1 /** 2 * \file bignum.h 3 * 4 * \brief Multi-precision integer library 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 #ifndef MBEDTLS_BIGNUM_H 11 #define MBEDTLS_BIGNUM_H 12 #include "mbedtls/private_access.h" 13 14 #include "mbedtls/build_info.h" 15 #include "mbedtls/platform_util.h" 16 17 #include <stddef.h> 18 #include <stdint.h> 19 20 #if defined(MBEDTLS_FS_IO) 21 #include <stdio.h> 22 #endif 23 24 /** An error occurred while reading from or writing to a file. */ 25 #define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002 26 /** Bad input parameters to function. */ 27 #define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 28 /** There is an invalid character in the digit string. */ 29 #define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006 30 /** The buffer is too small to write to. */ 31 #define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 32 /** The input arguments are negative or result in illegal output. */ 33 #define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A 34 /** The input argument for division is zero, which is not allowed. */ 35 #define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C 36 /** The input arguments are not acceptable. */ 37 #define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E 38 /** Memory allocation failed. */ 39 #define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 40 41 #define MBEDTLS_MPI_CHK(f) \ 42 do \ 43 { \ 44 if ((ret = (f)) != 0) \ 45 goto cleanup; \ 46 } while (0) 47 48 /* 49 * Maximum size MPIs are allowed to grow to in number of limbs. 50 */ 51 #define MBEDTLS_MPI_MAX_LIMBS 10000 52 53 #if !defined(MBEDTLS_MPI_WINDOW_SIZE) 54 /* 55 * Maximum window size used for modular exponentiation. Default: 3 56 * Minimum value: 1. Maximum value: 6. 57 * 58 * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used 59 * for the sliding window calculation. (So 8 by default) 60 * 61 * Reduction in size, reduces speed. 62 */ 63 #define MBEDTLS_MPI_WINDOW_SIZE 3 /**< Maximum window size used. */ 64 #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ 65 66 #if !defined(MBEDTLS_MPI_MAX_SIZE) 67 /* 68 * Maximum size of MPIs allowed in bits and bytes for user-MPIs. 69 * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) 70 * 71 * Note: Calculations can temporarily result in larger MPIs. So the number 72 * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher. 73 */ 74 #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 75 #endif /* !MBEDTLS_MPI_MAX_SIZE */ 76 77 #define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */ 78 79 /* 80 * When reading from files with mbedtls_mpi_read_file() and writing to files with 81 * mbedtls_mpi_write_file() the buffer should have space 82 * for a (short) label, the MPI (in the provided radix), the newline 83 * characters and the '\0'. 84 * 85 * By default we assume at least a 10 char label, a minimum radix of 10 86 * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars). 87 * Autosized at compile time for at least a 10 char label, a minimum radix 88 * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size. 89 * 90 * This used to be statically sized to 1250 for a maximum of 4096 bit 91 * numbers (1234 decimal chars). 92 * 93 * Calculate using the formula: 94 * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) + 95 * LabelSize + 6 96 */ 97 #define MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * MBEDTLS_MPI_MAX_BITS) 98 #define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332 99 #define MBEDTLS_MPI_RW_BUFFER_SIZE (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \ 100 MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \ 101 MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6) 102 103 /* 104 * Define the base integer type, architecture-wise. 105 * 106 * 32 or 64-bit integer types can be forced regardless of the underlying 107 * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 108 * respectively and undefining MBEDTLS_HAVE_ASM. 109 * 110 * Double-width integers (e.g. 128-bit in 64-bit architectures) can be 111 * disabled by defining MBEDTLS_NO_UDBL_DIVISION. 112 */ 113 #if !defined(MBEDTLS_HAVE_INT32) 114 #if defined(_MSC_VER) && defined(_M_AMD64) 115 /* Always choose 64-bit when using MSC */ 116 #if !defined(MBEDTLS_HAVE_INT64) 117 #define MBEDTLS_HAVE_INT64 118 #endif /* !MBEDTLS_HAVE_INT64 */ 119 typedef int64_t mbedtls_mpi_sint; 120 typedef uint64_t mbedtls_mpi_uint; 121 #define MBEDTLS_MPI_UINT_MAX UINT64_MAX 122 #elif defined(__GNUC__) && ( \ 123 defined(__amd64__) || defined(__x86_64__) || \ 124 defined(__ppc64__) || defined(__powerpc64__) || \ 125 defined(__ia64__) || defined(__alpha__) || \ 126 (defined(__sparc__) && defined(__arch64__)) || \ 127 defined(__s390x__) || defined(__mips64) || \ 128 defined(__aarch64__)) 129 #if !defined(MBEDTLS_HAVE_INT64) 130 #define MBEDTLS_HAVE_INT64 131 #endif /* MBEDTLS_HAVE_INT64 */ 132 typedef int64_t mbedtls_mpi_sint; 133 typedef uint64_t mbedtls_mpi_uint; 134 #define MBEDTLS_MPI_UINT_MAX UINT64_MAX 135 #if !defined(MBEDTLS_NO_UDBL_DIVISION) 136 /* mbedtls_t_udbl defined as 128-bit unsigned int */ 137 typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); 138 #define MBEDTLS_HAVE_UDBL 139 #endif /* !MBEDTLS_NO_UDBL_DIVISION */ 140 #elif defined(__ARMCC_VERSION) && defined(__aarch64__) 141 /* 142 * __ARMCC_VERSION