mbedtls/library/bignum_mod.h

13  *   named \c N and is usually input-only. Functions which take a parameter
18  *   associated with the modulus \c N. Unless otherwise specified:
24  *       they must be set up and associated with the modulus \c N. Some
51  *   form (i.e. that \c A < \c N), this is only checked during setup of a
54  *   range [0, \c N - 1] and guarantee outputs in the range [0, \c N - 1].
111     mbedtls_mpi_uint const *rr;  /* The residue for 2^{2*n*biL} mod N */
112     mbedtls_mpi_uint mm;         /* Montgomery const for -N^{-1} mod 2^{ciL} */
136  * The residue will be set up with the buffer \p p and modulus \p N.
141  * and interpreted according to the value of the `N->int_rep` field.
143  * The modulus \p N will be the modulus associated with \p r. The residue \p r
144  * should only be used in operations where the modulus is \p N.
147  * \param[in] N     The address of the modulus related to \p r.
153  *                  pointed to by `N->p`) and already in the representation
154  *                  indicated by `N->int_rep`.
156  *                  of limbs in the modulus \p N.
160  *              limbs in \p N or if \p p is not less than \p N.
163                                   const mbedtls_mpi_mod_modulus *N,
181  * \param[out] N     The address of the modulus structure to initialize.
183 void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
187  * \param[out] N    The address of the modulus structure to populate.
188  * \param[in] p     The address of the limb array storing the value of \p N.
189  *                  The memory pointed to by \p p will be used by \p N and must
196 int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
202  * \param[out] N    The address of the modulus structure to populate.
203  * \param[in] p     The address of the limb array storing the value of \p N.
204  *                  The memory pointed to by \p p will be used by \p N and must
212 int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
225  * \param[in,out] N     The address of the modulus structure to free.
227 void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N);
232  * \note Currently handles the case when `N->int_rep` is
235  * The size of the operation is determined by \p N. \p A, \p B and \p X must
236  * all be associated with the modulus \p N and must all have the same number
237  * of limbs as \p N.
240  * either otherwise. They may not alias \p N (since they must be in canonical
241  * form, they cannot == \p N).
244  *                      number of limbs as \p N.
246  *                      the multiplication `A * B * R^-1` mod N where
247  *                      `R = 2^(biL * N->limbs)`.
250  * \param[in]  N        The address of the modulus. Used to perform a modulo
255  *              have the same number of limbs or \p N is invalid.
261                         const mbedtls_mpi_mod_modulus *N);
266  * Calculate `A - B modulo N`.
268  * \p A, \p B and \p X must all have the same number of limbs as \p N.
274  *       form (that is, are < \p N) - that will have been done by
278  *                  Must have the same number of limbs as the modulus \p N.
281  * \param[in]  N    The address of the modulus. Used to perform a modulo
291                         const mbedtls_mpi_mod_modulus *N);
294  * \brief Perform modular inversion of an MPI with respect to a modulus \p N.
296  * \p A and \p X must be associated with the modulus \p N and will therefore
297  * have the same number of limbs as \p N.
303  * \param[out] X   The modular inverse of \p A with respect to \p N.
306  * \param[in] N    The modulus to use.
309  * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p A and \p N do not
320                         const mbedtls_mpi_mod_modulus *N);
324  * Calculate `A + B modulo N`.
326  * \p A, \p B and \p X must all be associated with the modulus \p N and must
327  * all have the same number of limbs as \p N.
333  *       form (that is, are < \p N) - that will have been done by
337  *                  Must have the same number of limbs as the modulus \p N.
340  * \param[in]  N    The address of the modulus. Used to perform a modulo
350                         const mbedtls_mpi_mod_modulus *N);
355  * \p N exclusive.
361  * \note           There are `N - min` possible outputs. The lower bound
362  *                 \p min can be reached, but the upper bound \p N cannot.
366  *                 than \b N.
367  * \param N        The modulus.
375  *                 of attempts. This has a negligible probability if \p N
381                            const mbedtls_mpi_mod_modulus *N,
388  * based on the value of the `N->int_rep` field.
390  * The modulus \p N will be the modulus associated with \p r. The residue \p r
391  * should only be used in operations where the modulus is \p N or a modulus
392  * equivalent to \p N (in the sense that all their fields or memory pointed by
396  *                  number of limbs as the modulus \p N.
397  * \param[in] N     The address of the modulus.
406  *               is invalid or the value in the buffer is not less than \p N.
409                          const mbedtls_mpi_mod_modulus *N,
416  * The modulus \p N must be the modulus associated with \p r (see
420  * based on the value of `N->int_rep` field.
422  * \warning     If the buffer is smaller than `N->bits`, the number of
425  *              (`N->bits`+7)/8.
428  *                  limbs as the modulus \p N. (\p r is an input parameter, but
431  * \param[in] N     The address of the modulus associated with \p r.
447                           const mbedtls_mpi_mod_modulus *N,