2  *  Low-level modular bignum functions
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
31     mbedtls_mpi_core_cond_assign(X, A, N->limbs, mbedtls_ct_bool(assign));  in mbedtls_mpi_mod_raw_cond_assign()
39     mbedtls_mpi_core_cond_swap(X, Y, N->limbs, mbedtls_ct_bool(swap));  in mbedtls_mpi_mod_raw_cond_swap()
52             ret = mbedtls_mpi_core_read_le(X, N->limbs,  in mbedtls_mpi_mod_raw_read()
56             ret = mbedtls_mpi_core_read_be(X, N->limbs,  in mbedtls_mpi_mod_raw_read()
67     if (!mbedtls_mpi_core_lt_ct(X, N->p, N->limbs)) {  in mbedtls_mpi_mod_raw_read()
85             return mbedtls_mpi_core_write_le(A, N->limbs,  in mbedtls_mpi_mod_raw_write()
88             return mbedtls_mpi_core_write_be(A, N->limbs,  in mbedtls_mpi_mod_raw_write()
100     mbedtls_mpi_uint c = mbedtls_mpi_core_sub(X, A, B, N->limbs);  in mbedtls_mpi_mod_raw_sub()
102     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);  in mbedtls_mpi_mod_raw_sub()
109     mbedtls_mpi_uint c = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);  in mbedtls_mpi_mod_raw_fix_quasi_reduction()
111     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);  in mbedtls_mpi_mod_raw_fix_quasi_reduction()
119                              mbedtls_mpi_uint *T)  in mbedtls_mpi_mod_raw_mul()  argument
121     /* Standard (A * B) multiplication stored into pre-allocated T  in mbedtls_mpi_mod_raw_mul()
126     const size_t T_limbs = BITS_TO_LIMBS(N->bits) * 2;  in mbedtls_mpi_mod_raw_mul()
127     switch (N->int_rep) {  in mbedtls_mpi_mod_raw_mul()
129             mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,  in mbedtls_mpi_mod_raw_mul()
130                                      N->rep.mont.mm, T);  in mbedtls_mpi_mod_raw_mul()
133             mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs);  in mbedtls_mpi_mod_raw_mul()
136             (*N->rep.ored.modp)(T, T_limbs);  in mbedtls_mpi_mod_raw_mul()
139             mbedtls_mpi_mod_raw_fix_quasi_reduction(T, N);  in mbedtls_mpi_mod_raw_mul()
140             memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint));  in mbedtls_mpi_mod_raw_mul()
162                                    mbedtls_mpi_uint *T)  in mbedtls_mpi_mod_raw_inv_prime()  argument
164     /* Inversion by power: g^|G| = 1 => g^(-1) = g^(|G|-1), and  in mbedtls_mpi_mod_raw_inv_prime()
165      *                       |G| = N - 1, so we want  in mbedtls_mpi_mod_raw_inv_prime()
166      *                 g^(|G|-1) = g^(N - 2)  in mbedtls_mpi_mod_raw_inv_prime()
169     /* Use the first AN_limbs of T to hold N - 2 */  in mbedtls_mpi_mod_raw_inv_prime()
170     mbedtls_mpi_uint *Nminus2 = T;  in mbedtls_mpi_mod_raw_inv_prime()
173     /* Rest of T is given to exp_mod for its working space */  in mbedtls_mpi_mod_raw_inv_prime()
176                              RR, T + AN_limbs);  in mbedtls_mpi_mod_raw_inv_prime()
185     carry  = mbedtls_mpi_core_add(X, A, B, N->limbs);  in mbedtls_mpi_mod_raw_add()
186     borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);  in mbedtls_mpi_mod_raw_add()
187     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) (carry ^ borrow));  in mbedtls_mpi_mod_raw_add()
194     switch (N->int_rep) {  in mbedtls_mpi_mod_raw_canonical_to_modulus_rep()
208     switch (N->int_rep) {  in mbedtls_mpi_mod_raw_modulus_to_canonical_rep()
224     int ret = mbedtls_mpi_core_random(X, min, N->p, N->limbs, f_rng, p_rng);  in mbedtls_mpi_mod_raw_random()
234     mbedtls_mpi_uint *T;  in mbedtls_mpi_mod_raw_to_mont_rep()  local
235     const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);  in mbedtls_mpi_mod_raw_to_mont_rep()
237     if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {  in mbedtls_mpi_mod_raw_to_mont_rep()
241     mbedtls_mpi_core_to_mont_rep(X, X, N->p, N->limbs,  in mbedtls_mpi_mod_raw_to_mont_rep()
242                                  N->rep.mont.mm, N->rep.mont.rr, T);  in mbedtls_mpi_mod_raw_to_mont_rep()
244     mbedtls_zeroize_and_free(T, t_limbs * ciL);  in mbedtls_mpi_mod_raw_to_mont_rep()
251     const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);  in mbedtls_mpi_mod_raw_from_mont_rep()
252     mbedtls_mpi_uint *T;  in mbedtls_mpi_mod_raw_from_mont_rep()  local
254     if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {  in mbedtls_mpi_mod_raw_from_mont_rep()
258     mbedtls_mpi_core_from_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, T);  in mbedtls_mpi_mod_raw_from_mont_rep()
260     mbedtls_zeroize_and_free(T, t_limbs * ciL);  in mbedtls_mpi_mod_raw_from_mont_rep()
268     mbedtls_mpi_core_sub(X, N->p, A, N->limbs);  in mbedtls_mpi_mod_raw_neg()
272     mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);  in mbedtls_mpi_mod_raw_neg()
273     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) borrow);  in mbedtls_mpi_mod_raw_neg()