is defined for both armcc and armclang and 143 * __aarch64__ is only defined by armclang when compiling 64-bit code 144 */ 145 #if !defined(MBEDTLS_HAVE_INT64) 146 #define MBEDTLS_HAVE_INT64 147 #endif /* !MBEDTLS_HAVE_INT64 */ 148 typedef int64_t mbedtls_mpi_sint; 149 typedef uint64_t mbedtls_mpi_uint; 150 #define MBEDTLS_MPI_UINT_MAX UINT64_MAX 151 #if !defined(MBEDTLS_NO_UDBL_DIVISION) 152 /* mbedtls_t_udbl defined as 128-bit unsigned int */ 153 typedef __uint128_t mbedtls_t_udbl; 154 #define MBEDTLS_HAVE_UDBL 155 #endif /* !MBEDTLS_NO_UDBL_DIVISION */ 156 #elif defined(MBEDTLS_HAVE_INT64) 157 /* Force 64-bit integers with unknown compiler */ 158 typedef int64_t mbedtls_mpi_sint; 159 typedef uint64_t mbedtls_mpi_uint; 160 #define MBEDTLS_MPI_UINT_MAX UINT64_MAX 161 #endif 162 #endif /* !MBEDTLS_HAVE_INT32 */ 163 164 #if !defined(MBEDTLS_HAVE_INT64) 165 /* Default to 32-bit compilation */ 166 #if !defined(MBEDTLS_HAVE_INT32) 167 #define MBEDTLS_HAVE_INT32 168 #endif /* !MBEDTLS_HAVE_INT32 */ 169 typedef int32_t mbedtls_mpi_sint; 170 typedef uint32_t mbedtls_mpi_uint; 171 #define MBEDTLS_MPI_UINT_MAX UINT32_MAX 172 #if !defined(MBEDTLS_NO_UDBL_DIVISION) 173 typedef uint64_t mbedtls_t_udbl; 174 #define MBEDTLS_HAVE_UDBL 175 #endif /* !MBEDTLS_NO_UDBL_DIVISION */ 176 #endif /* !MBEDTLS_HAVE_INT64 */ 177 178 /* 179 * Sanity check that exactly one of MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 is defined, 180 * so that code elsewhere doesn't have to check. 181 */ 182 #if (!(defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64))) || \ 183 (defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)) 184 #error "Only 32-bit or 64-bit limbs are supported in bignum" 185 #endif 186 187 /** \typedef mbedtls_mpi_uint 188 * \brief The type of machine digits in a bignum, called _limbs_. 189 * 190 * This is always an unsigned integer type with no padding bits. The size 191 * is platform-dependent. 192 */ 193 194 /** \typedef mbedtls_mpi_sint 195 * \brief The signed type corresponding to #mbedtls_mpi_uint. 196 * 197 * This is always an signed integer type with no padding bits. The size 198 * is platform-dependent. 199 */ 200 201 #ifdef __cplusplus 202 extern "C" { 203 #endif 204 205 /** 206 * \brief MPI structure 207 */ 208 typedef struct mbedtls_mpi { 209 /** Pointer to limbs. 210 * 211 * This may be \c NULL if \c n is 0. 212 */ 213 mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); 214 215 /** Sign: -1 if the mpi is negative, 1 otherwise. 216 * 217 * The number 0 must be represented with `s = +1`. Although many library 218 * functions treat all-limbs-zero as equivalent to a valid representation 219 * of 0 regardless of the sign bit, there are exceptions, so bignum 220 * functions and external callers must always set \c s to +1 for the 221 * number zero. 222 * 223 * Note that this implies that calloc() or `... = {0}` does not create 224 * a valid MPI representation. You must call mbedtls_mpi_init(). 225 */ 226 signed short MBEDTLS_PRIVATE(s); 227 228 /** Total number of limbs in \c p. */ 229 unsigned short MBEDTLS_PRIVATE(n); 230 /* Make sure that MBEDTLS_MPI_MAX_LIMBS fits in n. 231 * Use the same limit value on all platforms so that we don't have to 232 * think about different behavior on the rare platforms where 233 * unsigned short can store values larger than the minimum required by 234 * the C language, which is 65535. 235 */ 236 #if MBEDTLS_MPI_MAX_LIMBS > 65535 237 #error "MBEDTLS_MPI_MAX_LIMBS > 65535 is not supported" 238 #endif 239 240 short use_mempool; 241 242 } 243 mbedtls_mpi; 244 245 extern void *mbedtls_mpi_mempool; 246 247 /** 248 * \brief Initialize an MPI context. 249 * 250 * This makes the MPI ready to be set or freed, 251 * but does not define a value for the MPI. 252 * 253 * \param X The MPI context to initialize. This must not be \c NULL. 254 */ 255 void mbedtls_mpi_init(mbedtls_mpi *X); 256 void mbedtls_mpi_init_mempool(mbedtls_mpi *X); 257 258 /** 259 * \brief This function frees the components of an MPI context. 260 * 261 * \param X The MPI context to be cleared. This may be \c NULL, 262 * in which case this function is a no-op. If it is 263 * not \c NULL, it must point to an initialized MPI. 264 */ 265 void mbedtls_mpi_free(mbedtls_mpi *X); 266 267 /** 268 * \brief Enlarge an MPI to the specified number of limbs. 269 * 270 * \note This function does nothing if the MPI is 271 * already large enough. 272 * 273 * \param X The MPI to grow. It must be initialized. 274 * \param nblimbs The target number of limbs. 275 * 276 * \return \c 0 if successful. 277 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 278 * \return Another negative error code on other kinds of failure. 279 */ 280 int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs); 281 282 /** 283 * \brief This function resizes an MPI downwards, keeping at least the 284 * specified number of limbs. 285 * 286 * If \c X is smaller than \c nblimbs, it is resized up 287 * instead. 288 * 289 * \param X The MPI to shrink. This must point to an initialized MPI. 290 * \param nblimbs The minimum number of limbs to keep. 291 * 292 * \return \c 0 if successful. 293 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 294 * (this can only happen when resizing up). 295 * \return Another negative error code on other kinds of failure. 