Lines Matching +full:- +full:p
2 * Low-level modular bignum functions
4 * This interface should only be used by the higher-level modular bignum
6 * modules should use the high-level modular bignum interface (bignum_mod.h)
9 * This is a low-level interface to operations on integers modulo which
11 * the wrong size. The functions in bignum_mod.h provide a higher-level
17 * - **Modulus parameters**: the modulus is passed as a pointer to a structure
21 * named \c N and is usually input-only.
22 * - **Bignum parameters**: Bignums are passed as pointers to an array of
24 * - Bignum parameters called \c A, \c B, ... are inputs, and are not
26 * - Bignum parameters called \c X, \c Y are outputs or input-output.
27 * The initial content of output-only parameters is ignored.
28 * - \c T is a temporary storage area. The initial content of such a
30 * - **Bignum sizes**: bignum sizes are usually expressed by the \c limbs
35 * - **Bignum representation**: the representation of inputs and outputs is
38 * - **Parameter ordering**: for bignum parameters, outputs come before inputs.
41 * - **Aliasing**: in general, output bignums may be aliased to one or more
45 * - **Overlap**: apart from aliasing of limb array pointers (where two
48 * - **Error handling**: This is a low-level module. Functions generally do not
54 * - **Modular representatives**: all functions expect inputs to be in the
55 * range [0, \c N - 1] and guarantee outputs in the range [0, \c N - 1]. If
63 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
81 * The size to copy is determined by \p N.
85 * store the full value of \p A.
87 * \param[in] N The address of the modulus related to \p X and \p A.
91 * * \c 0: Keep the original value of \p X.
96 * \warning If \p assign is neither 0 nor 1, the result of this function
97 * is indeterminate, and the resulting value in \p X might be
98 * neither its original value nor the value in \p A.
109 * The size to swap is determined by \p N.
113 * \param[in] N The address of the modulus related to \p X and \p Y.
116 * * \c 1: Swap the values of \p X and \p Y.
117 * * \c 0: Keep the original values of \p X and \p Y.
122 * \warning If \p swap is neither 0 nor 1, the result of this function
123 * is indeterminate, and both \p X and \p Y might end up with
136 * \param[out] X The address of the MPI. The size is determined by \p N.
138 * the modulus \p N.)
139 * \param[in] N The address of the modulus related to \p X.
141 * \param input_length The length in bytes of \p input.
145 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't
146 * large enough to hold the value in \p input.
148 * of \p N is invalid or \p X is not less than \p N.
158 * \param[in] A The address of the MPI. The size is determined by \p N.
160 * the modulus \p N.)
161 * \param[in] N The address of the modulus related to \p A.
163 * \param output_length The length in bytes of \p output.
167 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't
168 * large enough to hold the value of \p A.
170 * of \p N is invalid.
181 * The size of the operation is determined by \p N. \p A and \p B must have
182 * the same number of limbs as \p N.
184 * \p X may be aliased to \p A or \p B, or even both, but may not overlap
203 * \note Currently handles the case when `N->int_rep` is
206 * The size of the operation is determined by \p N. \p A, \p B and \p X must
207 * all be associated with the modulus \p N and must all have the same number
208 * of limbs as \p N.
210 * \p X may be aliased to \p A or \p B, or even both, but may not overlap
211 * either otherwise. They may not alias \p N (since they must be in canonical
212 * form, they cannot == \p N).
215 * number of limbs as \p N.
216 * On successful completion, \p X contains the result of
217 * the multiplication `A * B * R^-1` mod N where
218 * `R = 2^(biL * N->limbs)`.
223 * \param[in,out] T Temporary storage of size at least 2 * N->limbs + 1
253 * \brief Perform fixed-width modular inversion of a Montgomery-form MPI with
254 * respect to a modulus \p N that must be prime.
256 * \p X may be aliased to \p A, but not to \p N or \p RR.
258 * \param[out] X The modular inverse of \p A with respect to \p N.
262 * \param[in] N The modulus, as a little-endian array of length \p AN_limbs.
264 * \param AN_limbs The number of limbs in \p A, \p N and \p RR.
265 * \param[in] RR The precomputed residue of 2^{2*biL} modulo N, as a little-
266 * endian array of length \p AN_limbs.
273 * It is up to the caller to zeroize \p T when it is no
285 * \brief Perform a known-size modular addition.
290 * modulus \p N.
292 * \p X may be aliased to \p A or \p B, or even both, but may not overlap
296 * \param[in] A Little-endian presentation of the left operand. This
297 * must be smaller than \p N.
298 * \param[in] B Little-endian presentation of the right operand. This
299 * must be smaller than \p N.
307 /** Convert an MPI from canonical representation (little-endian limb array)
311 * It must have as many limbs as \p N.
313 * If this function returns an error, the content of \p X
325 * to canonical representation (little-endian limb array).
328 * It must have as many limbs as \p N.
330 * If this function returns an error, the content of \p X
343 * This function generates a random number between \p min inclusive and
344 * \p N exclusive.
348 * and \p min is \c 1.
350 * \note There are `N - min` possible outputs. The lower bound
351 * \p min can be reached, but the upper bound \p N cannot.
353 * \param X The destination MPI, in canonical representation modulo \p N.
354 * It must not be aliased with \p N or otherwise overlap it.
360 * \param p_rng The RNG parameter to be passed to \p f_rng.
365 * of attempts. This has a negligible probability if \p N
366 * is significantly larger than \p min, which is the case
378 * Must have the same number of limbs as \p N.
380 * the base `R` = 2^(biL*N->limbs).
390 * Must have the same number of limbs as \p N.
392 * the base `R`= 2^(biL*N->limbs).
401 * The size of the operation is determined by \p N. \p A must have
402 * the same number of limbs as \p N.
404 * \p X may be aliased to \p A.
408 * \param[in] A Little-endian presentation of the input operand. This
409 * must be less than or equal to \p N.