libmbedtls: make mbedtls_mpi_mont*() available
Makes mbedtls_mpi_montg_init(), mbedtls_mpi_montmul() and
mbedtls_mpi_montred() available for external use.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: rebased onto mbedtls-2.22.0]
[jf: rebased onto mbedtls-2.27.0, keep static functions]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
[jf: rebased onto mbedtls-2.28.1]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
[jw: rebased onto mbedtls-3.4.0]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
[tve: rebased onto mbedtls-3.6.0, replace original functions]
Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
[sby: rebased onto mbedtls-3.6.2]
Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
diff --git a/lib/libmbedtls/mbedtls/library/bignum.c b/lib/libmbedtls/mbedtls/library/bignum.c
index 4244909..8b466cc 100644
--- a/lib/libmbedtls/mbedtls/library/bignum.c
+++ b/lib/libmbedtls/mbedtls/library/bignum.c
@@ -1611,6 +1611,65 @@
return 0;
}
+/**
+ * \remark Replaced by our own because the original has been removed since
+ * mbedtls v3.6.0.
+*/
+void mbedtls_mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N)
+{
+ *mm = mbedtls_mpi_core_montmul_init(N->p);
+}
+
+/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
+ *
+ * \param[in,out] A One of the numbers to multiply.
+ * It must have at least as many limbs as N
+ * (A->n >= N->n), and any limbs beyond n are ignored.
+ * On successful completion, A contains the result of
+ * the multiplication A * B * R^-1 mod N where
+ * R = (2^ciL)^n.
+ * \param[in] B One of the numbers to multiply.
+ * It must be nonzero and must not have more limbs than N
+ * (B->n <= N->n).
+ * \param[in] N The modulus. \p N must be odd.
+ * \param mm The value calculated by `mpi_montg_init(&mm, N)`.
+ * This is -N^-1 mod 2^ciL.
+ * \param[in,out] T A bignum for temporary storage.
+ * It must be at least twice the limb size of N plus 1
+ * (T->n >= 2 * N->n + 1).
+ * Its initial content is unused and
+ * its final content is indeterminate.
+ * It does not get reallocated.
+ * \remark Replaced by our own because the original has been removed since
+ * mbedtls v3.6.0.
+ */
+void mbedtls_mpi_montmul(mbedtls_mpi *A, const mbedtls_mpi *B,
+ const mbedtls_mpi *N, mbedtls_mpi_uint mm,
+ mbedtls_mpi *T)
+{
+ mbedtls_mpi_core_montmul(A->p, A->p, B->p, B->n, N->p, N->n, mm, T->p);
+}
+
+/**
+ * Montgomery reduction: A = A * R^-1 mod N
+ *
+ * See mbedtls_mpi_montmul() regarding constraints and guarantees on the parameters.
+ *
+ * \remark Replaced by our own because the original has been removed since
+ * mbedtls v3.6.0.
+ */
+void mbedtls_mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N,
+ mbedtls_mpi_uint mm, mbedtls_mpi *T)
+{
+ mbedtls_mpi_uint z = 1;
+ mbedtls_mpi U;
+
+ U.n = U.s = (int) z;
+ U.p = &z;
+
+ mbedtls_mpi_montmul(A, &U, N, mm, T);
+}
+
/*
* Warning! If the parameter E_public has MBEDTLS_MPI_IS_PUBLIC as its value,
* this function is not constant time with respect to the exponent (parameter E).
@@ -1736,6 +1795,10 @@
return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_SECRET, N, prec_RR);
}
+
+/*
+ * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
+ */
int mbedtls_mpi_exp_mod_unsafe(mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *E, const mbedtls_mpi *N,
mbedtls_mpi *prec_RR)