296 */ 297 int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs); 298 299 /** 300 * \brief Make a copy of an MPI. 301 * 302 * \param X The destination MPI. This must point to an initialized MPI. 303 * \param Y The source MPI. This must point to an initialized MPI. 304 * 305 * \note The limb-buffer in the destination MPI is enlarged 306 * if necessary to hold the value in the source MPI. 307 * 308 * \return \c 0 if successful. 309 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 310 * \return Another negative error code on other kinds of failure. 311 */ 312 int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y); 313 314 /** 315 * \brief Swap the contents of two MPIs. 316 * 317 * \param X The first MPI. It must be initialized. 318 * \param Y The second MPI. It must be initialized. 319 */ 320 void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y); 321 322 /** 323 * \brief Perform a safe conditional copy of MPI which doesn't 324 * reveal whether the condition was true or not. 325 * 326 * \param X The MPI to conditionally assign to. This must point 327 * to an initialized MPI. 328 * \param Y The MPI to be assigned from. This must point to an 329 * initialized MPI. 330 * \param assign The condition deciding whether to perform the 331 * assignment or not. Must be either 0 or 1: 332 * * \c 1: Perform the assignment `X = Y`. 333 * * \c 0: Keep the original value of \p X. 334 * 335 * \note This function is equivalent to 336 * `if( assign ) mbedtls_mpi_copy( X, Y );` 337 * except that it avoids leaking any information about whether 338 * the assignment was done or not (the above code may leak 339 * information through branch prediction and/or memory access 340 * patterns analysis). 341 * 342 * \warning If \p assign is neither 0 nor 1, the result of this function 343 * is indeterminate, and the resulting value in \p X might be 344 * neither its original value nor the value in \p Y. 345 * 346 * \return \c 0 if successful. 347 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 348 * \return Another negative error code on other kinds of failure. 349 */ 350 int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign); 351 352 /** 353 * \brief Perform a safe conditional swap which doesn't 354 * reveal whether the condition was true or not. 355 * 356 * \param X The first MPI. This must be initialized. 357 * \param Y The second MPI. This must be initialized. 358 * \param swap The condition deciding whether to perform 359 * the swap or not. Must be either 0 or 1: 360 * * \c 1: Swap the values of \p X and \p Y. 361 * * \c 0: Keep the original values of \p X and \p Y. 362 * 363 * \note This function is equivalent to 364 * if( swap ) mbedtls_mpi_swap( X, Y ); 365 * except that it avoids leaking any information about whether 366 * the swap was done or not (the above code may leak 367 * information through branch prediction and/or memory access 368 * patterns analysis). 369 * 370 * \warning If \p swap is neither 0 nor 1, the result of this function 371 * is indeterminate, and both \p X and \p Y might end up with 372 * values different to either of the original ones. 373 * 374 * \return \c 0 if successful. 375 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 376 * \return Another negative error code on other kinds of failure. 377 * 378 */ 379 int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap); 380 381 /** 382 * \brief Store integer value in MPI. 383 * 384 * \param X The MPI to set. This must be initialized. 385 * \param z The value to use. 386 * 387 * \return \c 0 if successful. 388 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 389 * \return Another negative error code on other kinds of failure. 390 */ 391 int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z); 392 393 /** 394 * \brief Get a specific bit from an MPI. 395 * 396 * \param X The MPI to query. This must be initialized. 397 * \param pos Zero-based index of the bit to query. 398 * 399 * \return \c 0 or \c 1 on success, depending on whether bit \c pos 400 * of \c X is unset or set. 401 * \return A negative error code on failure. 402 */ 403 int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos); 404 405 /** 406 * \brief Modify a specific bit in an MPI. 407 * 408 * \note This function will grow the target MPI if necessary to set a 409 * bit to \c 1 in a not yet existing limb. It will not grow if 410 * the bit should be set to \c 0. 411 * 412 * \param X The MPI to modify. This must be initialized. 413 * \param pos Zero-based index of the bit to modify. 414 * \param val The desired value of bit \c pos: \c 0 or \c 1. 415 * 416 * \return \c 0 if successful. 417 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 418 * \return Another negative error code on other kinds of failure. 419 */ 420 int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val); 421 422 /** 423 * \brief Return the number of bits of value \c 0 before the 424 * least significant bit of value \c 1. 425 * 426 * \note This is the same as the zero-based index of 427 * the least significant bit of value \c 1. 428 * 429 * \param X The MPI to query. 430 * 431 * \return The number of bits of value \c 0 before the least significant 432 * bit of value \c 1 in \p X. 433 */ 434 size_t mbedtls_mpi_lsb(const mbedtls_mpi *X); 435 436 /** 437 * \brief Return the number of bits up to and including the most 438 * significant bit of value \c 1. 