Lines Matching full:n
66 if (X->n != Y->n) { in mbedtls_mpi_lt_mpi_ct()
71 * Set N_is_negative to MBEDTLS_CT_FALSE if N >= 0, MBEDTLS_CT_TRUE if N < 0. in mbedtls_mpi_lt_mpi_ct()
72 * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. in mbedtls_mpi_lt_mpi_ct()
94 mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct(p[i], p[i ^ 1], X->n); in mbedtls_mpi_lt_mpi_ct()
127 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); in mbedtls_mpi_safe_cond_assign()
134 mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); in mbedtls_mpi_safe_cond_assign()
137 for (size_t i = Y->n; i < X->n; i++) { in mbedtls_mpi_safe_cond_assign()
165 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); in mbedtls_mpi_safe_cond_swap()
166 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); in mbedtls_mpi_safe_cond_swap()
172 mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap); in mbedtls_mpi_safe_cond_swap()
179 #define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) argument
185 #define mbedtls_mpi_zeroize(v, n) mbedtls_platform_zeroize(v, ciL * (n)) argument
194 X->n = 0; in mpi_init()
219 mbedtls_mpi_zeroize(X->p, X->n); in mbedtls_mpi_free()
222 mbedtls_mpi_zeroize_and_free(X->p, X->n); in mbedtls_mpi_free()
227 X->n = 0; in mbedtls_mpi_free()
242 if (X->n < nblimbs) { in mbedtls_mpi_grow()
255 memcpy(p, X->p, X->n * ciL); in mbedtls_mpi_grow()
258 mbedtls_mpi_zeroize(X->p, X->n); in mbedtls_mpi_grow()
261 mbedtls_mpi_zeroize_and_free(X->p, X->n); in mbedtls_mpi_grow()
265 /* nblimbs fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS in mbedtls_mpi_grow()
267 X->n = (unsigned short) nblimbs; in mbedtls_mpi_grow()
288 if (X->n <= nblimbs) { in mbedtls_mpi_shrink()
291 /* After this point, then X->n > nblimbs and in particular X->n > 0. */ in mbedtls_mpi_shrink()
293 for (i = X->n - 1; i > 0; i--) { in mbedtls_mpi_shrink()
318 mbedtls_mpi_zeroize(X->p, X->n); in mbedtls_mpi_shrink()
322 mbedtls_mpi_zeroize_and_free(X->p, X->n); in mbedtls_mpi_shrink()
326 /* i fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS in mbedtls_mpi_shrink()
328 X->n = (unsigned short) i; in mbedtls_mpi_shrink()
334 /* Resize X to have exactly n limbs and set it to 0. */
340 } else if (X->n == limbs) { in mbedtls_mpi_resize_clear()
367 if (Y->n == 0) { in mbedtls_mpi_copy()
368 if (X->n != 0) { in mbedtls_mpi_copy()
370 memset(X->p, 0, X->n * ciL); in mbedtls_mpi_copy()
375 for (i = Y->n - 1; i > 0; i--) { in mbedtls_mpi_copy()
384 if (X->n < i) { in mbedtls_mpi_copy()
387 memset(X->p + i, 0, (X->n - i) * ciL); in mbedtls_mpi_copy()
433 memset(X->p, 0, X->n * ciL); in mbedtls_mpi_lset()
448 if (X->n * biL <= pos) { in mbedtls_mpi_get_bit()
468 if (X->n * biL <= pos) { in mbedtls_mpi_set_bit()
502 for (i = 0; i < X->n; i++) { in mbedtls_mpi_lsb()
509 for (i = 0; i < X->n; i++) { in mbedtls_mpi_lsb()
526 return mbedtls_mpi_core_bitlen(X->p, X->n); in mbedtls_mpi_bitlen()
567 size_t i, j, slen, n; in mbedtls_mpi_read_string() local
595 n = BITS_TO_LIMBS(slen << 2); in mbedtls_mpi_read_string()
597 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n)); in mbedtls_mpi_read_string()
670 size_t n; in mbedtls_mpi_write_string() local
678 n = mbedtls_mpi_bitlen(X); /* Number of bits necessary to present `n`. */ in mbedtls_mpi_write_string()
680 n >>= 1; /* Number of 4-adic digits necessary to present in mbedtls_mpi_write_string()
681 * `n`. If radix > 4, this might be a strict in mbedtls_mpi_write_string()
683 * radix-adic digits needed to present `n`. */ in mbedtls_mpi_write_string()
686 n >>= 1; /* Number of hexadecimal digits necessary to in mbedtls_mpi_write_string()
687 * present `n`. */ in mbedtls_mpi_write_string()
690 n += 1; /* Terminating null byte */ in mbedtls_mpi_write_string()
691 n += 1; /* Compensate for the divisions above, which round down `n` in mbedtls_mpi_write_string()
693 n += 1; /* Potential '-'-sign. */ in mbedtls_mpi_write_string()
694 n += (n & 1); /* Make n even to have enough space for hexadecimal writing, in mbedtls_mpi_write_string()
697 if (buflen < n) { in mbedtls_mpi_write_string()
698 *olen = n; in mbedtls_mpi_write_string()
