8 workaround: put these template instantiations after overloaded operator declarations,
// but before the use of QuotientRing<EuclideanDomainOf<PolynomialMod2> > for VC .NET 2003
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<PolynomialMod2>;
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing<PolynomialMod2>;
CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain<PolynomialMod2>;
CRYPTOPP_DLL_TEMPLATE_CLASS EuclideanDomainOf<PolynomialMod2>;
CRYPTOPP_DLL_TEMPLATE_CLASS QuotientRing<EuclideanDomainOf<PolynomialMod2> >;

/// \brief GF(2^n) with Polynomial Basis
class CRYPTOPP_DLL GF2NP : public QuotientRing<EuclideanDomainOf<PolynomialMod2> >
{
public:
  GF2NP(const PolynomialMod2 &modulus);

  virtual GF2NP * Clone() const {return new GF2NP(*this);}
  virtual void DEREncode(BufferedTransformation &bt) const
    {CRYPTOPP_UNUSED(bt); CRYPTOPP_ASSERT(false);}  // no ASN.1 syntax yet for general polynomial basis

  void DEREncodeElement(BufferedTransformation &out, const Element &a) const;
  void BERDecodeElement(BufferedTransformation &in, Element &a) const;

  bool Equal(const Element &a, const Element &b) const
    {CRYPTOPP_ASSERT(a.Degree() < m_modulus.Degree() && b.Degree() < m_modulus.Degree()); return a.Equals(b);}

  bool IsUnit(const Element &a) const
    {CRYPTOPP_ASSERT(a.Degree() < m_modulus.Degree()); return !!a;}

  unsigned int MaxElementBitLength() const
    {return m;}

  unsigned int MaxElementByteLength() const
    {return (unsigned int)BitsToBytes(MaxElementBitLength());}

  Element SquareRoot(const Element &a) const;

  Element HalfTrace(const Element &a) const;

  // returns z such that z^2 + z == a
  Element SolveQuadraticEquation(const Element &a) const;

protected:
  unsigned int m;
};

/// \brief GF(2^n) with Trinomial Basis
class CRYPTOPP_DLL GF2NT : public GF2NP
{
public:
  // polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2
  GF2NT(unsigned int t0, unsigned int t1, unsigned int t2);

  GF2NP * Clone() const {return new GF2NT(*this);}
  void DEREncode(BufferedTransformation &bt) const;

  const Element& Multiply(const Element &a, const Element &b) const;

  const Element& Square(const Element &a) const
    {return Reduced(a.Squared());}

  const Element& MultiplicativeInverse(const Element &a) const;

protected:
  const Element& Reduced(const Element &a) const;

  unsigned int t0, t1;
  mutable PolynomialMod2 result;
};

/// \brief GF(2^n) for b233 and k233
/// \details GF2NT233 is a specialization of GF2NT that provides Multiply()
///   and Square() operations when carryless multiplies is available.
class CRYPTOPP_DLL GF2NT233 : public GF2NT
{
public:
  // polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2
  GF2NT233(unsigned int t0, unsigned int t1, unsigned int t2);

  GF2NP * Clone() const {return new GF2NT233(*this);}

  const Element& Multiply(const Element &a, const Element &b) const;

  const Element& Square(const Element &a) const;
};

/// \brief GF(2^n) with Pentanomial Basis
class CRYPTOPP_DLL GF2NPP : public GF2NP
{
public:
  // polynomial modulus = x^t0 + x^t1 + x^t2 + x^t3 + x^t4, t0 > t1 > t2 > t3 > t4
  GF2NPP(unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4)
    : GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t1(t1), t2(t2), t3(t3) {}

  GF2NP * Clone() const {return new GF2NPP(*this);}
  void DEREncode(BufferedTransformation &bt) const;

private:
  unsigned int t1, t2, t3;
};

// construct new GF2NP from the ASN.1 sequence Characteristic-two
CRYPTOPP_DLL GF2NP * CRYPTOPP_API BERDecodeGF2NP(BufferedTransformation &bt);

NAMESPACE_END

#ifndef __BORLANDC__
NAMESPACE_BEGIN(std)
template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod2 &b)
{
  a.swap(b);
}
NAMESPACE_END
#endif