439 * 440 * * \note This is same as the one-based index of the most 441 * significant bit of value \c 1. 442 * 443 * \param X The MPI to query. This must point to an initialized MPI. 444 * 445 * \return The number of bits up to and including the most 446 * significant bit of value \c 1. 447 */ 448 size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X); 449 450 /** 451 * \brief Return the total size of an MPI value in bytes. 452 * 453 * \param X The MPI to use. This must point to an initialized MPI. 454 * 455 * \note The value returned by this function may be less than 456 * the number of bytes used to store \p X internally. 457 * This happens if and only if there are trailing bytes 458 * of value zero. 459 * 460 * \return The least number of bytes capable of storing 461 * the absolute value of \p X. 462 */ 463 size_t mbedtls_mpi_size(const mbedtls_mpi *X); 464 465 /** 466 * \brief Import an MPI from an ASCII string. 467 * 468 * \param X The destination MPI. This must point to an initialized MPI. 469 * \param radix The numeric base of the input string. 470 * \param s Null-terminated string buffer. 471 * 472 * \return \c 0 if successful. 473 * \return A negative error code on failure. 474 */ 475 int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s); 476 477 /** 478 * \brief Export an MPI to an ASCII string. 479 * 480 * \param X The source MPI. This must point to an initialized MPI. 481 * \param radix The numeric base of the output string. 482 * \param buf The buffer to write the string to. This must be writable 483 * buffer of length \p buflen Bytes. 484 * \param buflen The available size in Bytes of \p buf. 485 * \param olen The address at which to store the length of the string 486 * written, including the final \c NULL byte. This must 487 * not be \c NULL. 488 * 489 * \note You can call this function with `buflen == 0` to obtain the 490 * minimum required buffer size in `*olen`. 491 * 492 * \return \c 0 if successful. 493 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf 494 * is too small to hold the value of \p X in the desired base. 495 * In this case, `*olen` is nonetheless updated to contain the 496 * size of \p buf required for a successful call. 497 * \return Another negative error code on different kinds of failure. 498 */ 499 int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, 500 char *buf, size_t buflen, size_t *olen); 501 502 #if defined(MBEDTLS_FS_IO) 503 /** 504 * \brief Read an MPI from a line in an opened file. 505 * 506 * \param X The destination MPI. This must point to an initialized MPI. 507 * \param radix The numeric base of the string representation used 508 * in the source line. 509 * \param fin The input file handle to use. This must not be \c NULL. 510 * 511 * \note On success, this function advances the file stream 512 * to the end of the current line or to EOF. 513 * 514 * The function returns \c 0 on an empty line. 515 * 516 * Leading whitespaces are ignored, as is a 517 * '0x' prefix for radix \c 16. 518 * 519 * \return \c 0 if successful. 520 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer 521 * is too small. 522 * \return Another negative error code on failure. 523 */ 524 int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin); 525 526 /** 527 * \brief Export an MPI into an opened file. 528 * 529 * \param p A string prefix to emit prior to the MPI data. 530 * For example, this might be a label, or "0x" when 531 * printing in base \c 16. This may be \c NULL if no prefix 532 * is needed. 533 * \param X The source MPI. This must point to an initialized MPI. 534 * \param radix The numeric base to be used in the emitted string. 535 * \param fout The output file handle. This may be \c NULL, in which case 536 * the output is written to \c stdout. 537 * 538 * \return \c 0 if successful. 539 * \return A negative error code on failure. 540 */ 541 int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, 542 int radix, FILE *fout); 543 #endif /* MBEDTLS_FS_IO */ 544 545 /** 546 * \brief Import an MPI from unsigned big endian binary data. 547 * 548 * \param X The destination MPI. This must point to an initialized MPI. 549 * \param buf The input buffer. This must be a readable buffer of length 550 * \p buflen Bytes. 551 * \param buflen The length of the input buffer \p buf in Bytes. 552 * 553 * \return \c 0 if successful. 554 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 555 * \return Another negative error code on different kinds of failure. 556 */ 557 int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, 558 size_t buflen); 559 560 /** 561 * \brief Import X from unsigned binary data, little endian 562 * 563 * \param X The destination MPI. This must point to an initialized MPI. 564 * \param buf The input buffer. This must be a readable buffer of length 565 * \p buflen Bytes. 566 * \param buflen The length of the input buffer \p buf in Bytes. 567 * 568 * \return \c 0 if successful. 569 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 570 * \return Another negative error code on different kinds of failure. 571 */ 572 int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, 573 const unsigned char *buf, size_t buflen); 574 575 /** 576 * \brief Export X into unsigned binary data, big endian. 