714 for (i = X->n, k = 0; i > 0; i--) { in mbedtls_mpi_write_string()
776 if (slen > 0 && s[slen - 1] == '\n') { in mbedtls_mpi_read_file()
799 size_t n, slen, plen; in mbedtls_mpi_write_file() local
812 MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(X, radix, s, sizeof(s) - 2, &n)); in mbedtls_mpi_write_file()
821 s[slen++] = '\n'; in mbedtls_mpi_write_file()
853 MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_le(X->p, X->n, buf, buflen)); in mbedtls_mpi_read_binary_le()
879 MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_be(X->p, X->n, buf, buflen)); in mbedtls_mpi_read_binary()
897 return mbedtls_mpi_core_write_le(X->p, X->n, buf, buflen); in mbedtls_mpi_write_binary_le()
906 return mbedtls_mpi_core_write_be(X->p, X->n, buf, buflen); in mbedtls_mpi_write_binary()
919 if (X->n * biL < i) { in mbedtls_mpi_shift_l()
925 mbedtls_mpi_core_shift_l(X->p, X->n, count); in mbedtls_mpi_shift_l()
936 if (X->n != 0) { in mbedtls_mpi_shift_r()
937 mbedtls_mpi_core_shift_r(X->p, X->n, count); in mbedtls_mpi_shift_r()
949 for (i = X->n; i > 0; i--) { in mbedtls_mpi_cmp_abs()
955 for (j = Y->n; j > 0; j--) { in mbedtls_mpi_cmp_abs()
990 for (i = X->n; i > 0; i--) { in mbedtls_mpi_cmp_mpi()
996 for (j = Y->n; j > 0; j--) { in mbedtls_mpi_cmp_mpi()
1042 Y.n = 1; in mbedtls_mpi_cmp_int()
1071 for (j = B->n; j > 0; j--) { in mbedtls_mpi_add_abs()
1077 /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 in mbedtls_mpi_add_abs()
1096 if (j >= X->n) { in mbedtls_mpi_add_abs()
1115 size_t n; in mbedtls_mpi_sub_abs() local
1118 for (n = B->n; n > 0; n--) { in mbedtls_mpi_sub_abs()
1119 if (B->p[n - 1] != 0) { in mbedtls_mpi_sub_abs()
1123 if (n > A->n) { in mbedtls_mpi_sub_abs()
1124 /* B >= (2^ciL)^n > A */ in mbedtls_mpi_sub_abs()
1129 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n)); in mbedtls_mpi_sub_abs()
1134 if (A->n > n && A != X) { in mbedtls_mpi_sub_abs()
1135 memcpy(X->p + n, A->p + n, (A->n - n) * ciL); in mbedtls_mpi_sub_abs()
1137 if (X->n > A->n) { in mbedtls_mpi_sub_abs()
1138 memset(X->p + A->n, 0, (X->n - A->n) * ciL); in mbedtls_mpi_sub_abs()
1141 carry = mbedtls_mpi_core_sub(X->p, A->p, B->p, n); in mbedtls_mpi_sub_abs()
1144 carry = mbedtls_mpi_core_sub_int(X->p + n, X->p + n, carry, X->n - n); in mbedtls_mpi_sub_abs()
1219 B.n = 1; in mbedtls_mpi_add_int()
1235 B.n = 1; in mbedtls_mpi_sub_int()
1261 for (i = A->n; i > 0; i--) { in mbedtls_mpi_mul_mpi()
1270 for (j = B->n; j > 0; j--) { in mbedtls_mpi_mul_mpi()
1306 size_t n = A->n; in mbedtls_mpi_mul_int() local
1307 while (n > 0 && A->p[n - 1] == 0) { in mbedtls_mpi_mul_int()
1308 --n; in mbedtls_mpi_mul_int()
1312 if (b == 0 || n == 0) { in mbedtls_mpi_mul_int()
1319 * A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same in mbedtls_mpi_mul_int()
1329 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n + 1)); in mbedtls_mpi_mul_int()
1331 mbedtls_mpi_core_mla(X->p, X->n, A->p, n, b - 1); in mbedtls_mpi_mul_int()
1448 size_t i, n, t, k; in mbedtls_mpi_div_mpi() local
1466 T2.n = sizeof(TP2) / sizeof(*TP2); in mbedtls_mpi_div_mpi()
1483 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2)); in mbedtls_mpi_div_mpi()
1485 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, A->n + 2)); in mbedtls_mpi_div_mpi()
1496 n = X.n - 1; in mbedtls_mpi_div_mpi()
1497 t = Y.n - 1; in mbedtls_mpi_div_mpi()
1498 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); in mbedtls_mpi_div_mpi()
1501 Z.p[n - t]++; in mbedtls_mpi_div_mpi()
1504 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); in mbedtls_mpi_div_mpi()
1506 for (i = n; i > t; i--) { in mbedtls_mpi_div_mpi()
1576 B.n = 1; in mbedtls_mpi_div_int()
1627 if (b == 1 || A->n == 0) { in mbedtls_mpi_mod_int()
1640 for (i = A->n, y = 0; i > 0; i--) { in mbedtls_mpi_mod_int()
1669 void mbedtls_mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N) in mbedtls_mpi_montg_init() argument
1671 *mm = mbedtls_mpi_core_montmul_init(N->p); in mbedtls_mpi_montg_init()
1674 /** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
1677 * It must have at least as many limbs as N
1678 * (A->n >= N->n), and any limbs beyond n are ignored.