#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif

#endif

Coverage Report

Created: 2024-11-21 07:03

Line	Count	Source (jump to first uncovered line)
1		// gf2n.h - originally written and placed in the public domain by Wei Dai
2
3		/// \file gf2n.h
4		/// \brief Classes and functions for schemes over GF(2^n)
5
6		#ifndef CRYPTOPP_GF2N_H
7		#define CRYPTOPP_GF2N_H
8
9		#include "cryptlib.h"
10		#include "secblock.h"
11		#include "algebra.h"
12		#include "misc.h"
13		#include "asn.h"
14
15		#include <iosfwd>
16
17		#if CRYPTOPP_MSC_VERSION
18		# pragma warning(push)
19		# pragma warning(disable: 4231 4275)
20		#endif
21
22		NAMESPACE_BEGIN(CryptoPP)
23
24		/// \brief Polynomial with Coefficients in GF(2)
25		/! \nosubgrouping /
26		class CRYPTOPP_DLL PolynomialMod2
27		{
28		public:
29		/// \name ENUMS, EXCEPTIONS, and TYPEDEFS
30		//@{
31		/// \brief Exception thrown when divide by zero is encountered
32		class DivideByZero : public Exception
33		{
34		public:
35	0	DivideByZero() : Exception(OTHER_ERROR, "PolynomialMod2: division by zero") {}
36		};
37
38		typedef unsigned int RandomizationParameter;
39		//@}
40
41		/// \name CREATORS
42		//@{
43		/// \brief Construct the zero polynomial
44		PolynomialMod2();
45		/// Copy construct a PolynomialMod2
46		PolynomialMod2(const PolynomialMod2& t);
47
48		/// \brief Construct a PolynomialMod2 from a word
49		/// \details value should be encoded with the least significant bit as coefficient to x^0
50		/// and most significant bit as coefficient to x^(WORD_BITS-1)
51		/// bitLength denotes how much memory to allocate initially
52		PolynomialMod2(word value, size_t bitLength=WORD_BITS);
53
54		/// \brief Construct a PolynomialMod2 from big-endian byte array
55		PolynomialMod2(const byte *encodedPoly, size_t byteCount)
56	0	{Decode(encodedPoly, byteCount);}
57
58		/// \brief Construct a PolynomialMod2 from big-endian form stored in a BufferedTransformation
59		PolynomialMod2(BufferedTransformation &encodedPoly, size_t byteCount)
60	0	{Decode(encodedPoly, byteCount);}
61
62		/// \brief Create a uniformly distributed random polynomial
63		/// \details Create a random polynomial uniformly distributed over all polynomials with degree less than bitcount
64		PolynomialMod2(RandomNumberGenerator &rng, size_t bitcount)
65	0	{Randomize(rng, bitcount);}
66
67		/// \brief Provides x^i
68		/// \return x^i
69		static PolynomialMod2 CRYPTOPP_API Monomial(size_t i);
70		/// \brief Provides x^t0 + x^t1 + x^t2
71		/// \return x^t0 + x^t1 + x^t2
72		/// \pre The coefficients should be provided in descending order. That is, <pre>t0 > t1 > t2<pre>.
73		static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2);
74		/// \brief Provides x^t0 + x^t1 + x^t2 + x^t3 + x^t4
75		/// \return x^t0 + x^t1 + x^t2 + x^t3 + x^t4
76		/// \pre The coefficients should be provided in descending order. That is, <pre>t0 > t1 > t2 > t3 > t4<pre>.
77		static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4);
78		/// \brief Provides x^(n-1) + ... + x + 1
79		/// \return x^(n-1) + ... + x + 1
80		static PolynomialMod2 CRYPTOPP_API AllOnes(size_t n);
81
82		/// \brief The Zero polinomial
83		/// \return the zero polynomial
84		static const PolynomialMod2 & CRYPTOPP_API Zero();
85		/// \brief The One polinomial
86		/// \return the one polynomial
87		static const PolynomialMod2 & CRYPTOPP_API One();
88		//@}
89
90		/// \name ENCODE/DECODE
91		//@{
92		/// minimum number of bytes to encode this polynomial
93		/! MinEncodedSize of 0 is 1 /
94	0	unsigned int MinEncodedSize() const {return STDMAX(1U, ByteCount());}
95
96		/// encode in big-endian format
97		/// \details if outputLen < MinEncodedSize, the most significant bytes will be dropped