577 * Always fills the whole buffer, which will start with zeros 578 * if the number is smaller. 579 * 580 * \param X The source MPI. This must point to an initialized MPI. 581 * \param buf The output buffer. This must be a writable buffer of length 582 * \p buflen Bytes. 583 * \param buflen The size of the output buffer \p buf in Bytes. 584 * 585 * \return \c 0 if successful. 586 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't 587 * large enough to hold the value of \p X. 588 * \return Another negative error code on different kinds of failure. 589 */ 590 int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, 591 size_t buflen); 592 593 /** 594 * \brief Export X into unsigned binary data, little endian. 595 * Always fills the whole buffer, which will end with zeros 596 * if the number is smaller. 597 * 598 * \param X The source MPI. This must point to an initialized MPI. 599 * \param buf The output buffer. This must be a writable buffer of length 600 * \p buflen Bytes. 601 * \param buflen The size of the output buffer \p buf in Bytes. 602 * 603 * \return \c 0 if successful. 604 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't 605 * large enough to hold the value of \p X. 606 * \return Another negative error code on different kinds of failure. 607 */ 608 int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, 609 unsigned char *buf, size_t buflen); 610 611 /** 612 * \brief Perform a left-shift on an MPI: X <<= count 613 * 614 * \param X The MPI to shift. This must point to an initialized MPI. 615 * The MPI pointed by \p X may be resized to fit 616 * the resulting number. 617 * \param count The number of bits to shift by. 618 * 619 * \return \c 0 if successful. 620 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 621 * \return Another negative error code on different kinds of failure. 622 */ 623 int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count); 624 625 /** 626 * \brief Perform a right-shift on an MPI: X >>= count 627 * 628 * \param X The MPI to shift. This must point to an initialized MPI. 629 * \param count The number of bits to shift by. 630 * 631 * \return \c 0 if successful. 632 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 633 * \return Another negative error code on different kinds of failure. 634 */ 635 int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count); 636 637 /** 638 * \brief Compare the absolute values of two MPIs. 639 * 640 * \param X The left-hand MPI. This must point to an initialized MPI. 641 * \param Y The right-hand MPI. This must point to an initialized MPI. 642 * 643 * \return \c 1 if `|X|` is greater than `|Y|`. 644 * \return \c -1 if `|X|` is lesser than `|Y|`. 645 * \return \c 0 if `|X|` is equal to `|Y|`. 646 */ 647 int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y); 648 649 /** 650 * \brief Compare two MPIs. 651 * 652 * \param X The left-hand MPI. This must point to an initialized MPI. 653 * \param Y The right-hand MPI. This must point to an initialized MPI. 654 * 655 * \return \c 1 if \p X is greater than \p Y. 656 * \return \c -1 if \p X is lesser than \p Y. 657 * \return \c 0 if \p X is equal to \p Y. 658 */ 659 int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y); 660 661 /** 662 * \brief Check if an MPI is less than the other in constant time. 663 * 664 * \param X The left-hand MPI. This must point to an initialized MPI 665 * with the same allocated length as Y. 666 * \param Y The right-hand MPI. This must point to an initialized MPI 667 * with the same allocated length as X. 668 * \param ret The result of the comparison: 669 * \c 1 if \p X is less than \p Y. 670 * \c 0 if \p X is greater than or equal to \p Y. 671 * 672 * \return 0 on success. 673 * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of 674 * the two input MPIs is not the same. 675 */ 676 int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, 677 unsigned *ret); 678 679 /** 680 * \brief Compare an MPI with an integer. 681 * 682 * \param X The left-hand MPI. This must point to an initialized MPI. 683 * \param z The integer value to compare \p X to. 684 * 685 * \return \c 1 if \p X is greater than \p z. 686 * \return \c -1 if \p X is lesser than \p z. 687 * \return \c 0 if \p X is equal to \p z. 688 */ 689 int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z); 690 691 /** 692 * \brief Perform an unsigned addition of MPIs: X = |A| + |B| 693 * 694 * \param X The destination MPI. This must point to an initialized MPI. 695 * \param A The first summand. This must point to an initialized MPI. 696 * \param B The second summand. This must point to an initialized MPI. 697 * 698 * \return \c 0 if successful. 699 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 700 * \return Another negative error code on different kinds of failure. 701 */ 702 int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, 703 const mbedtls_mpi *B); 704 705 /** 706 * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| 707 * 708 * \param X The destination MPI. This must point to an initialized MPI. 709 * \param A The minuend. This must point to an initialized MPI. 710 * \param B The subtrahend. This must point to an initialized MPI. 711 * 712 * \return \c 0 if successful. 713 * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A. 714 * \return Another negative error code on different kinds of failure. 