1680 * the multiplication A * B * R^-1 mod N where
1681 * R = (2^ciL)^n.
1683 * It must be nonzero and must not have more limbs than N
1684 * (B->n <= N->n).
1685 * \param[in] N The modulus. \p N must be odd.
1686 * \param mm The value calculated by `mpi_montg_init(&mm, N)`.
1687 * This is -N^-1 mod 2^ciL.
1689 * It must be at least twice the limb size of N plus 1
1690 * (T->n >= 2 * N->n + 1).
1698 const mbedtls_mpi *N, mbedtls_mpi_uint mm, in mbedtls_mpi_montmul() argument
1701 mbedtls_mpi_core_montmul(A->p, A->p, B->p, B->n, N->p, N->n, mm, T->p); in mbedtls_mpi_montmul()
1705 * Montgomery reduction: A = A * R^-1 mod N
1712 void mbedtls_mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N, in mbedtls_mpi_montred() argument
1718 U.n = U.s = (int) z; in mbedtls_mpi_montred()
1721 mbedtls_mpi_montmul(A, &U, N, mm, T); in mbedtls_mpi_montred()
1730 const mbedtls_mpi *N, mbedtls_mpi *prec_RR) in mbedtls_mpi_exp_mod_optionally_safe() argument
1734 if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) { in mbedtls_mpi_exp_mod_optionally_safe()
1743 mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) { in mbedtls_mpi_exp_mod_optionally_safe()
1750 if (E->n == 0) { in mbedtls_mpi_exp_mod_optionally_safe()
1758 size_t T_limbs = mbedtls_mpi_core_exp_mod_working_limbs(N->n, E->n); in mbedtls_mpi_exp_mod_optionally_safe()
1769 * If 1st call, pre-compute R^2 mod N in mbedtls_mpi_exp_mod_optionally_safe()
1772 MBEDTLS_MPI_CHK(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, N)); in mbedtls_mpi_exp_mod_optionally_safe()
1778 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(prec_RR, N->n)); in mbedtls_mpi_exp_mod_optionally_safe()
1797 * - The core functions will not touch the limbs of X above N->n. The in mbedtls_mpi_exp_mod_optionally_safe()
1800 * - Also, X must have at least as many limbs as N for the calls to the in mbedtls_mpi_exp_mod_optionally_safe()
1803 if (mbedtls_mpi_cmp_mpi(X, N) >= 0) { in mbedtls_mpi_exp_mod_optionally_safe()
1804 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N)); in mbedtls_mpi_exp_mod_optionally_safe()
1806 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, N->n)); in mbedtls_mpi_exp_mod_optionally_safe()
1812 mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); in mbedtls_mpi_exp_mod_optionally_safe()
1813 mbedtls_mpi_core_to_mont_rep(X->p, X->p, N->p, N->n, mm, RR.p, T); in mbedtls_mpi_exp_mod_optionally_safe()
1815 mbedtls_mpi_core_exp_mod_unsafe(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); in mbedtls_mpi_exp_mod_optionally_safe()
1817 mbedtls_mpi_core_exp_mod(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); in mbedtls_mpi_exp_mod_optionally_safe()
1819 mbedtls_mpi_core_from_mont_rep(X->p, X->p, N->p, N->n, mm, T); in mbedtls_mpi_exp_mod_optionally_safe()
1826 mbedtls_ct_condition_t is_x_non_zero = mbedtls_mpi_core_check_zero_ct(X->p, X->n); in mbedtls_mpi_exp_mod_optionally_safe()
1829 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, N, X)); in mbedtls_mpi_exp_mod_optionally_safe()
1845 const mbedtls_mpi *E, const mbedtls_mpi *N, in mbedtls_mpi_exp_mod() argument
1850 return mbedtls_mpi_exp_mod_unsafe(X, A, E, N, prec_RR); in mbedtls_mpi_exp_mod()
1852 return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_SECRET, N, prec_RR); in mbedtls_mpi_exp_mod()
1858 * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
1861 const mbedtls_mpi *E, const mbedtls_mpi *N, in mbedtls_mpi_exp_mod_unsafe() argument
