2  *  Low-level modular bignum functions
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26 void mbedtls_mpi_mod_raw_cond_assign(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_cond_assign()  argument
31     mbedtls_mpi_core_cond_assign(X, A, N->limbs, mbedtls_ct_bool(assign));  in mbedtls_mpi_mod_raw_cond_assign()
34 void mbedtls_mpi_mod_raw_cond_swap(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_cond_swap()  argument
39     mbedtls_mpi_core_cond_swap(X, Y, N->limbs, mbedtls_ct_bool(swap));  in mbedtls_mpi_mod_raw_cond_swap()
42 int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_read()  argument
52             ret = mbedtls_mpi_core_read_le(X, N->limbs,  in mbedtls_mpi_mod_raw_read()
56             ret = mbedtls_mpi_core_read_be(X, N->limbs,  in mbedtls_mpi_mod_raw_read()
67     if (!mbedtls_mpi_core_lt_ct(X, N->p, N->limbs)) {  in mbedtls_mpi_mod_raw_read()
85             return mbedtls_mpi_core_write_le(A, N->limbs,  in mbedtls_mpi_mod_raw_write()
88             return mbedtls_mpi_core_write_be(A, N->limbs,  in mbedtls_mpi_mod_raw_write()
95 void mbedtls_mpi_mod_raw_sub(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_sub()  argument
100     mbedtls_mpi_uint c = mbedtls_mpi_core_sub(X, A, B, N->limbs);  in mbedtls_mpi_mod_raw_sub()
102     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);  in mbedtls_mpi_mod_raw_sub()
106 void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_fix_quasi_reduction()  argument
109     mbedtls_mpi_uint c = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);  in mbedtls_mpi_mod_raw_fix_quasi_reduction()
111     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);  in mbedtls_mpi_mod_raw_fix_quasi_reduction()
115 void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_mul()  argument
121     /* Standard (A * B) multiplication stored into pre-allocated T  in mbedtls_mpi_mod_raw_mul()
126     const size_t T_limbs = BITS_TO_LIMBS(N->bits) * 2;  in mbedtls_mpi_mod_raw_mul()
127     switch (N->int_rep) {  in mbedtls_mpi_mod_raw_mul()
129             mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,  in mbedtls_mpi_mod_raw_mul()
130                                      N->rep.mont.mm, T);  in mbedtls_mpi_mod_raw_mul()
133             mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs);  in mbedtls_mpi_mod_raw_mul()
136             (*N->rep.ored.modp)(T, T_limbs);  in mbedtls_mpi_mod_raw_mul()
140             memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint));  in mbedtls_mpi_mod_raw_mul()
157 void mbedtls_mpi_mod_raw_inv_prime(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_inv_prime()  argument
164     /* Inversion by power: g^|G| = 1 => g^(-1) = g^(|G|-1), and  in mbedtls_mpi_mod_raw_inv_prime()
165      *                       |G| = N - 1, so we want  in mbedtls_mpi_mod_raw_inv_prime()
166      *                 g^(|G|-1) = g^(N - 2)  in mbedtls_mpi_mod_raw_inv_prime()
169     /* Use the first AN_limbs of T to hold N - 2 */  in mbedtls_mpi_mod_raw_inv_prime()
174     mbedtls_mpi_core_exp_mod(X,  in mbedtls_mpi_mod_raw_inv_prime()
179 void mbedtls_mpi_mod_raw_add(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_add()  argument
185     carry  = mbedtls_mpi_core_add(X, A, B, N->limbs);  in mbedtls_mpi_mod_raw_add()
186     borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);  in mbedtls_mpi_mod_raw_add()
187     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) (carry ^ borrow));  in mbedtls_mpi_mod_raw_add()
191     mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_canonical_to_modulus_rep()  argument
194     switch (N->int_rep) {  in mbedtls_mpi_mod_raw_canonical_to_modulus_rep()
196             return mbedtls_mpi_mod_raw_to_mont_rep(X, N);  in mbedtls_mpi_mod_raw_canonical_to_modulus_rep()
205     mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_modulus_to_canonical_rep()  argument
208     switch (N->int_rep) {  in mbedtls_mpi_mod_raw_modulus_to_canonical_rep()
210             return mbedtls_mpi_mod_raw_from_mont_rep(X, N);  in mbedtls_mpi_mod_raw_modulus_to_canonical_rep()
218 int mbedtls_mpi_mod_raw_random(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_random()  argument
224     int ret = mbedtls_mpi_core_random(X, min, N->p, N->limbs, f_rng, p_rng);  in mbedtls_mpi_mod_raw_random()
228     return mbedtls_mpi_mod_raw_canonical_to_modulus_rep(X, N);  in mbedtls_mpi_mod_raw_random()
231 int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_to_mont_rep()  argument
235     const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);  in mbedtls_mpi_mod_raw_to_mont_rep()
241     mbedtls_mpi_core_to_mont_rep(X, X, N->p, N->limbs,  in mbedtls_mpi_mod_raw_to_mont_rep()
242                                  N->rep.mont.mm, N->rep.mont.rr, T);  in mbedtls_mpi_mod_raw_to_mont_rep()
248 int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_from_mont_rep()  argument
251     const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);  in mbedtls_mpi_mod_raw_from_mont_rep()
258     mbedtls_mpi_core_from_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, T);  in mbedtls_mpi_mod_raw_from_mont_rep()
264 void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,  in mbedtls_mpi_mod_raw_neg()  argument
268     mbedtls_mpi_core_sub(X, N->p, A, N->limbs);  in mbedtls_mpi_mod_raw_neg()
270     /* If A=0 initially, then X=N now. Detect this by  in mbedtls_mpi_mod_raw_neg()
272     mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);  in mbedtls_mpi_mod_raw_neg()
273     (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) borrow);  in mbedtls_mpi_mod_raw_neg()