715 * 716 */ 717 int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, 718 const mbedtls_mpi *B); 719 720 /** 721 * \brief Perform a signed addition of MPIs: X = A + B 722 * 723 * \param X The destination MPI. This must point to an initialized MPI. 724 * \param A The first summand. This must point to an initialized MPI. 725 * \param B The second summand. This must point to an initialized MPI. 726 * 727 * \return \c 0 if successful. 728 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 729 * \return Another negative error code on different kinds of failure. 730 */ 731 int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, 732 const mbedtls_mpi *B); 733 734 /** 735 * \brief Perform a signed subtraction of MPIs: X = A - B 736 * 737 * \param X The destination MPI. This must point to an initialized MPI. 738 * \param A The minuend. This must point to an initialized MPI. 739 * \param B The subtrahend. This must point to an initialized MPI. 740 * 741 * \return \c 0 if successful. 742 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 743 * \return Another negative error code on different kinds of failure. 744 */ 745 int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, 746 const mbedtls_mpi *B); 747 748 /** 749 * \brief Perform a signed addition of an MPI and an integer: X = A + b 750 * 751 * \param X The destination MPI. This must point to an initialized MPI. 752 * \param A The first summand. This must point to an initialized MPI. 753 * \param b The second summand. 754 * 755 * \return \c 0 if successful. 756 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 757 * \return Another negative error code on different kinds of failure. 758 */ 759 int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, 760 mbedtls_mpi_sint b); 761 762 /** 763 * \brief Perform a signed subtraction of an MPI and an integer: 764 * X = A - b 765 * 766 * \param X The destination MPI. This must point to an initialized MPI. 767 * \param A The minuend. This must point to an initialized MPI. 768 * \param b The subtrahend. 769 * 770 * \return \c 0 if successful. 771 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 772 * \return Another negative error code on different kinds of failure. 773 */ 774 int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, 775 mbedtls_mpi_sint b); 776 777 /** 778 * \brief Perform a multiplication of two MPIs: X = A * B 779 * 780 * \param X The destination MPI. This must point to an initialized MPI. 781 * \param A The first factor. This must point to an initialized MPI. 782 * \param B The second factor. This must point to an initialized MPI. 783 * 784 * \return \c 0 if successful. 785 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 786 * \return Another negative error code on different kinds of failure. 787 * 788 */ 789 int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, 790 const mbedtls_mpi *B); 791 792 /** 793 * \brief Perform a multiplication of an MPI with an unsigned integer: 794 * X = A * b 795 * 796 * \param X The destination MPI. This must point to an initialized MPI. 797 * \param A The first factor. This must point to an initialized MPI. 798 * \param b The second factor. 799 * 800 * \return \c 0 if successful. 801 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 802 * \return Another negative error code on different kinds of failure. 803 * 804 */ 805 int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, 806 mbedtls_mpi_uint b); 807 808 /** 809 * \brief Perform a division with remainder of two MPIs: 810 * A = Q * B + R 811 * 812 * \param Q The destination MPI for the quotient. 813 * This may be \c NULL if the value of the 814 * quotient is not needed. This must not alias A or B. 815 * \param R The destination MPI for the remainder value. 816 * This may be \c NULL if the value of the 817 * remainder is not needed. This must not alias A or B. 818 * \param A The dividend. This must point to an initialized MPI. 819 * \param B The divisor. This must point to an initialized MPI. 820 * 821 * \return \c 0 if successful. 822 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 823 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. 824 * \return Another negative error code on different kinds of failure. 825 */ 826 int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, 827 const mbedtls_mpi *B); 828 829 /** 830 * \brief Perform a division with remainder of an MPI by an integer: 831 * A = Q * b + R 832 * 833 * \param Q The destination MPI for the quotient. 834 * This may be \c NULL if the value of the 835 * quotient is not needed. This must not alias A. 836 * \param R The destination MPI for the remainder value. 837 * This may be \c NULL if the value of the 838 * remainder is not needed. This must not alias A. 839 * \param A The dividend. This must point to an initialized MPi. 840 * \param b The divisor. 841 * 842 * \return \c 0 if successful. 843 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 844 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. 845 * \return Another negative error code on different kinds of failure. 846 */ 847 int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, 848 mbedtls_mpi_sint b); 849 850 /** 851 * \brief Perform a modular reduction. R = A mod B 852 * 853 * \param R The destination MPI for the residue value. 