1864 return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_PUBLIC, N, prec_RR); in mbedtls_mpi_exp_mod_unsafe()
1992 ret = mbedtls_mpi_core_fill_random(X->p, X->n, size, f_rng, p_rng); in mbedtls_mpi_fill_random()
2000 const mbedtls_mpi *N, in mbedtls_mpi_random() argument
2007 if (mbedtls_mpi_cmp_int(N, min) <= 0) { in mbedtls_mpi_random()
2014 int ret = mbedtls_mpi_resize_clear(X, N->n); in mbedtls_mpi_random()
2019 return mbedtls_mpi_core_random(X->p, min, N->p, X->n, f_rng, p_rng); in mbedtls_mpi_random()
2023 * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
2025 int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N) in mbedtls_mpi_inv_mod() argument
2030 if (mbedtls_mpi_cmp_int(N, 1) <= 0) { in mbedtls_mpi_inv_mod()
2040 MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N)); in mbedtls_mpi_inv_mod()
2047 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N)); in mbedtls_mpi_inv_mod()
2049 MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N)); in mbedtls_mpi_inv_mod()
2050 MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N)); in mbedtls_mpi_inv_mod()
2094 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N)); in mbedtls_mpi_inv_mod()
2097 while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) { in mbedtls_mpi_inv_mod()
2098 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N)); in mbedtls_mpi_inv_mod()
2205 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&A, X->n * ciL, f_rng, p_rng)); in mpi_miller_rabin()
2210 A.p[A.n - 1] &= ((mbedtls_mpi_uint) 1 << (k - (A.n - 1) * biL - 1)) - 1; in mpi_miller_rabin()
2275 XX.n = X->n; in mbedtls_mpi_is_prime_ext()
2317 size_t k, n; in mbedtls_mpi_gen_prime() local
2328 n = BITS_TO_LIMBS(nbits); in mbedtls_mpi_gen_prime()
2349 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng)); in mbedtls_mpi_gen_prime()
2351 if (X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2) { in mbedtls_mpi_gen_prime()
2355 k = n * biL; in mbedtls_mpi_gen_prime()
2442 mbedtls_mpi A, E, N, X, Y, U, V; in mbedtls_mpi_self_test() local
2445 mbedtls_mpi_init_mempool(&N); mbedtls_mpi_init_mempool(&X); in mbedtls_mpi_self_test()
2461 MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&N, 16, in mbedtls_mpi_self_test()
2466 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&X, &A, &N)); in mbedtls_mpi_self_test()
2483 mbedtls_printf("failed\n"); in mbedtls_mpi_self_test()
2491 mbedtls_printf("passed\n"); in mbedtls_mpi_self_test()
2494 MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&X, &Y, &A, &N)); in mbedtls_mpi_self_test()
2511 mbedtls_printf("failed\n"); in mbedtls_mpi_self_test()
2519 mbedtls_printf("passed\n"); in mbedtls_mpi_self_test()
2522 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&X, &A, &E, &N, NULL)); in mbedtls_mpi_self_test()
2535 mbedtls_printf("failed\n"); in mbedtls_mpi_self_test()
2543 mbedtls_printf("passed\n"); in mbedtls_mpi_self_test()
2546 MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&X, &A, &N)); in mbedtls_mpi_self_test()
2559 mbedtls_printf("failed\n"); in mbedtls_mpi_self_test()
2567 mbedtls_printf("passed\n"); in mbedtls_mpi_self_test()
2582 mbedtls_printf("failed at %d\n", i); in mbedtls_mpi_self_test()
2591 mbedtls_printf("passed\n"); in mbedtls_mpi_self_test()
2597 mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); in mbedtls_mpi_self_test()
2600 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&X); in mbedtls_mpi_self_test()
2604 mbedtls_printf("\n"); in mbedtls_mpi_self_test()