Lines Matching +full:- +full:p
9 * - **Modulus parameters**: the modulus is passed as a pointer to a structure
13 * named \c N and is usually input-only. Functions which take a parameter
15 * - **Bignum parameters**: Bignums are passed as pointers to an array of
19 * - Bignum parameters called \c A, \c B, ... are inputs and are not
22 * - Bignum parameters called \c X, \c Y, ... are outputs or input-output.
23 * The initial bignum value of output-only parameters is ignored, but
25 * functions (typically constant-flow) require that the limbs in an
27 * - Bignum parameters called \c p are inputs used to set up a modulus or
29 * - \c T is a temporary storage area. The initial content of such a
31 * - Some functions use different names, such as \c r for the residue.
32 * - **Bignum sizes**: bignum sizes are always expressed in limbs. Both
38 * - **Bignum representation**: the representation of inputs and outputs is
40 * - **Parameter ordering**: for bignum parameters, outputs come before inputs.
42 * - **Aliasing**: in general, output bignums may be aliased to one or more
46 * - **Overlap**: apart from aliasing of residue pointers (where two residue
49 * - **Error handling**: functions generally check compatibility of input
53 * - **Modular representatives**: all functions expect inputs to be in the
54 * range [0, \c N - 1] and guarantee outputs in the range [0, \c N - 1].
66 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
89 /* Optimised reduction available. This indicates a coordinate modulus (P)
91 * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
92 * - A Kobliz Curve.
93 * - A Fast Reduction Curve CURVE25519 or CURVE448. */
106 mbedtls_mpi_uint *p; member
112 mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
122 const mbedtls_mpi_uint *p; member
124 size_t bits; // bitlen of p
136 * The residue will be set up with the buffer \p p and modulus \p N.
138 * The memory pointed to by \p p will be used by the resulting residue structure.
139 * The value at the pointed-to memory will be the initial value of \p r and must
140 * hold a value that is less than the modulus. This value will be used as-is
141 * and interpreted according to the value of the `N->int_rep` field.
143 * The modulus \p N will be the modulus associated with \p r. The residue \p r
144 * should only be used in operations where the modulus is \p N.
147 * \param[in] N The address of the modulus related to \p r.
148 * \param[in] p The address of the limb array containing the value of \p r.
149 * The memory pointed to by \p p will be used by \p r and must
152 * pointed to by \p p must be less than the modulus (the value
153 * pointed to by `N->p`) and already in the representation
154 * indicated by `N->int_rep`.
155 * \param p_limbs The number of limbs of \p p. Must be the same as the number
156 * of limbs in the modulus \p N.
159 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the
160 * limbs in \p N or if \p p is not less than \p N.
164 mbedtls_mpi_uint *p,
172 * This function invalidates \p r and it must not be used until after
188 * \param[in] p The address of the limb array storing the value of \p N.
189 * The memory pointed to by \p p will be used by \p N and must
192 * \param p_limbs The number of limbs of \p p.
197 const mbedtls_mpi_uint *p,
200 /** Setup an optimised-reduction compatible modulus structure.
203 * \param[in] p The address of the limb array storing the value of \p N.
204 * The memory pointed to by \p p will be used by \p N and must
207 * \param p_limbs The number of limbs of \p p.
208 * \param modp A pointer to the optimised reduction function to use. \p p.
213 const mbedtls_mpi_uint *p,
232 * \note Currently handles the case when `N->int_rep` is
235 * The size of the operation is determined by \p N. \p A, \p B and \p X must
236 * all be associated with the modulus \p N and must all have the same number
237 * of limbs as \p N.
239 * \p X may be aliased to \p A or \p B, or even both, but may not overlap
240 * either otherwise. They may not alias \p N (since they must be in canonical
241 * form, they cannot == \p N).
244 * number of limbs as \p N.
245 * On successful completion, \p X contains the result of
246 * the multiplication `A * B * R^-1` mod N where
247 * `R = 2^(biL * N->limbs)`.
255 * have the same number of limbs or \p N is invalid.
256 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
264 * \brief Perform a fixed-size modular subtraction.
266 * Calculate `A - B modulo N`.
268 * \p A, \p B and \p X must all have the same number of limbs as \p N.
270 * \p X may be aliased to \p A or \p B, or even both, but may not overlap
273 * \note This function does not check that \p A or \p B are in canonical
274 * form (that is, are < \p N) - that will have been done by
278 * Must have the same number of limbs as the modulus \p N.
294 * \brief Perform modular inversion of an MPI with respect to a modulus \p N.
296 * \p A and \p X must be associated with the modulus \p N and will therefore
297 * have the same number of limbs as \p N.
299 * \p X may be aliased to \p A.
303 * \param[out] X The modular inverse of \p A with respect to \p N.
309 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p A and \p N do not
311 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p A is zero.
322 * \brief Perform a fixed-size modular addition.
326 * \p A, \p B and \p X must all be associated with the modulus \p N and must
327 * all have the same number of limbs as \p N.
329 * \p X may be aliased to \p A or \p B, or even both, but may not overlap
332 * \note This function does not check that \p A or \p B are in canonical
333 * form (that is, are < \p N) - that will have been done by
337 * Must have the same number of limbs as the modulus \p N.
354 * This function generates a random number between \p min inclusive and
355 * \p N exclusive.
359 * and \p min is \c 1.
361 * \note There are `N - min` possible outputs. The lower bound
362 * \p min can be reached, but the upper bound \p N cannot.
370 * \param p_rng The RNG parameter to be passed to \p f_rng.
375 * of attempts. This has a negligible probability if \p N
376 * is significantly larger than \p min, which is the case
388 * based on the value of the `N->int_rep` field.
390 * The modulus \p N will be the modulus associated with \p r. The residue \p r
391 * should only be used in operations where the modulus is \p N or a modulus
392 * equivalent to \p N (in the sense that all their fields or memory pointed by
396 * number of limbs as the modulus \p N.
399 * \param buflen The length in bytes of \p buf.
403 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p r isn't
404 * large enough to hold the value in \p buf.
405 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep
406 * is invalid or the value in the buffer is not less than \p N.
416 * The modulus \p N must be the modulus associated with \p r (see
420 * based on the value of `N->int_rep` field.
422 * \warning If the buffer is smaller than `N->bits`, the number of
423 * leading zeroes is leaked through timing. If \p r is
424 * secret, the caller must ensure that \p buflen is at least
425 * (`N->bits`+7)/8.
428 * limbs as the modulus \p N. (\p r is an input parameter, but
431 * \param[in] N The address of the modulus associated with \p r.
433 * \param buflen The length in bytes of \p buf.
438 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
439 * large enough to hold the value of \p r (without leading
441 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep is invalid.