854 * This must point to an initialized MPI. 855 * \param A The MPI to compute the residue of. 856 * This must point to an initialized MPI. 857 * \param B The base of the modular reduction. 858 * This must point to an initialized MPI. 859 * 860 * \return \c 0 if successful. 861 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 862 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. 863 * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative. 864 * \return Another negative error code on different kinds of failure. 865 * 866 */ 867 int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, 868 const mbedtls_mpi *B); 869 870 /** 871 * \brief Perform a modular reduction with respect to an integer. 872 * r = A mod b 873 * 874 * \param r The address at which to store the residue. 875 * This must not be \c NULL. 876 * \param A The MPI to compute the residue of. 877 * This must point to an initialized MPi. 878 * \param b The integer base of the modular reduction. 879 * 880 * \return \c 0 if successful. 881 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 882 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. 883 * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. 884 * \return Another negative error code on different kinds of failure. 885 */ 886 int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, 887 mbedtls_mpi_sint b); 888 889 /** 890 * \brief Perform a modular exponentiation: X = A^E mod N 891 * 892 * \param X The destination MPI. This must point to an initialized MPI. 893 * This must not alias E or N. 894 * \param A The base of the exponentiation. 895 * This must point to an initialized MPI. 896 * \param E The exponent MPI. This must point to an initialized MPI. 897 * \param N The base for the modular reduction. This must point to an 898 * initialized MPI. 899 * \param prec_RR A helper MPI depending solely on \p N which can be used to 900 * speed-up multiple modular exponentiations for the same value 901 * of \p N. This may be \c NULL. If it is not \c NULL, it must 902 * point to an initialized MPI. If it hasn't been used after 903 * the call to mbedtls_mpi_init(), this function will compute 904 * the helper value and store it in \p prec_RR for reuse on 905 * subsequent calls to this function. Otherwise, the function 906 * will assume that \p prec_RR holds the helper value set by a 907 * previous call to mbedtls_mpi_exp_mod(), and reuse it. 908 * 909 * \return \c 0 if successful. 910 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 911 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or 912 * even, or if \c E is negative. 913 * \return Another negative error code on different kinds of failures. 914 * 915 */ 916 int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, 917 const mbedtls_mpi *E, const mbedtls_mpi *N, 918 mbedtls_mpi *prec_RR); 919 920 /** 921 * \brief Fill an MPI with a number of random bytes. 922 * 923 * \param X The destination MPI. This must point to an initialized MPI. 924 * \param size The number of random bytes to generate. 925 * \param f_rng The RNG function to use. This must not be \c NULL. 926 * \param p_rng The RNG parameter to be passed to \p f_rng. This may be 927 * \c NULL if \p f_rng doesn't need a context argument. 928 * 929 * \return \c 0 if successful. 930 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 931 * \return Another negative error code on failure. 932 * 933 * \note The bytes obtained from the RNG are interpreted 934 * as a big-endian representation of an MPI; this can 935 * be relevant in applications like deterministic ECDSA. 936 */ 937 int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, 938 mbedtls_f_rng_t *f_rng, 939 void *p_rng); 940 941 /** Generate a random number uniformly in a range. 942 * 943 * This function generates a random number between \p min inclusive and 944 * \p N exclusive. 945 * 946 * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA) 947 * when the RNG is a suitably parametrized instance of HMAC_DRBG 948 * and \p min is \c 1. 949 * 950 * \note There are `N - min` possible outputs. The lower bound 951 * \p min can be reached, but the upper bound \p N cannot. 952 * 953 * \param X The destination MPI. This must point to an initialized MPI. 954 * \param min The minimum value to return. 955 * It must be nonnegative. 956 * \param N The upper bound of the range, exclusive. 957 * In other words, this is one plus the maximum value to return. 958 * \p N must be strictly larger than \p min. 959 * \param f_rng The RNG function to use. This must not be \c NULL. 960 * \param p_rng The RNG parameter to be passed to \p f_rng. 961 * 962 * \return \c 0 if successful. 963 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 964 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid 965 * or if they are incompatible. 966 * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was 967 * unable to find a suitable value within a limited number 968 * of attempts. This has a negligible probability if \p N 969 * is significantly larger than \p min, which is the case 970 * for all usual cryptographic applications. 971 * \return Another negative error code on failure. 