98		/// if outputLen > MinEncodedSize, the most significant bytes will be padded
99		void Encode(byte *output, size_t outputLen) const;
100		///
101		void Encode(BufferedTransformation &bt, size_t outputLen) const;
102
103		///
104		void Decode(const byte *input, size_t inputLen);
105		///
106		//* Precondition: bt.MaxRetrievable() >= inputLen
107		void Decode(BufferedTransformation &bt, size_t inputLen);
108
109		/// encode value as big-endian octet string
110		void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const;
111		/// decode value as big-endian octet string
112		void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length);
113		//@}
114
115		/// \name ACCESSORS
116		//@{
117		/// number of significant bits = Degree() + 1
118		unsigned int BitCount() const;
119		/// number of significant bytes = ceiling(BitCount()/8)
120		unsigned int ByteCount() const;
121		/// number of significant words = ceiling(ByteCount()/sizeof(word))
122		unsigned int WordCount() const;
123
124		/// return the n-th bit, n=0 being the least significant bit
125	0	bool GetBit(size_t n) const {return GetCoefficient(n)!=0;}
126		/// return the n-th byte
127		byte GetByte(size_t n) const;
128
129		/// the zero polynomial will return a degree of -1
130	0	signed int Degree() const {return (signed int)(BitCount()-1U);}
131		/// degree + 1
132	0	unsigned int CoefficientCount() const {return BitCount();}
133		/// return coefficient for x^i
134		int GetCoefficient(size_t i) const
135	0	{return (i/WORD_BITS < reg.size()) ? int(reg[i/WORD_BITS] >> (i % WORD_BITS)) & 1 : 0;}
136		/// return coefficient for x^i
137	0	int operator[](unsigned int i) const {return GetCoefficient(i);}
138
139		///
140	0	bool IsZero() const {return !*this;}
141		///
142		bool Equals(const PolynomialMod2 &rhs) const;
143		//@}
144
145		/// \name MANIPULATORS
146		//@{
147		///
148		PolynomialMod2& operator=(const PolynomialMod2& t);
149		///
150		PolynomialMod2& operator&=(const PolynomialMod2& t);
151		///
152		PolynomialMod2& operator^=(const PolynomialMod2& t);
153		///
154	0	PolynomialMod2& operator+=(const PolynomialMod2& t) {return *this ^= t;}
155		///
156	0	PolynomialMod2& operator-=(const PolynomialMod2& t) {return *this ^= t;}
157		///
158		PolynomialMod2& operator*=(const PolynomialMod2& t);
159		///
160		PolynomialMod2& operator/=(const PolynomialMod2& t);
161		///
162		PolynomialMod2& operator%=(const PolynomialMod2& t);
163		///
164		PolynomialMod2& operator<<=(unsigned int);
165		///
166		PolynomialMod2& operator>>=(unsigned int);
167
168		///
169		void Randomize(RandomNumberGenerator &rng, size_t bitcount);
170
171		///
172		void SetBit(size_t i, int value = 1);
173		/// set the n-th byte to value
174		void SetByte(size_t n, byte value);
175
176		///
177	0	void SetCoefficient(size_t i, int value) {SetBit(i, value);}
178
179		///
180	0	void swap(PolynomialMod2 &a) {reg.swap(a.reg);}
181		//@}
182
183		/// \name UNARY OPERATORS
184		//@{
185		///
186		bool operator!() const;
187		///
188	0	PolynomialMod2 operator+() const {return *this;}
189		///
190	0	PolynomialMod2 operator-() const {return *this;}
191		//@}
192
193		/// \name BINARY OPERATORS
194		//@{
195		///
196		PolynomialMod2 And(const PolynomialMod2 &b) const;
197		///
198		PolynomialMod2 Xor(const PolynomialMod2 &b) const;
199		///
200	0	PolynomialMod2 Plus(const PolynomialMod2 &b) const {return Xor(b);}
201		///
202	0	PolynomialMod2 Minus(const PolynomialMod2 &b) const {return Xor(b);}
203		///
204		PolynomialMod2 Times(const PolynomialMod2 &b) const;
205		///
206		PolynomialMod2 DividedBy(const PolynomialMod2 &b) const;
207		///
208		PolynomialMod2 Modulo(const PolynomialMod2 &b) const;
