| Janos Follath | 4217503 | 2024-01-08 13:45:49 +0000 | [diff] [blame] | 1 | /** |
| 2 | * Low level bignum functions |
| 3 | * |
| 4 | * Copyright The Mbed TLS Contributors |
| 5 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| 6 | */ |
| 7 | |
| 8 | #ifndef MBEDTLS_BIGNUM_INTERNAL_H |
| 9 | #define MBEDTLS_BIGNUM_INTERNAL_H |
| 10 | |
| 11 | #include "mbedtls/bignum.h" |
| 12 | |
| 13 | /** |
| 14 | * \brief Calculate the square of the Montgomery constant. (Needed |
| 15 | * for conversion and operations in Montgomery form.) |
| 16 | * |
| 17 | * \param[out] X A pointer to the result of the calculation of |
| 18 | * the square of the Montgomery constant: |
| 19 | * 2^{2*n*biL} mod N. |
| 20 | * \param[in] N Little-endian presentation of the modulus, which must be odd. |
| 21 | * |
| 22 | * \return 0 if successful. |
| 23 | * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if there is not enough space |
| 24 | * to store the value of Montgomery constant squared. |
| 25 | * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p N modulus is zero. |
| 26 | * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p N modulus is negative. |
| 27 | */ |
| 28 | int mbedtls_mpi_get_mont_r2_unsafe(mbedtls_mpi *X, |
| 29 | const mbedtls_mpi *N); |
| 30 | |
| Janos Follath | 4fe396f | 2024-01-08 14:08:17 +0000 | [diff] [blame] | 31 | /** |
| 32 | * \brief Calculate initialisation value for fast Montgomery modular |
| Janos Follath | 8cdb606 | 2024-01-09 09:28:48 +0000 | [diff] [blame] | 33 | * multiplication |
| Janos Follath | 4fe396f | 2024-01-08 14:08:17 +0000 | [diff] [blame] | 34 | * |
| Janos Follath | 8cdb606 | 2024-01-09 09:28:48 +0000 | [diff] [blame] | 35 | * \param[in] N Little-endian presentation of the modulus. This must have |
| 36 | * at least one limb. |
| 37 | * |
| 38 | * \return The initialisation value for fast Montgomery modular multiplication |
| Janos Follath | 4fe396f | 2024-01-08 14:08:17 +0000 | [diff] [blame] | 39 | */ |
| Janos Follath | 8cdb606 | 2024-01-09 09:28:48 +0000 | [diff] [blame] | 40 | mbedtls_mpi_uint mbedtls_mpi_montmul_init(const mbedtls_mpi_uint *N); |
| Janos Follath | 4fe396f | 2024-01-08 14:08:17 +0000 | [diff] [blame] | 41 | |
| 42 | /** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) |
| 43 | * |
| 44 | * \param[in,out] A One of the numbers to multiply. |
| 45 | * It must have at least as many limbs as N |
| 46 | * (A->n >= N->n), and any limbs beyond n are ignored. |
| 47 | * On successful completion, A contains the result of |
| 48 | * the multiplication A * B * R^-1 mod N where |
| 49 | * R = (2^ciL)^n. |
| 50 | * \param[in] B One of the numbers to multiply. |
| 51 | * It must be nonzero and must not have more limbs than N |
| 52 | * (B->n <= N->n). |
| 53 | * \param[in] N The modulo. N must be odd. |
| 54 | * \param mm The value calculated by |
| 55 | * `mbedtls_mpi_montg_init(&mm, N)`. |
| 56 | * This is -N^-1 mod 2^ciL. |
| 57 | * \param[in,out] T A bignum for temporary storage. |
| 58 | * It must be at least twice the limb size of N plus 2 |
| 59 | * (T->n >= 2 * (N->n + 1)). |
| 60 | * Its initial content is unused and |
| 61 | * its final content is indeterminate. |
| 62 | * Note that unlike the usual convention in the library |
| 63 | * for `const mbedtls_mpi*`, the content of T can change. |
| 64 | */ |
| 65 | void mbedtls_mpi_montmul(mbedtls_mpi *A, |
| 66 | const mbedtls_mpi *B, |
| 67 | const mbedtls_mpi *N, |
| 68 | mbedtls_mpi_uint mm, |
| 69 | const mbedtls_mpi *T); |
| 70 | |
| Janos Follath | 4217503 | 2024-01-08 13:45:49 +0000 | [diff] [blame] | 71 | #endif /* MBEDTLS_BIGNUM_INTERNAL_H */ |