| Janos Follath | 5f31697 | 2024-08-22 14:53:13 +0100 | [diff] [blame] | 1 | /** |
| 2 | * \file bignum_internal.h |
| 3 | * |
| 4 | * \brief Internal-only bignum public-key cryptosystem API. |
| 5 | * |
| 6 | * This file declares bignum-related functions that are to be used |
| 7 | * only from within the Mbed TLS library itself. |
| 8 | * |
| 9 | */ |
| 10 | /* |
| 11 | * Copyright The Mbed TLS Contributors |
| 12 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| 13 | */ |
| 14 | #ifndef MBEDTLS_BIGNUM_INTERNAL_H |
| 15 | #define MBEDTLS_BIGNUM_INTERNAL_H |
| 16 | |
| 17 | /** |
| 18 | * \brief Perform a modular exponentiation: X = A^E mod N |
| 19 | * |
| 20 | * \warning This function is not constant time with respect to \p E (the exponent). |
| 21 | * |
| 22 | * \param X The destination MPI. This must point to an initialized MPI. |
| 23 | * This must not alias E or N. |
| 24 | * \param A The base of the exponentiation. |
| 25 | * This must point to an initialized MPI. |
| 26 | * \param E The exponent MPI. This must point to an initialized MPI. |
| 27 | * \param N The base for the modular reduction. This must point to an |
| 28 | * initialized MPI. |
| 29 | * \param prec_RR A helper MPI depending solely on \p N which can be used to |
| 30 | * speed-up multiple modular exponentiations for the same value |
| 31 | * of \p N. This may be \c NULL. If it is not \c NULL, it must |
| 32 | * point to an initialized MPI. If it hasn't been used after |
| 33 | * the call to mbedtls_mpi_init(), this function will compute |
| 34 | * the helper value and store it in \p prec_RR for reuse on |
| 35 | * subsequent calls to this function. Otherwise, the function |
| 36 | * will assume that \p prec_RR holds the helper value set by a |
| 37 | * previous call to mbedtls_mpi_exp_mod(), and reuse it. |
| 38 | * |
| 39 | * \return \c 0 if successful. |
| 40 | * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. |
| 41 | * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or |
| 42 | * even, or if \c E is negative. |
| 43 | * \return Another negative error code on different kinds of failures. |
| 44 | * |
| 45 | */ |
| 46 | int mbedtls_mpi_exp_mod_unsafe(mbedtls_mpi *X, const mbedtls_mpi *A, |
| 47 | const mbedtls_mpi *E, const mbedtls_mpi *N, |
| 48 | mbedtls_mpi *prec_RR); |
| 49 | |
| Felix Conway | bd7ede3 | 2025-08-04 11:33:48 +0100 | [diff] [blame^] | 50 | /** |
| 51 | * \brief Compute GCD(A, N) and/or A^-1 mod N if it exists, |
| 52 | * in constant time. |
| 53 | * |
| 54 | * \warning Requires N to be odd, and 0 <= A <= N. |
| 55 | * |
| 56 | * \note G and I must not alias each other but may alias A or N. |
| 57 | * |
| 58 | * \param[out] G The GCD of \p A and \p N. |
| 59 | * This may be NULL, to only compute I. |
| 60 | * \param[out] I The inverse of \p A modulo \p N if it exists (that is, |
| 61 | * if \p G above is 1 on exit); indeterminate otherwise. |
| 62 | * This may be NULL, to only compute G. |
| 63 | * \param[in] A The 1st operand of GCD and number to invert. |
| 64 | * This value must be less than or equal to \p N. |
| 65 | * \param[in] N The 2nd operand of GCD and modulus for inversion. |
| 66 | * Must be odd or the results are indeterminate. |
| 67 | * |
| 68 | * \return \c 0 if successful. |
| 69 | * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. |
| 70 | */ |
| 71 | int mbedtls_mpi_gcd_modinv_odd(mbedtls_mpi *G, |
| 72 | mbedtls_mpi *I, |
| 73 | const mbedtls_mpi *A, |
| 74 | const mbedtls_mpi *N); |
| 75 | |
| Janos Follath | 5f31697 | 2024-08-22 14:53:13 +0100 | [diff] [blame] | 76 | #endif /* bignum_internal.h */ |