Move some bignum functions to internal header
We will need a couple of low level functions to implement safe
unblinding in RSA.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/library/bignum_internal.h b/library/bignum_internal.h
index 39909f3..f14c294 100644
--- a/library/bignum_internal.h
+++ b/library/bignum_internal.h
@@ -28,4 +28,44 @@
int mbedtls_mpi_get_mont_r2_unsafe(mbedtls_mpi *X,
const mbedtls_mpi *N);
+/**
+ * \brief Calculate initialisation value for fast Montgomery modular
+ * multiplication.
+ *
+ * \param[out] mm The initialisation value for fast Montgomery modular
+ * multiplication.
+ * \param[in] N Little-endian presentation of the modulus. This must have
+ * at least one limb.
+ */
+void mbedtls_mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N);
+
+/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
+ *
+ * \param[in,out] A One of the numbers to multiply.
+ * It must have at least as many limbs as N
+ * (A->n >= N->n), and any limbs beyond n are ignored.
+ * On successful completion, A contains the result of
+ * the multiplication A * B * R^-1 mod N where
+ * R = (2^ciL)^n.
+ * \param[in] B One of the numbers to multiply.
+ * It must be nonzero and must not have more limbs than N
+ * (B->n <= N->n).
+ * \param[in] N The modulo. N must be odd.
+ * \param mm The value calculated by
+ * `mbedtls_mpi_montg_init(&mm, N)`.
+ * This is -N^-1 mod 2^ciL.
+ * \param[in,out] T A bignum for temporary storage.
+ * It must be at least twice the limb size of N plus 2
+ * (T->n >= 2 * (N->n + 1)).
+ * Its initial content is unused and
+ * its final content is indeterminate.
+ * Note that unlike the usual convention in the library
+ * for `const mbedtls_mpi*`, the content of T can change.
+ */
+void mbedtls_mpi_montmul(mbedtls_mpi *A,
+ const mbedtls_mpi *B,
+ const mbedtls_mpi *N,
+ mbedtls_mpi_uint mm,
+ const mbedtls_mpi *T);
+
#endif /* MBEDTLS_BIGNUM_INTERNAL_H */