1 // SPDX-License-Identifier: BSD-2-Clause
30 	void *e = NULL;  in sm2_ltc_dsa_sign()  local
40 	ltc_res = mp_init_multi(&k, &e, &r, &s, &tmp, NULL);  in sm2_ltc_dsa_sign()
55 	 * Steps A1 and A2 are the generation of the hash value e from user  in sm2_ltc_dsa_sign()
57 	 * here since @msg is expected to be the hash value e already.  in sm2_ltc_dsa_sign()
78 	/* Step A5: compute r = (e + x1) mod n */  in sm2_ltc_dsa_sign()
80 	mp_read_unsigned_bin(e, (unsigned char *)msg, msg_len);  in sm2_ltc_dsa_sign()
81 	ltc_res = mp_addmod(e, x1y1p->x, ltc_key.dp.order, r);  in sm2_ltc_dsa_sign()
95 	/* Step A6: compute s = ((1 + dA)^-1 * (k - r*dA)) mod n */  in sm2_ltc_dsa_sign()
132 	mp_clear_multi(k, e, r, s, tmp, NULL);  in sm2_ltc_dsa_sign()
171 	/* Step B1: verify r' in [1, n - 1] */  in sm2_ltc_dsa_verify()
179 	/* Step B2: verify s' in [1, n - 1] */  in sm2_ltc_dsa_verify()
188 	 * Steps B3: M'bar = (ZA || M') and B4: e' = Hv(M'bar) are not done here  in sm2_ltc_dsa_verify()
189 	 * because @msg is supposed to contain the hash value e' already.  in sm2_ltc_dsa_verify()
233 	/* Step B7: compute R = (e' + x1') mod n and verify R == r' */  in sm2_ltc_dsa_verify()
236 	ltc_res = mp_addmod(eprime, x1y1p->x, ltc_key.dp.order, R);  in sm2_ltc_dsa_verify()