209
210		///
211		PolynomialMod2 operator>>(unsigned int n) const;
212		///
213		PolynomialMod2 operator<<(unsigned int n) const;
214		//@}
215
216		/// \name OTHER ARITHMETIC FUNCTIONS
217		//@{
218		/// sum modulo 2 of all coefficients
219		unsigned int Parity() const;
220
221		/// check for irreducibility
222		bool IsIrreducible() const;
223
224		/// is always zero since we're working modulo 2
225	0	PolynomialMod2 Doubled() const {return Zero();}
226		///
227		PolynomialMod2 Squared() const;
228
229		/// only 1 is a unit
230	0	bool IsUnit() const {return Equals(One());}
231		/// return inverse if *this is a unit, otherwise return 0
232	0	PolynomialMod2 MultiplicativeInverse() const {return IsUnit() ? One() : Zero();}
233
234		/// greatest common divisor
235		static PolynomialMod2 CRYPTOPP_API Gcd(const PolynomialMod2 &a, const PolynomialMod2 &n);
236		/// calculate multiplicative inverse of *this mod n
237		PolynomialMod2 InverseMod(const PolynomialMod2 &) const;
238
239		/// calculate r and q such that (a == d*q + r) && (deg(r) < deg(d))
240		static void CRYPTOPP_API Divide(PolynomialMod2 &r, PolynomialMod2 &q, const PolynomialMod2 &a, const PolynomialMod2 &d);
241		//@}
242
243		/// \name INPUT/OUTPUT
244		//@{
245		///
246		friend std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a);
247		//@}
248
249		private:
250		friend class GF2NT;
251		friend class GF2NT233;
252
253		SecWordBlock reg;
254		};
255
256		///
257		inline bool operator==(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
258	0	{return a.Equals(b);}
259		///
260		inline bool operator!=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
261	0	{return !(a==b);}
262		/// compares degree
263		inline bool operator> (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
264	0	{return a.Degree() > b.Degree();}
265		/// compares degree
266		inline bool operator>=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
267	0	{return a.Degree() >= b.Degree();}
268		/// compares degree
269		inline bool operator< (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
270	0	{return a.Degree() < b.Degree();}
271		/// compares degree
272		inline bool operator<=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b)
273	0	{return a.Degree() <= b.Degree();}
274		///
275	0	inline CryptoPP::PolynomialMod2 operator&(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.And(b);}
276		///
277	0	inline CryptoPP::PolynomialMod2 operator^(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Xor(b);}
278		///
279	0	inline CryptoPP::PolynomialMod2 operator+(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Plus(b);}
280		///
281	0	inline CryptoPP::PolynomialMod2 operator-(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Minus(b);}
282		///
283	0	inline CryptoPP::PolynomialMod2 operator*(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Times(b);}
284		///
285	0	inline CryptoPP::PolynomialMod2 operator/(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.DividedBy(b);}
286		///
287	0	inline CryptoPP::PolynomialMod2 operator%(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Modulo(b);}
288
289		// CodeWarrior 8 workaround: put these template instantiations after overloaded operator declarations,
290		// but before the use of QuotientRing<EuclideanDomainOf<PolynomialMod2> > for VC .NET 2003
291		CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup<PolynomialMod2>;
292		CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing<PolynomialMod2>;
293		CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain<PolynomialMod2>;
294		CRYPTOPP_DLL_TEMPLATE_CLASS EuclideanDomainOf<PolynomialMod2>;
295		CRYPTOPP_DLL_TEMPLATE_CLASS QuotientRing<EuclideanDomainOf<PolynomialMod2> >;