972 */ 973 int mbedtls_mpi_random(mbedtls_mpi *X, 974 mbedtls_mpi_sint min, 975 const mbedtls_mpi *N, 976 mbedtls_f_rng_t *f_rng, 977 void *p_rng); 978 979 /** 980 * \brief Compute the greatest common divisor: G = gcd(A, B) 981 * 982 * \param G The destination MPI. This must point to an initialized MPI. 983 * \param A The first operand. This must point to an initialized MPI. 984 * \param B The second operand. This must point to an initialized MPI. 985 * 986 * \return \c 0 if successful. 987 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 988 * \return Another negative error code on different kinds of failure. 989 */ 990 int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, 991 const mbedtls_mpi *B); 992 993 /** 994 * \brief Compute the modular inverse: X = A^-1 mod N 995 * 996 * \param X The destination MPI. This must point to an initialized MPI. 997 * \param A The MPI to calculate the modular inverse of. This must point 998 * to an initialized MPI. 999 * \param N The base of the modular inversion. This must point to an 1000 * initialized MPI. 1001 * 1002 * \return \c 0 if successful. 1003 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 1004 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than 1005 * or equal to one. 1006 * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p A has no modular 1007 * inverse with respect to \p N. 1008 */ 1009 int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, 1010 const mbedtls_mpi *N); 1011 1012 /** 1013 * \brief Miller-Rabin primality test. 1014 * 1015 * \warning If \p X is potentially generated by an adversary, for example 1016 * when validating cryptographic parameters that you didn't 1017 * generate yourself and that are supposed to be prime, then 1018 * \p rounds should be at least the half of the security 1019 * strength of the cryptographic algorithm. On the other hand, 1020 * if \p X is chosen uniformly or non-adversarially (as is the 1021 * case when mbedtls_mpi_gen_prime calls this function), then 1022 * \p rounds can be much lower. 1023 * 1024 * \param X The MPI to check for primality. 1025 * This must point to an initialized MPI. 1026 * \param rounds The number of bases to perform the Miller-Rabin primality 1027 * test for. The probability of returning 0 on a composite is 1028 * at most 2<sup>-2*\p rounds </sup>. 1029 * \param f_rng The RNG function to use. This must not be \c NULL. 1030 * \param p_rng The RNG parameter to be passed to \p f_rng. 1031 * This may be \c NULL if \p f_rng doesn't use 1032 * a context parameter. 1033 * 1034 * \return \c 0 if successful, i.e. \p X is probably prime. 1035 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 1036 * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. 1037 * \return Another negative error code on other kinds of failure. 1038 */ 1039 int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, 1040 mbedtls_f_rng_t *f_rng, 1041 void *p_rng); 1042 /** 1043 * \brief Flags for mbedtls_mpi_gen_prime() 1044 * 1045 * Each of these flags is a constraint on the result X returned by 1046 * mbedtls_mpi_gen_prime(). 1047 */ 1048 typedef enum { 1049 MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */ 1050 MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */ 1051 } mbedtls_mpi_gen_prime_flag_t; 1052 1053 /** 1054 * \brief Generate a prime number. 1055 * 1056 * \param X The destination MPI to store the generated prime in. 1057 * This must point to an initialized MPi. 1058 * \param nbits The required size of the destination MPI in bits. 1059 * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. 1060 * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. 1061 * \param f_rng The RNG function to use. This must not be \c NULL. 1062 * \param p_rng The RNG parameter to be passed to \p f_rng. 1063 * This may be \c NULL if \p f_rng doesn't use 1064 * a context parameter. 1065 * 1066 * \return \c 0 if successful, in which case \p X holds a 1067 * probably prime number. 1068 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 1069 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between 1070 * \c 3 and #MBEDTLS_MPI_MAX_BITS. 1071 */ 1072 int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, 1073 mbedtls_f_rng_t *f_rng, 1074 void *p_rng); 1075 1076 /** 1077 * \brief Montgomery initialization 1078 * 1079 * \param mm The -1/m mod N result 1080 * \param N The modulus 1081 */ 1082 void mbedtls_mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ); 1083 1084 /** 1085 * \brief Montgomery multiplication: A = A * B * R^-1 mod N 1086 * \A Parameter and result 1087 * \B Parameter 1088 * \N Modulus 1089 * \mm Parameter from mbedtls_mpi_montg_init() 1090 * \T Temporary variable, should be as twice as big as N + 2 1091 */ 1092 void mbedtls_mpi_montmul(mbedtls_mpi *A, const mbedtls_mpi *B, 1093 const mbedtls_mpi *N, mbedtls_mpi_uint mm, 1094 mbedtls_mpi *T ); 1095 1096 /** 1097 * \brief Montgomery reduction: A = A * R^-1 mod N 1098 * \A Parameter and result 1099 * \N Modulus 1100 * \mm Parameter from mbedtls_mpi_montg_init() 1101 * \T Temporary variable, should be as twice as big as N + 2 1102 */ 1103 void mbedtls_mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N, 1104 mbedtls_mpi_uint mm, mbedtls_mpi *T); 1105 1106 #if defined(MBEDTLS_SELF_TEST) 1107 1108 /** 1109 * \brief Checkup routine 1110 * 1111 * \return 0 if successful, or 1 if the test failed 1112 */ 1113 int mbedtls_mpi_self_test(int verbose); 1114 1115 #endif /* MBEDTLS_SELF_TEST */ 1116 1117 #ifdef __cplusplus 1118 } 1119 #endif 1120 1121 #endif /* bignum.h */ 1122