296
297		/// \brief GF(2^n) with Polynomial Basis
298		class CRYPTOPP_DLL GF2NP : public QuotientRing<EuclideanDomainOf<PolynomialMod2> >
299		{
300		public:
301		GF2NP(const PolynomialMod2 &modulus);
302
303	0	virtual GF2NP * Clone() const {return new GF2NP(*this);}
304		virtual void DEREncode(BufferedTransformation &bt) const
305	0	{CRYPTOPP_UNUSED(bt); CRYPTOPP_ASSERT(false);} // no ASN.1 syntax yet for general polynomial basis
306
307		void DEREncodeElement(BufferedTransformation &out, const Element &a) const;
308		void BERDecodeElement(BufferedTransformation &in, Element &a) const;
309
310		bool Equal(const Element &a, const Element &b) const
311	0	{CRYPTOPP_ASSERT(a.Degree() < m_modulus.Degree() && b.Degree() < m_modulus.Degree()); return a.Equals(b);}
312
313		bool IsUnit(const Element &a) const
314	0	{CRYPTOPP_ASSERT(a.Degree() < m_modulus.Degree()); return !!a;}
315
316		unsigned int MaxElementBitLength() const
317	0	{return m;}
318
319		unsigned int MaxElementByteLength() const
320	0	{return (unsigned int)BitsToBytes(MaxElementBitLength());}
321
322		Element SquareRoot(const Element &a) const;
323
324		Element HalfTrace(const Element &a) const;
325
326		// returns z such that z^2 + z == a
327		Element SolveQuadraticEquation(const Element &a) const;
328
329		protected:
330		unsigned int m;
331		};
332
333		/// \brief GF(2^n) with Trinomial Basis
334		class CRYPTOPP_DLL GF2NT : public GF2NP
335		{
336		public:
337		// polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2
338		GF2NT(unsigned int t0, unsigned int t1, unsigned int t2);
339
340	0	GF2NP * Clone() const {return new GF2NT(*this);}
341		void DEREncode(BufferedTransformation &bt) const;
342
343		const Element& Multiply(const Element &a, const Element &b) const;
344
345		const Element& Square(const Element &a) const
346	0	{return Reduced(a.Squared());}
347
348		const Element& MultiplicativeInverse(const Element &a) const;
349
350		protected:
351		const Element& Reduced(const Element &a) const;
352
353		unsigned int t0, t1;
354		mutable PolynomialMod2 result;
355		};
356
357		/// \brief GF(2^n) for b233 and k233
358		/// \details GF2NT233 is a specialization of GF2NT that provides Multiply()
359		/// and Square() operations when carryless multiplies is available.
360		class CRYPTOPP_DLL GF2NT233 : public GF2NT
361		{
362		public:
363		// polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2
364		GF2NT233(unsigned int t0, unsigned int t1, unsigned int t2);
365
366	0	GF2NP * Clone() const {return new GF2NT233(*this);}
367
368		const Element& Multiply(const Element &a, const Element &b) const;
369
370		const Element& Square(const Element &a) const;
371		};
372
373		/// \brief GF(2^n) with Pentanomial Basis
374		class CRYPTOPP_DLL GF2NPP : public GF2NP
375		{
376		public:
377		// polynomial modulus = x^t0 + x^t1 + x^t2 + x^t3 + x^t4, t0 > t1 > t2 > t3 > t4
378		GF2NPP(unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4)
379	0	: GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t1(t1), t2(t2), t3(t3) {}
380
381	0	GF2NP * Clone() const {return new GF2NPP(*this);}
382		void DEREncode(BufferedTransformation &bt) const;
383
384		private:
385		unsigned int t1, t2, t3;
386		};
387
388		// construct new GF2NP from the ASN.1 sequence Characteristic-two
389		CRYPTOPP_DLL GF2NP * CRYPTOPP_API BERDecodeGF2NP(BufferedTransformation &bt);
390
391		NAMESPACE_END
392
393		#ifndef __BORLANDC__
394		NAMESPACE_BEGIN(std)
395		template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod2 &b)
396	0	{
397	0	a.swap(b);
398	0	}
399		NAMESPACE_END
400		#endif
401
402		#if CRYPTOPP_MSC_VERSION
403		# pragma warning(pop)
404		#endif
405
406		#endif